//public CognitoAWSCredentials GetCachedCognitoIdentity()
//{
// Console.WriteLine("GetCachedCognitoIdentity");
// if (!string.IsNullOrEmpty(credentials.GetCachedIdentityId()) || credentials.CurrentLoginProviders.Length > 0)
// {
// return credentials;
// }
// return null;
//}
public async Task GetAWSCredentialsWithGoogleToken(string token)
{
try
{
CognitoAWSCredentials credentials = new CognitoAWSCredentials(this.IDENTITYPOOL_ID, RegionEndpoint.EUCentral1);
credentials.Clear();
credentials.AddLogin("accounts.google.com", token);
AmazonCognitoIdentityClient cli = new AmazonCognitoIdentityClient(credentials, RegionEndpoint.EUCentral1);
var req = new Amazon.CognitoIdentity.Model.GetIdRequest();
req.Logins.Add("accounts.google.com", token);
req.IdentityPoolId = this.IDENTITYPOOL_ID;
GetIdResponse getIdResponse = await cli.GetIdAsync(req);
var getCredentialReq = new Amazon.CognitoIdentity.Model.GetCredentialsForIdentityRequest();
getCredentialReq.IdentityId = getIdResponse.IdentityId;
getCredentialReq.Logins.Add("accounts.google.com", token);
GetCredentialsForIdentityResponse getCredentialsResponse = await cli.GetCredentialsForIdentityAsync(getCredentialReq);
UserInfo.Credentials = getCredentialsResponse.Credentials;
UserInfo.IdentityId = getCredentialsResponse.IdentityId;
}
catch (Exception ex)
{
Console.WriteLine("GetAWSCredentialsWithGoogleToken ERROR: " + ex.Message);
throw ex;
}
}
public async Task <IActionResult> ConnectToAWSViaCognitoCredsAsync()
{
try
{
if (!this.HttpContext.User.Identity.IsAuthenticated)
{
return(new OkObjectResult("you have to sign in to access AWS resources"));
}
AnonymousAWSCredentials cred = new AnonymousAWSCredentials();
AmazonCognitoIdentityClient cognitoClient = new AmazonCognitoIdentityClient(
cred,
RegionEndpoint.USEast2
);
GetIdRequest idRequest = new GetIdRequest();
idRequest.AccountId = "628654266155";
idRequest.IdentityPoolId = "us-east-2:c6e1e652-eb33-4daa-a04e-9cb0418a92cc";
var logins = new Dictionary <string, string> {
{ "dev-220949.okta.com/oauth2/default", GetOktaTokenMiddleware.OktaToken }
};
idRequest.Logins = logins;
// The identity id is in the IdentityId parameter of the response object
GetIdResponse idResp = await cognitoClient.GetIdAsync(idRequest);
//GetCredentialsForIdentityRequest getCredentialsRequest =
// new GetCredentialsForIdentityRequest { IdentityId = idResp.IdentityId, Logins = logins };
var temporaryCreds = await cognitoClient.GetCredentialsForIdentityAsync(idResp.IdentityId, logins);
//var s3Client = new AmazonS3Client(temporaryCreds.Credentials, RegionEndpoint.USEast2);
var s3Client = new AmazonS3Client(temporaryCreds.Credentials, RegionEndpoint.USEast2);
return(await this.ObjectFromBucket(s3Client));
//var assumeRoleRequest = new AssumeRoleWithWebIdentityRequest
//{
// RoleArn = "arn:aws:iam::628654266155:role/acme_empoyees_accessing_s3",
// RoleSessionName = "testsession",
// WebIdentityToken = GetOktaTokenMiddleware.OktaToken,
//};
//var stsServiceClient = new AmazonSecurityTokenServiceClient(temporaryCreds.Credentials, RegionEndpoint.USEast2);
//var response = await stsServiceClient.AssumeRoleWithWebIdentityAsync(assumeRoleRequest);
//return new OkObjectResult($" assumed role is {response.AssumedRoleUser.AssumedRoleId}");
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
public int GetId()
{
GetIdResponse response = null;
if (connection.InvokeRpc(() =>
{
response = client.GetId(
new GetIdRequest {
Watchpoint = grpcSbWatchpoint
});
}))
{
return(response.Id);
}
return(0);
}
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
GetIdResponse getIdResponse = new GetIdResponse();
context.Read();
int currentDepth = context.CurrentDepth;
while (context.ReadAtDepth(currentDepth))
{
if (context.TestExpression("IdentityId", currentDepth))
{
StringUnmarshaller instance = StringUnmarshaller.Instance;
getIdResponse.IdentityId = instance.Unmarshall(context);
}
}
return(getIdResponse);
}
protected virtual IdentityState RefreshIdentity()
{
bool fromCache = true;
if (!IsIdentitySet)
{
GetIdRequest request = new GetIdRequest
{
AccountId = AccountId,
IdentityPoolId = IdentityPoolId,
Logins = Logins
};
GetIdResponse id = cib.GetId(request);
fromCache = false;
UpdateIdentity(id.IdentityId);
}
return(new IdentityState(identityId, fromCache));
}
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
GetIdResponse response = new GetIdResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.TestExpression("IdentityId", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.IdentityId = unmarshaller.Unmarshall(context);
continue;
}
}
return(response);
}
