com.amazonaws.auth
Class CognitoCredentialsProvider

java.lang.Object
  com.amazonaws.auth.CognitoCredentialsProvider

All Implemented Interfaces:

AWSCredentialsProvider

Direct Known Subclasses:

CognitoCachingCredentialsProvider

public class CognitoCredentialsProvider
extends java.lang.Object
implements AWSCredentialsProvider

AWSCredentialsProvider implementation that uses the Amazon Cognito Identity service and AWS Security Token Service to create temporary, short-lived sessions to use for authentication

Field Summary

static int	DEFAULT_DURATION_SECONDS Default duration for started sessions
static int	DEFAULT_THRESHOLD_SECONDS Default threshold for refreshing session credentials

Constructor Summary

CognitoCredentialsProvider(AWSCognitoIdentityProvider provider, java.lang.String unauthArn, java.lang.String authArn)
Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in, using that to get short-lived credentials from STS, which can be retrieved from getCredentials()

CognitoCredentialsProvider(AWSCognitoIdentityProvider provider, java.lang.String unauthArn, java.lang.String authArn, AWSSecurityTokenService stsClient)
Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in, using that to get short-lived credentials from STS, which can be retrieved from getCredentials()

CognitoCredentialsProvider(java.lang.String accountId, java.lang.String identityPoolId, java.lang.String unauthRoleArn, java.lang.String authRoleArn, AmazonCognitoIdentityClient cib, AWSSecurityTokenService sts)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class's getCredentials() method.

CognitoCredentialsProvider(java.lang.String accountId, java.lang.String identityPoolId, java.lang.String unauthRoleArn, java.lang.String authRoleArn, Regions region)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class's getCredentials() method.

CognitoCredentialsProvider(java.lang.String accountId, java.lang.String identityPoolId, java.lang.String unauthRoleArn, java.lang.String authRoleArn, Regions region, ClientConfiguration clientConfiguration)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class's getCredentials() method.

Method Summary

void	clear() Clear all in-memory and saved state for the credentials provider.
void	clearCredentials() Clear credentials.
AWSSessionCredentials	getCredentials() If the current session has expired/credentials are invalid, a new session is started, establishing the credentials.
java.lang.String	getIdentityId()
java.lang.String	getIdentityPoolId()
AWSIdentityProvider	getIdentityProvider()
java.util.Map<java.lang.String,java.lang.String>	getLogins() Get the logins map used to authenticated with Amazon Cognito
int	getRefreshThreshold() Get the refresh threshold for the session credentials created by this client in seconds.
java.util.Date	getSessionCredentitalsExpiration()
int	getSessionDuration() Get the duration of the session credentials created by this client in seconds.
java.lang.String	getToken()
void	refresh() Forces this credentials provider to refresh its credentials.
void	registerIdentityChangedListener(IdentityChangedListener listener)
void	setLogins(java.util.Map<java.lang.String,java.lang.String> logins) Set the logins map used to authenticated with Amazon Cognito.
void	setRefreshThreshold(int refreshThreshold) Set the refresh threshold for the session credentials created by this client in seconds.
void	setSessionCredentialsExpiration(java.util.Date expiration)
void	setSessionDuration(int sessionDuration) Set the duration of the session credentials created by this client in seconds.
void	unregisterIdentityChangedListener(IdentityChangedListener listener)
AWSCredentialsProvider	withLogins(java.util.Map<java.lang.String,java.lang.String> logins) Set the logins map used to authenticated with Amazon Cognito.
CognitoCredentialsProvider	withRefreshThreshold(int refreshThreshold) Set the refresh threshold for the session credentials created by this client in seconds.
CognitoCredentialsProvider	withSessionDuration(int sessionDuration) Set the duration of the session credentials created by this client in seconds.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_DURATION_SECONDS

public static final int DEFAULT_DURATION_SECONDS

Default duration for started sessions

See Also:

Constant Field Values

DEFAULT_THRESHOLD_SECONDS

public static final int DEFAULT_THRESHOLD_SECONDS

Default threshold for refreshing session credentials

See Also:

Constant Field Values

Constructor Detail

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String accountId,
                                  java.lang.String identityPoolId,
                                  java.lang.String unauthRoleArn,
                                  java.lang.String authRoleArn,
                                  Regions region)

Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

accountId - The AWS accountId for the account with Amazon Cognito

identityPoolId - The Amazon Cogntio identity pool to use

unauthRoleArn - The ARN of the IAM Role that will be assumed when unauthenticated

authRoleArn - The ARN of the IAM Role that will be assumed when authenticated

region - The region to use when contacting Cognito Identity, and STS (if STS supports the provided regions, otherwise STS will be contacted using the US_EAST_1 region)

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String accountId,
                                  java.lang.String identityPoolId,
                                  java.lang.String unauthRoleArn,
                                  java.lang.String authRoleArn,
                                  Regions region,
                                  ClientConfiguration clientConfiguration)

Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

accountId - The AWS accountId for the account with Amazon Cognito

identityPoolId - The Amazon Cognito identity pool to use

unauthRoleArn - The ARN of the IAM Role that will be assumed when unauthenticated

authRoleArn - The ARN of the IAM Role that will be assumed when authenticated

clientConfiguration - Configuration to apply to service clients created

region - The region to use when contacting Cognito Identity, and STS (if STS supports the provided regions, otherwise STS will be contacted using the US_EAST_1 region)

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String accountId,
                                  java.lang.String identityPoolId,
                                  java.lang.String unauthRoleArn,
                                  java.lang.String authRoleArn,
                                  AmazonCognitoIdentityClient cib,
                                  AWSSecurityTokenService sts)

Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

accountId - The AWS accountId for the account with Amazon Cognito

identityPoolId - The Amazon Cogntio identity pool to use

unauthRoleArn - The ARN of the IAM Role that will be assumed when unauthenticated

authRoleArn - The ARN of the IAM Role that will be assumed when authenticated

cibClient - Preconfigured CognitoIdentity client to make requests with

stsClient - Preconfigured STS client to make requests with

CognitoCredentialsProvider

public CognitoCredentialsProvider(AWSCognitoIdentityProvider provider,
                                  java.lang.String unauthArn,
                                  java.lang.String authArn,
                                  AWSSecurityTokenService stsClient)

Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in, using that to get short-lived credentials from STS, which can be retrieved from getCredentials()

Parameters:

provider - a reference to the provider in question, including what's needed to interact with it to later connect with STS

unauthArn - the unauthArn, for use with the STS call

authArn - the authArn, for use with the STS call

stsClient - the sts endpoint to get session credentials from

CognitoCredentialsProvider

public CognitoCredentialsProvider(AWSCognitoIdentityProvider provider,
                                  java.lang.String unauthArn,
                                  java.lang.String authArn)

Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in, using that to get short-lived credentials from STS, which can be retrieved from getCredentials()

Parameters:

provider - a reference to the provider in question, including what's needed to interact with it to later connect with STS

unauthArn - the unauthArn, for use with the STS call

authArn - the authArn, for use with the STS call

Method Detail

getIdentityId

public java.lang.String getIdentityId()

getToken

public java.lang.String getToken()

getIdentityProvider

public AWSIdentityProvider getIdentityProvider()

setSessionCredentialsExpiration

public void setSessionCredentialsExpiration(java.util.Date expiration)

getSessionCredentitalsExpiration

public java.util.Date getSessionCredentitalsExpiration()

getIdentityPoolId

public java.lang.String getIdentityPoolId()

getCredentials

public AWSSessionCredentials getCredentials()

If the current session has expired/credentials are invalid, a new session is started, establishing the credentials. In either case, those credentials are returned

Specified by:

getCredentials in interface AWSCredentialsProvider

Returns:

AWSCredentials which the caller can use to authorize an AWS request.

setSessionDuration

public void setSessionDuration(int sessionDuration)

Set the duration of the session credentials created by this client in seconds. Values must be supported by AssumeRoleWithWebIdentityRequest.

Parameters:

sessionDuration - The new duration for session credentials created by this provider

See Also:

AssumeRoleWithWebIdentityRequest

withSessionDuration

public CognitoCredentialsProvider withSessionDuration(int sessionDuration)

Set the duration of the session credentials created by this client in seconds. Values must be supported by AssumeRoleWithWebIdentityRequest. Returns reference to object so methods can be chained together.

Parameters:

sessionDuration - The new duration for session credentials created by this provider

Returns:

A reference to this updated object so that method calls can be chained together.

See Also:

AssumeRoleWithWebIdentityRequest

getSessionDuration

public int getSessionDuration()

Get the duration of the session credentials created by this client in seconds. Values must be supported by AssumeRoleWithWebIdentityRequest.

Returns:

The duration for session credentials created by this provider

See Also:

AssumeRoleWithWebIdentityRequest

setRefreshThreshold

public void setRefreshThreshold(int refreshThreshold)

Set the refresh threshold for the session credentials created by this client in seconds. This value will be used internally to determine if new credentials should be fetched from STS.

Parameters:

refreshThreshold - The new refresh threshold for session credentials created by this provider

See Also:

AssumeRoleWithWebIdentityRequest

withRefreshThreshold

public CognitoCredentialsProvider withRefreshThreshold(int refreshThreshold)

Set the refresh threshold for the session credentials created by this client in seconds. This value will be used internally to determine if new credentials should be fetched from STS. Returns a reference to the object so methods can be chained.

Parameters:

refreshThreshold - The new refresh threshold for session credentials created by this provider

Returns:

A reference to this updated object so that method calls can be chained together.

See Also:

AssumeRoleWithWebIdentityRequest

getRefreshThreshold

public int getRefreshThreshold()

Get the refresh threshold for the session credentials created by this client in seconds. This value will be used internally to determine if new credentials should be fetched from STS.

Returns:

The refresh threshold for session credentials created by this provider

See Also:

AssumeRoleWithWebIdentityRequest

setLogins

public void setLogins(java.util.Map<java.lang.String,java.lang.String> logins)

Set the logins map used to authenticated with Amazon Cognito. Note: You should manually call refresh on on the credentials provider after adding logins to the provider as your Identity Id may have changed.

Parameters:

logins - The new logins map (providerName, providerToken) to use to communicate with Amazon Cognito

withLogins

public AWSCredentialsProvider withLogins(java.util.Map<java.lang.String,java.lang.String> logins)

Set the logins map used to authenticated with Amazon Cognito. Returns a reference to the object so methods can be chained. Note: You should manually call refresh on on the credentials provider after adding logins to the provider as your Identity Id may have changed.

Parameters:

logins - The new logins map (providerName, providerToken) to use to communicate with Amazon Cognito

Returns:

A reference to this updated object so that method calls can be chained together.

See Also:

AssumeRoleWithWebIdentityRequest

getLogins

public java.util.Map<java.lang.String,java.lang.String> getLogins()

Get the logins map used to authenticated with Amazon Cognito

Returns:

The logins map (providerName, providerToken) to use to communicate with Amazon Cognito

refresh

public void refresh()

Description copied from interface: AWSCredentialsProvider

Forces this credentials provider to refresh its credentials. For many implementations of credentials provider, this method may simply be a no-op, such as any credentials provider implementation that vends static/non-changing credentials. For other implementations that vend different credentials through out their lifetime, this method should force the credentials provider to refresh its credentials.

Specified by:

refresh in interface AWSCredentialsProvider

clear

public void clear()

Clear all in-memory and saved state for the credentials provider. Will destroy any saved Amazon Cognito Identity Id and associated AWS credentials.

clearCredentials

public void clearCredentials()

Clear credentials. This will destroy all the saved AWS credentials but not the identity Id.

registerIdentityChangedListener

public void registerIdentityChangedListener(IdentityChangedListener listener)

unregisterIdentityChangedListener

public void unregisterIdentityChangedListener(IdentityChangedListener listener)