aws-sdk-cognitoidentity 1.19.0 → 1.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-cognitoidentity.rb +1 -1
- data/lib/aws-sdk-cognitoidentity/client.rb +21 -18
- data/lib/aws-sdk-cognitoidentity/customizations.rb +1 -7
- data/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb +132 -0
- data/lib/aws-sdk-cognitoidentity/resource.rb +1 -7
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0042b9d2159e2a938053948ba7445fecd8e724b7
|
4
|
+
data.tar.gz: 97310ed0251d1e47d01a57e717193f1680d270d1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14b7d8b4d212cc19cf5c6e5e78547972aec81be8833bd1ecea2496715af2597c7431eaf76e5e0e23125455fb070e89a70f2019cca50e997bea412a86c91c9cbf
|
7
|
+
data.tar.gz: b3b2a1110497ad8cb9a8134d7d44a0d8209449971022a8f11586714786d628c6187f15bd2a2ba870b03b7febba2cf777a18fe1587883adfb3f7bfd90e32bc09e
|
@@ -32,11 +32,11 @@ Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentity)
|
|
32
32
|
module Aws::CognitoIdentity
|
33
33
|
# An API client for CognitoIdentity. To construct a client, you need to configure a `:region` and `:credentials`.
|
34
34
|
#
|
35
|
-
#
|
36
|
-
#
|
37
|
-
#
|
38
|
-
#
|
39
|
-
#
|
35
|
+
# client = Aws::CognitoIdentity::Client.new(
|
36
|
+
# region: region_name,
|
37
|
+
# credentials: credentials,
|
38
|
+
# # ...
|
39
|
+
# )
|
40
40
|
#
|
41
41
|
# For details on configuring region and credentials see
|
42
42
|
# the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
|
@@ -229,15 +229,19 @@ module Aws::CognitoIdentity
|
|
229
229
|
#
|
230
230
|
# @option options [String] :retry_mode ("legacy")
|
231
231
|
# Specifies which retry algorithm to use. Values are:
|
232
|
-
#
|
233
|
-
#
|
234
|
-
#
|
235
|
-
#
|
236
|
-
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
232
|
+
#
|
233
|
+
# * `legacy` - The pre-existing retry behavior. This is default value if
|
234
|
+
# no retry mode is provided.
|
235
|
+
#
|
236
|
+
# * `standard` - A standardized set of retry rules across the AWS SDKs.
|
237
|
+
# This includes support for retry quotas, which limit the number of
|
238
|
+
# unsuccessful retries a client can make.
|
239
|
+
#
|
240
|
+
# * `adaptive` - An experimental retry mode that includes all the
|
241
|
+
# functionality of `standard` mode along with automatic client side
|
242
|
+
# throttling. This is a provisional mode that may change behavior
|
243
|
+
# in the future.
|
244
|
+
#
|
241
245
|
#
|
242
246
|
# @option options [String] :secret_access_key
|
243
247
|
#
|
@@ -275,8 +279,7 @@ module Aws::CognitoIdentity
|
|
275
279
|
#
|
276
280
|
# @option options [Integer] :http_read_timeout (60) The default
|
277
281
|
# number of seconds to wait for response data. This value can
|
278
|
-
# safely be set
|
279
|
-
# per-request on the session yielded by {#session_for}.
|
282
|
+
# safely be set per-request on the session.
|
280
283
|
#
|
281
284
|
# @option options [Float] :http_idle_timeout (5) The number of
|
282
285
|
# seconds a connection is allowed to sit idle before it is
|
@@ -288,7 +291,7 @@ module Aws::CognitoIdentity
|
|
288
291
|
# request body. This option has no effect unless the request has
|
289
292
|
# "Expect" header set to "100-continue". Defaults to `nil` which
|
290
293
|
# disables this behaviour. This value can safely be set per
|
291
|
-
# request on the session
|
294
|
+
# request on the session.
|
292
295
|
#
|
293
296
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
294
297
|
# HTTP debug output will be sent to the `:logger`.
|
@@ -1486,7 +1489,7 @@ module Aws::CognitoIdentity
|
|
1486
1489
|
params: params,
|
1487
1490
|
config: config)
|
1488
1491
|
context[:gem_name] = 'aws-sdk-cognitoidentity'
|
1489
|
-
context[:gem_version] = '1.
|
1492
|
+
context[:gem_version] = '1.20.0'
|
1490
1493
|
Seahorse::Client::Request.new(handlers, context)
|
1491
1494
|
end
|
1492
1495
|
|
@@ -1,7 +1 @@
|
|
1
|
-
|
2
|
-
#
|
3
|
-
# This file is generated. See the contributing for info on making contributions:
|
4
|
-
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
5
|
-
#
|
6
|
-
# WARNING ABOUT GENERATED CODE
|
7
|
-
|
1
|
+
require 'aws-sdk-cognitoidentity/customizations/cognito_identity_credentials'
|
@@ -0,0 +1,132 @@
|
|
1
|
+
require 'set'
|
2
|
+
require 'securerandom'
|
3
|
+
require 'base64'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
module CognitoIdentity
|
7
|
+
# An auto-refreshing credential provider that
|
8
|
+
# represents credentials retrieved from STS Web Identity Federation using
|
9
|
+
# the Amazon Cognito Identity service.
|
10
|
+
#
|
11
|
+
# This provider gets credentials using the
|
12
|
+
# {Client.get_credentials_for_identity} service operation, which
|
13
|
+
# requires either an `identity_id` or an `identity_pool_id` (Amazon Cognito
|
14
|
+
# Identity Pool ID), which is used to call {Client.get_id} to
|
15
|
+
# obtain an `identity_id` automatically.
|
16
|
+
#
|
17
|
+
# In addition, if this credential provider is used to provide authenticated
|
18
|
+
# login, the `logins` map may be set to the tokens provided by the
|
19
|
+
# respective identity providers. See {#initialize} for an example on
|
20
|
+
# creating a credentials object with proper property values.
|
21
|
+
#
|
22
|
+
# ## Refreshing Credentials from Identity Service
|
23
|
+
#
|
24
|
+
# The CognitoIdentityCredentials will auto-refresh the AWS credentials from
|
25
|
+
# Cognito. In addition to AWS credentials expiring after a given amount of
|
26
|
+
# time, the login token from the identity provider will also expire.
|
27
|
+
# Once this token expires, it will not be usable to refresh AWS credentials,
|
28
|
+
# and another token will be needed. The SDK does not manage refreshing of
|
29
|
+
# the token value, but this can be done through a "refresh token"
|
30
|
+
# supported by most identity providers. Consult the documentation for
|
31
|
+
# the identity provider for refreshing tokens. Once the refreshed token is
|
32
|
+
# acquired, you should make sure to update this new token in the
|
33
|
+
# CognitoIdentityCredentials object's {logins} property. The following
|
34
|
+
# code will update the WebIdentityToken, assuming you have retrieved
|
35
|
+
# an updated token from the identity provider:
|
36
|
+
#
|
37
|
+
# AWS.config.credentials.logins['graph.facebook.com'] = updatedToken;
|
38
|
+
# AWS.config.credentials.refresh! # required only if authentication state has changed
|
39
|
+
#
|
40
|
+
# The CognitoIdentityCredentials also provides a `before_refresh` callback
|
41
|
+
# that can be used to help manage refreshing identity provider tokens.
|
42
|
+
# `before_refresh` is called when AWS credentials are required and need
|
43
|
+
# to be refreshed and it has access to the CognitoIdentityCredentials object.
|
44
|
+
class CognitoIdentityCredentials
|
45
|
+
|
46
|
+
include CredentialProvider
|
47
|
+
include RefreshingCredentials
|
48
|
+
|
49
|
+
# @param [Hash] options
|
50
|
+
# @option options [String] :identity_id the Cognito identity_id. Required
|
51
|
+
# unless identity_pool_id is given. A unique
|
52
|
+
# identifier in the format REGION:GUID
|
53
|
+
#
|
54
|
+
# @option options [String] :identity_pool_id Required unless identity_id
|
55
|
+
# is provided. A Amazon Cognito
|
56
|
+
# Identity Pool ID)in the format REGION:GUID.
|
57
|
+
#
|
58
|
+
# @option options [Hash<String,String>] :logins A set of optional
|
59
|
+
# name-value pairs that map provider names to provider tokens.
|
60
|
+
# The name-value pair will follow the syntax
|
61
|
+
# "provider_name": "provider_user_identifier".
|
62
|
+
#
|
63
|
+
# @option options [String] :custom_role_arn The Amazon Resource
|
64
|
+
# Name (ARN) of the role to be assumed when multiple roles were received
|
65
|
+
# in the token from the identity provider. For example, a SAML-based
|
66
|
+
# identity provider. This parameter is optional for identity providers
|
67
|
+
# that do not support role customization.
|
68
|
+
#
|
69
|
+
# @option options [Callable] before_refresh Proc called before
|
70
|
+
# credentials are refreshed from Cognito. Useful for updating logins/
|
71
|
+
# auth tokens. `before_refresh` is called when AWS credentials are
|
72
|
+
# required and need to be refreshed. Login tokens can be refreshed using
|
73
|
+
# the following example:
|
74
|
+
#
|
75
|
+
# before_refresh = Proc.new do |cognito_credentials| do
|
76
|
+
# cognito_credentials.logins['graph.facebook.com'] = update_token
|
77
|
+
# end
|
78
|
+
#
|
79
|
+
# @option options [STS::CognitoIdentity] :client Optional CognitoIdentity
|
80
|
+
# client. If not provided, a client will be constructed.
|
81
|
+
def initialize(options = {})
|
82
|
+
@identity_pool_id = options.delete(:identity_pool_id)
|
83
|
+
@identity_id = options.delete(:identity_id)
|
84
|
+
@custom_role_arn = options.delete(:custom_role_arn)
|
85
|
+
@logins = options.delete(:logins) || {}
|
86
|
+
@before_refresh = options.delete(:before_refresh)
|
87
|
+
|
88
|
+
if !@identity_pool_id && !@identity_id
|
89
|
+
raise ArgumentError,
|
90
|
+
'Must provide either identity_pool_id or identity_id'
|
91
|
+
end
|
92
|
+
|
93
|
+
@client = options[:client] || CognitoIdentity::Client.new(
|
94
|
+
options.merge(credentials: false)
|
95
|
+
)
|
96
|
+
super
|
97
|
+
end
|
98
|
+
|
99
|
+
# @return [CognitoIdentity::Client]
|
100
|
+
attr_reader :client
|
101
|
+
|
102
|
+
# @return [Hash<String,String>]
|
103
|
+
attr_accessor :logins
|
104
|
+
|
105
|
+
# @return [String]
|
106
|
+
def identity_id
|
107
|
+
@identity_id ||= @client
|
108
|
+
.get_id(identity_pool_id: @identity_pool_id)
|
109
|
+
.identity_id
|
110
|
+
end
|
111
|
+
|
112
|
+
private
|
113
|
+
|
114
|
+
def refresh
|
115
|
+
@before_refresh.call(self) if @before_refresh
|
116
|
+
|
117
|
+
resp = @client.get_credentials_for_identity(
|
118
|
+
identity_id: identity_id,
|
119
|
+
custom_role_arn: @custom_role_arn
|
120
|
+
)
|
121
|
+
|
122
|
+
@credentials = Credentials.new(
|
123
|
+
resp.credentials.access_key_id,
|
124
|
+
resp.credentials.secret_key,
|
125
|
+
resp.credentials.session_token
|
126
|
+
)
|
127
|
+
@expiration = resp.credentials.expiration
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
@@ -6,13 +6,7 @@
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
7
7
|
|
8
8
|
module Aws::CognitoIdentity
|
9
|
-
|
10
|
-
# To create a resource object:
|
11
|
-
# resource = Aws::CognitoIdentity::Resource.new(region: 'us-west-2')
|
12
|
-
# You can supply a client object with custom configuration that will be used for all resource operations.
|
13
|
-
# If you do not pass +:client+, a default client will be constructed.
|
14
|
-
# client = Aws::CognitoIdentity::Client.new(region: 'us-west-2')
|
15
|
-
# resource = Aws::CognitoIdentity::Resource.new(client: client)
|
9
|
+
|
16
10
|
class Resource
|
17
11
|
|
18
12
|
# @param options ({})
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-cognitoidentity
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.20.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-04-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -56,6 +56,7 @@ files:
|
|
56
56
|
- lib/aws-sdk-cognitoidentity/client.rb
|
57
57
|
- lib/aws-sdk-cognitoidentity/client_api.rb
|
58
58
|
- lib/aws-sdk-cognitoidentity/customizations.rb
|
59
|
+
- lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb
|
59
60
|
- lib/aws-sdk-cognitoidentity/errors.rb
|
60
61
|
- lib/aws-sdk-cognitoidentity/resource.rb
|
61
62
|
- lib/aws-sdk-cognitoidentity/types.rb
|