Class: Aws::CognitoIdentity::CognitoIdentityCredentials
- Inherits:
-
Object
- Object
- Aws::CognitoIdentity::CognitoIdentityCredentials
- Includes:
- Aws::CredentialProvider
- Defined in:
- gems/aws-sdk-cognitoidentity/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb
Overview
An auto-refreshing credential provider that represents credentials retrieved from STS Web Identity Federation using the Amazon Cognito Identity service.
This provider gets credentials using the
Aws::CognitoIdentity::Client#get_credentials_for_identity service operation, which
requires either an identity_id
or an identity_pool_id
(Amazon Cognito
Identity Pool ID), which is used to call Aws::CognitoIdentity::Client#get_id to
obtain an identity_id
automatically.
In addition, if this credential provider is used to provide authenticated
login, the logins
map may be set to the tokens provided by the
respective identity providers. See #initialize for an example on
creating a credentials object with proper property values.
Refreshing Credentials from Identity Service
The CognitoIdentityCredentials will auto-refresh the AWS credentials from Cognito. In addition to AWS credentials expiring after a given amount of time, the login token from the identity provider will also expire. Once this token expires, it will not be usable to refresh AWS credentials, and another token will be needed. The SDK does not manage refreshing of the token value, but this can be done through a "refresh token" supported by most identity providers. Consult the documentation for the identity provider for refreshing tokens. Once the refreshed token is acquired, you should make sure to update this new token in the CognitoIdentityCredentials object's #logins property. The following code will update the WebIdentityToken, assuming you have retrieved an updated token from the identity provider:
AWS.config.credentials.logins['graph.facebook.com'] = updatedToken;
AWS.config.credentials.refresh! # required only if authentication state has changed
The CognitoIdentityCredentials also provides a before_refresh
callback
that can be used to help manage refreshing identity provider tokens.
before_refresh
is called when AWS credentials are required and need
to be refreshed and it has access to the CognitoIdentityCredentials object.
Instance Attribute Summary collapse
Attributes included from Aws::CredentialProvider
Instance Method Summary collapse
-
#identity_id ⇒ String
-
#initialize(options = {}) ⇒ CognitoIdentityCredentials
constructor
A new instance of CognitoIdentityCredentials.
Methods included from Aws::CredentialProvider
Constructor Details
#initialize(options = {}) ⇒ CognitoIdentityCredentials
Returns a new instance of CognitoIdentityCredentials.
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'gems/aws-sdk-cognitoidentity/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb', line 83 def initialize( = {}) @identity_pool_id = .delete(:identity_pool_id) @identity_id = .delete(:identity_id) @custom_role_arn = .delete(:custom_role_arn) @logins = .delete(:logins) || {} @async_refresh = false client_opts = {} .each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) } if !@identity_pool_id && !@identity_id raise ArgumentError, 'Must provide either identity_pool_id or identity_id' end @client = [:client] || CognitoIdentity::Client.new( client_opts.merge(credentials: false) ) super end |
Instance Attribute Details
#client ⇒ CognitoIdentity::Client (readonly)
105 106 107 |
# File 'gems/aws-sdk-cognitoidentity/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb', line 105 def client @client end |
#logins ⇒ Hash<String,String>
108 109 110 |
# File 'gems/aws-sdk-cognitoidentity/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb', line 108 def logins @logins end |
Instance Method Details
#identity_id ⇒ String
111 112 113 114 115 |
# File 'gems/aws-sdk-cognitoidentity/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb', line 111 def identity_id @identity_id ||= @client .get_id(identity_pool_id: @identity_pool_id) .identity_id end |