/// <summary> /// Performs the SSO flow to authenticate and get credentials /// </summary> /// <param name="oidc">SSO OIDC client</param> /// <param name="sso">SSO client</param> /// <returns>Resolved credentials</returns> private ImmutableCredentials GetSsoCredentials(ICoreAmazonSSOOIDC oidc, ICoreAmazonSSO sso) { var tokenCache = new SsoTokenCache(StartUrl); var token = tokenCache.GetAccessToken(); // Get and cache a SSO token if necessary if (string.IsNullOrWhiteSpace(token)) { var response = oidc.GetSsoToken(new GetSsoTokenRequest() { ClientName = GetSsoClientName(), ClientType = SsoClientTypePublic, StartUrl = StartUrl, SsoVerificationCallback = Options.SsoVerificationCallback, }); // If save fails, token will not be cached tokenCache.TrySave(new SsoToken() { AccessToken = response.AccessToken, Region = Region, ExpiresAt = response.ExpiresAt, StartUrl = StartUrl, }); token = response.AccessToken; } // Use SSO token to get credentials return(GetSsoRoleCredentials(sso, token)); }
/// <summary> /// Get resolved credentials from an AWS SSO access token /// </summary> /// <param name="sso">AWS SSO Client</param> /// <param name="accessToken">AWS SSO access token obtained from a user's authorization</param> /// <returns>Resolved credentials</returns> private async Task <ImmutableCredentials> GetSsoRoleCredentialsAsync(ICoreAmazonSSO sso, string accessToken) { return(await sso.CredentialsFromSsoAccessTokenAsync(AccountId, RoleName, accessToken, null) .ConfigureAwait(false)); }
/// <summary> /// Get resolved credentials from an AWS SSO access token /// </summary> /// <param name="sso">AWS SSO Client</param> /// <param name="accessToken">AWS SSO access token obtained from a user's authorization</param> /// <returns>Resolved credentials</returns> private ImmutableCredentials GetSsoRoleCredentials(ICoreAmazonSSO sso, string accessToken) { return(sso.CredentialsFromSsoAccessToken(AccountId, RoleName, accessToken, null)); }
/// <summary> /// Performs the SSO flow to authenticate and get credentials /// </summary> /// <param name="oidc">SSO OIDC client</param> /// <param name="sso">SSO client</param> /// <returns>Resolved credentials</returns> private async Task <ImmutableCredentials> GetSsoCredentialsAsync(ICoreAmazonSSOOIDC oidc, ICoreAmazonSSO sso) { var tokenCache = new SsoTokenCache(StartUrl); var token = tokenCache.GetAccessToken(); // Get and cache a SSO token if necessary if (string.IsNullOrWhiteSpace(token)) { if (string.IsNullOrEmpty(Options.ClientName)) { throw new ArgumentNullException($"Options property cannot be empty: {nameof(Options.ClientName)}"); } if (Options.SsoVerificationCallback == null) { throw new ArgumentNullException($"Options property cannot be empty: {nameof(Options.SsoVerificationCallback)}"); } var response = await oidc.GetSsoTokenAsync(new GetSsoTokenRequest() { ClientName = GetSsoClientName(), ClientType = SsoClientTypePublic, StartUrl = StartUrl, SsoVerificationCallback = Options.SsoVerificationCallback, }).ConfigureAwait(false); // If save fails, token will not be cached tokenCache.TrySave(new SsoToken() { AccessToken = response.AccessToken, Region = Region, ExpiresAt = response.ExpiresAt, StartUrl = StartUrl, }); token = response.AccessToken; } // Use SSO token to get credentials return(await GetSsoRoleCredentialsAsync(sso, token).ConfigureAwait(false)); }