private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn) { CredentialsRefreshState credentialsState; // Retrieve Open Id Token // (Reuses existing IdentityId or creates a new one) var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false); var getTokenRequest = new GetOpenIdTokenRequest { IdentityId = identity }; // If logins are set, pass them to the GetOpenId call if (Logins.Count > 0) { getTokenRequest.Logins = Logins; } bool retry = false; GetOpenIdTokenResponse getTokenResult = null; try { getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false); } catch (AmazonCognitoIdentityException e) { if (ShouldRetry(e)) { retry = true; } else { throw; } } if (retry) { return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false)); } string token = getTokenResult.Token; // IdentityId may have changed, save the new value UpdateIdentity(getTokenResult.IdentityId); // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials; // Return new refresh state (credentials and expiration) credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration); return(credentialsState); }
/// <summary> /// Unmarshaller the response from the service to the response class. /// </summary> /// <param name="context"></param> /// <returns></returns> public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context) { GetOpenIdTokenResponse response = new GetOpenIdTokenResponse(); context.Read(); int targetDepth = context.CurrentDepth; while (context.ReadAtDepth(targetDepth)) { if (context.TestExpression("IdentityId", targetDepth)) { var unmarshaller = StringUnmarshaller.Instance; response.IdentityId = unmarshaller.Unmarshall(context); continue; } if (context.TestExpression("Token", targetDepth)) { var unmarshaller = StringUnmarshaller.Instance; response.Token = unmarshaller.Unmarshall(context); continue; } } return(response); }
// Retrieves credentials for the specific role, by making a call to STS private CredentialsRefreshState GetCredentialsForRole(string roleArn) { CredentialsRefreshState credentialsState; // Retrieve Open Id Token // (Reuses existing IdentityId or creates a new one) var identity = this.GetIdentityId(RefreshIdentityOptions.Refresh); var getTokenRequest = new GetOpenIdTokenRequest { IdentityId = identity }; // If logins are set, pass them to the GetOpenId call if (Logins.Count > 0) { getTokenRequest.Logins = Logins; } bool retry = false; GetOpenIdTokenResponse getTokenResult = null; try { getTokenResult = GetOpenId(getTokenRequest); } catch (AmazonCognitoIdentityException e) { if (ShouldRetry(e)) { retry = true; } else { throw; } } if (retry) { return(GetCredentialsForRole(roleArn)); } string token = getTokenResult.Token; // IdentityId may have changed, save the new value UpdateIdentity(getTokenResult.IdentityId); // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; var credentials = GetStsCredentials(assumeRequest); credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration); return(credentialsState); }
private CredentialsRefreshState GetCredentialsForRole(string roleArn) { string text = GetIdentityId(RefreshIdentityOptions.Refresh); GetOpenIdTokenRequest getOpenIdTokenRequest = new GetOpenIdTokenRequest { IdentityId = text }; if (Logins.Count > 0) { getOpenIdTokenRequest.Logins = Logins; } bool flag = false; GetOpenIdTokenResponse getOpenIdTokenResponse = null; try { getOpenIdTokenResponse = GetOpenId(getOpenIdTokenRequest); } catch (AmazonCognitoIdentityException e) { if (!ShouldRetry(e)) { throw; } flag = true; } if (flag) { return(GetCredentialsForRole(roleArn)); } string token = getOpenIdTokenResponse.Token; UpdateIdentity(getOpenIdTokenResponse.IdentityId); AssumeRoleWithWebIdentityRequest assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; Amazon.SecurityToken.Model.Credentials stsCredentials = GetStsCredentials(assumeRequest); return(new CredentialsRefreshState(stsCredentials.GetCredentials(), stsCredentials.Expiration)); }
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context) { GetOpenIdTokenResponse getOpenIdTokenResponse = new GetOpenIdTokenResponse(); context.Read(); int currentDepth = context.CurrentDepth; while (context.ReadAtDepth(currentDepth)) { if (context.TestExpression("IdentityId", currentDepth)) { StringUnmarshaller instance = StringUnmarshaller.Instance; getOpenIdTokenResponse.IdentityId = instance.Unmarshall(context); } else if (context.TestExpression("Token", currentDepth)) { StringUnmarshaller instance2 = StringUnmarshaller.Instance; getOpenIdTokenResponse.Token = instance2.Unmarshall(context); } } return(getOpenIdTokenResponse); }