Class: AWS.WebIdentityCredentials
- Inherits:
-
AWS.Credentials
- Object
- AWS.Credentials
- AWS.WebIdentityCredentials
- Defined in:
- lib/credentials/web_identity_credentials.js
Overview
Represents credentials retrieved from STS Web Identity Federation support.
By default this provider gets credentials using the
AWS.STS.assumeRoleWithWebIdentity() service operation. This operation
requires a RoleArn
containing the ARN of the IAM trust policy for the
application for which credentials will be given. In addition, the
WebIdentityToken
must be set to the token provided by the identity
provider. See constructor() for an example on creating a credentials
object with proper RoleArn
and WebIdentityToken
values.
Refreshing Credentials from Identity Service
In addition to AWS credentials expiring after a given amount of time, the login token from the identity provider will also expire. Once this token expires, it will not be usable to refresh AWS credentials, and another token will be needed. The SDK does not manage refreshing of the token value, but this can be done through a "refresh token" supported by most identity providers. Consult the documentation for the identity provider for refreshing tokens. Once the refreshed token is acquired, you should make sure to update this new token in the credentials object's params property. The following code will update the WebIdentityToken, assuming you have retrieved an updated token from the identity provider:
AWS.config.credentials.params.WebIdentityToken = updatedToken;
Future calls to credentials.refresh()
will now use the new token.
Constructor Summary
-
new AWS.WebIdentityCredentials(params, clientConfig) ⇒ void
constructor
Creates a new credentials object.
Property Summary
-
data ⇒ map
readwrite
The raw data response from the call to AWS.STS.assumeRoleWithWebIdentity().
-
params ⇒ map
readwrite
The map of params passed to AWS.STS.assumeRoleWithWebIdentity().
Properties inherited from AWS.Credentials
expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow
Method Summary
-
refresh(callback) ⇒ void
Refreshes credentials using AWS.STS.assumeRoleWithWebIdentity().
Methods inherited from AWS.Credentials
needsRefresh, get, getPromise, refreshPromise
Constructor Details
Property Details
data ⇒ map (readwrite)
Returns the raw data response from the call to AWS.STS.assumeRoleWithWebIdentity(). Use this if you want to get access to other properties from the response.
params ⇒ map (readwrite)
Returns the map of params passed to
AWS.STS.assumeRoleWithWebIdentity(). To update the token, set the
params.WebIdentityToken
property.