private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
bool retry = false;
GetOpenIdTokenResponse getTokenResult = null;
try
{
getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
}
catch (AmazonCognitoIdentityException e)
{
if (ShouldRetry(e))
{
retry = true;
}
else
{
throw;
}
}
if (retry)
{
return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false));
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identityId = await GetIdentityIdAsync().ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identityId
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
var getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId, true);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
