private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn) { CredentialsRefreshState credentialsState; // Retrieve Open Id Token // (Reuses existing IdentityId or creates a new one) var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false); var getTokenRequest = new GetOpenIdTokenRequest { IdentityId = identity }; // If logins are set, pass them to the GetOpenId call if (Logins.Count > 0) { getTokenRequest.Logins = Logins; } bool retry = false; GetOpenIdTokenResponse getTokenResult = null; try { getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false); } catch (AmazonCognitoIdentityException e) { if (ShouldRetry(e)) { retry = true; } else { throw; } } if (retry) { return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false)); } string token = getTokenResult.Token; // IdentityId may have changed, save the new value UpdateIdentity(getTokenResult.IdentityId); // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials; // Return new refresh state (credentials and expiration) credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration); return(credentialsState); }
private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn) { CredentialsRefreshState credentialsState; // Retrieve Open Id Token // (Reuses existing IdentityId or creates a new one) var identityId = await GetIdentityIdAsync().ConfigureAwait(false); var getTokenRequest = new GetOpenIdTokenRequest { IdentityId = identityId }; // If logins are set, pass them to the GetOpenId call if (Logins.Count > 0) { getTokenRequest.Logins = Logins; } var getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false); string token = getTokenResult.Token; // IdentityId may have changed, save the new value UpdateIdentity(getTokenResult.IdentityId, true); // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials; // Return new refresh state (credentials and expiration) credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration); return(credentialsState); }