AWS.WebIdentityCredentials — AWS SDK for JavaScript (original) (raw)
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.
Overview
Represents credentials retrieved from STS Web Identity Federation support.
By default this provider gets credentials using theAWS.STS.assumeRoleWithWebIdentity() service operation. This operation requires a RoleArn containing the ARN of the IAM trust policy for the application for which credentials will be given. In addition, theWebIdentityToken must be set to the token provided by the identity provider. See constructor() for an example on creating a credentials object with proper RoleArn and WebIdentityToken values.
Refreshing Credentials from Identity Service
In addition to AWS credentials expiring after a given amount of time, the login token from the identity provider will also expire. Once this token expires, it will not be usable to refresh AWS credentials, and another token will be needed. The SDK does not manage refreshing of the token value, but this can be done through a "refresh token" supported by most identity providers. Consult the documentation for the identity provider for refreshing tokens. Once the refreshed token is acquired, you should make sure to update this new token in the credentials object's params property. The following code will update the WebIdentityToken, assuming you have retrieved an updated token from the identity provider:
AWS.config.credentials.params.WebIdentityToken = updatedToken;
Future calls to credentials.refresh() will now use the new token.
Constructor Summarycollapse
- new AWS.WebIdentityCredentials(params, clientConfig) ⇒ void constructor
Creates a new credentials object.
Property Summarycollapse
- data ⇒ map readwrite
- params ⇒ map readwrite
Properties inherited from AWS.Credentials
expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow
Method Summarycollapse
Methods inherited from AWS.Credentials
needsRefresh, get, getPromise, refreshPromise
Constructor Details
new AWS.WebIdentityCredentials(params, clientConfig) ⇒ void
Creates a new credentials object.