AWSCognitoCredentialsProvider

Objective-C

@interface AWSCognitoCredentialsProvider : NSObject <AWSCredentialsProvider>

Swift

class AWSCognitoCredentialsProvider : NSObject, AWSCredentialsProvider

An AWSCredentialsProvider that uses Amazon Cognito to fetch temporary credentials tied to an identity.

To learn more about Amazon Cognito, please visit https://aws.amazon.com/cognito.

There are 3 different flows supported by this credentials provider, see factory and init methods for choosing the right one for your use case:

  1. Enhanced flow: Uses Cognito for all operations and only requires an identity pool id to initialize.
  2. Basic flow: Uses Cognito + STS and requires identity pool plus IAM roles
  3. Developer authenticated identities: Uses your own AWSCognitoCredentialsProviderHelper to establish identity + Cognito (and optionally STS) to establish credentials.

  • The identityProvider which is responsible for establishing the identity id and (optionally) the open id token for use in the Amazon Cognito authflow.

    Declaration

    Objective-C

    @property (nonatomic, strong, readonly) id<AWSCognitoCredentialsProviderHelper> _Nonnull identityProvider;

    Swift

    var identityProvider: AWSCognitoCredentialsProviderHelperProtocol { get }

  • The identity id associated with this provider. This value will be fetched from the keychain at startup. If you do not want to reuse the existing identity id, you must call the clearKeychain method.

    Declaration

    Objective-C

    @property (strong, readonly, nullable) NSString *identityId;

    Swift

    var identityId: String? { get }

  • The identity pool id associated with this provider. Also used to create a namedspaced keychain area to store identity id and credentials.

    Declaration

    Objective-C

    @property (nonatomic, strong, readonly) NSString *_Nonnull identityPoolId;

    Swift

    var identityPoolId: String { get }

  • Initializer for credentials provider with enhanced authentication flow. This is the recommended constructor for first time Amazon Cognito developers. Will create an instance of AWSEnhancedCognitoIdentityProvider.

    Declaration

    Objective-C

    - (nonnull instancetype)initWithRegionType:(AWSRegionType)regionType
                            identityPoolId:(nonnull NSString *)identityPoolId;

    Swift

    init(regionType: AWSRegionType, identityPoolId: String)

    Parameters

    regionType

    The region in which your identity pool exists.
    identityPoolId

    The identity pool id for this provider. Value is used to communicate with Amazon Cognito as well as namespace values stored in the keychain.

  • Initializer for credentials provider with enhanced authentication flow. This is the recommended constructor for first time Amazon Cognito developers. Will create an instance of AWSEnhancedCognitoIdentityProvider.

    Declaration

    Objective-C

    - (nonnull instancetype)initWithRegionType:(AWSRegionType)regionType
                            identityPoolId:(nonnull NSString *)identityPoolId
                 identityPoolConfiguration:
                     (nonnull AWSServiceConfiguration *)configuration;

    Swift

    init(regionType: AWSRegionType, identityPoolId: String, identityPoolConfiguration configuration: AWSServiceConfiguration)

    Parameters

    regionType

    The region in which your identity pool exists.
    identityPoolId

    The identity pool id for this provider. Value is used to communicate with Amazon Cognito as well as namespace values stored in the keychain.
    configuration

    Configuration to be used while creating service client for Identity Pool

  • Initializer for credentials provider with enhanced authentication flow. This is the recommended method for first time Amazon Cognito developers. Will create an instance of AWSEnhancedCognitoIdentityProvider.

    Declaration

    Objective-C

    - (nonnull instancetype)initWithRegionType:(AWSRegionType)regionType
                            identityPoolId:(nonnull NSString *)identityPoolId
                   identityProviderManager:
                       (nullable id<AWSIdentityProviderManager>)
                           identityProviderManager;

    Swift

    init(regionType: AWSRegionType, identityPoolId: String, identityProviderManager: AWSIdentityProviderManager?)

    Parameters

    regionType

    The region in which your identity pool exists.
    identityPoolId

    The identity pool id for this provider. Value is used to communicate with Amazon Cognito as well as namespace values stored in the keychain.
    identityProviderManager

    An object that conforms to the AWSIdentityProviderManager protocol. It should return a valid login dictionary when requested. Can be nil if identity is unauthenticated.

  • Initializer for credentials provider with pre-created AWSCognitoCredentialsProviderHelper. Use this method when using developer authenticated identities.

    Declaration

    Objective-C

    - (nonnull instancetype)initWithRegionType:(AWSRegionType)regionType
                          identityProvider:
                              (nonnull id<AWSCognitoCredentialsProviderHelper>)
                                  identityProvider;

    Swift

    init(regionType: AWSRegionType, identityProvider: AWSCognitoCredentialsProviderHelperProtocol)

    Parameters

    regionType

    The region in which your identity pool exists.
    identityProvider

    Implementation of AWSCognitoCredentialsProviderHelper which is responsible for acquiring identity id and (optionally) OpenId Connect token.

  • Initializer for credentials provider with pre-created AWSCognitoCredentialsProviderHelper. Only use this method if you need to set your IAM roles client side and use developer authenticated identities

    Declaration

    Objective-C

    - (nonnull instancetype)initWithRegionType:(AWSRegionType)regionType
                             unauthRoleArn:(nullable NSString *)unauthRoleArn
                               authRoleArn:(nullable NSString *)authRoleArn
                          identityProvider:
                              (nonnull id<AWSCognitoCredentialsProviderHelper>)
                                  identityProvider;

    Swift

    init(regionType: AWSRegionType, unauthRoleArn: String?, authRoleArn: String?, identityProvider: AWSCognitoCredentialsProviderHelperProtocol)

    Parameters

    regionType

    The region in which your identity pool exists.
    unauthRoleArn

    The role ARN to use when getting credentials for unauthenticated identities. Provider will check the isAuthenticated property of the identity provider to determine which role to use. Can be nil if unauthenticated identities are not supported or if using enhanced authentication flow.
    authRoleArn

    The role ARN to use when getting credentials for authenticated identities. Provider will check the isAuthenticated property of the identity provider to determine which role to use. Can be nil if authenticated identities are not supported or if using enhanced authentication flow.
    identityProvider

    Implementation of AWSCognitoCredentialsProviderHelper which is responsible for acquiring identity id and (optionally) OpenId Connect token.

  • Initializer for credentials provider with basic auth flow. Only use this method if you still need to set your IAM roles client side. This method will create an instance of AWSBasicCognitoIdentityProvider.

    Declaration

    Objective-C

    - (nonnull instancetype)initWithRegionType:(AWSRegionType)regionType
                            identityPoolId:(nonnull NSString *)identityPoolId
                             unauthRoleArn:(nullable NSString *)unauthRoleArn
                               authRoleArn:(nullable NSString *)authRoleArn
                   identityProviderManager:
                       (nullable id<AWSIdentityProviderManager>)
                           identityProviderManager;

    Swift

    init(regionType: AWSRegionType, identityPoolId: String, unauthRoleArn: String?, authRoleArn: String?, identityProviderManager: AWSIdentityProviderManager?)

    Parameters

    regionType

    The region in which your identity pool exists.
    identityPoolId

    The identity pool id for this provider. Value is used to communicate with Amazon Cognito as well as namespace values stored in the keychain.
    unauthRoleArn

    The role ARN to use when getting credentials for unauthenticated identities. Provider will check the isAuthenticated property of the identity provider to determine which role to use. Can be nil if unauthenticated identities are not supported.
    authRoleArn

    The role ARN to use when getting credentials for authenticated identities. Provider will check the isAuthenticated property of the identity provider to determine which role to use. Can be nil if authenticated identities are not supported.
    identityProviderManager

    An object that conforms to the AWSIdentityProviderManager protocol. It should return a valid login dictionary when requested. Can be nil if identity is unauthenticated.

  • Get/retrieve the identity id for this provider. If an identity id is already set on this provider, no remote call is made and the identity will be returned as a result of the AWSTask (the identityId is also available as a property). If no identityId is set on this provider, one will be retrieved from the service.

    Declaration

    Objective-C

    - (nonnull AWSTask<NSString *> *)getIdentityId;

    Swift

    func getIdentityId() -> AWSTask

    Return Value

    AWSTask

  • Clear ALL saved values for this provider (identityId, credentials, logins).

    Declaration

    Objective-C

    - (void)clearKeychain;

    Swift

    func clearKeychain()

  • Clear the cached AWS credentials for this provider.

    Declaration

    Objective-C

    - (void)clearCredentials;

    Swift

    func clearCredentials()

  • Undocumented

    Declaration

    Objective-C

    - (void)setIdentityProviderManagerOnce:(id<AWSIdentityProviderManager>)identityProviderManager;

    Swift

    func setIdentityProviderManagerOnce(_ identityProviderManager: AWSIdentityProviderManager)