Overview  Package   Class  Index  Help 

Did this page help you?

   Yes   No   Tell us about it...
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.amazonaws.services.securitytoken.model
Class AssumeRoleWithWebIdentityRequest

java.lang.Object
  extended by com.amazonaws.AmazonWebServiceRequest
      extended by com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest
All Implemented Interfaces:
Serializable
public class AssumeRoleWithWebIdentityRequest
extends AmazonWebServiceRequest
implements Serializable

Container for the parameters to the AssumeRoleWithWebIdentity operation.

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider, such as Login with Amazon, Facebook, or Google. AssumeRoleWithWebIdentity is an API call that does not require the use of AWS security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term AWS credentials in the application or by deploying server-based proxy services that use long-term AWS credentials. For more information, see Creating a Mobile Application with Third-Party Sign-In in AWS Security Token Service .

The temporary security credentials consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS service APIs. The credentials are valid for the duration that you specified when calling AssumeRoleWithWebIdentity , which can be from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the temporary security credentials are valid for 1 hour.

The temporary security credentials that are returned from the AssumeRoleWithWebIdentity response have the permissions that are associated with the access policy of the role being assumed. You can further restrict the permissions of the temporary security credentials by passing a policy in the request. The resulting permissions are an intersection of the role's access policy and the policy that you passed. These policies and any applicable resource-based policies are evaluated when calls to AWS service APIs are made using the temporary security credentials.

Before your application can call AssumeRoleWithWebIdentity , you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy. For more information, see Creating Temporary Security Credentials for Mobile Apps Using Third-Party Identity Providers .

See Also:
AWSSecurityTokenService.assumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest), Serialized Form

Constructor Summary
AssumeRoleWithWebIdentityRequest()
           
 
Method Summary
 boolean equals(Object obj)
           
 Integer getDurationSeconds()
          The duration, in seconds, of the role session.
 String getPolicy()
          A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call.
 String getProviderId()
          Specify this value only for OAuth access tokens.
 String getRoleArn()
          The Amazon Resource Name (ARN) of the role that the caller is assuming.
 String getRoleSessionName()
          An identifier for the assumed role session.
 String getWebIdentityToken()
          The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
 int hashCode()
           
 void setDurationSeconds(Integer durationSeconds)
          The duration, in seconds, of the role session.
 void setPolicy(String policy)
          A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call.
 void setProviderId(String providerId)
          Specify this value only for OAuth access tokens.
 void setRoleArn(String roleArn)
          The Amazon Resource Name (ARN) of the role that the caller is assuming.
 void setRoleSessionName(String roleSessionName)
          An identifier for the assumed role session.
 void setWebIdentityToken(String webIdentityToken)
          The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
 String toString()
          Returns a string representation of this object; useful for testing and debugging.
 AssumeRoleWithWebIdentityRequest withDurationSeconds(Integer durationSeconds)
          The duration, in seconds, of the role session.
 AssumeRoleWithWebIdentityRequest withPolicy(String policy)
          A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call.
 AssumeRoleWithWebIdentityRequest withProviderId(String providerId)
          Specify this value only for OAuth access tokens.
 AssumeRoleWithWebIdentityRequest withRoleArn(String roleArn)
          The Amazon Resource Name (ARN) of the role that the caller is assuming.
 AssumeRoleWithWebIdentityRequest withRoleSessionName(String roleSessionName)
          An identifier for the assumed role session.
 AssumeRoleWithWebIdentityRequest withWebIdentityToken(String webIdentityToken)
          The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
 
Methods inherited from class com.amazonaws.AmazonWebServiceRequest
copyPrivateRequestParameters, getRequestClientOptions, getRequestCredentials, setRequestCredentials
 
Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AssumeRoleWithWebIdentityRequest

public AssumeRoleWithWebIdentityRequest()
Method Detail

getRoleArn

public String getRoleArn()
The Amazon Resource Name (ARN) of the role that the caller is assuming.

Constraints:
Length: 20 - 2048

Returns:
The Amazon Resource Name (ARN) of the role that the caller is assuming.

setRoleArn

public void setRoleArn(String roleArn)
The Amazon Resource Name (ARN) of the role that the caller is assuming.

Constraints:
Length: 20 - 2048

Parameters:
roleArn - The Amazon Resource Name (ARN) of the role that the caller is assuming.

withRoleArn

public AssumeRoleWithWebIdentityRequest withRoleArn(String roleArn)
The Amazon Resource Name (ARN) of the role that the caller is assuming.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 20 - 2048

Parameters:
roleArn - The Amazon Resource Name (ARN) of the role that the caller is assuming.
Returns:
A reference to this updated object so that method calls can be chained together.

getRoleSessionName

public String getRoleSessionName()
An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

Constraints:
Length: 2 - 32
Pattern: [\w+=,.@-]*

Returns:
An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

setRoleSessionName

public void setRoleSessionName(String roleSessionName)
An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

Constraints:
Length: 2 - 32
Pattern: [\w+=,.@-]*

Parameters:
roleSessionName - An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

withRoleSessionName

public AssumeRoleWithWebIdentityRequest withRoleSessionName(String roleSessionName)
An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 2 - 32
Pattern: [\w+=,.@-]*

Parameters:
roleSessionName - An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.
Returns:
A reference to this updated object so that method calls can be chained together.

getWebIdentityToken

public String getWebIdentityToken()
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Constraints:
Length: 4 - 2048

Returns:
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

setWebIdentityToken

public void setWebIdentityToken(String webIdentityToken)
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Constraints:
Length: 4 - 2048

Parameters:
webIdentityToken - The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

withWebIdentityToken

public AssumeRoleWithWebIdentityRequest withWebIdentityToken(String webIdentityToken)
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 4 - 2048

Parameters:
webIdentityToken - The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.
Returns:
A reference to this updated object so that method calls can be chained together.

getProviderId

public String getProviderId()
Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as accounts.google.com. This is the fully-qualified host component of the domain name of the identity provider. Do not include URL schemes and port numbers. Currently, www.amazon.com and graph.facebook.com are supported.

Constraints:
Length: 4 - 2048

Returns:
Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as accounts.google.com. This is the fully-qualified host component of the domain name of the identity provider. Do not include URL schemes and port numbers. Currently, www.amazon.com and graph.facebook.com are supported.

setProviderId

public void setProviderId(String providerId)
Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as accounts.google.com. This is the fully-qualified host component of the domain name of the identity provider. Do not include URL schemes and port numbers. Currently, www.amazon.com and graph.facebook.com are supported.

Constraints:
Length: 4 - 2048

Parameters:
providerId - Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as accounts.google.com. This is the fully-qualified host component of the domain name of the identity provider. Do not include URL schemes and port numbers. Currently, www.amazon.com and graph.facebook.com are supported.

withProviderId

public AssumeRoleWithWebIdentityRequest withProviderId(String providerId)
Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as accounts.google.com. This is the fully-qualified host component of the domain name of the identity provider. Do not include URL schemes and port numbers. Currently, www.amazon.com and graph.facebook.com are supported.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 4 - 2048

Parameters:
providerId - Specify this value only for OAuth access tokens. Do not specify this value for OpenID Connect ID tokens, such as accounts.google.com. This is the fully-qualified host component of the domain name of the identity provider. Do not include URL schemes and port numbers. Currently, www.amazon.com and graph.facebook.com are supported.
Returns:
A reference to this updated object so that method calls can be chained together.

getPolicy

public String getPolicy()
A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call. The resulting permissions of the temporary security credentials are an intersection of this policy and the access policy that is associated with the role. Use this policy to further restrict the permissions of the temporary security credentials.

Constraints:
Length: 1 - 2048
Pattern: [ -?]+

Returns:
A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call. The resulting permissions of the temporary security credentials are an intersection of this policy and the access policy that is associated with the role. Use this policy to further restrict the permissions of the temporary security credentials.

setPolicy

public void setPolicy(String policy)
A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call. The resulting permissions of the temporary security credentials are an intersection of this policy and the access policy that is associated with the role. Use this policy to further restrict the permissions of the temporary security credentials.

Constraints:
Length: 1 - 2048
Pattern: [ -?]+

Parameters:
policy - A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call. The resulting permissions of the temporary security credentials are an intersection of this policy and the access policy that is associated with the role. Use this policy to further restrict the permissions of the temporary security credentials.

withPolicy

public AssumeRoleWithWebIdentityRequest withPolicy(String policy)
A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call. The resulting permissions of the temporary security credentials are an intersection of this policy and the access policy that is associated with the role. Use this policy to further restrict the permissions of the temporary security credentials.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 2048
Pattern: [ -?]+

Parameters:
policy - A supplemental policy that is associated with the temporary security credentials from the AssumeRoleWithWebIdentity call. The resulting permissions of the temporary security credentials are an intersection of this policy and the access policy that is associated with the role. Use this policy to further restrict the permissions of the temporary security credentials.
Returns:
A reference to this updated object so that method calls can be chained together.

getDurationSeconds

public Integer getDurationSeconds()
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.

Constraints:
Range: 900 - 129600

Returns:
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.

setDurationSeconds

public void setDurationSeconds(Integer durationSeconds)
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.

Constraints:
Range: 900 - 129600

Parameters:
durationSeconds - The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.

withDurationSeconds

public AssumeRoleWithWebIdentityRequest withDurationSeconds(Integer durationSeconds)
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Range: 900 - 129600

Parameters:
durationSeconds - The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.
Returns:
A reference to this updated object so that method calls can be chained together.

toString

public String toString()
Returns a string representation of this object; useful for testing and debugging.

Overrides:
toString in class Object
Returns:
A string representation of this object.
See Also:
Object.toString()

hashCode

public int hashCode()
Overrides:
hashCode in class Object

equals

public boolean equals(Object obj)
Overrides:
equals in class Object
Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.