@aws-sdk/client-s3 3.622.0 → 3.624.0

package/dist-cjs/auth/httpAuthSchemeProvider.js

@@ -0,0 +1,126 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveHttpAuthSchemeConfig = exports.defaultS3HttpAuthSchemeProvider = exports.defaultS3HttpAuthSchemeParametersProvider = void 0;
+const core_1 = require("@aws-sdk/core");
+const signature_v4_multi_region_1 = require("@aws-sdk/signature-v4-multi-region");
+const middleware_endpoint_1 = require("@smithy/middleware-endpoint");
+const util_middleware_1 = require("@smithy/util-middleware");
+const endpointResolver_1 = require("../endpoint/endpointResolver");
+const createEndpointRuleSetHttpAuthSchemeParametersProvider = (defaultHttpAuthSchemeParametersProvider) => async (config, context, input) => {
+    if (!input) {
+        throw new Error(`Could not find \`input\` for \`defaultEndpointRuleSetHttpAuthSchemeParametersProvider\``);
+    }
+    const defaultParameters = await defaultHttpAuthSchemeParametersProvider(config, context, input);
+    const instructionsFn = (0, util_middleware_1.getSmithyContext)(context)?.commandInstance?.constructor
+        ?.getEndpointParameterInstructions;
+    if (!instructionsFn) {
+        throw new Error(`getEndpointParameterInstructions() is not defined on \`${context.commandName}\``);
+    }
+    const endpointParameters = await (0, middleware_endpoint_1.resolveParams)(input, { getEndpointParameterInstructions: instructionsFn }, config);
+    return Object.assign(defaultParameters, endpointParameters);
+};
+const _defaultS3HttpAuthSchemeParametersProvider = async (config, context, input) => {
+    return {
+        operation: (0, util_middleware_1.getSmithyContext)(context).operation,
+        region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) ||
+            (() => {
+                throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+            })(),
+    };
+};
+exports.defaultS3HttpAuthSchemeParametersProvider = createEndpointRuleSetHttpAuthSchemeParametersProvider(_defaultS3HttpAuthSchemeParametersProvider);
+function createAwsAuthSigv4HttpAuthOption(authParameters) {
+    return {
+        schemeId: "aws.auth#sigv4",
+        signingProperties: {
+            name: "s3",
+            region: authParameters.region,
+        },
+        propertiesExtractor: (config, context) => ({
+            signingProperties: {
+                config,
+                context,
+            },
+        }),
+    };
+}
+function createAwsAuthSigv4aHttpAuthOption(authParameters) {
+    return {
+        schemeId: "aws.auth#sigv4a",
+        signingProperties: {
+            name: "s3",
+            region: authParameters.region,
+        },
+        propertiesExtractor: (config, context) => ({
+            signingProperties: {
+                config,
+                context,
+            },
+        }),
+    };
+}
+const createEndpointRuleSetHttpAuthSchemeProvider = (defaultEndpointResolver, defaultHttpAuthSchemeResolver, createHttpAuthOptionFunctions) => {
+    const endpointRuleSetHttpAuthSchemeProvider = (authParameters) => {
+        const endpoint = defaultEndpointResolver(authParameters);
+        const authSchemes = endpoint.properties?.authSchemes;
+        if (!authSchemes) {
+            return defaultHttpAuthSchemeResolver(authParameters);
+        }
+        const options = [];
+        for (const scheme of authSchemes) {
+            const { name: resolvedName, properties = {}, ...rest } = scheme;
+            const name = resolvedName.toLowerCase();
+            if (resolvedName !== name) {
+                console.warn(`HttpAuthScheme has been normalized with lowercasing: \`${resolvedName}\` to \`${name}\``);
+            }
+            let schemeId;
+            if (name === "sigv4a") {
+                schemeId = "aws.auth#sigv4a";
+                const sigv4Present = authSchemes.find((s) => {
+                    const name = s.name.toLowerCase();
+                    return name !== "sigv4a" && name.startsWith("sigv4");
+                });
+                if (!signature_v4_multi_region_1.signatureV4CrtContainer.CrtSignerV4 && sigv4Present) {
+                    continue;
+                }
+            }
+            else if (name.startsWith("sigv4")) {
+                schemeId = "aws.auth#sigv4";
+            }
+            else {
+                throw new Error(`Unknown HttpAuthScheme found in \`@smithy.rules#endpointRuleSet\`: \`${name}\``);
+            }
+            const createOption = createHttpAuthOptionFunctions[schemeId];
+            if (!createOption) {
+                throw new Error(`Could not find HttpAuthOption create function for \`${schemeId}\``);
+            }
+            const option = createOption(authParameters);
+            option.schemeId = schemeId;
+            option.signingProperties = { ...(option.signingProperties || {}), ...rest, ...properties };
+            options.push(option);
+        }
+        return options;
+    };
+    return endpointRuleSetHttpAuthSchemeProvider;
+};
+const _defaultS3HttpAuthSchemeProvider = (authParameters) => {
+    const options = [];
+    switch (authParameters.operation) {
+        default: {
+            options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+            options.push(createAwsAuthSigv4aHttpAuthOption(authParameters));
+        }
+    }
+    return options;
+};
+exports.defaultS3HttpAuthSchemeProvider = createEndpointRuleSetHttpAuthSchemeProvider(endpointResolver_1.defaultEndpointResolver, _defaultS3HttpAuthSchemeProvider, {
+    "aws.auth#sigv4": createAwsAuthSigv4HttpAuthOption,
+    "aws.auth#sigv4a": createAwsAuthSigv4aHttpAuthOption,
+});
+const resolveHttpAuthSchemeConfig = (config) => {
+    const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config);
+    return {
+        ...config_0,
+    };
+};
+exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig;

package/dist-cjs/index.js

@@ -261,14 +261,15 @@ var import_middleware_host_header = require("@aws-sdk/middleware-host-header");
 var import_middleware_logger = require("@aws-sdk/middleware-logger");
 var import_middleware_recursion_detection = require("@aws-sdk/middleware-recursion-detection");
 var import_middleware_sdk_s32 = require("@aws-sdk/middleware-sdk-s3");
-var import_middleware_signing = require("@aws-sdk/middleware-signing");
 var import_middleware_user_agent = require("@aws-sdk/middleware-user-agent");
 var import_config_resolver = require("@smithy/config-resolver");
+var import_core3 = require("@smithy/core");
 var import_eventstream_serde_config_resolver = require("@smithy/eventstream-serde-config-resolver");
 var import_middleware_content_length = require("@smithy/middleware-content-length");
 
 var import_middleware_retry = require("@smithy/middleware-retry");
 
+var import_httpAuthSchemeProvider = require("./auth/httpAuthSchemeProvider");
 
 // src/commands/CreateSessionCommand.ts
 var import_middleware_sdk_s3 = require("@aws-sdk/middleware-sdk-s3");
@@ -8404,19 +8405,62 @@ var import_runtimeConfig = require("././runtimeConfig");
 var import_region_config_resolver = require("@aws-sdk/region-config-resolver");
 
 
+
+// src/auth/httpAuthExtensionConfiguration.ts
+var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => {
+  const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
+  let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
+  let _credentials = runtimeConfig.credentials;
+  return {
+    setHttpAuthScheme(httpAuthScheme) {
+      const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+      if (index === -1) {
+        _httpAuthSchemes.push(httpAuthScheme);
+      } else {
+        _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+      }
+    },
+    httpAuthSchemes() {
+      return _httpAuthSchemes;
+    },
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
+      _httpAuthSchemeProvider = httpAuthSchemeProvider;
+    },
+    httpAuthSchemeProvider() {
+      return _httpAuthSchemeProvider;
+    },
+    setCredentials(credentials) {
+      _credentials = credentials;
+    },
+    credentials() {
+      return _credentials;
+    }
+  };
+}, "getHttpAuthExtensionConfiguration");
+var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => {
+  return {
+    httpAuthSchemes: config.httpAuthSchemes(),
+    httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+    credentials: config.credentials()
+  };
+}, "resolveHttpAuthRuntimeConfig");
+
+// src/runtimeExtensions.ts
 var asPartial = /* @__PURE__ */ __name((t) => t, "asPartial");
 var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => {
   const extensionConfiguration = {
     ...asPartial((0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig)),
     ...asPartial((0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig)),
-    ...asPartial((0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig))
+    ...asPartial((0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig)),
+    ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig))
   };
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
   return {
     ...runtimeConfig,
     ...(0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration),
     ...(0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration),
-    ...(0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration)
+    ...(0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration),
+    ...resolveHttpAuthRuntimeConfig(extensionConfiguration)
   };
 }, "resolveRuntimeExtensions");
 
@@ -8430,9 +8474,9 @@ var _S3Client = class _S3Client extends import_smithy_client.Client {
     const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3);
     const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4);
     const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5);
-    const _config_7 = (0, import_middleware_signing.resolveAwsAuthConfig)(_config_6);
-    const _config_8 = (0, import_middleware_sdk_s32.resolveS3Config)(_config_7, { session: [() => this, CreateSessionCommand] });
-    const _config_9 = (0, import_eventstream_serde_config_resolver.resolveEventStreamSerdeConfig)(_config_8);
+    const _config_7 = (0, import_eventstream_serde_config_resolver.resolveEventStreamSerdeConfig)(_config_6);
+    const _config_8 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_7);
+    const _config_9 = (0, import_middleware_sdk_s32.resolveS3Config)(_config_8, { session: [() => this, CreateSessionCommand] });
     const _config_10 = resolveRuntimeExtensions(_config_9, (configuration == null ? void 0 : configuration.extensions) || []);
     super(_config_10);
     this.config = _config_10;
@@ -8442,11 +8486,21 @@ var _S3Client = class _S3Client extends import_smithy_client.Client {
     this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config));
-    this.middlewareStack.use((0, import_middleware_signing.getAwsAuthPlugin)(this.config));
+    this.middlewareStack.use(
+      (0, import_core3.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, {
+        httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultS3HttpAuthSchemeParametersProvider,
+        identityProviderConfigProvider: async (config) => new import_core3.DefaultIdentityProviderConfig({
+          "aws.auth#sigv4": config.credentials,
+          "aws.auth#sigv4a": config.credentials
+        })
+      })
+    );
+    this.middlewareStack.use((0, import_core3.getHttpSigningPlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_sdk_s32.getValidateBucketNamePlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_expect_continue.getAddExpectContinuePlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_sdk_s32.getRegionRedirectMiddlewarePlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_sdk_s32.getS3ExpressPlugin)(this.config));
+    this.middlewareStack.use((0, import_middleware_sdk_s32.getS3ExpressHttpSigningPlugin)(this.config));
   }
   /**
    * Destroy underlying resources, like sockets. It's usually not necessary to do this.
@@ -10538,16 +10592,16 @@ var S3 = _S3;
 (0, import_smithy_client.createAggregatedClient)(commands, S3);
 
 // src/pagination/ListDirectoryBucketsPaginator.ts
-var import_core3 = require("@smithy/core");
-var paginateListDirectoryBuckets = (0, import_core3.createPaginator)(S3Client, ListDirectoryBucketsCommand, "ContinuationToken", "ContinuationToken", "MaxDirectoryBuckets");
+var import_core4 = require("@smithy/core");
+var paginateListDirectoryBuckets = (0, import_core4.createPaginator)(S3Client, ListDirectoryBucketsCommand, "ContinuationToken", "ContinuationToken", "MaxDirectoryBuckets");
 
 // src/pagination/ListObjectsV2Paginator.ts
-var import_core4 = require("@smithy/core");
-var paginateListObjectsV2 = (0, import_core4.createPaginator)(S3Client, ListObjectsV2Command, "ContinuationToken", "NextContinuationToken", "MaxKeys");
+var import_core5 = require("@smithy/core");
+var paginateListObjectsV2 = (0, import_core5.createPaginator)(S3Client, ListObjectsV2Command, "ContinuationToken", "NextContinuationToken", "MaxKeys");
 
 // src/pagination/ListPartsPaginator.ts
-var import_core5 = require("@smithy/core");
-var paginateListParts = (0, import_core5.createPaginator)(S3Client, ListPartsCommand, "PartNumberMarker", "NextPartNumberMarker", "MaxParts");
+var import_core6 = require("@smithy/core");
+var paginateListParts = (0, import_core6.createPaginator)(S3Client, ListPartsCommand, "PartNumberMarker", "NextPartNumberMarker", "MaxParts");
 
 // src/waiters/waitForBucketExists.ts
 var import_util_waiter = require("@smithy/util-waiter");

package/dist-cjs/runtimeConfig.shared.js

@@ -1,12 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getRuntimeConfig = void 0;
+const core_1 = require("@aws-sdk/core");
 const signature_v4_multi_region_1 = require("@aws-sdk/signature-v4-multi-region");
 const smithy_client_1 = require("@smithy/smithy-client");
 const url_parser_1 = require("@smithy/url-parser");
 const util_base64_1 = require("@smithy/util-base64");
 const util_stream_1 = require("@smithy/util-stream");
 const util_utf8_1 = require("@smithy/util-utf8");
+const httpAuthSchemeProvider_1 = require("./auth/httpAuthSchemeProvider");
 const endpointResolver_1 = require("./endpoint/endpointResolver");
 const getRuntimeConfig = (config) => {
     return {
@@ -17,6 +19,19 @@ const getRuntimeConfig = (config) => {
         endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver,
         extensions: config?.extensions ?? [],
         getAwsChunkedEncodingStream: config?.getAwsChunkedEncodingStream ?? util_stream_1.getAwsChunkedEncodingStream,
+        httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultS3HttpAuthSchemeProvider,
+        httpAuthSchemes: config?.httpAuthSchemes ?? [
+            {
+                schemeId: "aws.auth#sigv4",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
+                signer: new core_1.AwsSdkSigV4Signer(),
+            },
+            {
+                schemeId: "aws.auth#sigv4a",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4a"),
+                signer: new core_1.AwsSdkSigV4ASigner(),
+            },
+        ],
         logger: config?.logger ?? new smithy_client_1.NoOpLogger(),
         sdkStreamMixin: config?.sdkStreamMixin ?? util_stream_1.sdkStreamMixin,
         serviceId: config?.serviceId ?? "S3",

package/dist-es/S3Client.js

@@ -2,15 +2,16 @@ import { getAddExpectContinuePlugin } from "@aws-sdk/middleware-expect-continue"
 import { getHostHeaderPlugin, resolveHostHeaderConfig, } from "@aws-sdk/middleware-host-header";
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
-import { getRegionRedirectMiddlewarePlugin, getS3ExpressPlugin, getValidateBucketNamePlugin, resolveS3Config, } from "@aws-sdk/middleware-sdk-s3";
-import { getAwsAuthPlugin, resolveAwsAuthConfig, } from "@aws-sdk/middleware-signing";
+import { getRegionRedirectMiddlewarePlugin, getS3ExpressHttpSigningPlugin, getS3ExpressPlugin, getValidateBucketNamePlugin, resolveS3Config, } from "@aws-sdk/middleware-sdk-s3";
 import { getUserAgentPlugin, resolveUserAgentConfig, } from "@aws-sdk/middleware-user-agent";
 import { resolveRegionConfig } from "@smithy/config-resolver";
+import { DefaultIdentityProviderConfig, getHttpAuthSchemeEndpointRuleSetPlugin, getHttpSigningPlugin, } from "@smithy/core";
 import { resolveEventStreamSerdeConfig, } from "@smithy/eventstream-serde-config-resolver";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig } from "@smithy/middleware-retry";
 import { Client as __Client, } from "@smithy/smithy-client";
+import { defaultS3HttpAuthSchemeParametersProvider, resolveHttpAuthSchemeConfig, } from "./auth/httpAuthSchemeProvider";
 import { CreateSessionCommand, } from "./commands/CreateSessionCommand";
 import { resolveClientEndpointParameters, } from "./endpoint/EndpointParameters";
 import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig";
@@ -25,9 +26,9 @@ export class S3Client extends __Client {
         const _config_4 = resolveRegionConfig(_config_3);
         const _config_5 = resolveHostHeaderConfig(_config_4);
         const _config_6 = resolveEndpointConfig(_config_5);
-        const _config_7 = resolveAwsAuthConfig(_config_6);
-        const _config_8 = resolveS3Config(_config_7, { session: [() => this, CreateSessionCommand] });
-        const _config_9 = resolveEventStreamSerdeConfig(_config_8);
+        const _config_7 = resolveEventStreamSerdeConfig(_config_6);
+        const _config_8 = resolveHttpAuthSchemeConfig(_config_7);
+        const _config_9 = resolveS3Config(_config_8, { session: [() => this, CreateSessionCommand] });
         const _config_10 = resolveRuntimeExtensions(_config_9, configuration?.extensions || []);
         super(_config_10);
         this.config = _config_10;
@@ -37,11 +38,19 @@ export class S3Client extends __Client {
         this.middlewareStack.use(getHostHeaderPlugin(this.config));
         this.middlewareStack.use(getLoggerPlugin(this.config));
         this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-        this.middlewareStack.use(getAwsAuthPlugin(this.config));
+        this.middlewareStack.use(getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+            httpAuthSchemeParametersProvider: defaultS3HttpAuthSchemeParametersProvider,
+            identityProviderConfigProvider: async (config) => new DefaultIdentityProviderConfig({
+                "aws.auth#sigv4": config.credentials,
+                "aws.auth#sigv4a": config.credentials,
+            }),
+        }));
+        this.middlewareStack.use(getHttpSigningPlugin(this.config));
         this.middlewareStack.use(getValidateBucketNamePlugin(this.config));
         this.middlewareStack.use(getAddExpectContinuePlugin(this.config));
         this.middlewareStack.use(getRegionRedirectMiddlewarePlugin(this.config));
         this.middlewareStack.use(getS3ExpressPlugin(this.config));
+        this.middlewareStack.use(getS3ExpressHttpSigningPlugin(this.config));
     }
     destroy() {
         super.destroy();

package/dist-es/auth/httpAuthExtensionConfiguration.js

@@ -0,0 +1,38 @@
+export const getHttpAuthExtensionConfiguration = (runtimeConfig) => {
+    const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
+    let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
+    let _credentials = runtimeConfig.credentials;
+    return {
+        setHttpAuthScheme(httpAuthScheme) {
+            const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+            if (index === -1) {
+                _httpAuthSchemes.push(httpAuthScheme);
+            }
+            else {
+                _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+            }
+        },
+        httpAuthSchemes() {
+            return _httpAuthSchemes;
+        },
+        setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
+            _httpAuthSchemeProvider = httpAuthSchemeProvider;
+        },
+        httpAuthSchemeProvider() {
+            return _httpAuthSchemeProvider;
+        },
+        setCredentials(credentials) {
+            _credentials = credentials;
+        },
+        credentials() {
+            return _credentials;
+        },
+    };
+};
+export const resolveHttpAuthRuntimeConfig = (config) => {
+    return {
+        httpAuthSchemes: config.httpAuthSchemes(),
+        httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+        credentials: config.credentials(),
+    };
+};

package/dist-es/auth/httpAuthSchemeProvider.js

@@ -0,0 +1,122 @@
+import { resolveAwsSdkSigV4Config, } from "@aws-sdk/core";
+import { signatureV4CrtContainer } from "@aws-sdk/signature-v4-multi-region";
+import { resolveParams } from "@smithy/middleware-endpoint";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+import { defaultEndpointResolver } from "../endpoint/endpointResolver";
+const createEndpointRuleSetHttpAuthSchemeParametersProvider = (defaultHttpAuthSchemeParametersProvider) => async (config, context, input) => {
+    if (!input) {
+        throw new Error(`Could not find \`input\` for \`defaultEndpointRuleSetHttpAuthSchemeParametersProvider\``);
+    }
+    const defaultParameters = await defaultHttpAuthSchemeParametersProvider(config, context, input);
+    const instructionsFn = getSmithyContext(context)?.commandInstance?.constructor
+        ?.getEndpointParameterInstructions;
+    if (!instructionsFn) {
+        throw new Error(`getEndpointParameterInstructions() is not defined on \`${context.commandName}\``);
+    }
+    const endpointParameters = await resolveParams(input, { getEndpointParameterInstructions: instructionsFn }, config);
+    return Object.assign(defaultParameters, endpointParameters);
+};
+const _defaultS3HttpAuthSchemeParametersProvider = async (config, context, input) => {
+    return {
+        operation: getSmithyContext(context).operation,
+        region: (await normalizeProvider(config.region)()) ||
+            (() => {
+                throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+            })(),
+    };
+};
+export const defaultS3HttpAuthSchemeParametersProvider = createEndpointRuleSetHttpAuthSchemeParametersProvider(_defaultS3HttpAuthSchemeParametersProvider);
+function createAwsAuthSigv4HttpAuthOption(authParameters) {
+    return {
+        schemeId: "aws.auth#sigv4",
+        signingProperties: {
+            name: "s3",
+            region: authParameters.region,
+        },
+        propertiesExtractor: (config, context) => ({
+            signingProperties: {
+                config,
+                context,
+            },
+        }),
+    };
+}
+function createAwsAuthSigv4aHttpAuthOption(authParameters) {
+    return {
+        schemeId: "aws.auth#sigv4a",
+        signingProperties: {
+            name: "s3",
+            region: authParameters.region,
+        },
+        propertiesExtractor: (config, context) => ({
+            signingProperties: {
+                config,
+                context,
+            },
+        }),
+    };
+}
+const createEndpointRuleSetHttpAuthSchemeProvider = (defaultEndpointResolver, defaultHttpAuthSchemeResolver, createHttpAuthOptionFunctions) => {
+    const endpointRuleSetHttpAuthSchemeProvider = (authParameters) => {
+        const endpoint = defaultEndpointResolver(authParameters);
+        const authSchemes = endpoint.properties?.authSchemes;
+        if (!authSchemes) {
+            return defaultHttpAuthSchemeResolver(authParameters);
+        }
+        const options = [];
+        for (const scheme of authSchemes) {
+            const { name: resolvedName, properties = {}, ...rest } = scheme;
+            const name = resolvedName.toLowerCase();
+            if (resolvedName !== name) {
+                console.warn(`HttpAuthScheme has been normalized with lowercasing: \`${resolvedName}\` to \`${name}\``);
+            }
+            let schemeId;
+            if (name === "sigv4a") {
+                schemeId = "aws.auth#sigv4a";
+                const sigv4Present = authSchemes.find((s) => {
+                    const name = s.name.toLowerCase();
+                    return name !== "sigv4a" && name.startsWith("sigv4");
+                });
+                if (!signatureV4CrtContainer.CrtSignerV4 && sigv4Present) {
+                    continue;
+                }
+            }
+            else if (name.startsWith("sigv4")) {
+                schemeId = "aws.auth#sigv4";
+            }
+            else {
+                throw new Error(`Unknown HttpAuthScheme found in \`@smithy.rules#endpointRuleSet\`: \`${name}\``);
+            }
+            const createOption = createHttpAuthOptionFunctions[schemeId];
+            if (!createOption) {
+                throw new Error(`Could not find HttpAuthOption create function for \`${schemeId}\``);
+            }
+            const option = createOption(authParameters);
+            option.schemeId = schemeId;
+            option.signingProperties = { ...(option.signingProperties || {}), ...rest, ...properties };
+            options.push(option);
+        }
+        return options;
+    };
+    return endpointRuleSetHttpAuthSchemeProvider;
+};
+const _defaultS3HttpAuthSchemeProvider = (authParameters) => {
+    const options = [];
+    switch (authParameters.operation) {
+        default: {
+            options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+            options.push(createAwsAuthSigv4aHttpAuthOption(authParameters));
+        }
+    }
+    return options;
+};
+export const defaultS3HttpAuthSchemeProvider = createEndpointRuleSetHttpAuthSchemeProvider(defaultEndpointResolver, _defaultS3HttpAuthSchemeProvider, {
+    "aws.auth#sigv4": createAwsAuthSigv4HttpAuthOption,
+    "aws.auth#sigv4a": createAwsAuthSigv4aHttpAuthOption,
+});
+export const resolveHttpAuthSchemeConfig = (config) => {
+    const config_0 = resolveAwsSdkSigV4Config(config);
+    return {
+        ...config_0,
+    };
+};

package/dist-es/runtimeConfig.shared.js

@@ -1,9 +1,11 @@
+import { AwsSdkSigV4ASigner, AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { SignatureV4MultiRegion } from "@aws-sdk/signature-v4-multi-region";
 import { NoOpLogger } from "@smithy/smithy-client";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { getAwsChunkedEncodingStream, sdkStreamMixin } from "@smithy/util-stream";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
+import { defaultS3HttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 export const getRuntimeConfig = (config) => {
     return {
@@ -14,6 +16,19 @@ export const getRuntimeConfig = (config) => {
         endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
         extensions: config?.extensions ?? [],
         getAwsChunkedEncodingStream: config?.getAwsChunkedEncodingStream ?? getAwsChunkedEncodingStream,
+        httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultS3HttpAuthSchemeProvider,
+        httpAuthSchemes: config?.httpAuthSchemes ?? [
+            {
+                schemeId: "aws.auth#sigv4",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
+                signer: new AwsSdkSigV4Signer(),
+            },
+            {
+                schemeId: "aws.auth#sigv4a",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4a"),
+                signer: new AwsSdkSigV4ASigner(),
+            },
+        ],
         logger: config?.logger ?? new NoOpLogger(),
         sdkStreamMixin: config?.sdkStreamMixin ?? sdkStreamMixin,
         serviceId: config?.serviceId ?? "S3",

package/dist-es/runtimeExtensions.js

@@ -1,12 +1,14 @@
 import { getAwsRegionExtensionConfiguration, resolveAwsRegionExtensionConfiguration, } from "@aws-sdk/region-config-resolver";
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 const asPartial = (t) => t;
 export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
     const extensionConfiguration = {
         ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
         ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
         ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+        ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
     };
     extensions.forEach((extension) => extension.configure(extensionConfiguration));
     return {
@@ -14,5 +16,6 @@ export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
         ...resolveDefaultRuntimeConfig(extensionConfiguration),
         ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+        ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
     };
 };

package/dist-types/S3Client.d.ts

@@ -1,17 +1,17 @@
 /// <reference types="node" />
 import { HostHeaderInputConfig, HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
 import { S3InputConfig, S3ResolvedConfig } from "@aws-sdk/middleware-sdk-s3";
-import { AwsAuthInputConfig, AwsAuthResolvedConfig } from "@aws-sdk/middleware-signing";
 import { UserAgentInputConfig, UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials, GetAwsChunkedEncodingStream } from "@aws-sdk/types";
+import { GetAwsChunkedEncodingStream } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig } from "@smithy/config-resolver";
 import { EventStreamSerdeInputConfig, EventStreamSerdeResolvedConfig } from "@smithy/eventstream-serde-config-resolver";
 import { EndpointInputConfig, EndpointResolvedConfig } from "@smithy/middleware-endpoint";
 import { RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
 import { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
 import { Client as __Client, DefaultsMode as __DefaultsMode, SmithyConfiguration as __SmithyConfiguration, SmithyResolvedConfiguration as __SmithyResolvedConfiguration } from "@smithy/smithy-client";
-import { BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, EventStreamSerdeProvider as __EventStreamSerdeProvider, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, Provider, SdkStreamMixinInjector as __SdkStreamMixinInjector, StreamCollector as __StreamCollector, StreamHasher as __StreamHasher, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
+import { AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, EventStreamSerdeProvider as __EventStreamSerdeProvider, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, Provider, SdkStreamMixinInjector as __SdkStreamMixinInjector, StreamCollector as __StreamCollector, StreamHasher as __StreamHasher, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
 import { Readable } from "stream";
+import { HttpAuthSchemeInputConfig, HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
 import { AbortMultipartUploadCommandInput, AbortMultipartUploadCommandOutput } from "./commands/AbortMultipartUploadCommand";
 import { CompleteMultipartUploadCommandInput, CompleteMultipartUploadCommandOutput } from "./commands/CompleteMultipartUploadCommand";
 import { CopyObjectCommandInput, CopyObjectCommandOutput } from "./commands/CopyObjectCommand";
@@ -224,17 +224,10 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
     getAwsChunkedEncodingStream?: GetAwsChunkedEncodingStream;
     /**
      * Default credentials provider; Not available in browser runtime.
+     * @deprecated
      * @internal
      */
-    credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
-    /**
-     * Whether to escape request path when signing the request.
-     */
-    signingEscapePath?: boolean;
-    /**
-     * Whether to override the request region with the region inferred from requested resource's ARN. Defaults to false.
-     */
-    useArnRegion?: boolean | Provider<boolean>;
+    credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
     /**
      * Value for how many times a request will be made at most in case of retry.
      */
@@ -261,6 +254,14 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
      * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
      */
     defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
+    /**
+     * Whether to escape request path when signing the request.
+     */
+    signingEscapePath?: boolean;
+    /**
+     * Whether to override the request region with the region inferred from requested resource's ARN. Defaults to false.
+     */
+    useArnRegion?: boolean | Provider<boolean>;
     /**
      * The internal function that inject utilities to runtime-specific stream to help users consume the data
      * @internal
@@ -270,7 +271,7 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
 /**
  * @public
  */
-export type S3ClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & AwsAuthInputConfig & S3InputConfig & EventStreamSerdeInputConfig & ClientInputEndpointParameters;
+export type S3ClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & EventStreamSerdeInputConfig & HttpAuthSchemeInputConfig & S3InputConfig & ClientInputEndpointParameters;
 /**
  * @public
  *
@@ -281,7 +282,7 @@ export interface S3ClientConfig extends S3ClientConfigType {
 /**
  * @public
  */
-export type S3ClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & AwsAuthResolvedConfig & S3ResolvedConfig & EventStreamSerdeResolvedConfig & ClientResolvedEndpointParameters;
+export type S3ClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & EventStreamSerdeResolvedConfig & HttpAuthSchemeResolvedConfig & S3ResolvedConfig & ClientResolvedEndpointParameters;
 /**
  * @public
  *

package/dist-types/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,29 @@
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+import { S3HttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+    httpAuthSchemes(): HttpAuthScheme[];
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: S3HttpAuthSchemeProvider): void;
+    httpAuthSchemeProvider(): S3HttpAuthSchemeProvider;
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+    httpAuthSchemes: HttpAuthScheme[];
+    httpAuthSchemeProvider: S3HttpAuthSchemeProvider;
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+/**
+ * @internal
+ */
+export declare const getHttpAuthExtensionConfiguration: (runtimeConfig: HttpAuthRuntimeConfig) => HttpAuthExtensionConfiguration;
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthRuntimeConfig: (config: HttpAuthExtensionConfiguration) => HttpAuthRuntimeConfig;

package/dist-types/auth/httpAuthSchemeProvider.d.ts

@@ -0,0 +1,69 @@
+import { AwsSdkSigV4AuthInputConfig, AwsSdkSigV4AuthResolvedConfig, AwsSdkSigV4PreviouslyResolved } from "@aws-sdk/core";
+import { HandlerExecutionContext, HttpAuthScheme, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider } from "@smithy/types";
+import { EndpointParameters } from "../endpoint/EndpointParameters";
+import { S3ClientResolvedConfig } from "../S3Client";
+/**
+ * @internal
+ */
+interface _S3HttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+    region?: string;
+}
+/**
+ * @internal
+ */
+export interface S3HttpAuthSchemeParameters extends _S3HttpAuthSchemeParameters, EndpointParameters {
+    region?: string;
+}
+/**
+ * @internal
+ */
+export interface S3HttpAuthSchemeParametersProvider extends HttpAuthSchemeParametersProvider<S3ClientResolvedConfig, HandlerExecutionContext, S3HttpAuthSchemeParameters, object> {
+}
+/**
+ * @internal
+ */
+export declare const defaultS3HttpAuthSchemeParametersProvider: S3HttpAuthSchemeParametersProvider;
+/**
+ * @internal
+ */
+export interface S3HttpAuthSchemeProvider extends HttpAuthSchemeProvider<S3HttpAuthSchemeParameters> {
+}
+/**
+ * @internal
+ */
+export declare const defaultS3HttpAuthSchemeProvider: S3HttpAuthSchemeProvider;
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+    /**
+     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    httpAuthSchemes?: HttpAuthScheme[];
+    /**
+     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    httpAuthSchemeProvider?: S3HttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+    /**
+     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    readonly httpAuthSchemes: HttpAuthScheme[];
+    /**
+     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    readonly httpAuthSchemeProvider: S3HttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthSchemeConfig: <T>(config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved) => T & HttpAuthSchemeResolvedConfig;
+export {};

package/dist-types/extensionConfiguration.d.ts

@@ -1,8 +1,9 @@
 import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
 /**
  * @internal
  */
-export interface S3ExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration {
+export interface S3ExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration, HttpAuthExtensionConfiguration {
 }

package/dist-types/runtimeConfig.browser.d.ts

@@ -8,7 +8,7 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     runtime: string;
     defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
-    credentialDefaultProvider: (input: any) => import("@smithy/types").Provider<import("@aws-sdk/types").Credentials>;
+    credentialDefaultProvider: (input: any) => import("@smithy/types").AwsCredentialIdentityProvider;
     defaultUserAgentProvider: import("@smithy/types").Provider<import("@smithy/types").UserAgent>;
     eventStreamSerdeProvider: import("@smithy/types").EventStreamSerdeProvider;
     maxAttempts: number | import("@smithy/types").Provider<number>;
@@ -31,10 +31,10 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     disableHostPrefix: boolean;
     serviceId: string;
     getAwsChunkedEncodingStream: import("@smithy/types").GetAwsChunkedEncodingStream<any> | import("@smithy/types").GetAwsChunkedEncodingStream<import("stream").Readable>;
-    signingEscapePath: boolean;
-    useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
     logger: import("@smithy/types").Logger;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
+    signingEscapePath: boolean;
+    useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
     sdkStreamMixin: import("@smithy/types").SdkStreamMixinInjector;
     customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
     retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2 | undefined;
@@ -43,7 +43,9 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
         logger?: import("@smithy/types").Logger | undefined;
     }) => import("@smithy/types").EndpointV2;
     tls?: boolean | undefined;
-    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").Provider<import("@smithy/types").AwsCredentialIdentity> | undefined;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
+    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider | undefined;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme | undefined) => Promise<import("@smithy/types").RequestSigner>) | undefined;
     systemClockOffset?: number | undefined;
     signingRegion?: string | undefined;

package/dist-types/runtimeConfig.d.ts

@@ -34,9 +34,9 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     disableHostPrefix: boolean;
     serviceId: string;
     getAwsChunkedEncodingStream: import("@aws-sdk/types").GetAwsChunkedEncodingStream<any> | import("@aws-sdk/types").GetAwsChunkedEncodingStream<import("stream").Readable>;
-    signingEscapePath: boolean;
     logger: import("@aws-sdk/types").Logger;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
+    signingEscapePath: boolean;
     sdkStreamMixin: import("@aws-sdk/types").SdkStreamMixinInjector;
     customUserAgent?: string | import("@aws-sdk/types").UserAgent | undefined;
     retryStrategy?: import("@aws-sdk/types").RetryStrategy | import("@aws-sdk/types").RetryStrategyV2 | undefined;
@@ -45,7 +45,9 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
         logger?: import("@aws-sdk/types").Logger | undefined;
     }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
-    credentials?: import("@aws-sdk/types").AwsCredentialIdentity | import("@aws-sdk/types").Provider<import("@aws-sdk/types").AwsCredentialIdentity> | undefined;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
+    credentials?: import("@aws-sdk/types").AwsCredentialIdentity | import("@aws-sdk/types").AwsCredentialIdentityProvider | undefined;
     signer?: import("@aws-sdk/types").RequestSigner | ((authScheme?: import("@aws-sdk/types").AuthScheme | undefined) => Promise<import("@aws-sdk/types").RequestSigner>) | undefined;
     systemClockOffset?: number | undefined;
     signingRegion?: string | undefined;

package/dist-types/runtimeConfig.native.d.ts

@@ -25,15 +25,15 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     md5: import("@smithy/types").HashConstructor;
     sha1: import("@smithy/types").HashConstructor;
     getAwsChunkedEncodingStream: import("@smithy/types").GetAwsChunkedEncodingStream<any> | import("@smithy/types").GetAwsChunkedEncodingStream<import("stream").Readable>;
-    credentialDefaultProvider: (input: any) => import("@smithy/types").Provider<import("@aws-sdk/types").Credentials>;
-    signingEscapePath: boolean;
-    useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
+    credentialDefaultProvider: (input: any) => import("@smithy/types").AwsCredentialIdentityProvider;
     maxAttempts: number | import("@smithy/types").Provider<number>;
     retryMode: string | import("@smithy/types").Provider<string>;
     logger: import("@smithy/types").Logger;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
     eventStreamSerdeProvider: import("@smithy/types").EventStreamSerdeProvider;
     defaultsMode: import("@smithy/smithy-client").DefaultsMode | import("@smithy/types").Provider<import("@smithy/smithy-client").DefaultsMode>;
+    signingEscapePath: boolean;
+    useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
     sdkStreamMixin: import("@smithy/types").SdkStreamMixinInjector;
     customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
     retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2 | undefined;
@@ -42,7 +42,9 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
         logger?: import("@smithy/types").Logger | undefined;
     }) => import("@smithy/types").EndpointV2;
     tls?: boolean | undefined;
-    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").Provider<import("@smithy/types").AwsCredentialIdentity> | undefined;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
+    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider | undefined;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme | undefined) => Promise<import("@smithy/types").RequestSigner>) | undefined;
     systemClockOffset?: number | undefined;
     signingRegion?: string | undefined;

package/dist-types/runtimeConfig.shared.d.ts

@@ -14,6 +14,8 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     }) => import("@smithy/types").EndpointV2;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
     getAwsChunkedEncodingStream: import("@smithy/types").GetAwsChunkedEncodingStream<any> | import("@smithy/types").GetAwsChunkedEncodingStream<import("stream").Readable>;
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
     logger: import("@smithy/types").Logger;
     sdkStreamMixin: import("@smithy/types").SdkStreamMixinInjector;
     serviceId: string;

package/dist-types/ts3.4/S3Client.d.ts

@@ -3,18 +3,11 @@ import {
   HostHeaderResolvedConfig,
 } from "@aws-sdk/middleware-host-header";
 import { S3InputConfig, S3ResolvedConfig } from "@aws-sdk/middleware-sdk-s3";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import {
-  Credentials as __Credentials,
-  GetAwsChunkedEncodingStream,
-} from "@aws-sdk/types";
+import { GetAwsChunkedEncodingStream } from "@aws-sdk/types";
 import {
   RegionInputConfig,
   RegionResolvedConfig,
@@ -39,6 +32,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   ChecksumConstructor as __ChecksumConstructor,
@@ -57,6 +51,10 @@ import {
   UserAgent as __UserAgent,
 } from "@smithy/types";
 import { Readable } from "stream";
+import {
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+} from "./auth/httpAuthSchemeProvider";
 import {
   AbortMultipartUploadCommandInput,
   AbortMultipartUploadCommandOutput,
@@ -658,15 +656,15 @@ export interface ClientDefaults
   md5?: __ChecksumConstructor | __HashConstructor;
   sha1?: __ChecksumConstructor | __HashConstructor;
   getAwsChunkedEncodingStream?: GetAwsChunkedEncodingStream;
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
-  signingEscapePath?: boolean;
-  useArnRegion?: boolean | Provider<boolean>;
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
   maxAttempts?: number | __Provider<number>;
   retryMode?: string | __Provider<string>;
   logger?: __Logger;
   extensions?: RuntimeExtension[];
   eventStreamSerdeProvider?: __EventStreamSerdeProvider;
   defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
+  signingEscapePath?: boolean;
+  useArnRegion?: boolean | Provider<boolean>;
   sdkStreamMixin?: __SdkStreamMixinInjector;
 }
 export type S3ClientConfigType = Partial<
@@ -678,9 +676,9 @@ export type S3ClientConfigType = Partial<
   RegionInputConfig &
   HostHeaderInputConfig &
   EndpointInputConfig<EndpointParameters> &
-  AwsAuthInputConfig &
-  S3InputConfig &
   EventStreamSerdeInputConfig &
+  HttpAuthSchemeInputConfig &
+  S3InputConfig &
   ClientInputEndpointParameters;
 export interface S3ClientConfig extends S3ClientConfigType {}
 export type S3ClientResolvedConfigType =
@@ -692,9 +690,9 @@ export type S3ClientResolvedConfigType =
     RegionResolvedConfig &
     HostHeaderResolvedConfig &
     EndpointResolvedConfig<EndpointParameters> &
-    AwsAuthResolvedConfig &
-    S3ResolvedConfig &
     EventStreamSerdeResolvedConfig &
+    HttpAuthSchemeResolvedConfig &
+    S3ResolvedConfig &
     ClientResolvedEndpointParameters;
 export interface S3ClientResolvedConfig extends S3ClientResolvedConfigType {}
 export declare class S3Client extends __Client<

package/dist-types/ts3.4/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,32 @@
+import {
+  AwsCredentialIdentity,
+  AwsCredentialIdentityProvider,
+  HttpAuthScheme,
+} from "@smithy/types";
+import { S3HttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(
+    httpAuthSchemeProvider: S3HttpAuthSchemeProvider
+  ): void;
+  httpAuthSchemeProvider(): S3HttpAuthSchemeProvider;
+  setCredentials(
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider
+  ): void;
+  credentials():
+    | AwsCredentialIdentity
+    | AwsCredentialIdentityProvider
+    | undefined;
+}
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: S3HttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+export declare const getHttpAuthExtensionConfiguration: (
+  runtimeConfig: HttpAuthRuntimeConfig
+) => HttpAuthExtensionConfiguration;
+export declare const resolveHttpAuthRuntimeConfig: (
+  config: HttpAuthExtensionConfiguration
+) => HttpAuthRuntimeConfig;

package/dist-types/ts3.4/auth/httpAuthSchemeProvider.d.ts

@@ -0,0 +1,46 @@
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { EndpointParameters } from "../endpoint/EndpointParameters";
+import { S3ClientResolvedConfig } from "../S3Client";
+interface _S3HttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+  region?: string;
+}
+export interface S3HttpAuthSchemeParameters
+  extends _S3HttpAuthSchemeParameters,
+    EndpointParameters {
+  region?: string;
+}
+export interface S3HttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    S3ClientResolvedConfig,
+    HandlerExecutionContext,
+    S3HttpAuthSchemeParameters,
+    object
+  > {}
+export declare const defaultS3HttpAuthSchemeParametersProvider: S3HttpAuthSchemeParametersProvider;
+export interface S3HttpAuthSchemeProvider
+  extends HttpAuthSchemeProvider<S3HttpAuthSchemeParameters> {}
+export declare const defaultS3HttpAuthSchemeProvider: S3HttpAuthSchemeProvider;
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  httpAuthSchemes?: HttpAuthScheme[];
+  httpAuthSchemeProvider?: S3HttpAuthSchemeProvider;
+}
+export interface HttpAuthSchemeResolvedConfig
+  extends AwsSdkSigV4AuthResolvedConfig {
+  readonly httpAuthSchemes: HttpAuthScheme[];
+  readonly httpAuthSchemeProvider: S3HttpAuthSchemeProvider;
+}
+export declare const resolveHttpAuthSchemeConfig: <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+) => T & HttpAuthSchemeResolvedConfig;
+export {};

package/dist-types/ts3.4/extensionConfiguration.d.ts

@@ -1,7 +1,9 @@
 import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
 export interface S3ExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}

package/dist-types/ts3.4/runtimeConfig.browser.d.ts

@@ -8,7 +8,7 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
   bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
   credentialDefaultProvider: (
     input: any
-  ) => import("@smithy/types").Provider<import("@aws-sdk/types").Credentials>;
+  ) => import("@smithy/types").AwsCredentialIdentityProvider;
   defaultUserAgentProvider: import("@smithy/types").Provider<
     import("@smithy/types").UserAgent
   >;
@@ -41,10 +41,10 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     | import("@smithy/types").GetAwsChunkedEncodingStream<
         import("stream").Readable
       >;
-  signingEscapePath: boolean;
-  useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
   logger: import("@smithy/types").Logger;
   extensions: import("./runtimeExtensions").RuntimeExtension[];
+  signingEscapePath: boolean;
+  useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
   sdkStreamMixin: import("@smithy/types").SdkStreamMixinInjector;
   customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
   retryStrategy?:
@@ -75,11 +75,11 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     }
   ) => import("@smithy/types").EndpointV2;
   tls?: boolean | undefined;
+  httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+  httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
   credentials?:
     | import("@smithy/types").AwsCredentialIdentity
-    | import("@smithy/types").Provider<
-        import("@smithy/types").AwsCredentialIdentity
-      >
+    | import("@smithy/types").AwsCredentialIdentityProvider
     | undefined;
   signer?:
     | import("@smithy/types").RequestSigner

package/dist-types/ts3.4/runtimeConfig.d.ts

@@ -50,9 +50,9 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     | import("@aws-sdk/types").GetAwsChunkedEncodingStream<
         import("stream").Readable
       >;
-  signingEscapePath: boolean;
   logger: import("@aws-sdk/types").Logger;
   extensions: import("./runtimeExtensions").RuntimeExtension[];
+  signingEscapePath: boolean;
   sdkStreamMixin: import("@aws-sdk/types").SdkStreamMixinInjector;
   customUserAgent?: string | import("@aws-sdk/types").UserAgent | undefined;
   retryStrategy?:
@@ -85,11 +85,11 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     }
   ) => import("@aws-sdk/types").EndpointV2;
   tls?: boolean | undefined;
+  httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+  httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
   credentials?:
     | import("@aws-sdk/types").AwsCredentialIdentity
-    | import("@aws-sdk/types").Provider<
-        import("@aws-sdk/types").AwsCredentialIdentity
-      >
+    | import("@aws-sdk/types").AwsCredentialIdentityProvider
     | undefined;
   signer?:
     | import("@aws-sdk/types").RequestSigner

package/dist-types/ts3.4/runtimeConfig.native.d.ts

@@ -36,9 +36,7 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
       >;
   credentialDefaultProvider: (
     input: any
-  ) => import("@smithy/types").Provider<import("@aws-sdk/types").Credentials>;
-  signingEscapePath: boolean;
-  useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
+  ) => import("@smithy/types").AwsCredentialIdentityProvider;
   maxAttempts: number | import("@smithy/types").Provider<number>;
   retryMode: string | import("@smithy/types").Provider<string>;
   logger: import("@smithy/types").Logger;
@@ -49,6 +47,8 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     | import("@smithy/types").Provider<
         import("@smithy/smithy-client").DefaultsMode
       >;
+  signingEscapePath: boolean;
+  useArnRegion: boolean | import("@smithy/types").Provider<boolean>;
   sdkStreamMixin: import("@smithy/types").SdkStreamMixinInjector;
   customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
   retryStrategy?:
@@ -69,11 +69,11 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     }
   ) => import("@smithy/types").EndpointV2;
   tls?: boolean | undefined;
+  httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+  httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
   credentials?:
     | import("@smithy/types").AwsCredentialIdentity
-    | import("@smithy/types").Provider<
-        import("@smithy/types").AwsCredentialIdentity
-      >
+    | import("@smithy/types").AwsCredentialIdentityProvider
     | undefined;
   signer?:
     | import("@smithy/types").RequestSigner

package/dist-types/ts3.4/runtimeConfig.shared.d.ts

@@ -17,6 +17,8 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     | import("@smithy/types").GetAwsChunkedEncodingStream<
         import("stream").Readable
       >;
+  httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").S3HttpAuthSchemeProvider;
+  httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
   logger: import("@smithy/types").Logger;
   sdkStreamMixin: import("@smithy/types").SdkStreamMixinInjector;
   serviceId: string;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-s3",
   "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native",
-  "version": "3.622.0",
+  "version": "3.624.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-s3",
@@ -26,10 +26,10 @@
     "@aws-crypto/sha1-browser": "5.2.0",
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "3.622.0",
-    "@aws-sdk/client-sts": "3.622.0",
-    "@aws-sdk/core": "3.622.0",
-    "@aws-sdk/credential-provider-node": "3.622.0",
+    "@aws-sdk/client-sso-oidc": "3.624.0",
+    "@aws-sdk/client-sts": "3.624.0",
+    "@aws-sdk/core": "3.624.0",
+    "@aws-sdk/credential-provider-node": "3.624.0",
     "@aws-sdk/middleware-bucket-endpoint": "3.620.0",
     "@aws-sdk/middleware-expect-continue": "3.620.0",
     "@aws-sdk/middleware-flexible-checksums": "3.620.0",
@@ -37,12 +37,11 @@
     "@aws-sdk/middleware-location-constraint": "3.609.0",
     "@aws-sdk/middleware-logger": "3.609.0",
     "@aws-sdk/middleware-recursion-detection": "3.620.0",
-    "@aws-sdk/middleware-sdk-s3": "3.622.0",
-    "@aws-sdk/middleware-signing": "3.620.0",
+    "@aws-sdk/middleware-sdk-s3": "3.624.0",
     "@aws-sdk/middleware-ssec": "3.609.0",
     "@aws-sdk/middleware-user-agent": "3.620.0",
     "@aws-sdk/region-config-resolver": "3.614.0",
-    "@aws-sdk/signature-v4-multi-region": "3.622.0",
+    "@aws-sdk/signature-v4-multi-region": "3.624.0",
     "@aws-sdk/types": "3.609.0",
     "@aws-sdk/util-endpoints": "3.614.0",
     "@aws-sdk/util-user-agent-browser": "3.609.0",
@@ -76,6 +75,7 @@
     "@smithy/util-defaults-mode-browser": "^3.0.14",
     "@smithy/util-defaults-mode-node": "^3.0.14",
     "@smithy/util-endpoints": "^2.0.5",
+    "@smithy/util-middleware": "^3.0.3",
     "@smithy/util-retry": "^3.0.3",
     "@smithy/util-stream": "^3.1.3",
     "@smithy/util-utf8": "^3.0.0",
@@ -83,7 +83,7 @@
     "tslib": "^2.6.2"
   },
   "devDependencies": {
-    "@aws-sdk/signature-v4-crt": "3.622.0",
+    "@aws-sdk/signature-v4-crt": "3.624.0",
     "@tsconfig/node16": "16.1.3",
     "@types/chai": "^4.2.11",
     "@types/mocha": "^8.0.4",