AWS SDK for .NET Documentation
AssumeRoleWithWebIdentityRequest Class
AmazonAmazon.SecurityToken.ModelAssumeRoleWithWebIdentityRequest Did this page help you?   Yes   No    Tell us about it...
Container for the parameters to the AssumeRoleWithWebIdentity operation. Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider, such as Login with Amazon, Facebook, or Google.

Calling

CopyC#
AssumeRoleWithWebIdentity
does not require the use of AWS security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term AWS credentials in the application, and without deploying server-based proxy services that use long-term AWS credentials. Instead, the identity of the caller is validated by using a token from the web identity provider.

The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS service APIs. The credentials are valid for the duration that you specified when calling

CopyC#
AssumeRoleWithWebIdentity
, which can be from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the temporary security credentials are valid for 1 hour.

Optionally, you can pass an IAM access policy to this operation. If you choose not to pass a policy, the temporary security credentials that are returned by the operation have the permissions that are defined in the access policy of the role that is being assumed. If you pass a policy to this operation, the temporary security credentials that are returned by the operation have the permissions that are allowed by both the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in Using Temporary Security Credentials.

Before your application can call

CopyC#
AssumeRoleWithWebIdentity
, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.

For more information about how to use web identity federation and the

CopyC#
AssumeRoleWithWebIdentity
, see the following resources:

......
Declaration Syntax
C#
public class AssumeRoleWithWebIdentityRequest : AmazonWebServiceRequest
Members
All MembersConstructorsMethodsProperties



IconMemberDescription
AssumeRoleWithWebIdentityRequest()()()()
Initializes a new instance of the AssumeRoleWithWebIdentityRequest class

DurationSeconds
Gets and sets the property DurationSeconds.

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.


Equals(Object)
Determines whether the specified Object is equal to the current Object.
(Inherited from Object.)
GetHashCode()()()()
Serves as a hash function for a particular type.
(Inherited from Object.)
GetType()()()()
Gets the type of the current instance.
(Inherited from Object.)
Policy
Gets and sets the property Policy.

An IAM policy in JSON format.

The policy parameter is optional. If you pass a policy, the temporary security credentials that are returned by the operation have the permissions that are allowed by both the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in Using Temporary Security Credentials.


ProviderId
Gets and sets the property ProviderId.

The fully-qualified host component of the domain name of the identity provider. Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as

CopyC#
accounts.google.com
. Do not include URL schemes and port numbers. Currently,
CopyC#
www.amazon.com
and
CopyC#
graph.facebook.com
are supported.


RoleArn
Gets and sets the property RoleArn.

The Amazon Resource Name (ARN) of the role that the caller is assuming.


RoleSessionName
Gets and sets the property RoleSessionName.

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the

CopyC#
AssumedRoleUser
response element.


ToString()()()()
Returns a string that represents the current object.
(Inherited from Object.)
WebIdentityToken
Gets and sets the property WebIdentityToken.

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an

CopyC#
AssumeRoleWithWebIdentity
call.


WithDurationSeconds(Int32) Obsolete.
Sets the DurationSeconds property

WithPolicy(String) Obsolete.
Sets the Policy property

WithProviderId(String) Obsolete.
Sets the ProviderId property

WithRoleArn(String) Obsolete.
Sets the RoleArn property

WithRoleSessionName(String) Obsolete.
Sets the RoleSessionName property

WithWebIdentityToken(String) Obsolete.
Sets the WebIdentityToken property

Inheritance Hierarchy
Object
AmazonWebServiceRequest
 AssumeRoleWithWebIdentityRequest

Assembly: AWSSDK (Module: AWSSDK) Version: 1.5.60.0 (1.5.60.0)