DEVHIDE
Login Or Sign up

Change AWS temporary credential expiry time

578 Views Asked by At

I have following code in my iOS application which is integrated with Amazon Cognito identity pool. My identity pool is integrated with criipto which is a third party authentication provider. token parameter is the authentication token that I get from third party provider.

func federateToIdentityPools(token : String) async throws -> Bool{
    
    guard let authCognitoPlugin = try Amplify.Auth.getPlugin(
        for: "awsCognitoAuthPlugin") as? AWSCognitoAuthPlugin else {
        fatalError("Unable to get the Auth plugin")
    }
    do {
        let result = try await authCognitoPlugin.federateToIdentityPool(
            withProviderToken: token, for: .oidc("test.criipto.id"))
        
            print("Federation successful with result: \(result.credentials.accessKeyId)")
            print("Federation successful with result: \(result.credentials.secretAccessKey)")
            print("Federation successful with result: \( result.credentials.expiration)")
        
        return true
    } catch {
        print("Failed to federate to identity pools with error: \(error)")
        return false
    }
}

I get printed the credentials successfully. Now I want to change the expiration time for the credentials. For that what I did is changing the Maximum session duration from IAM roles for Authenticated role in identity pool.

enter image description here

But that doesn't change the credential expiration time.

Question 1 - How to change the expiration time for the temporary AWS credential that I get?

Question 2 - Is there a way that we can refresh the temporary AWS credentials when expired without federated identity provider's token?

swift amazon-web-services amazon-cognito federated-identity aws-identitypools
Original Q&A
1

There are 1 best solutions below

0
On

You can go directly to the Cognito Authenticated Role within IAM and change the max session time.

Here's how to do this through the Console: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-modify_max-session-duration

You can also update the role using the CLI (update-role) and updating the max-session-duration parameter.

You can also use the UpdateRole API and you can set this using the MaxSessionDuration parameter.

On your second question, I don't believe this will be possible as is. Maybe there could be some way to cache things, but I would avoid going down this path. The token issued from the IdP must still be valid and therefore you might want to explore how long tokens are valid from the IdP. I'm not familiar with the IdP you're using, but I would look into what's possible there.

Related Questions in SWIFT

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-COGNITO

Related Questions in FEDERATED-IDENTITY

Related Questions in AWS-IDENTITYPOOLS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.