Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.amazonaws.auth
Class CognitoCredentialsProvider

java.lang.Object
  extended by com.amazonaws.auth.CognitoCredentialsProvider
All Implemented Interfaces:
AWSCredentialsProvider
Direct Known Subclasses:
CognitoCachingCredentialsProvider
public class CognitoCredentialsProvider
extends java.lang.Object
implements AWSCredentialsProvider

AWSCredentialsProvider implementation that uses the Amazon Cognito Identity service and AWS Security Token Service to create temporary, short-lived sessions to use for authentication

Field Summary
static int DEFAULT_DURATION_SECONDS
          Default duration for started sessions
static int DEFAULT_THRESHOLD_SECONDS
          Default threshold for refreshing session credentials
 
Constructor Summary
CognitoCredentialsProvider(AWSCognitoIdentityProvider provider, Regions region)
          Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in using the enhanced authentication flow to get short-lived credentials from Amazon Cognito, which can be retrieved from getCredentials()
CognitoCredentialsProvider(AWSCognitoIdentityProvider provider, Regions region, ClientConfiguration clientConfiguration)
          Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in using the enhanced authentication flow to get short-lived credentials from Amazon Cognito, which can be retrieved from getCredentials()
CognitoCredentialsProvider(AWSCognitoIdentityProvider provider, java.lang.String unauthArn, java.lang.String authArn)
          Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in using the basic authentication flow to get get short-lived credentials from STS, which can be retrieved from getCredentials()
CognitoCredentialsProvider(AWSCognitoIdentityProvider provider, java.lang.String unauthArn, java.lang.String authArn, AWSSecurityTokenService stsClient)
          Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in to use the basic authentication flow to get short-lived credentials from STS, which can be retrieved from getCredentials()
CognitoCredentialsProvider(java.lang.String identityPoolId, Regions region)
          Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to Cognito, using the enhanced flow, to get short lived session credentials, which will then be returned by this class's getCredentials() method.
CognitoCredentialsProvider(java.lang.String identityPoolId, Regions region, ClientConfiguration clientConfiguration)
          Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to Cognito, using the enhanced flow, to get short lived session credentials, which will then be returned by this class's getCredentials() method.
CognitoCredentialsProvider(java.lang.String accountId, java.lang.String identityPoolId, java.lang.String unauthRoleArn, java.lang.String authRoleArn, AmazonCognitoIdentityClient cibClient, AWSSecurityTokenService stsClient)
          Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to get short-lived session credentials, which will then be returned by this class's getCredentials() method.
CognitoCredentialsProvider(java.lang.String accountId, java.lang.String identityPoolId, java.lang.String unauthRoleArn, java.lang.String authRoleArn, Regions region)
          Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request, using the basic authentication flow, to the AWS Security Token Service (STS) to request short-lived session credentials, which will then be returned by this class's getCredentials() method.
CognitoCredentialsProvider(java.lang.String accountId, java.lang.String identityPoolId, java.lang.String unauthRoleArn, java.lang.String authRoleArn, Regions region, ClientConfiguration clientConfiguration)
          Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request, using the basic authentication flow, to the AWS Security Token Service (STS) to request short-lived session credentials, which will then be returned by this class's getCredentials() method.
 
Method Summary
 void clear()
          Clear all in-memory and saved state for the credentials provider.
 void clearCredentials()
          Clear credentials.
 AWSSessionCredentials getCredentials()
          If the current session has expired/credentials are invalid, a new session is started, establishing the credentials.
 java.lang.String getIdentityId()
           
 java.lang.String getIdentityPoolId()
           
 AWSIdentityProvider getIdentityProvider()
           
 java.util.Map<java.lang.String,java.lang.String> getLogins()
          Get the logins map used to authenticated with Amazon Cognito
 int getRefreshThreshold()
          Get the refresh threshold for the session credentials created by this client in seconds.
 java.util.Date getSessionCredentitalsExpiration()
           
 int getSessionDuration()
          Get the duration of the session credentials created by this client in seconds.
 java.lang.String getToken()
           
 void refresh()
          Forces this credentials provider to refresh its credentials.
 void registerIdentityChangedListener(IdentityChangedListener listener)
           
 void setLogins(java.util.Map<java.lang.String,java.lang.String> logins)
          Set the logins map used to authenticated with Amazon Cognito.
 void setRefreshThreshold(int refreshThreshold)
          Set the refresh threshold for the session credentials created by this client in seconds.
 void setSessionCredentialsExpiration(java.util.Date expiration)
           
 void setSessionDuration(int sessionDuration)
          Set the duration of the session credentials created by this client in seconds.
 void unregisterIdentityChangedListener(IdentityChangedListener listener)
           
 AWSCredentialsProvider withLogins(java.util.Map<java.lang.String,java.lang.String> logins)
          Set the logins map used to authenticated with Amazon Cognito.
 CognitoCredentialsProvider withRefreshThreshold(int refreshThreshold)
          Set the refresh threshold for the session credentials created by this client in seconds.
 CognitoCredentialsProvider withSessionDuration(int sessionDuration)
          Set the duration of the session credentials created by this client in seconds.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_DURATION_SECONDS

public static final int DEFAULT_DURATION_SECONDS
Default duration for started sessions

See Also:
Constant Field Values

DEFAULT_THRESHOLD_SECONDS

public static final int DEFAULT_THRESHOLD_SECONDS
Default threshold for refreshing session credentials

See Also:
Constant Field Values
Constructor Detail

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String accountId,
                                  java.lang.String identityPoolId,
                                  java.lang.String unauthRoleArn,
                                  java.lang.String authRoleArn,
                                  Regions region)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request, using the basic authentication flow, to the AWS Security Token Service (STS) to request short-lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:
accountId - The AWS accountId for the account with Amazon Cognito
identityPoolId - The Amazon Cogntio identity pool to use
unauthRoleArn - The ARN of the IAM Role that will be assumed when unauthenticated
authRoleArn - The ARN of the IAM Role that will be assumed when authenticated
region - The region to use when contacting Cognito Identity

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String accountId,
                                  java.lang.String identityPoolId,
                                  java.lang.String unauthRoleArn,
                                  java.lang.String authRoleArn,
                                  Regions region,
                                  ClientConfiguration clientConfiguration)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request, using the basic authentication flow, to the AWS Security Token Service (STS) to request short-lived session credentials, which will then be returned by this class's getCredentials() method.

This version of the constructor allows you to specify a client configuration for the Amazon Cognito and STS clients.

Parameters:
accountId - The AWS accountId for the account with Amazon Cognito
identityPoolId - The Amazon Cognito identity pool to use
unauthRoleArn - The ARN of the IAM Role that will be assumed when unauthenticated
authRoleArn - The ARN of the IAM Role that will be assumed when authenticated
region - The region to use when contacting Cognito Identity
clientConfiguration - Configuration to apply to service clients created

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String identityPoolId,
                                  Regions region)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to Cognito, using the enhanced flow, to get short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:
identityPoolId - The Amazon Cognito identity pool to use
region - The region to use when contacting Cognito Identity

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String identityPoolId,
                                  Regions region,
                                  ClientConfiguration clientConfiguration)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to Cognito, using the enhanced flow, to get short lived session credentials, which will then be returned by this class's getCredentials() method.

This version of the constructor allows you to specify a client configuration for the Amazon Cognito client.

Parameters:
identityPoolId - The Amazon Cognito identity pool to use
region - The region to use when contacting Cognito Identity
clientConfiguration - Configuration to apply to service clients created

CognitoCredentialsProvider

public CognitoCredentialsProvider(java.lang.String accountId,
                                  java.lang.String identityPoolId,
                                  java.lang.String unauthRoleArn,
                                  java.lang.String authRoleArn,
                                  AmazonCognitoIdentityClient cibClient,
                                  AWSSecurityTokenService stsClient)
Constructs a new CognitoCredentialsProvider, which will use the specified Amazon Cognito identity pool to make a request to the AWS Security Token Service (STS) to get short-lived session credentials, which will then be returned by this class's getCredentials() method.

This version of the constructor allows you to specify the Amazon Cognito and STS client to use.

Set the roles and stsClient to null to use the enhanced authentication flow, not contacting STS. Otherwise the basic flow will be used.

Parameters:
accountId - The AWS accountId for the account with Amazon Cognito
identityPoolId - The Amazon Cogntio identity pool to use
unauthRoleArn - The ARN of the IAM Role that will be assumed when unauthenticated
authRoleArn - The ARN of the IAM Role that will be assumed when authenticated
cibClient - Preconfigured CognitoIdentity client to make requests with
stsClient - Preconfigured STS client to make requests with

CognitoCredentialsProvider

public CognitoCredentialsProvider(AWSCognitoIdentityProvider provider,
                                  java.lang.String unauthArn,
                                  java.lang.String authArn)
Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in using the basic authentication flow to get get short-lived credentials from STS, which can be retrieved from getCredentials()

This version of the constructor allows you to specify your own Identity Provider class.

Parameters:
provider - a reference to the provider in question, including what's needed to interact with it to later connect with STS
unauthArn - the unauthArn, for use with the STS call
authArn - the authArn, for use with the STS call

CognitoCredentialsProvider

public CognitoCredentialsProvider(AWSCognitoIdentityProvider provider,
                                  java.lang.String unauthArn,
                                  java.lang.String authArn,
                                  AWSSecurityTokenService stsClient)
Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in to use the basic authentication flow to get short-lived credentials from STS, which can be retrieved from getCredentials()

This version of the constructor allows you to specify your own Identity Provider class, and the STS client to use.

Parameters:
provider - a reference to the provider in question, including what's needed to interact with it to later connect with STS
unauthArn - the unauthArn, for use with the STS call
authArn - the authArn, for use with the STS call
stsClient - the sts endpoint to get session credentials from

CognitoCredentialsProvider

public CognitoCredentialsProvider(AWSCognitoIdentityProvider provider,
                                  Regions region)
Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in using the enhanced authentication flow to get short-lived credentials from Amazon Cognito, which can be retrieved from getCredentials()

This version of the constructor allows you to specify your own Identity Provider class.

Parameters:
provider - a reference to the provider in question, including what's needed to interact with it to later connect with Amazon Cognito
region - The region to use when contacting Cognito

CognitoCredentialsProvider

public CognitoCredentialsProvider(AWSCognitoIdentityProvider provider,
                                  Regions region,
                                  ClientConfiguration clientConfiguration)
Constructs a new CognitoCredentialsProvider, which will set up a link to the provider passed in using the enhanced authentication flow to get short-lived credentials from Amazon Cognito, which can be retrieved from getCredentials()

This version of the constructor allows you to specify your own Identity Provider class and the configuration for the Amazon Cognito client.

Parameters:
provider - a reference to the provider in question, including what's needed to interact with it to later connect with Amazon Cognito
clientConfiguration - Configuration to apply to service clients created
region - The region to use when contacting Cognito Identity
Method Detail

getIdentityId

public java.lang.String getIdentityId()

getToken

public java.lang.String getToken()

getIdentityProvider

public AWSIdentityProvider getIdentityProvider()

setSessionCredentialsExpiration

public void setSessionCredentialsExpiration(java.util.Date expiration)

getSessionCredentitalsExpiration

public java.util.Date getSessionCredentitalsExpiration()

getIdentityPoolId

public java.lang.String getIdentityPoolId()

getCredentials

public AWSSessionCredentials getCredentials()
If the current session has expired/credentials are invalid, a new session is started, establishing the credentials. In either case, those credentials are returned

Specified by:
getCredentials in interface AWSCredentialsProvider
Returns:
AWSCredentials which the caller can use to authorize an AWS request.

setSessionDuration

public void setSessionDuration(int sessionDuration)
Set the duration of the session credentials created by this client in seconds. Values must be supported by AssumeRoleWithWebIdentityRequest.

Parameters:
sessionDuration - The new duration for session credentials created by this provider
See Also:
AssumeRoleWithWebIdentityRequest

withSessionDuration

public CognitoCredentialsProvider withSessionDuration(int sessionDuration)
Set the duration of the session credentials created by this client in seconds. Values must be supported by AssumeRoleWithWebIdentityRequest. Returns reference to object so methods can be chained together.

Parameters:
sessionDuration - The new duration for session credentials created by this provider
Returns:
A reference to this updated object so that method calls can be chained together.
See Also:
AssumeRoleWithWebIdentityRequest

getSessionDuration

public int getSessionDuration()
Get the duration of the session credentials created by this client in seconds. Values must be supported by AssumeRoleWithWebIdentityRequest.

Returns:
The duration for session credentials created by this provider
See Also:
AssumeRoleWithWebIdentityRequest

setRefreshThreshold

public void setRefreshThreshold(int refreshThreshold)
Set the refresh threshold for the session credentials created by this client in seconds. This value will be used internally to determine if new credentials should be fetched from STS.

Parameters:
refreshThreshold - The new refresh threshold for session credentials created by this provider
See Also:
AssumeRoleWithWebIdentityRequest

withRefreshThreshold

public CognitoCredentialsProvider withRefreshThreshold(int refreshThreshold)
Set the refresh threshold for the session credentials created by this client in seconds. This value will be used internally to determine if new credentials should be fetched from STS. Returns a reference to the object so methods can be chained.

Parameters:
refreshThreshold - The new refresh threshold for session credentials created by this provider
Returns:
A reference to this updated object so that method calls can be chained together.
See Also:
AssumeRoleWithWebIdentityRequest

getRefreshThreshold

public int getRefreshThreshold()
Get the refresh threshold for the session credentials created by this client in seconds. This value will be used internally to determine if new credentials should be fetched from STS.

Returns:
The refresh threshold for session credentials created by this provider
See Also:
AssumeRoleWithWebIdentityRequest

setLogins

public void setLogins(java.util.Map<java.lang.String,java.lang.String> logins)
Set the logins map used to authenticated with Amazon Cognito. Note: You should manually call refresh on on the credentials provider after adding logins to the provider as your Identity Id may have changed.

Parameters:
logins - The new logins map (providerName, providerToken) to use to communicate with Amazon Cognito

withLogins

public AWSCredentialsProvider withLogins(java.util.Map<java.lang.String,java.lang.String> logins)
Set the logins map used to authenticated with Amazon Cognito. Returns a reference to the object so methods can be chained. Note: You should manually call refresh on on the credentials provider after adding logins to the provider as your Identity Id may have changed.

Parameters:
logins - The new logins map (providerName, providerToken) to use to communicate with Amazon Cognito
Returns:
A reference to this updated object so that method calls can be chained together.
See Also:
AssumeRoleWithWebIdentityRequest

getLogins

public java.util.Map<java.lang.String,java.lang.String> getLogins()
Get the logins map used to authenticated with Amazon Cognito

Returns:
The logins map (providerName, providerToken) to use to communicate with Amazon Cognito

refresh

public void refresh()
Description copied from interface: AWSCredentialsProvider
Forces this credentials provider to refresh its credentials. For many implementations of credentials provider, this method may simply be a no-op, such as any credentials provider implementation that vends static/non-changing credentials. For other implementations that vend different credentials through out their lifetime, this method should force the credentials provider to refresh its credentials.

Specified by:
refresh in interface AWSCredentialsProvider

clear

public void clear()
Clear all in-memory and saved state for the credentials provider. Will destroy any saved Amazon Cognito Identity Id and associated AWS credentials.

clearCredentials

public void clearCredentials()
Clear credentials. This will destroy all the saved AWS credentials but not the identity Id.

registerIdentityChangedListener

public void registerIdentityChangedListener(IdentityChangedListener listener)

unregisterIdentityChangedListener

public void unregisterIdentityChangedListener(IdentityChangedListener listener)
Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.