Calling CopyC#
AssumeRoleWithWebIdentity
The temporary security credentials returned by this API consist of an access key ID,
a secret access key, and a security token. Applications can use these temporary
security credentials to sign calls to AWS service APIs. The credentials are valid
for the duration that you specified when calling CopyC#
AssumeRoleWithWebIdentity
Optionally, you can pass an IAM access policy to this operation. If you choose not to pass a policy, the temporary security credentials that are returned by the operation have the permissions that are defined in the access policy of the role that is being assumed. If you pass a policy to this operation, the temporary security credentials that are returned by the operation have the permissions that are allowed by both the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in Using Temporary Security Credentials.
Before your application can call CopyC#
AssumeRoleWithWebIdentity
For more information about how to use web identity federation and the CopyC#
AssumeRoleWithWebIdentity
- Creating a Mobile Application with Third-Party Sign-In and Creating Temporary Security Credentials for Mobile Apps Using Third-Party Identity Providers in Using Temporary Security Credentials.
- Web Identity Federation Playground. This interactive website lets you walk through the process of authenticating via Login with Amazon, Facebook, or Google, getting temporary security credentials, and then using those credentials to make a request to AWS.
- AWS SDK for iOS and AWS SDK for Android. These toolkits contain sample apps that show how to invoke the identity providers, and then how to use the information from these providers to get and use temporary security credentials.
- Web Identity Federation with Mobile Applications. This article discusses web identity federation and shows an example of how to use web identity federation to get access to content in Amazon S3.

C# |
public class AssumeRoleWithWebIdentityRequest : AmazonWebServiceRequest

All Members | Constructors | Methods | Properties | ||
Icon | Member | Description |
---|---|---|
![]() | AssumeRoleWithWebIdentityRequest()()()() | Initializes a new instance of the AssumeRoleWithWebIdentityRequest class |
![]() | DurationSeconds |
Gets and sets the property DurationSeconds.
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds. |
![]() | Equals(Object) | (Inherited from Object.) |
![]() | GetHashCode()()()() | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() | GetType()()()() | Gets the type of the current instance. (Inherited from Object.) |
![]() | Policy |
Gets and sets the property Policy.
An IAM policy in JSON format. The policy parameter is optional. If you pass a policy, the temporary security credentials that are returned by the operation have the permissions that are allowed by both the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in Using Temporary Security Credentials. |
![]() | ProviderId |
Gets and sets the property ProviderId.
The fully-qualified host component of the domain name of the identity provider. Specify
this value only for OAuth access tokens. Do not specify this value for OpenID
Connect ID tokens, such as |
![]() | RoleArn |
Gets and sets the property RoleArn.
The Amazon Resource Name (ARN) of the role that the caller is assuming. |
![]() | RoleSessionName |
Gets and sets the property RoleSessionName.
An identifier for the assumed role session. Typically, you pass the name or identifier
that is associated with the user who is using your application. That way, the
temporary security credentials that your application will use are associated
with that user. This session name is included as part of the ARN and assumed
role ID in the |
![]() | ToString()()()() | Returns a string that represents the current object. (Inherited from Object.) |
![]() | WebIdentityToken |
Gets and sets the property WebIdentityToken.
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
provider. Your application must get this token by authenticating the user who
is using your application with a web identity provider before the application
makes an |
![]() | WithDurationSeconds(Int32) | Obsolete.
Sets the DurationSeconds property
|
![]() | WithPolicy(String) | Obsolete.
Sets the Policy property
|
![]() | WithProviderId(String) | Obsolete.
Sets the ProviderId property
|
![]() | WithRoleArn(String) | Obsolete.
Sets the RoleArn property
|
![]() | WithRoleSessionName(String) | Obsolete.
Sets the RoleSessionName property
|
![]() | WithWebIdentityToken(String) | Obsolete.
Sets the WebIdentityToken property
|

Object | ||
![]() | AmazonWebServiceRequest | |
![]() | AssumeRoleWithWebIdentityRequest |