-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting credentials with CognitoIdentityCredentials with the SDK? #406
Comments
Hi @brunoksato thanks for contacting us. At the moment the Go SDK does not provide the helper the JS SDK has. I've marked this as a feature request, as it would be good for the SDK to provide a helper to retrieve Cognito Identity Credentials. To do this now your self in Go you could use the following API calls. This is the same thing the JS SDK does but wrapped in a credentials provider. If credentials are to be accessed with just an "IdentityPoolId" svc := cognitoidentity.New(nil)
idRes, err := svc.GetId(&cognitoidentity.GetIdInput{
/*input params*/
})
credRes, err := svc.GetCredentialsForIdentity(&cognitoidentity.GetCredentialsForIdentity{
/*input params*/
})
// credRes.Credentials contains the AWS credentials If credentials are to be accessed with both an "RoleArn" and "IdentityPoolId" svc := cognitoidentity.New(nil)
tokenRes, err := svc.GetOpenIdToken(cognitoidentity.GetOpenIdTokenInput{
/*input params*/
})
stsSvc := sts.New(nil)
roleRes, err := stsSvc.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{
/*input params*/
})
// roleRes.Credentials contains the AWS credentials |
@jasdel Thanks for the fast reply ! thanks for the tips, I'll try to apply here but AssumeRoleWithWebIdentity not have in documentation right ? what params AssumeRoleWithWebIdentity ? the first validation generate token with GetOpenIdTokenForDeveloperIdentity how to validate this token again ? |
The documentation for AssumeRoleWithIdentity can found on the SDK's API documentation. You should be able to use |
Hi @jasdel have problem in AssumeRoleWithIdentity, generate token public but I do not know validate this token in all request api which api user to validate the token is still valid ? |
resolved |
The ini parser incorrectly decided whether a statement should be skipped. As a result, valid statements in the ini files were being squashed. The PR fixes incorrect modifications to the previous token value of the skipper. We also add checks for cases where a skipped statement should be marked as complete and not be ignored. Adds test cases for cases for statements that need to be skipped. Also adds suggested tests from aws#2801 .
### Services * Synced the V2 SDK with latest AWS service API definitions. ### SDK Breaking changes * This update includes breaking changes to how the DynamoDB AttributeValue (un)marshier handles empty collections. ### Deprecations * `service/s3/s3crypto`: Deprecates the crypto client from the SDK ([aws#394](aws/aws-sdk-go-v2#394)) * s3crypto client is now deprecated and may be removed from the future versions of the SDK. * `aws`: Removes plugin credential provider ([aws#391](aws/aws-sdk-go-v2#391)) * Removing plugin credential provider from the v2 SDK developer preview. This feature may be made available as a separate module. * Removes support for deprecated Go versions ([aws#393](aws/aws-sdk-go-v2#393)) * Removes support for Go version specific files from the SDK. Also removes irrelevant build tags, and updates the README.md file. * Raises the minimum supported version to Go 1.11 for the SDK. Older versions may work, but are not actively supported ### SDK Features * `service/s3/s3manager`: Add Upload Buffer Provider ([aws#404](aws/aws-sdk-go-v2#404)) * Adds a new `BufferProvider` member for specifying how part data can be buffered in memory. * Windows platforms will now default to buffering 1MB per part to reduce contention when uploading files. * Non-Windows platforms will continue to employ a non-buffering behavior. * `service/s3/s3manager`: Add Download Buffer Provider ([aws#404](aws/aws-sdk-go-v2#404)) * Adds a new `BufferProvider` member for specifying how part data can be buffered in memory when copying from the http response body. * Windows platforms will now default to buffering 1MB per part to reduce contention when downloading files. * Non-Windows platforms will continue to employ a non-buffering behavior. * `service/dynamodb/dynamodbattribute`: New Encoder and Decoder Behavior for Empty Collections ([aws#401](aws/aws-sdk-go-v2#401)) * The `Encoder` and `Decoder` types have been enhanced to support the marshaling of empty structures, maps, and slices to and from their respective DynamoDB AttributeValues. * This change incorporates the behavior changes introduced via a marshal option in V1 ([aws#2834](aws#2834)) ### SDK Enhancements * `internal/awsutil`: Add suppressing logging sensitive API parameters ([aws#398](aws/aws-sdk-go-v2#398)) * Adds suppressing logging sensitive API parameters marked with the `sensitive` trait. This prevents the API type's `String` method returning a string representation of the API type with sensitive fields printed such as keys and passwords. * Related to [aws#2310](aws#2310) * Fixes [aws#251](aws/aws-sdk-go-v2#251) * `aws/request` : Retryer is now a named field on Request. ([aws#393](aws/aws-sdk-go-v2#393)) * `service/s3/s3manager`: Adds `sync.Pool` to allow reuse of part buffers for streaming payloads ([aws#404](aws/aws-sdk-go-v2#404)) * Fixes [aws#402](aws/aws-sdk-go-v2#402) * Uses the new behavior introduced in V1 [aws#2863](aws#2863) which allows the reuse of the sync.Pool across multiple Upload request that match part sizes. ### SDK Bugs * `service/s3/s3manager`: Fix index out of range when a streaming reader returns -1 ([aws#378](aws/aws-sdk-go-v2#378)) * Fixes the S3 Upload Manager's handling of an unbounded streaming reader that returns negative bytes read. * `internal/ini`: Fix ini parser to handle empty values [aws#406](aws/aws-sdk-go-v2#406) * Fixes incorrect modifications to the previous token value of the skipper. Adds checks for cases where a skipped statement should be marked as complete and not be ignored. * Adds tests for nested and empty field value parsing, along with tests suggested in [aws#2801](aws#2801)
I found in javascript: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityCredentials.html
plus how to do this go ?
thanks
The text was updated successfully, but these errors were encountered: