Add support for AWS_SESSION_TOKEN temporary credentials

[hayd]

Fixes #1. As mentioned this is required for AWS Lambda support.

Note: There might be a better way to include this, specifically if env access should not be required we could try to do this once and if there's a AWS_SESSION_TOKEN only then refresh it each request (otherwise do not try/add the header).

cc https://github.com/hayd/deno-lambda/pull/14/

[hayd]

@chiefbiiko an alternative (without env permissions being required): https://github.com/hayd/dynamodb/commit/35179035c5023f958c72046b7a628f00c85f0619

It's not clear how often this token can rotate (whether it needs to be looked up each request).

What do you think?

[chiefbiiko]

@hayd thanks for your help! and sorry for the long wait - holidays in 🇬🇭 I would prefer not using Deno specific things and not have any implicit logic like env var lookups inside the module - specifically I would like to just have a sessionToken prop on ClientConfig and the extending HeadersConfig objects. Users will have to pass that sessionToken explicitly when calling createClient. If for rotating reasons this won’t fit I’m open to doing the env var lookup or similar. What u think?

[hayd]

No problem! Hope you had a good Farmers' Day.

I think that's fine... My concern is that I'm not sure what the rules are with regards to lifetimes.

How's about this compromise: an optional sessionToken: async? () => string passed to config/client? Which, if provided, is called prior to each request.

[hayd]

^See commit above.

[chiefbiiko]

That one is neat. Could u change the naming from securityToken to sessionToken - think it makes the temp nature of that token more obvious.

[hayd]

Agreed - done. Sorry for confusion, aws uses these terms seemingly interchangeably!

[chiefbiiko]

LGTM - Thanks for your work!