AWS.Credentials — AWS SDK for JavaScript (original) (raw)
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.
Inherits:
Object
- Object
- AWS.Credentials show all
Defined in:
lib/credentials.js
Overview
Represents your AWS security credentials, specifically theaccessKeyId, secretAccessKey, and optional sessionToken. Creating a Credentials object allows you to pass around your security information to configuration and service objects.
Note that this class typically does not need to be constructed manually, as the AWS.Config and AWS.Service classes both accept simple options hashes with the three keys. These structures will be converted into Credentials objects automatically.
Expiring and Refreshing Credentials
Occasionally credentials can expire in the middle of a long-running application. In this case, the SDK will automatically attempt to refresh the credentials from the storage location if the Credentials class implements the refresh() method.
If you are implementing a credential storage location, you will want to create a subclass of the Credentials class and override the refresh() method. This method allows credentials to be retrieved from the backing store, be it a file system, database, or some network storage. The method should reset the credential attributes on the object.
Direct Known Subclasses
AWS.ChainableTemporaryCredentials, AWS.CognitoIdentityCredentials, AWS.CredentialProviderChain, AWS.EC2MetadataCredentials, AWS.EnvironmentCredentials, AWS.FileSystemCredentials, AWS.ProcessCredentials, AWS.RemoteCredentials, AWS.SAMLCredentials, AWS.SharedIniFileCredentials, AWS.SsoCredentials, AWS.TemporaryCredentials, AWS.TokenFileWebIdentityCredentials, AWS.WebIdentityCredentials
Constructor Summarycollapse
- new AWS.Credentials() ⇒ void constructor
A credentials object can be created using positional arguments or an options hash.
Property Summarycollapse
- accessKeyId ⇒ String readwrite
The AWS access key ID. - expired ⇒ Boolean readwrite
Whether the credentials have been expired and require a refresh. - expireTime ⇒ Date readwrite
A time when credentials should be considered expired. - expiryWindow ⇒ Integer, Number static readwrite
- secretAccessKey ⇒ String readwrite
The AWS secret access key. - sessionToken ⇒ String readwrite
An optional AWS session token.
Method Summarycollapse
- get(callback) ⇒ void
Gets the existing credentials, refreshing them if they are not yet loaded or have expired. - getPromise() ⇒ Promise
Returns a 'thenable' promise. - needsRefresh() ⇒ Boolean
Whether the credentials object should call refresh(). - refresh(callback) ⇒ void
Refreshes the credentials. - refreshPromise() ⇒ Promise
Returns a 'thenable' promise.
Constructor Details
new AWS.Credentials(accessKeyId, secretAccessKey, sessionToken = null) ⇒ void new AWS.Credentials(options) ⇒ void
A credentials object can be created using positional arguments or an options hash.
Property Details
accessKeyId ⇒ String
Returns the AWS access key ID.
expired ⇒ Boolean
Returns whether the credentials have been expired and require a refresh. Used in conjunction with expireTime.
expireTime ⇒ Date
Returns a time when credentials should be considered expired. Used in conjunction with expired.
expiryWindow ⇒ Integer, Number
secretAccessKey ⇒ String
Returns the AWS secret access key.
sessionToken ⇒ String
Returns an optional AWS session token.
Method Details
get(callback) ⇒ void
Gets the existing credentials, refreshing them if they are not yet loaded or have expired. Users should call this method before using refresh(), as this will not attempt to reload credentials when they are already loaded into the object.
getPromise() ⇒ Promise
Returns a 'thenable' promise. Gets the existing credentials, refreshing them if they are not yet loaded or have expired. Users should call this method before using refresh(), as this will not attempt to reload credentials when they are already loaded into the object.
Two callbacks can be provided to the then method on the returned promise. The first callback will be called if the promise is fulfilled, and the second callback will be called if the promise is rejected.
needsRefresh() ⇒ Boolean
Note:
Subclasses should override this method to provide custom refresh logic.
Returns whether the credentials object should call refresh().
refresh(callback) ⇒ void
Note:
Subclasses should override this class to reset theaccessKeyId, secretAccessKey and optional sessionTokenon the credentials object and then call the callback with any error information.
Refreshes the credentials. Users should call get() before attempting to forcibly refresh credentials.
refreshPromise() ⇒ Promise
Returns a 'thenable' promise. Refreshes the credentials. Users should call get() before attempting to forcibly refresh credentials.
Two callbacks can be provided to the then method on the returned promise. The first callback will be called if the promise is fulfilled, and the second callback will be called if the promise is rejected.