From 85eae5125a6b55d4dd303a881b20ccc1f70e9673 Mon Sep 17 00:00:00 2001
From: Philipp A <flying-sheep@web.de>
Date: Mon, 14 Dec 2020 11:54:19 +0100
Subject: [PATCH 1/3] Allow specifying session token

---
 kombu/transport/SQS.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kombu/transport/SQS.py b/kombu/transport/SQS.py
index 74cc86fdc..6217f8d22 100644
--- a/kombu/transport/SQS.py
+++ b/kombu/transport/SQS.py
@@ -538,11 +538,12 @@ def close(self):
         #         if "can't set attribute" not in str(exc):
         #             raise
 
-    def new_sqs_client(self, region, access_key_id, secret_access_key):
+    def new_sqs_client(self, region, access_key_id, secret_access_key, session_token=None):
         session = boto3.session.Session(
             region_name=region,
             aws_access_key_id=access_key_id,
             aws_secret_access_key=secret_access_key,
+            aws_session_token=session_token,
         )
         is_secure = self.is_secure if self.is_secure is not None else True
         client_kwargs = {
@@ -568,6 +569,7 @@ def sqs(self, queue=None):
                 region=q.get('region', self.region),
                 access_key_id=q.get('access_key_id', self.conninfo.userid),
                 secret_access_key=q.get('secret_access_key', self.conninfo.password),  # noqa: E501
+                session_token=q.get('session_token', None),
             )
             return c
 

From 7468dbe4b6cd1a0b1d1f7becbbee2333fd5cc9db Mon Sep 17 00:00:00 2001
From: Philipp A <flying-sheep@web.de>
Date: Tue, 5 Jan 2021 10:25:13 +0100
Subject: [PATCH 2/3] add docs

---
 kombu/transport/SQS.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/kombu/transport/SQS.py b/kombu/transport/SQS.py
index 6217f8d22..087701163 100644
--- a/kombu/transport/SQS.py
+++ b/kombu/transport/SQS.py
@@ -42,8 +42,8 @@
 pair in order to manage all SQS queues (e.g. listing queues, creating
 queues, polling queues, deleting messages).
 
-If it is preferable for your environment to use a single AWS credential, you
-can use the 'predefined_queues' setting inside the  'transport_options' map.
+If it is preferable for your environment to use multiple AWS credentials, you
+can use the 'predefined_queues' setting inside the 'transport_options' map.
 This setting allows you to specify the SQS queue URL and AWS credentials for
 each of your queues. For example, if you have two queues which both already
 exist in AWS) you can tell this transport about them as follows:
@@ -65,6 +65,14 @@
       }
     }
 
+If you authenticate using Okta_ (e.g. calling |gac|_), you can also specify
+a 'session_token' to connect to a queue. Note that those tokens have a
+limited lifetime and are therefore only suited for short-lived tests.
+
+.. _Okta: https://www.okta.com/
+.. _gac: https://github.com/Nike-Inc/gimme-aws-creds#readme
+.. |gac| replace:: ``gimme-aws-creds``
+
 
 Client config
 -------------

From a889101cc3f77b92f0ca9e7e4bf5aa56b9b36f52 Mon Sep 17 00:00:00 2001
From: Philipp A <flying-sheep@web.de>
Date: Tue, 5 Jan 2021 10:27:30 +0100
Subject: [PATCH 3/3] add comment

---
 kombu/transport/SQS.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kombu/transport/SQS.py b/kombu/transport/SQS.py
index 087701163..2a2b8ccb3 100644
--- a/kombu/transport/SQS.py
+++ b/kombu/transport/SQS.py
@@ -577,6 +577,7 @@ def sqs(self, queue=None):
                 region=q.get('region', self.region),
                 access_key_id=q.get('access_key_id', self.conninfo.userid),
                 secret_access_key=q.get('secret_access_key', self.conninfo.password),  # noqa: E501
+                # With session_token, this client’s access will expire, but it’s useful for testing
                 session_token=q.get('session_token', None),
             )
             return c