//public CognitoAWSCredentials GetCachedCognitoIdentity() //{ // Console.WriteLine("GetCachedCognitoIdentity"); // if (!string.IsNullOrEmpty(credentials.GetCachedIdentityId()) || credentials.CurrentLoginProviders.Length > 0) // { // return credentials; // } // return null; //} public async Task GetAWSCredentialsWithGoogleToken(string token) { try { CognitoAWSCredentials credentials = new CognitoAWSCredentials(this.IDENTITYPOOL_ID, RegionEndpoint.EUCentral1); credentials.Clear(); credentials.AddLogin("accounts.google.com", token); AmazonCognitoIdentityClient cli = new AmazonCognitoIdentityClient(credentials, RegionEndpoint.EUCentral1); var req = new Amazon.CognitoIdentity.Model.GetIdRequest(); req.Logins.Add("accounts.google.com", token); req.IdentityPoolId = this.IDENTITYPOOL_ID; GetIdResponse getIdResponse = await cli.GetIdAsync(req); var getCredentialReq = new Amazon.CognitoIdentity.Model.GetCredentialsForIdentityRequest(); getCredentialReq.IdentityId = getIdResponse.IdentityId; getCredentialReq.Logins.Add("accounts.google.com", token); GetCredentialsForIdentityResponse getCredentialsResponse = await cli.GetCredentialsForIdentityAsync(getCredentialReq); UserInfo.Credentials = getCredentialsResponse.Credentials; UserInfo.IdentityId = getCredentialsResponse.IdentityId; } catch (Exception ex) { Console.WriteLine("GetAWSCredentialsWithGoogleToken ERROR: " + ex.Message); throw ex; } }
public async Task <IActionResult> ConnectToAWSViaCognitoCredsAsync() { try { if (!this.HttpContext.User.Identity.IsAuthenticated) { return(new OkObjectResult("you have to sign in to access AWS resources")); } AnonymousAWSCredentials cred = new AnonymousAWSCredentials(); AmazonCognitoIdentityClient cognitoClient = new AmazonCognitoIdentityClient( cred, RegionEndpoint.USEast2 ); GetIdRequest idRequest = new GetIdRequest(); idRequest.AccountId = "628654266155"; idRequest.IdentityPoolId = "us-east-2:c6e1e652-eb33-4daa-a04e-9cb0418a92cc"; var logins = new Dictionary <string, string> { { "dev-220949.okta.com/oauth2/default", GetOktaTokenMiddleware.OktaToken } }; idRequest.Logins = logins; // The identity id is in the IdentityId parameter of the response object GetIdResponse idResp = await cognitoClient.GetIdAsync(idRequest); //GetCredentialsForIdentityRequest getCredentialsRequest = // new GetCredentialsForIdentityRequest { IdentityId = idResp.IdentityId, Logins = logins }; var temporaryCreds = await cognitoClient.GetCredentialsForIdentityAsync(idResp.IdentityId, logins); //var s3Client = new AmazonS3Client(temporaryCreds.Credentials, RegionEndpoint.USEast2); var s3Client = new AmazonS3Client(temporaryCreds.Credentials, RegionEndpoint.USEast2); return(await this.ObjectFromBucket(s3Client)); //var assumeRoleRequest = new AssumeRoleWithWebIdentityRequest //{ // RoleArn = "arn:aws:iam::628654266155:role/acme_empoyees_accessing_s3", // RoleSessionName = "testsession", // WebIdentityToken = GetOktaTokenMiddleware.OktaToken, //}; //var stsServiceClient = new AmazonSecurityTokenServiceClient(temporaryCreds.Credentials, RegionEndpoint.USEast2); //var response = await stsServiceClient.AssumeRoleWithWebIdentityAsync(assumeRoleRequest); //return new OkObjectResult($" assumed role is {response.AssumedRoleUser.AssumedRoleId}"); } catch (Exception e) { Console.WriteLine(e); throw; } }
static private async Task <UserCognitoCredentials> getCognitoCredentials(String userEmail, String userPassword) { String cognitoUserPoolId = "us-east-1_n8TiZp7tu"; String cognitoClientId = "6clvd0v40jggbaa5qid2h6hkqf"; String cognitoIdentityPoolId = "us-east-1:bff024bb-06d0-4b04-9e5d-eb34ed07f884"; Amazon.RegionEndpoint cognitoRegion = Amazon.RegionEndpoint.USEast1; AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials(), Amazon.RegionEndpoint.USEast1); CognitoUserPool userPool = new CognitoUserPool(cognitoUserPoolId, cognitoClientId, provider); CognitoUser user = new CognitoUser(userEmail, cognitoClientId, userPool, provider); AuthFlowResponse context = await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest() { Password = userPassword }).ConfigureAwait(false); String accessToken = context.AuthenticationResult.AccessToken; String idToken = context.AuthenticationResult.IdToken; CognitoAWSCredentials credentials = user.GetCognitoAWSCredentials(cognitoIdentityPoolId, cognitoRegion); var identityClient = new AmazonCognitoIdentityClient(credentials, cognitoRegion); var idRequest = new Amazon.CognitoIdentity.Model.GetIdRequest(); idRequest.IdentityPoolId = cognitoIdentityPoolId; idRequest.Logins = new Dictionary <string, string> { { "cognito-idp.us-east-1.amazonaws.com/" + cognitoUserPoolId, idToken } }; var idResponseId = await identityClient.GetIdAsync(idRequest).ConfigureAwait(false); if (idResponseId.HttpStatusCode != System.Net.HttpStatusCode.OK) { Console.WriteLine(String.Format("Failed to get credentials for identity. Status code: {0} ", idResponseId.HttpStatusCode)); System.Environment.Exit(1); } var idResponseCredential = await identityClient.GetCredentialsForIdentityAsync(idResponseId.IdentityId, new Dictionary <string, string> { { "cognito-idp.us-east-1.amazonaws.com/" + cognitoUserPoolId, idToken } }).ConfigureAwait(false); if (idResponseCredential.HttpStatusCode != System.Net.HttpStatusCode.OK) { Console.WriteLine(String.Format("Failed to get credentials for identity. Status code: {0} ", idResponseCredential.HttpStatusCode)); System.Environment.Exit(1); } var cognitoCredentials = new UserCognitoCredentials(idResponseCredential.Credentials); return(cognitoCredentials); }