public class AmazonCognitoIdentityClient extends AmazonWebServiceClient implements AmazonCognitoIdentity
Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. Amazon Cognito uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.
Using Amazon Cognito, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon), and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.
To provide end-user credentials, first make an unsigned call to GetId.
If the end user is authenticated with one of the supported identity
providers, set the Logins
map with the identity provider token.
GetId
returns a unique identifier for the user.
Next, make an unsigned call to GetCredentialsForIdentity. This call
expects the same Logins
map as the GetId
call, as
well as the IdentityID
originally returned by GetId
. Assuming your identity pool has been configured via the
SetIdentityPoolRoles operation, GetCredentialsForIdentity
will return AWS credentials for your use. If your pool has not been
configured with SetIdentityPoolRoles
, or if you want to follow
legacy flow, make an unsigned call to GetOpenIdToken, which returns
the OpenID token necessary to call STS and retrieve AWS credentials. This
call expects the same Logins
map as the GetId
call,
as well as the IdentityID
originally returned by
GetId
. The token returned by GetOpenIdToken
can be
passed to the STS operation AssumeRoleWithWebIdentity to retrieve AWS credentials.
If you want to use Amazon Cognito in an Android, iOS, or Unity application, you will probably want to make API calls via the AWS Mobile SDK. To learn more, see the AWS Mobile SDK Developer Guide.
Modifier and Type | Field and Description |
---|---|
protected List<com.amazonaws.transform.JsonErrorUnmarshaller> |
jsonErrorUnmarshallers
List of exception unmarshallers for all Amazon Cognito Identity
exceptions.
|
client, clientConfiguration, endpoint, endpointPrefix, LOGGING_AWS_REQUEST_METRIC, requestHandler2s, timeOffset
Constructor and Description |
---|
AmazonCognitoIdentityClient()
Deprecated.
|
AmazonCognitoIdentityClient(AWSCredentials awsCredentials)
Constructs a new client to invoke service methods on
AmazonCognitoIdentity using the specified AWS account credentials.
|
AmazonCognitoIdentityClient(AWSCredentials awsCredentials,
ClientConfiguration clientConfiguration)
Constructs a new client to invoke service methods on
AmazonCognitoIdentity using the specified AWS account credentials and
client configuration options.
|
AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider)
Constructs a new client to invoke service methods on
AmazonCognitoIdentity using the specified AWS account credentials
provider.
|
AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider,
ClientConfiguration clientConfiguration)
Constructs a new client to invoke service methods on
AmazonCognitoIdentity using the specified AWS account credentials
provider and client configuration options.
|
AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider,
ClientConfiguration clientConfiguration,
HttpClient httpClient)
Constructs a new client to invoke service methods on
AmazonCognitoIdentity using the specified AWS account credentials
provider, client configuration options and request metric collector.
|
AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider,
ClientConfiguration clientConfiguration,
RequestMetricCollector requestMetricCollector)
Deprecated.
|
AmazonCognitoIdentityClient(ClientConfiguration clientConfiguration)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
ResponseMetadata |
getCachedResponseMetadata(AmazonWebServiceRequest request)
Deprecated.
ResponseMetadata cache can hold up to 50 requests and
responses in memory and will cause memory issue. This method
now always returns null.
|
GetCredentialsForIdentityResult |
getCredentialsForIdentity(GetCredentialsForIdentityRequest getCredentialsForIdentityRequest)
Returns credentials for the provided identity ID.
|
GetIdResult |
getId(GetIdRequest getIdRequest)
Generates (or retrieves) a Cognito ID.
|
GetOpenIdTokenResult |
getOpenIdToken(GetOpenIdTokenRequest getOpenIdTokenRequest)
Gets an OpenID token, using a known Cognito ID.
|
addRequestHandler, addRequestHandler, configSigner, configSigner, createExecutionContext, createExecutionContext, createExecutionContext, endClientExecution, endClientExecution, findRequestMetricCollector, getEndpoint, getEndpointPrefix, getRequestMetricsCollector, getServiceAbbreviation, getServiceName, getServiceNameIntern, getSigner, getSignerByURI, getSignerRegionOverride, getTimeOffset, isProfilingEnabled, isRequestMetricsEnabled, removeRequestHandler, removeRequestHandler, requestMetricCollector, setConfiguration, setEndpoint, setEndpoint, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, shutdown, withTimeOffset
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setEndpoint, setRegion, shutdown
protected List<com.amazonaws.transform.JsonErrorUnmarshaller> jsonErrorUnmarshallers
@Deprecated public AmazonCognitoIdentityClient()
All service calls made using this new client object are blocking, and will not return until the service call completes.
DefaultAWSCredentialsProviderChain
@Deprecated public AmazonCognitoIdentityClient(ClientConfiguration clientConfiguration)
All service calls made using this new client object are blocking, and will not return until the service call completes.
clientConfiguration
- The client configuration options controlling
how this client connects to AmazonCognitoIdentity (ex: proxy
settings, retry counts, etc.).DefaultAWSCredentialsProviderChain
public AmazonCognitoIdentityClient(AWSCredentials awsCredentials)
If AWS session credentials are passed in, then those credentials will be used to authenticate requests. Otherwise, if AWS long-term credentials are passed in, then session management will be handled automatically by the SDK. Callers are encouraged to use long-term credentials and let the SDK handle starting and renewing sessions.
Automatically managed sessions will be shared among all clients that use
the same credentials and service endpoint. To opt out of this behavior,
explicitly provide an instance of AWSCredentialsProvider
that
returns AWSSessionCredentials
.
All service calls made using this new client object are blocking, and will not return until the service call completes.
awsCredentials
- The AWS credentials (access key ID and secret key)
to use when authenticating with AWS services.public AmazonCognitoIdentityClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration)
If AWS session credentials are passed in, then those credentials will be used to authenticate requests. Otherwise, if AWS long-term credentials are passed in, then session management will be handled automatically by the SDK. Callers are encouraged to use long-term credentials and let the SDK handle starting and renewing sessions.
Automatically managed sessions will be shared among all clients that use
the same credentials and service endpoint. To opt out of this behavior,
explicitly provide an instance of AWSCredentialsProvider
that
returns AWSSessionCredentials
.
All service calls made using this new client object are blocking, and will not return until the service call completes.
awsCredentials
- The AWS credentials (access key ID and secret key)
to use when authenticating with AWS services.clientConfiguration
- The client configuration options controlling
how this client connects to AmazonCognitoIdentity (ex: proxy
settings, retry counts, etc.).public AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider)
If AWS session credentials are passed in, then those credentials will be used to authenticate requests. Otherwise, if AWS long-term credentials are passed in, then session management will be handled automatically by the SDK. Callers are encouraged to use long-term credentials and let the SDK handle starting and renewing sessions.
Automatically managed sessions will be shared among all clients that use
the same credentials and service endpoint. To opt out of this behavior,
explicitly provide an instance of AWSCredentialsProvider
that
returns AWSSessionCredentials
.
All service calls made using this new client object are blocking, and will not return until the service call completes.
awsCredentialsProvider
- The AWS credentials provider which will
provide credentials to authenticate requests with AWS
services.public AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration)
If AWS session credentials are passed in, then those credentials will be used to authenticate requests. Otherwise, if AWS long-term credentials are passed in, then session management will be handled automatically by the SDK. Callers are encouraged to use long-term credentials and let the SDK handle starting and renewing sessions.
Automatically managed sessions will be shared among all clients that use
the same credentials and service endpoint. To opt out of this behavior,
explicitly provide an instance of AWSCredentialsProvider
that
returns AWSSessionCredentials
.
All service calls made using this new client object are blocking, and will not return until the service call completes.
awsCredentialsProvider
- The AWS credentials provider which will
provide credentials to authenticate requests with AWS
services.clientConfiguration
- The client configuration options controlling
how this client connects to AmazonCognitoIdentity (ex: proxy
settings, retry counts, etc.).@Deprecated public AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector)
All service calls made using this new client object are blocking, and will not return until the service call completes.
awsCredentialsProvider
- The AWS credentials provider which will
provide credentials to authenticate requests with AWS
services.clientConfiguration
- The client configuration options controlling
how this client connects to AmazonCognitoIdentity (ex: proxy
settings, retry counts, etc.).requestMetricCollector
- optional request metric collectorpublic AmazonCognitoIdentityClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, HttpClient httpClient)
All service calls made using this new client object are blocking, and will not return until the service call completes.
awsCredentialsProvider
- The AWS credentials provider which will
provide credentials to authenticate requests with AWS
services.clientConfiguration
- The client configuration options controlling
how this client connects to AmazonCognitoIdentity (ex: proxy
settings, retry counts, etc.).httpClient
- A http clientpublic GetCredentialsForIdentityResult getCredentialsForIdentity(GetCredentialsForIdentityRequest getCredentialsForIdentityRequest) throws AmazonServiceException, AmazonClientException
Returns credentials for the provided identity ID. Any provided logins will be validated against supported login providers. If the token is for cognito-identity.amazonaws.com, it will be passed through to AWS Security Token Service with the appropriate role for the token.
This is a public API. You do not need any credentials to call this API.
getCredentialsForIdentity
in interface AmazonCognitoIdentity
getCredentialsForIdentityRequest
-
Input to the GetCredentialsForIdentity
action.
InvalidParameterException
ResourceNotFoundException
NotAuthorizedException
ResourceConflictException
TooManyRequestsException
InvalidIdentityPoolConfigurationException
InternalErrorException
ExternalServiceException
AmazonClientException
- If any internal errors are encountered
inside the client while attempting to make the request or
handle the response. For example if a network connection is
not available.AmazonServiceException
- If an error response is returned by Amazon
Cognito Identity indicating either a problem with the data in
the request, or a server side issue.public GetIdResult getId(GetIdRequest getIdRequest) throws AmazonServiceException, AmazonClientException
Generates (or retrieves) a Cognito ID. Supplying multiple logins will create an implicit linked account.
This is a public API. You do not need any credentials to call this API.
getId
in interface AmazonCognitoIdentity
getIdRequest
- Input to the GetId action.InvalidParameterException
ResourceNotFoundException
NotAuthorizedException
ResourceConflictException
TooManyRequestsException
InternalErrorException
LimitExceededException
ExternalServiceException
AmazonClientException
- If any internal errors are encountered
inside the client while attempting to make the request or
handle the response. For example if a network connection is
not available.AmazonServiceException
- If an error response is returned by Amazon
Cognito Identity indicating either a problem with the data in
the request, or a server side issue.public GetOpenIdTokenResult getOpenIdToken(GetOpenIdTokenRequest getOpenIdTokenRequest) throws AmazonServiceException, AmazonClientException
Gets an OpenID token, using a known Cognito ID. This known Cognito ID is returned by GetId. You can optionally add additional logins for the identity. Supplying multiple logins creates an implicit link.
The OpenId token is valid for 15 minutes.
This is a public API. You do not need any credentials to call this API.
getOpenIdToken
in interface AmazonCognitoIdentity
getOpenIdTokenRequest
- Input to the GetOpenIdToken action.InvalidParameterException
ResourceNotFoundException
NotAuthorizedException
ResourceConflictException
TooManyRequestsException
InternalErrorException
ExternalServiceException
AmazonClientException
- If any internal errors are encountered
inside the client while attempting to make the request or
handle the response. For example if a network connection is
not available.AmazonServiceException
- If an error response is returned by Amazon
Cognito Identity indicating either a problem with the data in
the request, or a server side issue.@Deprecated public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.
getCachedResponseMetadata
in interface AmazonCognitoIdentity
request
- The originally executed requestCopyright © 2018. All rights reserved.