diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index 8a1927a39ca..2fa31de958f 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -3,3 +3,5 @@
 ### SDK Enhancements
 
 ### SDK Bugs
+* `aws/credentials/ssocreds`: Modify sso token provider logic to handle possible nil val returned by CreateToken.
+  * Fixes [4947](https://github.com/aws/aws-sdk-go/issues/4947)
\ No newline at end of file
diff --git a/aws/credentials/ssocreds/token_provider.go b/aws/credentials/ssocreds/token_provider.go
index 7562cd01350..3388b78b4f4 100644
--- a/aws/credentials/ssocreds/token_provider.go
+++ b/aws/credentials/ssocreds/token_provider.go
@@ -111,6 +111,15 @@ func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error)
 	if err != nil {
 		return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err)
 	}
+	if createResult.ExpiresIn == nil {
+		return cachedToken{}, fmt.Errorf("missing required field ExpiresIn")
+	}
+	if createResult.AccessToken == nil {
+		return cachedToken{}, fmt.Errorf("missing required field AccessToken")
+	}
+	if createResult.RefreshToken == nil {
+		return cachedToken{}, fmt.Errorf("missing required field RefreshToken")
+	}
 
 	expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second)