0

With AWS iOS SDK 2.4.0 Amazon's documentation fell behind. Pages on writing code to support Federated Identities, particularly how to refreshing token ids no longer reflected the code.

This page for example, http://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html, refers to credentialsProvider.logins which isn't present in SDK 2.4.0

Does anyone know if anyone else has documented this aspect of Amazon's iOS SDK? Or Amazon somewhere else?

Amazon has now released 2.4.10 and its focus, I'd say, has moved to its User Pools product leading me to fear that AWS Federated Identities product may be soon deprecated.

Carl
  • 2,896
  • 2
  • 32
  • 50

1 Answers1

2

Federated Identities is not about to be deprecated. We will be updating the docs. In the meantime, I can provide some stopgap instructions. In 2.4, the logins dictionary switched to a pull model. The SDK will ask you for an updated logins dictionary whenever the AWS credentials need to be refreshed. To use it, provide an implementation of AWSIdentityProviderManager to your credentials provider. Below is some partial code which shows you how to implement the logins method. It shows how to do it both synchronously if you have a current token and asynchronously if you have to call a service to get one.

Synchronously get the token

- (AWSTask<NSDictionary<NSString *, NSString *> *> *)logins {
    return [AWSTask taskWithResult: @{ @"login.provider.com" : token}];
}

Asynchronously get the token

- (AWSTask<NSDictionary<NSString *, NSString *> *> *)logins {
    AWSTaskCompletionSource<NSString*> *token = [AWSTaskCompletionSource new];
    [self getOpenIdToken:token];
    return [token.task continueWithSuccessBlock:^id _Nullable(AWSTask<NSString *> * _Nonnull task) {
        return [AWSTask taskWithResult: @{ @"login.provider.com" : task.result }];
    }];
}

- (void) getOpenIdToken: (AWSTaskCompletionSource <NSString*>*) token {
    //call your server to get the token
    //...

    if(success){
        token.result = oidcTokenFromServer;
    }else {
        [token setError:[NSError errorWithDomain:@"oidc"
                                            code:-1
                                        userInfo:@{@"error":@"Unable to get open id connect token"}]];
    }
}
perpil
  • 1,521
  • 7
  • 5
  • How do I use the synchronous method above? I get an incompatible pointer type. – cdub Jan 01 '17 at 08:41
  • I am using federated identities too which seem to work with my code. But having trouble with using the tokens: http://stackoverflow.com/questions/41393152/verifying-user-is-authenticated-using-aws-ios-sdk/41397696#41397696 How do you refresh them? I use lambda to get them. – cdub Jan 02 '17 at 09:15