6

So I'm migrating my project to the new AWS-SDK V3 because of it's modularity. However, I can't seem to figure out what to use instead of CognitoIdentityCredentials with the new API. This is what code looked like for V2:

    const credentials = new CognitoIdentityCredentials(
      {
        IdentityPoolId: config.get("IdentityPoolId"),
        Storage: config,
        Logins: {
          [...]: idToken,
        },
      },
      {
        region: config.get("awsregion"),
      },
    );
    if (credentials.needsRefresh()) {
      ...
    }

Tried looking for CognitoIdentityCredentials in the V3's github repo, but the only thing I found was the fromCognitoIdentity function which does not seem to have similar parameters. Documentation for V3 is confusing and contains errors and didn't help at all. Can you provide me a workflow that would achieve the same thing as the V2 version did but with the new API?

comonadd
  • 1,822
  • 1
  • 13
  • 23

1 Answers1

3

If I understand your use case correctly, I think you may be able to use the fromCognitoIdentityPool method:

const { CognitoIdentityClient, GetIdCommand } = require("@aws-sdk/client-cognito-identity");
const { fromCognitoIdentityPool } = require("@aws-sdk/credential-provider-cognito-identity");

const UserPoolId = "cognito-idp.us-west-2.amazonaws.com/us-west-2_an976DxVk"
const IdentityPoolId = "us-west-2:7y870k8a-12ki-8ik4-84iw-2kdi849sku72"
const jwtIdToken = "eydkslei..." // jwtIdToken cut for brevity

const getCredentials = async () => {
     const cognitoidentity = new CognitoIdentityClient({
          credentials : fromCognitoIdentityPool({
              client : new CognitoIdentityClient(),
              identityPoolId : IdentityPoolId,
              logins: {
                [UserPoolId] : jwtIdToken
              }
           }),
      });
      const credentials = await cognitoidentity.config.credentials()
      console.log(credentials)
      // {
      //    identityId: 'us-west-2:d393294b-ff23-43t6-d8s5-59876321457d',
      //    accessKeyId: 'ALALA2RZ7KTS7STD3VXLM',
      //    secretAccessKey: '/AldkSdt67saAddb6vddRIrs32adQCAo99XM6',
      //    sessionToken: 'IQoJb3JpZ2luX2VjEJj//////////...', // sessionToken cut for brevity 
      //    expiration: 2022-07-17T08:58:10.000Z
      //  }
     return credentials
}
     
getCredentials()

Using the code above, you could look at credentials.expiration to determine whether or not the user credentials need to be refreshed.

William Trevena
  • 256
  • 2
  • 6