Use the output from configure export-credentials to find the session expiration. This works for profiles that use a sso-session whereas aws configure get x_security_token_expires does not.

Example

expires=$(aws configure export-credentials | jq -r '.Expiration')
echo "current session expires: $expires"

I've incorporated the above into a gist that configures shell completions for activating AWS_PROFILE and optionally refreshes its sso-session (if it expires in 2 hours or less). See https://gist.github.com/briceburg/f9b485dc0fa75fac0b2b169652e422b3