Open rub73 opened 4 months ago
Could you please show how you pass your token to boto versus s3fs?
Sure. After authenticating, with the authentication token:
the sequence above is implemented by the streamlit_cognito_auth library, method Boto3SessionProvider.set_default_session()
Please let me know whether the above is clear enough
In the first flow, I don't see you handle a token at all.
Note that you can pass session : aiobotocore AioSession
to s3fs, if you know how to make one; and the rest should be passed via client or session kwargs. So you'll need to know what "define the credentials associated with a new botocore Session" is actually doing.
I have an app with authentication done via Cognito against a user pool associated with an identity pool providing a role to authenticated users, with a set of attached policies granting access to resources such as S3 buckets.
According to the S3FileSystem documentation, passing the credentials token to a non-anon connection should cause s3sf to use the token and, thus, the policies in place. This doesn´t happen and accesses fail with a denied access error - executing the same accesses with direct boto3 apis succeeds.