Add default AWSToken identity resolver

aws · Nov 1, 2024 · 09def50 · 09def50
1 parent 22baf8b
commit 09def50
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 5 deletions.
diff --git a/...n.Runtime/Credentials/Internal/IdentityResolvers/DefaultAWSCredentialsIdentityResolver.cs b/...n.Runtime/Credentials/Internal/IdentityResolvers/DefaultAWSCredentialsIdentityResolver.cs
@@ -48,7 +48,7 @@ public DefaultAWSCredentialsIdentityResolver()
                 _credentialsGenerators = new List<CredentialsGenerator>
                 {
 #if BCL
-                () => new AppConfigAWSCredentials(), // Test explicit keys/profile name first.
+                    () => new AppConfigAWSCredentials(), // Test explicit keys/profile name first.
 #endif
                     () => AssumeRoleWithWebIdentityCredentials.FromEnvironmentVariables(),
                     () => new EnvironmentVariablesAWSCredentials(), // Look for credentials set in environment vars.

diff --git a/.../Amazon.Runtime/Credentials/Internal/IdentityResolvers/DefaultAWSTokenIdentityResolver.cs b/.../Amazon.Runtime/Credentials/Internal/IdentityResolvers/DefaultAWSTokenIdentityResolver.cs
@@ -0,0 +1,60 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+using Smithy.Identity.Abstractions;
+using System;
+
+namespace Amazon.Runtime.Credentials.Internal.IdentityResolvers
+{
+    /// <summary>
+    /// A resolver that provides an AWSToken identity. 
+    /// </summary>
+    public class DefaultAWSTokenIdentityResolver : IIdentityResolver
+    {
+        /// <summary>
+        /// Gets or sets the AWSTokenProvider used to resolve the AWSToken.
+        /// By default, this is initialized with an AWSTokenProviderChain containing a ProfileTokenProvider.
+        /// </summary>
+        public IAWSTokenProvider AWSTokenProvider { get; set; }
+
+        public DefaultAWSTokenIdentityResolver()
+        {
+            AWSTokenProvider = new AWSTokenProviderChain(new ProfileTokenProvider());
+        }
+
+        public BaseIdentity ResolveIdentity()
+        {
+            AWSToken token;
+#if BCL
+            if (!AWSTokenProvider.TryResolveToken(out token))
+            {
+                throw new AmazonClientException("Failed to resolve AWSToken using the configured AWSTokenProvider in DefaultAWSTokenIdentityResolver.");
+            }
+#endif
+
+#if AWS_ASYNC_API
+            var tokenResponse = AWSTokenProvider.TryResolveTokenAsync().Result;
+            if (!tokenResponse.Success)
+            {
+                throw new AmazonClientException("Failed to resolve AWSToken using the configured AWSTokenProvider in DefaultAWSTokenIdentityResolver.");
+            }
+
+            token = tokenResponse.Value;
+#endif
+
+            return token;
+        }
+    }
+}
diff --git a/...re/Amazon.Runtime/Credentials/Internal/IdentityResolvers/IdentityResolverConfiguration.cs b/...re/Amazon.Runtime/Credentials/Internal/IdentityResolvers/IdentityResolverConfiguration.cs
@@ -27,6 +27,7 @@ public class DefaultIdentityResolverConfiguration : IIdentityResolverConfigurati
             {
                 { typeof(AnonymousAWSCredentials), new AnonymousIdentityResolver() },
                 { typeof(AWSCredentials), new DefaultAWSCredentialsIdentityResolver() },
+                { typeof(AWSToken), new DefaultAWSTokenIdentityResolver() },
             };
 
         /// <inheritdoc/>

diff --git a/sdk/src/Core/Amazon.Runtime/Tokens/AWSToken.cs b/sdk/src/Core/Amazon.Runtime/Tokens/AWSToken.cs
@@ -15,6 +15,7 @@
 
 using System;
 using System.Diagnostics;
+using Smithy.Identity.Abstractions;
 
 namespace Amazon.Runtime
 {
@@ -26,11 +27,19 @@ namespace Amazon.Runtime
     /// This class is the focused public projection of the internal class
     /// Amazon.Runtime.Credentials.Internal.SsoToken
     /// </remarks>
-    [DebuggerDisplay("{"+ nameof(Token) + "}")]
-    public class AWSToken
+    [DebuggerDisplay("{" + nameof(Token) + "}")]
+    public class AWSToken : BaseIdentity
     {
         public string Token { get; set; }
-        public DateTime? ExpiresAt { get; set; }
+
+        [Obsolete("This property is deprecated in favor of Expiration.")]
+        public DateTime? ExpiresAt
+        {
+            get { return Expiration; }
+            set { this.Expiration = value; }
+        }
+
+        public override DateTime? Expiration { get; set; }
 
         public override string ToString()
         {

diff --git a/sdk/src/Core/Amazon.Runtime/_bcl+netstandard/Tokens/SSOTokenProvider.cs b/sdk/src/Core/Amazon.Runtime/_bcl+netstandard/Tokens/SSOTokenProvider.cs
@@ -137,7 +137,7 @@ private AWSToken MapSsoTokenToAwsToken(SsoToken token)
             return new AWSToken
             {
                 Token = token.AccessToken,
-                ExpiresAt = token.ExpiresAt
+                Expiration = token.ExpiresAt
             };
         }
     }