private AssumeRoleWithWebIdentityRequest SetupAssumeRoleWithWebIdentityRequest(string webIdentityToken, string roleArn,
string roleSessionName, AssumeRoleWithWebIdentityCredentialsOptions options)
{
var request = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = webIdentityToken,
RoleArn = roleArn,
RoleSessionName = roleSessionName
};
if (options != null)
{
request.ProviderId = options.ProviderId;
request.PolicyArns = options.PolicyArns?.Select((arn) => new PolicyDescriptorType {
Arn = arn
}).ToList();
request.Policy = options.Policy;
if (options.DurationSeconds.HasValue)
{
request.DurationSeconds = options.DurationSeconds.Value;
}
}
return(request);
}
internal AssumeRoleWithWebIdentityResponse AssumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest request)
{
var marshaller = new AssumeRoleWithWebIdentityRequestMarshaller();
var unmarshaller = AssumeRoleWithWebIdentityResponseUnmarshaller.Instance;
return(Invoke <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse>(request, marshaller, unmarshaller));
}
public async Task <IActionResult> AssumeRoleAsync()
{
if (!HttpContext.User.Identity.IsAuthenticated)
{
return(new OkObjectResult("you have to sign in to access AWS resources"));
}
try
{
var assumeRoleRequest = new AssumeRoleWithWebIdentityRequest
{
RoleArn = "arn:aws:iam::628654266155:role/acme_app_access_s3",
RoleSessionName = "testsession",
WebIdentityToken = GetOktaTokenMiddleware.OktaToken,
};
var stsServiceClient = new AmazonSecurityTokenServiceClient(new BasicAWSCredentials("****", "*****"), RegionEndpoint.USEast2);
var response = await stsServiceClient.AssumeRoleWithWebIdentityAsync(assumeRoleRequest);
//var response = await stsServiceClient.ListRoles()
return(new OkObjectResult($"key = {response.Credentials.AccessKeyId} security = {response.Credentials.SecretAccessKey}"));
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
protected void GenerateNewCredentialsAsync(AmazonServiceCallback callback)
{
AmazonServiceResult voidResult = new AmazonServiceResult(null, null);
IdentityProvider.RefreshAsync(delegate(AmazonServiceResult refreshResult)
{
if (refreshResult.Exception != null)
{
voidResult.Exception = refreshResult.Exception;
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}
// Pick role to use, depending on Logins
string roleArn = UnAuthRoleArn;
if (IdentityProvider.Logins.Count > 0)
{
roleArn = AuthRoleArn;
}
if (string.IsNullOrEmpty(roleArn))
{
voidResult.Exception = new AmazonServiceException(
new InvalidOperationException(string.Format(CultureInfo.InvariantCulture,
"Unable to determine Role ARN. AuthRoleArn = [{0}], UnAuthRoleArn = [{1}], Logins.Count = {2}",
AuthRoleArn, UnAuthRoleArn, IdentityProvider.Logins.Count)));
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = IdentityProvider.GetCurrentOpenIdToken(),
RoleArn = roleArn,
RoleSessionName = "UnityProviderSession",
DurationSeconds = DefaultDurationSeconds
};
sts.AssumeRoleWithWebIdentityAsync(assumeRequest, delegate(AmazonServiceResult result)
{
if (result.Exception != null)
{
voidResult.Exception = result.Exception;
AmazonLogging.LogError(AmazonLogging.AmazonLoggingLevel.Errors, "STS", result.Exception.Message);
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}
AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentityResponse = result.Response as AssumeRoleWithWebIdentityResponse;
this._currentState = new CredentialsRefreshState
{
Credentials = assumeRoleWithWebIdentityResponse.Credentials.GetCredentials(),
Expiration = assumeRoleWithWebIdentityResponse.Credentials.Expiration
};
// success - FinalResponse
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}, null);
}, null);
}
private Amazon.SecurityToken.Model.Credentials GetStsCredentials(AssumeRoleWithWebIdentityRequest assumeRequest)
{
var assumeResult = Amazon.Runtime.Internal.Util.AsyncHelpers.RunSync <AssumeRoleWithWebIdentityResponse>(() => sts.AssumeRoleWithWebIdentityAsync(assumeRequest));
var credentials = assumeResult.Credentials;
return(credentials);
}
private Amazon.SecurityToken.Model.Credentials GetStsCredentials(AssumeRoleWithWebIdentityRequest assumeRequest)
{
var ars = new AutoResetEvent(false);
Amazon.SecurityToken.Model.Credentials credentials = null;
Exception exception = null;
sts.AssumeRoleWithWebIdentityAsync(assumeRequest, (assumeResult) =>
{
if (assumeResult.Exception != null)
{
exception = assumeResult.Exception;
}
else
{
credentials = assumeResult.Response.Credentials;
}
ars.Set();
});
ars.WaitOne();
if (exception != null)
{
throw exception;
}
return(credentials);
}
internal AssumeRoleWithWebIdentityResponse AssumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest request)
{
AssumeRoleWithWebIdentityRequestMarshaller assumeRoleWithWebIdentityRequestMarshaller = new AssumeRoleWithWebIdentityRequestMarshaller();
AssumeRoleWithWebIdentityResponseUnmarshaller instance = AssumeRoleWithWebIdentityResponseUnmarshaller.Instance;
return(this.Invoke <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse>(request, assumeRoleWithWebIdentityRequestMarshaller, instance));
}
private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
bool retry = false;
GetOpenIdTokenResponse getTokenResult = null;
try
{
getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
}
catch (AmazonCognitoIdentityException e)
{
if (ShouldRetry(e))
{
retry = true;
}
else
{
throw;
}
}
if (retry)
{
return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false));
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
// Retrieves credentials for the specific role, by making a call to STS
private CredentialsRefreshState GetCredentialsForRole(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = GetIdentityId()
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
var getTokenResult = GetOpenId(getTokenRequest);
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId, true);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = GetStsCredentials(assumeRequest);
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
private Amazon.SecurityToken.Model.Credentials GetStsCredentials(AssumeRoleWithWebIdentityRequest assumeRequest)
{
var assumeResult = sts.AssumeRoleWithWebIdentity(assumeRequest);
var credentials = assumeResult.Credentials;
return(credentials);
}
private void GetCredentialsForRoleWebGL(string roleArn, Action <CredentialsRefreshState> callback)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
this.GetIdentityIdWebGL(RefreshIdentityOptions.Refresh, identity =>
{
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
GetOpenIdWebGL(getTokenRequest, (getTokenResult, e) =>
{
bool retry = false;
if (e is AmazonCognitoIdentityException)
{
if (ShouldRetry(e as AmazonCognitoIdentityException))
{
retry = true;
}
else
{
throw e;
}
}
if (retry)
{
GetCredentialsForRoleWebGL(roleArn, callback);
return;
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = GetStsCredentials(assumeRequest);
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
callback(credentialsState);
});
});
}
// Retrieves credentials for the specific role, by making a call to STS
private CredentialsRefreshState GetCredentialsForRole(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identity = this.GetIdentityId(RefreshIdentityOptions.Refresh);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
bool retry = false;
GetOpenIdTokenResponse getTokenResult = null;
try
{
getTokenResult = GetOpenId(getTokenRequest);
}
catch (AmazonCognitoIdentityException e)
{
if (ShouldRetry(e))
{
retry = true;
}
else
{
throw;
}
}
if (retry)
{
return(GetCredentialsForRole(roleArn));
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = GetStsCredentials(assumeRequest);
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
internal virtual AssumeRoleWithWebIdentityResponse AssumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest request)
{
var options = new InvokeOptions();
options.RequestMarshaller = AssumeRoleWithWebIdentityRequestMarshaller.Instance;
options.ResponseUnmarshaller = AssumeRoleWithWebIdentityResponseUnmarshaller.Instance;
return(Invoke <AssumeRoleWithWebIdentityResponse>(request, options));
}
IAsyncResult invokeAssumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest, AsyncCallback callback, object state, bool synchronized)
{
IRequest irequest = new AssumeRoleWithWebIdentityRequestMarshaller().Marshall(assumeRoleWithWebIdentityRequest);
var unmarshaller = AssumeRoleWithWebIdentityResponseUnmarshaller.GetInstance();
AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller);
Invoke(result);
return(result);
}
private static async Task ListObjectsAsync()
{
try
{
Console.WriteLine("Listing objects stored in a bucket");
var roleArn = "arn:aws:iam::291738886548:role/s3webreaderrole";
string CREDENTIAL_FILE_JSON = "/path/to/svc.json";
// Get the idtoken as string and use it in a standard credential
// var targetAudience = "https://sts.amazonaws.com/";
// var idToken = await getGoogleOIDCToken(targetAudience, CREDENTIAL_FILE_JSON);
// var rawIdToken = await idToken.GetAccessTokenAsync().ConfigureAwait(false);
// SessionAWSCredentials tempCredentials = await getTemporaryCredentialsAsync(rawIdToken, roleArn, "testsession");
// Console.WriteLine(tempCredentials.GetCredentials().Token);
// using (s3Client = new AmazonS3Client(tempCredentials, bucketRegion))
// or create a usable GoogleCredential to wrap that
ServiceAccountCredential saCredential;
using (var fs = new FileStream(CREDENTIAL_FILE_JSON, FileMode.Open, FileAccess.Read))
{
saCredential = ServiceAccountCredential.FromServiceAccountData(fs);
}
var getSessionTokenRequest = new AssumeRoleWithWebIdentityRequest
{
RoleSessionName = "testsession",
RoleArn = roleArn
};
var cc = new GoogleCompatCredentials(saCredential, "https://sts.amazonaws.com/", getSessionTokenRequest);
using (s3Client = new AmazonS3Client(cc, bucketRegion))
// *****************
{
var listObjectRequest = new ListObjectsRequest
{
BucketName = bucketName
};
ListObjectsResponse response = await s3Client.ListObjectsAsync(listObjectRequest);
List <S3Object> objects = response.S3Objects;
foreach (S3Object o in objects)
{
Console.WriteLine("Object = {0}", o.Key);
}
}
}
catch (AmazonS3Exception s3Exception)
{
Console.WriteLine(s3Exception.Message, s3Exception.InnerException);
}
catch (AmazonSecurityTokenServiceException stsException)
{
Console.WriteLine(stsException.Message, stsException.InnerException);
}
}
public object Execute(ExecutorContext context)
{
var cmdletContext = context as CmdletContext;
// create request
var request = new AssumeRoleWithWebIdentityRequest();
if (cmdletContext.RoleArn != null)
{
request.RoleArn = cmdletContext.RoleArn;
}
if (cmdletContext.RoleSessionName != null)
{
request.RoleSessionName = cmdletContext.RoleSessionName;
}
if (cmdletContext.WebIdentityToken != null)
{
request.WebIdentityToken = cmdletContext.WebIdentityToken;
}
if (cmdletContext.ProviderId != null)
{
request.ProviderId = cmdletContext.ProviderId;
}
if (cmdletContext.Policy != null)
{
request.Policy = cmdletContext.Policy;
}
if (cmdletContext.DurationSeconds != null)
{
request.DurationSeconds = cmdletContext.DurationSeconds.Value;
}
// issue call
var client = Client ?? CreateClient();
CmdletOutput output;
try
{
var response = CallAWSServiceOperation(client, request);
object pipelineOutput = cmdletContext.Select(response, this);;
output = new CmdletOutput
{
PipelineOutput = pipelineOutput,
ServiceResponse = response
};
}
catch (Exception e)
{
output = new CmdletOutput {
ErrorResponse = e
};
}
return(output);
}
AssumeRoleWithWebIdentityResponse GetAssumeRoleWithWebIdentityResponse(
AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest)
{
// Start with Anonymous AWS Credentials and get temporary credentials.
var stsClient = new AmazonSecurityTokenServiceClient(
new AnonymousAWSCredentials());
assumeRoleWithWebIdentityRequest.DurationSeconds = 3600;
assumeRoleWithWebIdentityRequest.RoleSessionName = "MySession";
return(stsClient.AssumeRoleWithWebIdentity(
assumeRoleWithWebIdentityRequest));
}
internal AssumeRoleWithWebIdentityResponse AssumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest request)
{
var task = AssumeRoleWithWebIdentityAsync(request);
try
{
return(task.Result);
}
catch (AggregateException e)
{
ExceptionDispatchInfo.Capture(e.InnerException).Throw();
return(null);
}
}
/// <summary>
/// Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.
/// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService"/>
/// </summary>
/// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithWebIdentity operation.</param>
/// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes</param>
/// <returns>void</returns>
public void AssumeRoleWithWebIdentityAsync(AssumeRoleWithWebIdentityRequest request, AmazonServiceCallback callback, object state)
{
if (!AmazonInitializer.IsInitialized)
{
throw new Exception("AWSPrefab is not added to the scene");
}
ThreadPool.QueueUserWorkItem(new WaitCallback(delegate
{
var marshaller = new AssumeRoleWithWebIdentityRequestMarshaller();
var unmarshaller = AssumeRoleWithWebIdentityResponseUnmarshaller.Instance;
Invoke(request, callback, state, marshaller, unmarshaller, signer);
}));
return;
}
private CredentialsRefreshState GetCredentialsForRole(string roleArn)
{
string text = GetIdentityId(RefreshIdentityOptions.Refresh);
GetOpenIdTokenRequest getOpenIdTokenRequest = new GetOpenIdTokenRequest
{
IdentityId = text
};
if (Logins.Count > 0)
{
getOpenIdTokenRequest.Logins = Logins;
}
bool flag = false;
GetOpenIdTokenResponse getOpenIdTokenResponse = null;
try
{
getOpenIdTokenResponse = GetOpenId(getOpenIdTokenRequest);
}
catch (AmazonCognitoIdentityException e)
{
if (!ShouldRetry(e))
{
throw;
}
flag = true;
}
if (flag)
{
return(GetCredentialsForRole(roleArn));
}
string token = getOpenIdTokenResponse.Token;
UpdateIdentity(getOpenIdTokenResponse.IdentityId);
AssumeRoleWithWebIdentityRequest assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
Amazon.SecurityToken.Model.Credentials stsCredentials = GetStsCredentials(assumeRequest);
return(new CredentialsRefreshState(stsCredentials.GetCredentials(), stsCredentials.Expiration));
}
public void AssumeRoleWithWebIdentityAsync(AssumeRoleWithWebIdentityRequest request, AmazonServiceCallback <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse> callback, AsyncOptions options = null)
{
//IL_0013: Unknown result type (might be due to invalid IL or missing references)
options = ((options == null) ? ((object)new AsyncOptions()) : ((object)options));
AssumeRoleWithWebIdentityRequestMarshaller assumeRoleWithWebIdentityRequestMarshaller = new AssumeRoleWithWebIdentityRequestMarshaller();
AssumeRoleWithWebIdentityResponseUnmarshaller instance = AssumeRoleWithWebIdentityResponseUnmarshaller.Instance;
Action <AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> action = null;
if (callback != null)
{
action = delegate(AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao)
{
AmazonServiceResult <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse> val = new AmazonServiceResult <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse>((AssumeRoleWithWebIdentityRequest)req, (AssumeRoleWithWebIdentityResponse)res, ex, ao.get_State());
callback.Invoke(val);
};
}
this.BeginInvoke <AssumeRoleWithWebIdentityRequest>(request, assumeRoleWithWebIdentityRequestMarshaller, instance, options, action);
}
/// <summary>
/// Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithWebIdentity operation on AmazonSecurityTokenServiceClient.</param>
/// <param name="callback">An Action delegate that is invoked when the operation completes.</param>
/// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
/// procedure using the AsyncState property.</param>
public void AssumeRoleWithWebIdentityAsync(AssumeRoleWithWebIdentityRequest request, AmazonServiceCallback <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse> callback, AsyncOptions options = null)
{
options = options == null?new AsyncOptions():options;
var marshaller = new AssumeRoleWithWebIdentityRequestMarshaller();
var unmarshaller = AssumeRoleWithWebIdentityResponseUnmarshaller.Instance;
Action <AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null;
if (callback != null)
{
callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => {
AmazonServiceResult <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse> responseObject
= new AmazonServiceResult <AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse>((AssumeRoleWithWebIdentityRequest)req, (AssumeRoleWithWebIdentityResponse)res, ex, ao.State);
callback(responseObject);
}
}
;
BeginInvoke <AssumeRoleWithWebIdentityRequest>(request, marshaller, unmarshaller, options, callbackHelper);
}
static async Task Main(string[] args)
{
var awsOptions = new AWSOptions();
using (var cognito = new AmazonCognitoIdentityProviderClient(RegionEndpoint.EUWest1))
{
var initAuthRequest = new AdminInitiateAuthRequest
{
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH,
AuthParameters = new Dictionary <string, string>
{
},
UserPoolId = "eu-west-1_BJ8QvSs1g",
ClientId = "5ive4k9rhvvo776p7rppa5gcd5"
};
var response = await cognito.AdminInitiateAuthAsync(initAuthRequest);
var challengeResponse = new AdminRespondToAuthChallengeRequest
{
ChallengeName = response.ChallengeName,
Session = response.Session,
ClientId = "Filer",
UserPoolId = "Services"
};
var authResponse = await cognito.AdminRespondToAuthChallengeAsync(challengeResponse);
using (var securityTokenProvider = new AmazonSecurityTokenServiceClient())
{
var assumeRoleRequest = new AssumeRoleWithWebIdentityRequest
{
RoleArn = "",
WebIdentityToken = authResponse.AuthenticationResult.AccessToken
};
var roleCreds = await securityTokenProvider.AssumeRoleWithWebIdentityAsync(assumeRoleRequest);
awsOptions.Credentials = roleCreds.Credentials;
}
}
}
public AssumeRoleWithWebIdentityResponse GetTemporaryCredentialUsingFacebook(
string client_id,
string role)
{
string query = "https://www.facebook.com/dialog/oauth?" +
string.Format("client_id={0}&", client_id) +
"response_type=token&" +
"redirect_uri=https://www.facebook.com/connect/login_success.html";
AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest =
new AssumeRoleWithWebIdentityRequest()
{
ProviderId = "graph.facebook.com",
WebIdentityToken = GetToken("access_token", query),
RoleArn = role,
};
return(GetAssumeRoleWithWebIdentityResponse(assumeRoleWithWebIdentityRequest));
}
public AssumeRoleWithWebIdentityResponse GetTemporaryCredentialUsingGoogle2(
string client_id,
string client_secret,
string role)
{
string query = "https://accounts.google.com/o/oauth2/auth?" +
string.Format("client_id={0}&", client_id) +
"response_type=code&" +
"scope=email%20profile&" +
"redirect_uri=http://www.padisetty.com";
string id_token = null;
using (var wc = new WebClient())
{
var data = new NameValueCollection();
data["code"] = GetToken("code", query);
data["client_id"] = client_id;
data["client_secret"] = client_secret;
data["redirect_uri"] = "http://www.padisetty.com";
data["grant_type"] = "authorization_code";
var response = wc.UploadValues(
"https://accounts.google.com/o/oauth2/token",
"POST", data);
string responsebody = Encoding.UTF8.GetString(response);
dynamic result = JsonConvert.DeserializeObject(responsebody);
id_token = result.id_token;
}
AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest =
new AssumeRoleWithWebIdentityRequest()
{
WebIdentityToken = id_token,
RoleArn = role
};
return(GetAssumeRoleWithWebIdentityResponse(assumeRoleWithWebIdentityRequest));
}
public AssumeRoleWithWebIdentityResponse GetTemporaryCredentialUsingGoogle(
string client_id,
string role)
{
string query = "https://accounts.google.com/o/oauth2/auth?" +
string.Format("client_id={0}&", client_id) +
"response_type=id_token&" +
"scope=email%20profile&" +
"redirect_uri=http://www.padisetty.com";
AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest =
new AssumeRoleWithWebIdentityRequest()
{
WebIdentityToken = GetToken("id_token", query),
RoleArn = role
};
return(GetAssumeRoleWithWebIdentityResponse(
assumeRoleWithWebIdentityRequest));
}
/// <summary>
/// Constructs an GoogleCompatCredentials object.
/// </summary>
/// <param name="sourceCredentials">The Google credential that implements Google.Apis.Auth.OAuth2.IOidcTokenProvider.</param>
/// <param name="targetAudience">The audience value for the GoogleOIDC Token.</param>
/// <param name="assumeRoleWithWebIdentityRequest">AssumeRoleWithWebIdentityRequest structure that specifies the Arn, SessionName.</param>
/// <param name="options">Options to be used in the call to AssumeRole. Not implemented!</param>
public GoogleCompatCredentials(Google.Apis.Auth.OAuth2.IOidcTokenProvider sourceCredentials, string targetAudience, AssumeRoleWithWebIdentityRequest wr, AssumeRoleAWSCredentialsOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
SourceCredentials = sourceCredentials;
TargetAudience = defaultTargetAudience;
if (targetAudience != "")
{
TargetAudience = targetAudience;
}
TargetAssumeRoleRequest = wr;
Options = options;
// Make sure to fetch new credentials well before the current credentials expire to avoid
// any request being made with expired credentials.
PreemptExpiryTime = TimeSpan.FromMinutes(5);
}
public AssumeRoleWithWebIdentityResponse GetTemporaryCredentialUsingAmazon(
string client_id,
string role)
{
string query = "https://www.amazon.com/ap/oa?" +
string.Format("client_id={0}&", client_id) +
"response_type=token&" +
"scope=profile&" +
"redirect_uri=https://www.google.com";
AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest =
new AssumeRoleWithWebIdentityRequest()
{
ProviderId = "www.amazon.com",
WebIdentityToken = GetToken("access_token", query),
RoleArn = role
};
return(GetAssumeRoleWithWebIdentityResponse(
assumeRoleWithWebIdentityRequest));
}
private static async Task <SessionAWSCredentials> getTemporaryCredentialsAsync(String idToken, String roleArn, String sessionName)
{
using (var stsClient = new AmazonSecurityTokenServiceClient())
{
var getSessionTokenRequest = new AssumeRoleWithWebIdentityRequest
{
RoleSessionName = sessionName,
RoleArn = roleArn,
WebIdentityToken = idToken
};
AssumeRoleWithWebIdentityResponse sessionTokenResponse = await stsClient.AssumeRoleWithWebIdentityAsync(getSessionTokenRequest);
Credentials credentials = sessionTokenResponse.Credentials;
var sessionCredentials =
new SessionAWSCredentials(credentials.AccessKeyId,
credentials.SecretAccessKey,
credentials.SessionToken);
return(sessionCredentials);
}
}
private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identityId = await GetIdentityIdAsync().ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identityId
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
var getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId, true);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
