ark::aws::IdentityProviderClient

Defined in header “ark/aws/auth_client.hh”.

An identity provider client allows you to talk to an IDP to authenticate, list groups, users, etc, based on what permissions your existing token already has.

Methods

  • IdentityProviderClient(const IdentityProviderClientConfig & config)
    Constructor; implemented internally to hide details. Connects to standard AWS services or to test server (see configuration details).

  • ~IdentityProviderClient()
    Destructor; implemented internally to hide details.

  • IdentityProviderTokens authenticate(const AuthenticationRequest & request)
    Initiates a new authentication. Requests authentication with the given parameters may fail, succeed, or request additional information.

  • AwsTemporaryCredentials retrieve_aws_credentials(const CredentialsRequest & request)
    Retrieves AWS credentials for the given JWT ID token. This returns AWS credentials suitable for accessing resources through the AWS APIs.

  • std::string get_user_pool_id()
    Retrieves the configured user pool id.

  • core::Url get_user_pool_url()
    Retrieves the endpoint/URL being used for this client.

  • core::Url get_user_pool_domain()
    Retrieves the domain used for oauth authentication for this pool.

  • std::string get_signing_certificate()
    Returns the signing certificate for the configured user pool. This can be used to verify tokens.

  • IdentityProviderGroupList list_groups()
    Returns the list of groups associated with the configured given user pool, You must be authenticated AWS to make this request.

  • IdentityProviderGroupList list_groups_for_user(const std::string & username)
    Returns the list of groups for the given user in the configured user pool. You must be authenticated AWS to make this request.

  • IdentityProviderUserList list_users(const std::string & filter)
    Returns the list of users associated with the configured user pool.

  • void create_group(const CreateGroupRequest & request)
    Create a new group within the configured user pool and settings.

  • void remove_group(const std::string & group_name)
    Removes an existing group within the configured user pool.

  • void add_user_to_group(const std::string & username, const std::string & group_name)
    Add a user to an existing group.

  • void remove_user_from_group(const std::string & username, const std::string & group_name)
    Remove a user from an existing group.

  • std::string get_open_id(const std::string & identity_pool_id, const std::string & id_token)

  • std::string oauth_authentication(const std::string & client_id, const std::string & client_secret, const std::string & scope)
    Authenticates with OAuth (such as for server-to-server authentication) rather than the normal identity client. Returns an access token.

  • std::map< std::string, std::string > initial_srp_authentication(const AuthenticationRequest & request)
    Authenticates with SRP (the first half, pre-challenge). Returns a set of challenge parameters to continue the authentication.

  • IdentityProviderAuthenticationResults try_complete_srp_authentication(const AuthenticationRequest & request)
    Called to complete the SRP authentication request. The password and timestamp blocks must now be populated. This may return with an additional challenge if MFA is required.

  • IdentityProviderTokens complete_multi_factor_authentication(const AuthenticationRequest & request)
    Called to respond to an MFA challenge. The mfa_code and session_name blocks must now be populated.

  • CreateUserPoolClientResponse create_oauth_user_pool_client(const CreateUserPoolClientRequest & request)
    Used to generate a oauth user pool client.

  • void delete_user_pool_client(const std::string & client_id)
    Used to delete the given user pool client.