AWS session token / cognito temporary credentials. #2
Comments
|
Hello! STS temporary credentials work just like long-term ones, except that you need to add an Nothing changes when it comes to the signature process, and since adding the parameter is easy, I didn't feel a need to integrate it into the API. Do you think it would be better to do it? |
|
The Here's an example signature: The |
|
Ah I understand what you mean, it can be added manually to the list of headers to sign and it should work. For discoverability though, it might make more sense to include it as part of the library. |
That's correct! It works like any other parameter, say (However, I've barely used STS so I could be wrong. I recall reading that some services instead make you add the parameter after signing, not before)
Given these kinds of parameters do not affect the signing process (and this library is specifically about signing), I usually avoid putting them in the API... but we could make an exception here 🤔 At the very least, it should be mentioned in the documentation and added to the examples. PRs are welcome, otherwise I'll do it when I find some time |
This library looks promising, especially since it's written in TypeScript.
I found it while investigating a way to generate HTTP authorization headers for signing S3 GET requests.
However, I noticed that
RelaxedCredentialsdoes not acceptsessionToken, which is used for Cognito temporary credentials.This is important for the AWS Amplify ecosystem, eg: aws-amplify/amplify-js#5296
The text was updated successfully, but these errors were encountered: