private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identity
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
bool retry = false;
GetOpenIdTokenResponse getTokenResult = null;
try
{
getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
}
catch (AmazonCognitoIdentityException e)
{
if (ShouldRetry(e))
{
retry = true;
}
else
{
throw;
}
}
if (retry)
{
return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false));
}
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}
protected void GenerateNewCredentialsAsync(AmazonServiceCallback callback)
{
AmazonServiceResult voidResult = new AmazonServiceResult(null, null);
IdentityProvider.RefreshAsync(delegate(AmazonServiceResult refreshResult)
{
if (refreshResult.Exception != null)
{
voidResult.Exception = refreshResult.Exception;
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}
// Pick role to use, depending on Logins
string roleArn = UnAuthRoleArn;
if (IdentityProvider.Logins.Count > 0)
{
roleArn = AuthRoleArn;
}
if (string.IsNullOrEmpty(roleArn))
{
voidResult.Exception = new AmazonServiceException(
new InvalidOperationException(string.Format(CultureInfo.InvariantCulture,
"Unable to determine Role ARN. AuthRoleArn = [{0}], UnAuthRoleArn = [{1}], Logins.Count = {2}",
AuthRoleArn, UnAuthRoleArn, IdentityProvider.Logins.Count)));
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = IdentityProvider.GetCurrentOpenIdToken(),
RoleArn = roleArn,
RoleSessionName = "UnityProviderSession",
DurationSeconds = DefaultDurationSeconds
};
sts.AssumeRoleWithWebIdentityAsync(assumeRequest, delegate(AmazonServiceResult result)
{
if (result.Exception != null)
{
voidResult.Exception = result.Exception;
AmazonLogging.LogError(AmazonLogging.AmazonLoggingLevel.Errors, "STS", result.Exception.Message);
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}
AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentityResponse = result.Response as AssumeRoleWithWebIdentityResponse;
this._currentState = new CredentialsRefreshState
{
Credentials = assumeRoleWithWebIdentityResponse.Credentials.GetCredentials(),
Expiration = assumeRoleWithWebIdentityResponse.Credentials.Expiration
};
// success - FinalResponse
AmazonMainThreadDispatcher.ExecCallback(callback, voidResult);
return;
}, null);
}, null);
}
private Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service", "AssumeRoleWithWebIdentity");
try
{
#if DESKTOP
return(client.AssumeRoleWithWebIdentity(request));
#elif CORECLR
return(client.AssumeRoleWithWebIdentityAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn)
{
CredentialsRefreshState credentialsState;
// Retrieve Open Id Token
// (Reuses existing IdentityId or creates a new one)
var identityId = await GetIdentityIdAsync().ConfigureAwait(false);
var getTokenRequest = new GetOpenIdTokenRequest {
IdentityId = identityId
};
// If logins are set, pass them to the GetOpenId call
if (Logins.Count > 0)
{
getTokenRequest.Logins = Logins;
}
var getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false);
string token = getTokenResult.Token;
// IdentityId may have changed, save the new value
UpdateIdentity(getTokenResult.IdentityId, true);
// Assume role with Open Id Token
var assumeRequest = new AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "NetProviderSession",
DurationSeconds = DefaultDurationSeconds
};
var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials;
// Return new refresh state (credentials and expiration)
credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration);
return(credentialsState);
}