search

aws-geospatial / amazon-location-mobile-auth-sdk-android

Apache License 2.0
3 stars 4 forks source link

Added authentication with custom credential provider and removed authentication with API key #9

Closed shah279 closed 4 months ago

shah279 commented 4 months ago

Issue #, if available:: N/A

Description of changes: feat: Added authentication with custom credential provider feat: Removed authentication with API key

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

imraymondlee commented 4 months ago

Can you provide me an example of how I could use the custom credential provider?

shah279 commented 4 months ago

Can you provide me an example of how I could use the custom credential provider?

You can pass the credentialsProvider created with AWS Kotlin SDK in the authenticateWithCredentialsProvider method like below:

private fun exampleCustomCredentialLogin() {
    var authHelper = AuthHelper(applicationContext)
    var locationCredentialsProvider : LocationCredentialsProvider = authHelper.authenticateWithCredentialsProvider("MY-AWS-REGION", credentialsProvider)
    var locationClient = locationCredentialsProvider?.getLocationClient()
}
imraymondlee commented 4 months ago

Can you provide me an example of how I could use the custom credential provider?

You can pass the credentialsProvider created with AWS Kotlin SDK in the authenticateWithCredentialsProvider method like below:

private fun exampleCustomCredentialLogin() {
    var authHelper = AuthHelper(applicationContext)
    var locationCredentialsProvider : LocationCredentialsProvider = authHelper.authenticateWithCredentialsProvider("MY-AWS-REGION", credentialsProvider)
    var locationClient = locationCredentialsProvider?.getLocationClient()
}

The goal of the custom credential provider is to provide support for Cognito's developer-authenticated identities.

As some of these (AWSAbstractCognitoDeveloperIdentityProvider, CognitoCachingCredentialsProvider) classes are no longer part of AWS SDK for Kotlin, what would a developer need to do to create credentialsProvider that follows the developer-authenticated identities pattern in order to authenticate into the SDK?

shah279 commented 4 months ago

Can you provide me an example of how I could use the custom credential provider?

You can pass the credentialsProvider created with AWS Kotlin SDK in the authenticateWithCredentialsProvider method like below:

private fun exampleCustomCredentialLogin() {
    var authHelper = AuthHelper(applicationContext)
    var locationCredentialsProvider : LocationCredentialsProvider = authHelper.authenticateWithCredentialsProvider("MY-AWS-REGION", credentialsProvider)
    var locationClient = locationCredentialsProvider?.getLocationClient()
}

The goal of the custom credential provider is to provide support for Cognito's developer-authenticated identities.

As some of these (AWSAbstractCognitoDeveloperIdentityProvider, CognitoCachingCredentialsProvider) classes are no longer part of AWS SDK for Kotlin, what would a developer need to do to create credentialsProvider that follows the developer-authenticated identities pattern in order to authenticate into the SDK?

Here is an example of creating a credential provider:

private suspend fun generateCredentialsProvider(region: String, identityPoolId: String): CredentialsProvider? {
        val cognitoIdentityClient = CognitoIdentityClient { this.region = region }
        try {
            val getIdResponse = cognitoIdentityClient.getId(GetIdRequest { this.identityPoolId = identityPoolId })
            val identityId =
                getIdResponse.identityId ?: throw Exception("Failed to get identity ID")
            if (identityId.isNotEmpty()) {
                val getCredentialsResponse =
                    cognitoIdentityClient.getCredentialsForIdentity(
                        GetCredentialsForIdentityRequest {
                            this.identityId = identityId
                        })

                val credentials = getCredentialsResponse.credentials ?: throw Exception("Failed to get credentials")
                return createCredentialsProvider(credentials)
            }
        } catch (e: Exception) {
            throw Exception("Credentials generation failed")
        }
        return null
    }

    private fun createCredentialsProvider(credentials: Credentials): CredentialsProvider {
        if (credentials.accessKeyId == null ||credentials.secretKey == null) throw Exception(
            "Failed to get credentials"
        )
        return StaticCredentialsProvider(
            aws.smithy.kotlin.runtime.auth.awscredentials.Credentials.invoke(
                accessKeyId = credentials.accessKeyId!!,
                secretAccessKey = credentials.secretKey!!,
                sessionToken = credentials.sessionToken,
                expiration = credentials.expiration
            )
        )
    }

Also, document comment is updated at the top of the method authenticateWithCredentialsProvider in AuthHelper.