Support for client-side signing of s3 URL for multipart uploads

transloadit / uppy

The next open source file uploader for web browsers :dog:

https://uppy.io

MIT License

29.18k stars 2.01k forks source link

Support for client-side signing of s3 URL for multipart uploads #985

Closed vinaypuppal closed 3 years ago

vinaypuppal commented 6 years ago

We use AWS Cognito for user authentication so these users get temporary AWS credentials to access AWS resources.

Can @uppy/aws-s3-multipart support this feature by providing an option credentials and use it generating URL for uploads instead of proxying uploads to a remote server.

Some uploaders which implemented this

It would be nice if uppy can also support these options similar to fineuploader:

credentials: {
    accessKey: "Temporary public AWS key",
    secretKey: "Temporary secret AWS key",
    sessionToken: "Session token associated with the temporary credentials",
    expiration: "Expiration date for temporary credentials"
}

And an event credentialsExpired so we supply new credentials if credentials get expired while performing uploads.

goto-bus-stop commented 6 years ago

That's interesting, thanks! I think it may be possible to implement this manually today using the callbacks exposed by @uppy/aws-s3-multipart. Having builtin support would be nice too though. A PR to use local signing when a credentials option is given would be rad, if someone wants to do it :) I probably won't have time for a while.

kvz commented 5 years ago

We like this idea and are hoping the community can chime in on this one, so we've marked it as Help Wanted as well as pinned it to the repo :crossed_fingers:!

bluehaoran commented 5 years ago

Hey there. We need a feature like this for our application--so I am considering tinkering on this. I don't know the Uppy core very well though. Can anyone provide any directions in how this might be implemented?

vojtad commented 4 years ago

We also needed to upload files to S3 from JS using credentials provided from server so we created a helper class to perform S3 API requetst on client side. Just instantiate this class with your credentials and set @uppy/aws-s3-multipart callbacks to corresponding methods on this instance.

We use AWS STS federation token but I guess this should also work with AWS Cognito if it provides you with temporary credentials to access S3 API.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

shopmatechat commented 11 months ago

Any news on this feature?

Murderlon commented 11 months ago

AFAIK this feature is basically getTemporarySecurityCredentials.