Added authentication with custom credential provider and removed authentication with API key #9
Conversation
ALMS-175
ALMS-175 removed API key usage
ALMS-205
ALMS-205 Add support for custom credential providers in Auth SDK
ALMS-226
|
Can you provide me an example of how I could use the custom credential provider? |
You can pass the |
ALMS-211
ALMS-211
ALMS-211
The goal of the custom credential provider is to provide support for Cognito's developer-authenticated identities. As some of these (AWSAbstractCognitoDeveloperIdentityProvider, CognitoCachingCredentialsProvider) classes are no longer part of AWS SDK for Kotlin, what would a developer need to do to create |
ALMS-211
ALMS-211 GitHub action added for unit test
Code optimization
Here is an example of creating a credential provider: Also, document comment is updated at the top of the method |
README.md
Outdated
| var authHelper = AuthHelper(applicationContext) | ||
| var locationCredentialsProvider : LocationCredentialsProvider = authHelper.authenticateWithCognitoIdentityPool("My-Cognito-Identity-Pool-Id") | ||
| var locationCredentialsProvider : LocationCredentialsProvider = authHelper.authenticateWithCredentialsProvider("MY-AWS-REGION", "MY-CUSTOM-CREDENTIAL-PROVIDER") |
There was a problem hiding this comment.
The second argument in the authenticateWithCredentialsProvider is not as string, it is a CredentialsProvider
| */ | ||
| constructor(context: Context, apiKey: String) { | ||
| constructor(context: Context, region: AwsRegions) { |
There was a problem hiding this comment.
If this constructor is used just for the custom Credential provider method, might as well pass it here rather than using the initializeLocationClient method. Wdyt?
There was a problem hiding this comment.
initializeLocationClient is a suspend function, so instead of initializing the coroutine in the constructor of LocationCredentialsProvider, we can directly call the function here.
There was a problem hiding this comment.
I think this is related to my other open comment, as I don't think we need the extra translation layer that is done in setCustomCredentials between Credentials(aws.smithy.kotlin.runtime.auth.awscredentials) and Credentials( aws.sdk.kotlin.services.cognitoidentity.model.Credentials). If we don't invoke the the credentials.resolve() method and just assign the credential porvider directly to the LocationClient, then we could pass in the credential provider directly in the constructor as there is no async behavior that needs to occur at instantiation. Thus the constructor could look something like this:
constructor(context: Context, region: AwsRegions, provider: CredentialsProvider) {
this.context = context
this.credentialsProvider = provider
securePreferences = initPreference(context)
securePreferences.put(METHOD, "custom")
securePreferences.put(REGION, region.regionName)
}Which then allows the caller to call getLocationClient and get a properly configured client. Wdyt?
There was a problem hiding this comment.
As discussed internally, can be addressed as fast follow.
| private var context: Context | ||
| private var cognitoCredentialsProvider: CognitoCredentialsProvider? = null | ||
| private var apiKeyProvider: ApiKeyCredentialsProvider? = null | ||
| private var securePreferences: EncryptedSharedPreferences | ||
| private var securePreferences: EncryptedSharedPreferences? = null |
There was a problem hiding this comment.
All the constructors initialize the securePreferences, why are we making them nullable?
| fun getCredentialsProvider(): aws.sdk.kotlin.services.cognitoidentity.model.Credentials? { | ||
| val method = securePreferences?.get(METHOD) | ||
| if (method == "custom" && customCredentials != null) { | ||
| return customCredentials | ||
| } | ||
| if (cognitoCredentialsProvider === null) throw Exception("Cognito credentials not initialized") | ||
| return cognitoCredentialsProvider?.getCachedCredentials() | ||
| } |
There was a problem hiding this comment.
This and the createCredentialsProvider should be rethought considering that the we will be receiving a fully configured CredentialsProvider. I think there is unnecessary conversions between CredentialsProvider and aws.sdk.kotlin.services.cognitoidentity.model.Credentials
There was a problem hiding this comment.
We are generating credentials with CognitoIdentityClient with AWS Kotlin SDK and we are getting this Credentials(aws.sdk.kotlin.services.cognitoidentity.model)
and for creating LocationClient we need CredentialsProvider(aws.smithy.kotlin.runtime.auth.awscredentials)
and for creating CredentialsProvider we need Credentials(aws.smithy.kotlin.runtime.auth.awscredentials)
So, the conversions are needed in createCredentialsProvider
There was a problem hiding this comment.
Since we createCredentialsProvider returns a CredentialsProvider(aws.smithy.kotlin.runtime.auth.awscredentials) so why not early return the this.credentialsProvider if it is not null (and potentially if method == "custom"). Otherwise we are passing a credentials provider to get cerdentials to create a new credentials provider.
There was a problem hiding this comment.
As discussed internally, can be addressed as fast follow.
PR comment addressed
ALMS-141, ALMS-133
Issue #, if available:: N/A
Description of changes:
feat: Added authentication with custom credential provider
feat: Removed authentication with API key
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.