private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn) { CredentialsRefreshState credentialsState; // Retrieve Open Id Token // (Reuses existing IdentityId or creates a new one) var identity = await GetIdentityIdAsync(RefreshIdentityOptions.Refresh).ConfigureAwait(false); var getTokenRequest = new GetOpenIdTokenRequest { IdentityId = identity }; // If logins are set, pass them to the GetOpenId call if (Logins.Count > 0) { getTokenRequest.Logins = Logins; } bool retry = false; GetOpenIdTokenResponse getTokenResult = null; try { getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false); } catch (AmazonCognitoIdentityException e) { if (ShouldRetry(e)) { retry = true; } else { throw; } } if (retry) { return(await GetCredentialsForRoleAsync(roleArn).ConfigureAwait(false)); } string token = getTokenResult.Token; // IdentityId may have changed, save the new value UpdateIdentity(getTokenResult.IdentityId); // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials; // Return new refresh state (credentials and expiration) credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration); return(credentialsState); }
protected void GenerateNewCredentialsAsync(AmazonServiceCallback callback) { AmazonServiceResult voidResult = new AmazonServiceResult(null, null); IdentityProvider.RefreshAsync(delegate(AmazonServiceResult refreshResult) { if (refreshResult.Exception != null) { voidResult.Exception = refreshResult.Exception; AmazonMainThreadDispatcher.ExecCallback(callback, voidResult); return; } // Pick role to use, depending on Logins string roleArn = UnAuthRoleArn; if (IdentityProvider.Logins.Count > 0) { roleArn = AuthRoleArn; } if (string.IsNullOrEmpty(roleArn)) { voidResult.Exception = new AmazonServiceException( new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "Unable to determine Role ARN. AuthRoleArn = [{0}], UnAuthRoleArn = [{1}], Logins.Count = {2}", AuthRoleArn, UnAuthRoleArn, IdentityProvider.Logins.Count))); AmazonMainThreadDispatcher.ExecCallback(callback, voidResult); return; } // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = IdentityProvider.GetCurrentOpenIdToken(), RoleArn = roleArn, RoleSessionName = "UnityProviderSession", DurationSeconds = DefaultDurationSeconds }; sts.AssumeRoleWithWebIdentityAsync(assumeRequest, delegate(AmazonServiceResult result) { if (result.Exception != null) { voidResult.Exception = result.Exception; AmazonLogging.LogError(AmazonLogging.AmazonLoggingLevel.Errors, "STS", result.Exception.Message); AmazonMainThreadDispatcher.ExecCallback(callback, voidResult); return; } AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentityResponse = result.Response as AssumeRoleWithWebIdentityResponse; this._currentState = new CredentialsRefreshState { Credentials = assumeRoleWithWebIdentityResponse.Credentials.GetCredentials(), Expiration = assumeRoleWithWebIdentityResponse.Credentials.Expiration }; // success - FinalResponse AmazonMainThreadDispatcher.ExecCallback(callback, voidResult); return; }, null); }, null); }
private Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service", "AssumeRoleWithWebIdentity"); try { #if DESKTOP return(client.AssumeRoleWithWebIdentity(request)); #elif CORECLR return(client.AssumeRoleWithWebIdentityAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
private async System.Threading.Tasks.Task <CredentialsRefreshState> GetCredentialsForRoleAsync(string roleArn) { CredentialsRefreshState credentialsState; // Retrieve Open Id Token // (Reuses existing IdentityId or creates a new one) var identityId = await GetIdentityIdAsync().ConfigureAwait(false); var getTokenRequest = new GetOpenIdTokenRequest { IdentityId = identityId }; // If logins are set, pass them to the GetOpenId call if (Logins.Count > 0) { getTokenRequest.Logins = Logins; } var getTokenResult = await cib.GetOpenIdTokenAsync(getTokenRequest).ConfigureAwait(false); string token = getTokenResult.Token; // IdentityId may have changed, save the new value UpdateIdentity(getTokenResult.IdentityId, true); // Assume role with Open Id Token var assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; var credentials = (await sts.AssumeRoleWithWebIdentityAsync(assumeRequest).ConfigureAwait(false)).Credentials; // Return new refresh state (credentials and expiration) credentialsState = new CredentialsRefreshState(credentials.GetCredentials(), credentials.Expiration); return(credentialsState); }