From 453dbab1e8918a7f2462b5066f2c41968e3fe51f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 15 Dec 2025 19:40:34 +0100
Subject: [PATCH] fix(libstore/aws-creds): respect AWS_PROFILE environment
 variable

The SSO provider was unconditionally setting profile_name_override to
the (potentially empty) profile string from the S3 URL. When profile
was empty, this prevented the AWS CRT SDK from falling back to the
AWS_PROFILE environment variable.

Only set profile_name_override when a profile is explicitly specified
in the URL, allowing the SDK's built-in AWS_PROFILE handling to work.
---
 src/libstore/aws-creds.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/libstore/aws-creds.cc b/src/libstore/aws-creds.cc
index 3e4176c89..1ea37b129 100644
--- a/src/libstore/aws-creds.cc
+++ b/src/libstore/aws-creds.cc
@@ -61,7 +61,9 @@ static std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> createSSOProvider(
 
     options.bootstrap = bootstrap->GetUnderlyingHandle();
     options.tls_ctx = tlsContext ? tlsContext->GetUnderlyingHandle() : nullptr;
-    options.profile_name_override = aws_byte_cursor_from_c_str(profileName.c_str());
+    if (!profileName.empty()) {
+        options.profile_name_override = aws_byte_cursor_from_c_str(profileName.c_str());
+    }
 
     // Create the SSO provider - will return nullptr if SSO isn't configured for this profile
     // createWrappedProvider handles nullptr gracefully