//public CognitoAWSCredentials GetCachedCognitoIdentity()
//{
// Console.WriteLine("GetCachedCognitoIdentity");
// if (!string.IsNullOrEmpty(credentials.GetCachedIdentityId()) || credentials.CurrentLoginProviders.Length > 0)
// {
// return credentials;
// }
// return null;
//}
public async Task GetAWSCredentialsWithGoogleToken(string token)
{
try
{
CognitoAWSCredentials credentials = new CognitoAWSCredentials(this.IDENTITYPOOL_ID, RegionEndpoint.EUCentral1);
credentials.Clear();
credentials.AddLogin("accounts.google.com", token);
AmazonCognitoIdentityClient cli = new AmazonCognitoIdentityClient(credentials, RegionEndpoint.EUCentral1);
var req = new Amazon.CognitoIdentity.Model.GetIdRequest();
req.Logins.Add("accounts.google.com", token);
req.IdentityPoolId = this.IDENTITYPOOL_ID;
GetIdResponse getIdResponse = await cli.GetIdAsync(req);
var getCredentialReq = new Amazon.CognitoIdentity.Model.GetCredentialsForIdentityRequest();
getCredentialReq.IdentityId = getIdResponse.IdentityId;
getCredentialReq.Logins.Add("accounts.google.com", token);
GetCredentialsForIdentityResponse getCredentialsResponse = await cli.GetCredentialsForIdentityAsync(getCredentialReq);
UserInfo.Credentials = getCredentialsResponse.Credentials;
UserInfo.IdentityId = getCredentialsResponse.IdentityId;
}
catch (Exception ex)
{
Console.WriteLine("GetAWSCredentialsWithGoogleToken ERROR: " + ex.Message);
throw ex;
}
}
public async Task <IActionResult> ConnectToAWSViaCognitoCredsAsync()
{
try
{
if (!this.HttpContext.User.Identity.IsAuthenticated)
{
return(new OkObjectResult("you have to sign in to access AWS resources"));
}
AnonymousAWSCredentials cred = new AnonymousAWSCredentials();
AmazonCognitoIdentityClient cognitoClient = new AmazonCognitoIdentityClient(
cred,
RegionEndpoint.USEast2
);
GetIdRequest idRequest = new GetIdRequest();
idRequest.AccountId = "628654266155";
idRequest.IdentityPoolId = "us-east-2:c6e1e652-eb33-4daa-a04e-9cb0418a92cc";
var logins = new Dictionary <string, string> {
{ "dev-220949.okta.com/oauth2/default", GetOktaTokenMiddleware.OktaToken }
};
idRequest.Logins = logins;
// The identity id is in the IdentityId parameter of the response object
GetIdResponse idResp = await cognitoClient.GetIdAsync(idRequest);
//GetCredentialsForIdentityRequest getCredentialsRequest =
// new GetCredentialsForIdentityRequest { IdentityId = idResp.IdentityId, Logins = logins };
var temporaryCreds = await cognitoClient.GetCredentialsForIdentityAsync(idResp.IdentityId, logins);
//var s3Client = new AmazonS3Client(temporaryCreds.Credentials, RegionEndpoint.USEast2);
var s3Client = new AmazonS3Client(temporaryCreds.Credentials, RegionEndpoint.USEast2);
return(await this.ObjectFromBucket(s3Client));
//var assumeRoleRequest = new AssumeRoleWithWebIdentityRequest
//{
// RoleArn = "arn:aws:iam::628654266155:role/acme_empoyees_accessing_s3",
// RoleSessionName = "testsession",
// WebIdentityToken = GetOktaTokenMiddleware.OktaToken,
//};
//var stsServiceClient = new AmazonSecurityTokenServiceClient(temporaryCreds.Credentials, RegionEndpoint.USEast2);
//var response = await stsServiceClient.AssumeRoleWithWebIdentityAsync(assumeRoleRequest);
//return new OkObjectResult($" assumed role is {response.AssumedRoleUser.AssumedRoleId}");
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
// Retrieves credentials for existing identities
async Task <GetCredentialsForIdentityResponse> GetCredentialsForExistingIdentity(string identity)
{
// As this is a public API, we call it with fake access keys
AmazonCognitoIdentityClient cognitoClient = new AmazonCognitoIdentityClient("A", "B", this.region);
var resp = await cognitoClient.GetCredentialsForIdentityAsync(identity);
return(resp);
}
static private async Task <UserCognitoCredentials> getCognitoCredentials(String userEmail, String userPassword)
{
String cognitoUserPoolId = "us-east-1_n8TiZp7tu";
String cognitoClientId = "6clvd0v40jggbaa5qid2h6hkqf";
String cognitoIdentityPoolId = "us-east-1:bff024bb-06d0-4b04-9e5d-eb34ed07f884";
Amazon.RegionEndpoint cognitoRegion = Amazon.RegionEndpoint.USEast1;
AmazonCognitoIdentityProviderClient provider =
new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials(), Amazon.RegionEndpoint.USEast1);
CognitoUserPool userPool = new CognitoUserPool(cognitoUserPoolId, cognitoClientId, provider);
CognitoUser user = new CognitoUser(userEmail, cognitoClientId, userPool, provider);
AuthFlowResponse context = await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest()
{
Password = userPassword
}).ConfigureAwait(false);
String accessToken = context.AuthenticationResult.AccessToken;
String idToken = context.AuthenticationResult.IdToken;
CognitoAWSCredentials credentials =
user.GetCognitoAWSCredentials(cognitoIdentityPoolId, cognitoRegion);
var identityClient = new AmazonCognitoIdentityClient(credentials, cognitoRegion);
var idRequest = new Amazon.CognitoIdentity.Model.GetIdRequest();
idRequest.IdentityPoolId = cognitoIdentityPoolId;
idRequest.Logins = new Dictionary <string, string> {
{ "cognito-idp.us-east-1.amazonaws.com/" + cognitoUserPoolId, idToken }
};
var idResponseId = await identityClient.GetIdAsync(idRequest).ConfigureAwait(false);
if (idResponseId.HttpStatusCode != System.Net.HttpStatusCode.OK)
{
Console.WriteLine(String.Format("Failed to get credentials for identity. Status code: {0} ", idResponseId.HttpStatusCode));
System.Environment.Exit(1);
}
var idResponseCredential = await identityClient.GetCredentialsForIdentityAsync(idResponseId.IdentityId, new Dictionary <string, string> {
{ "cognito-idp.us-east-1.amazonaws.com/" + cognitoUserPoolId, idToken }
}).ConfigureAwait(false);
if (idResponseCredential.HttpStatusCode != System.Net.HttpStatusCode.OK)
{
Console.WriteLine(String.Format("Failed to get credentials for identity. Status code: {0} ", idResponseCredential.HttpStatusCode));
System.Environment.Exit(1);
}
var cognitoCredentials = new UserCognitoCredentials(idResponseCredential.Credentials);
return(cognitoCredentials);
}
