private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
bool retry = false;
GetOpenIdTokenResponse getTokenResult = null;
try
{
getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
}
catch (AmazonCognitoIdentityException e)
{
if (ShouldRetry(e))
{
retry = true;
}
else
{
throw;
}
}
if (retry)
{
return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false));
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
/// <summary>
/// Unmarshaller the response from the service to the response class.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
GetOpenIdTokenResponse response = new GetOpenIdTokenResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.TestExpression("IdentityId", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.IdentityId = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("Token", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.Token = unmarshaller.Unmarshall(context);
continue;
}
}
return(response);
}
// Retrieves credentials for the specific role, by making a call to STS
private CredentialsRefreshState GetCredentialsForRole(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identity = this.GetIdentityId(RefreshIdentityOptions.Refresh);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
bool retry = false;
GetOpenIdTokenResponse getTokenResult = null;
try
{
getTokenResult = GetOpenId(getTokenRequest);
}
catch (AmazonCognitoIdentityException e)
{
if (ShouldRetry(e))
{
retry = true;
}
else
{
throw;
}
}
if (retry)
{
return(GetCredentialsForRole(roleArn));
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = GetStsCredentials(assumeRequest);
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
private CredentialsRefreshState GetCredentialsForRole(string roleArn)
{
string text = GetIdentityId(RefreshIdentityOptions.Refresh);
GetOpenIdTokenRequest getOpenIdTokenRequest = new GetOpenIdTokenRequest
{
IdentityId = text
};
if (Logins.Count > 0)
{
getOpenIdTokenRequest.Logins = Logins;
}
bool flag = false;
GetOpenIdTokenResponse getOpenIdTokenResponse = null;
try
{
getOpenIdTokenResponse = GetOpenId(getOpenIdTokenRequest);
}
catch (AmazonCognitoIdentityException e)
{
if (!ShouldRetry(e))
{
throw;
}
flag = true;
}
if (flag)
{
return(GetCredentialsForRole(roleArn));
}
string token = getOpenIdTokenResponse.Token;
UpdateIdentity(getOpenIdTokenResponse.IdentityId);
AssumeRoleWithWebIdentityRequest assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
Amazon.SecurityToken.Model.Credentials stsCredentials = GetStsCredentials(assumeRequest);
return(new CredentialsRefreshState(stsCredentials.GetCredentials(), stsCredentials.Expiration));
}
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
GetOpenIdTokenResponse getOpenIdTokenResponse = new GetOpenIdTokenResponse();
context.Read();
int currentDepth = context.CurrentDepth;
while (context.ReadAtDepth(currentDepth))
{
if (context.TestExpression("IdentityId", currentDepth))
{
StringUnmarshaller instance = StringUnmarshaller.Instance;
getOpenIdTokenResponse.IdentityId = instance.Unmarshall(context);
}
else if (context.TestExpression("Token", currentDepth))
{
StringUnmarshaller instance2 = StringUnmarshaller.Instance;
getOpenIdTokenResponse.Token = instance2.Unmarshall(context);
}
}
return(getOpenIdTokenResponse);
}
