AWS Shell plugin is not providing session token

Hello,

I tried to set up AWS shell plugin in a way that it'll provide me short lived tokens. I need these for our internal tools that use AWS SDK and is able to work with these temporary credentials, so 1Password doesn't see this to be something originating from `aws` cli. I'm trying to understand how can I use 1Password to only hand out temporary credentials so that the application doesn't have to deal with getting the tokens itself.

According to Shell plugin docs (https://developer.1password.com/docs/cli/shell-plugins/aws/#optional-set-up-multi-factor-authentication) there should be session token set up, but I don't see it. I don't understand how it should get there and when should it be available.

It's currently set up in this manner and aws plugin seems to be able to use MFA:

op % op item get xyz
ID:          xyz
Title:       AWS
Vault:       Employee (abc)
Created:     2 years ago
Updated:     20 minutes ago by [me]
Favorite:    false
Tags:        XXX
Version:     42
Category:    LOGIN
Fields:
  username:             [username]
  password:             [use 'op item get xyz --reveal' to reveal]
  access key id:        [access-key]
  secret access key:    [use 'op item get xyz --reveal' to reveal]
one-time password:      123456
  mfa serial:           arn:aws:iam::[rest]
  Default region:       [region]
  Account ID:           [account-id]
URLs:
  website:      https://us-east-1.console.aws.amazon.com/iam/...