aws-sdk-cognitoidentity 1.19.0 → 1.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d35703dff38c11fc60a5b0deddcc7077ab9ecf3e
-  data.tar.gz: 8d7c1319fb082a22c3ed78e357e373c5a80fe4a5
+  metadata.gz: 0042b9d2159e2a938053948ba7445fecd8e724b7
+  data.tar.gz: 97310ed0251d1e47d01a57e717193f1680d270d1
 SHA512:
-  metadata.gz: aac18eac4a492ef30715eef4a53b2b208419bc36964bd9796567e566eb70c81fb8fa48c07817e9fa751cffb6ecf4f8c74aa036346745978ebdfde50263180ae2
-  data.tar.gz: 066610d585cb5b3cee26d9fa06616f983c592daab5490ef36e6bec16c0cf8ebd4106605561af6fc94d7fcf98cad4fd81ddb4cbc80ea5b0608b1bb0791ae3b2d3
+  metadata.gz: 14b7d8b4d212cc19cf5c6e5e78547972aec81be8833bd1ecea2496715af2597c7431eaf76e5e0e23125455fb070e89a70f2019cca50e997bea412a86c91c9cbf
+  data.tar.gz: b3b2a1110497ad8cb9a8134d7d44a0d8209449971022a8f11586714786d628c6187f15bd2a2ba870b03b7febba2cf777a18fe1587883adfb3f7bfd90e32bc09e

data/lib/aws-sdk-cognitoidentity.rb

@@ -45,6 +45,6 @@ require_relative 'aws-sdk-cognitoidentity/customizations'
 # @service
 module Aws::CognitoIdentity
 
-  GEM_VERSION = '1.19.0'
+  GEM_VERSION = '1.20.0'
 
 end

data/lib/aws-sdk-cognitoidentity/client.rb

@@ -32,11 +32,11 @@ Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentity)
 module Aws::CognitoIdentity
   # An API client for CognitoIdentity.  To construct a client, you need to configure a `:region` and `:credentials`.
   #
-  #   client = Aws::CognitoIdentity::Client.new(
-  #     region: region_name,
-  #     credentials: credentials,
-  #     # ...
-  #   )
+  #     client = Aws::CognitoIdentity::Client.new(
+  #       region: region_name,
+  #       credentials: credentials,
+  #       # ...
+  #     )
   #
   # For details on configuring region and credentials see
   # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
@@ -229,15 +229,19 @@ module Aws::CognitoIdentity
     #
     #   @option options [String] :retry_mode ("legacy")
     #     Specifies which retry algorithm to use. Values are:
-    #       * `legacy` - The pre-existing retry behavior.  This is default value if
-    #         no retry mode is provided.
-    #       * `standard` - A standardized set of retry rules across the AWS SDKs.
-    #         This includes support for retry quotas, which limit the number of
-    #         unsuccessful retries a client can make.
-    #       * `adaptive` - An experimental retry mode that includes all the
-    #         functionality of `standard` mode along with automatic client side
-    #         throttling.  This is a provisional mode that may change behavior
-    #         in the future.
+    #
+    #     * `legacy` - The pre-existing retry behavior.  This is default value if
+    #       no retry mode is provided.
+    #
+    #     * `standard` - A standardized set of retry rules across the AWS SDKs.
+    #       This includes support for retry quotas, which limit the number of
+    #       unsuccessful retries a client can make.
+    #
+    #     * `adaptive` - An experimental retry mode that includes all the
+    #       functionality of `standard` mode along with automatic client side
+    #       throttling.  This is a provisional mode that may change behavior
+    #       in the future.
+    #
     #
     #   @option options [String] :secret_access_key
     #
@@ -275,8 +279,7 @@ module Aws::CognitoIdentity
     #
     #   @option options [Integer] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
-    #     safely be set
-    #     per-request on the session yielded by {#session_for}.
+    #     safely be set per-request on the session.
     #
     #   @option options [Float] :http_idle_timeout (5) The number of
     #     seconds a connection is allowed to sit idle before it is
@@ -288,7 +291,7 @@ module Aws::CognitoIdentity
     #     request body.  This option has no effect unless the request has
     #     "Expect" header set to "100-continue".  Defaults to `nil` which
     #     disables this behaviour.  This value can safely be set per
-    #     request on the session yielded by {#session_for}.
+    #     request on the session.
     #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
@@ -1486,7 +1489,7 @@ module Aws::CognitoIdentity
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentity'
-      context[:gem_version] = '1.19.0'
+      context[:gem_version] = '1.20.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentity/customizations.rb

@@ -1,7 +1 @@
-# WARNING ABOUT GENERATED CODE
-#
-# This file is generated. See the contributing for info on making contributions:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
-#
-# WARNING ABOUT GENERATED CODE
-
+require 'aws-sdk-cognitoidentity/customizations/cognito_identity_credentials'

data/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb

@@ -0,0 +1,132 @@
+require 'set'
+require 'securerandom'
+require 'base64'
+
+module Aws
+  module CognitoIdentity
+    # An auto-refreshing credential provider that
+    # represents credentials retrieved from STS Web Identity Federation using
+    # the Amazon Cognito Identity service.
+    #
+    # This provider gets credentials using the
+    # {Client.get_credentials_for_identity} service operation, which
+    # requires either an `identity_id` or an `identity_pool_id` (Amazon Cognito
+    # Identity Pool ID), which is used to call {Client.get_id} to
+    # obtain an `identity_id` automatically.
+    #
+    # In addition, if this credential provider is used to provide authenticated
+    # login, the `logins` map may be set to the tokens provided by the
+    # respective identity providers. See {#initialize} for an example on
+    # creating a credentials object with proper property values.
+    #
+    # ## Refreshing Credentials from Identity Service
+    #
+    # The CognitoIdentityCredentials will auto-refresh the AWS credentials from
+    # Cognito.  In addition to AWS credentials expiring after a given amount of
+    # time, the login token from the identity provider will also expire.
+    # Once this token expires, it will not be usable to refresh AWS credentials,
+    # and another token will be needed. The SDK does not manage refreshing of
+    # the token value, but this can be done through a "refresh token"
+    # supported by most identity providers. Consult the documentation for
+    # the identity provider for refreshing tokens. Once the refreshed token is
+    # acquired, you should make sure to update this new token in the
+    # CognitoIdentityCredentials object's {logins} property. The following
+    # code will update the WebIdentityToken, assuming you have retrieved
+    # an updated token from the identity provider:
+    #
+    #     AWS.config.credentials.logins['graph.facebook.com'] = updatedToken;
+    #     AWS.config.credentials.refresh!  # required only if authentication state has changed
+    #
+    # The CognitoIdentityCredentials also provides a `before_refresh` callback
+    # that can be used to help manage refreshing identity provider tokens.
+    # `before_refresh` is called when AWS credentials are required and need
+    # to be refreshed and it has access to the CognitoIdentityCredentials object.
+    class CognitoIdentityCredentials
+
+      include CredentialProvider
+      include RefreshingCredentials
+
+      # @param [Hash] options
+      # @option options [String] :identity_id the Cognito identity_id.  Required
+      #   unless identity_pool_id is given. A unique
+      #   identifier in the format REGION:GUID
+      #
+      # @option options [String] :identity_pool_id Required unless identity_id
+      #   is provided. A Amazon Cognito
+      #   Identity Pool ID)in the format REGION:GUID.
+      #
+      # @option options [Hash<String,String>] :logins A set of optional
+      #   name-value pairs that map provider names to provider tokens.
+      #   The name-value pair will follow the syntax
+      #   "provider_name": "provider_user_identifier".
+      #
+      # @option options [String] :custom_role_arn  The Amazon Resource
+      #   Name (ARN) of the role to be assumed when multiple roles were received
+      #   in the token from the identity provider. For example, a SAML-based
+      #   identity provider. This parameter is optional for identity providers
+      #   that do not support role customization.
+      #
+      # @option options [Callable] before_refresh Proc called before
+      #   credentials are refreshed from Cognito.  Useful for updating logins/
+      #   auth tokens. `before_refresh` is called when AWS credentials are
+      #   required and need to be refreshed. Login tokens can be refreshed using
+      #   the following example:
+      #
+      #      before_refresh = Proc.new do |cognito_credentials| do
+      #        cognito_credentials.logins['graph.facebook.com'] = update_token
+      #      end
+      #
+      # @option options [STS::CognitoIdentity] :client Optional CognitoIdentity
+      #   client. If not provided, a client will be constructed.
+      def initialize(options = {})
+        @identity_pool_id = options.delete(:identity_pool_id)
+        @identity_id = options.delete(:identity_id)
+        @custom_role_arn = options.delete(:custom_role_arn)
+        @logins = options.delete(:logins) || {}
+        @before_refresh = options.delete(:before_refresh)
+
+        if !@identity_pool_id && !@identity_id
+          raise ArgumentError,
+                'Must provide either identity_pool_id or identity_id'
+        end
+
+        @client = options[:client] || CognitoIdentity::Client.new(
+          options.merge(credentials: false)
+        )
+        super
+      end
+
+      # @return [CognitoIdentity::Client]
+      attr_reader :client
+
+      # @return [Hash<String,String>]
+      attr_accessor :logins
+
+      # @return [String]
+      def identity_id
+        @identity_id ||= @client
+                         .get_id(identity_pool_id: @identity_pool_id)
+                         .identity_id
+      end
+
+      private
+
+      def refresh
+        @before_refresh.call(self) if @before_refresh
+
+        resp = @client.get_credentials_for_identity(
+          identity_id: identity_id,
+          custom_role_arn: @custom_role_arn
+        )
+
+        @credentials = Credentials.new(
+          resp.credentials.access_key_id,
+          resp.credentials.secret_key,
+          resp.credentials.session_token
+        )
+        @expiration = resp.credentials.expiration
+      end
+    end
+  end
+end
+

data/lib/aws-sdk-cognitoidentity/resource.rb

@@ -6,13 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::CognitoIdentity
-  # This class provides a resource oriented interface for CognitoIdentity.
-  # To create a resource object:
-  #     resource = Aws::CognitoIdentity::Resource.new(region: 'us-west-2')
-  # You can supply a client object with custom configuration that will be used for all resource operations.
-  # If you do not pass +:client+, a default client will be constructed.
-  #     client = Aws::CognitoIdentity::Client.new(region: 'us-west-2')
-  #     resource = Aws::CognitoIdentity::Resource.new(client: client)
+
   class Resource
 
     # @param options ({})

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentity
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.20.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-09 00:00:00.000000000 Z
+date: 2020-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -56,6 +56,7 @@ files:
 - lib/aws-sdk-cognitoidentity/client.rb
 - lib/aws-sdk-cognitoidentity/client_api.rb
 - lib/aws-sdk-cognitoidentity/customizations.rb
+- lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb
 - lib/aws-sdk-cognitoidentity/errors.rb
 - lib/aws-sdk-cognitoidentity/resource.rb
 - lib/aws-sdk-cognitoidentity/types.rb