Package software.amazon.awssdk.http.auth.spi.scheme

Interface AuthScheme<T extends Identity>

Type Parameters:
T - The type of the Identity used by this authentication scheme.
@SdkPublicApi public interface AuthScheme<T extends Identity>
An authentication scheme, composed of:
  1. A scheme ID - A unique identifier for the authentication scheme.
  2. An identity provider - An API that can be queried to acquire the customer's identity.
  3. A signer - An API that can be used to sign HTTP requests.

Auth schemes are used to configure how requests are authenticated. The SDK provides built-in schemes like AwsV4AuthScheme for AWS Signature Version 4, but you can implement custom schemes for specialized authentication requirements.

See example auth schemes defined here.

Implementing a Custom Auth Scheme

To implement a custom authentication scheme, you need to:

  1. Implement the AuthScheme interface
  2. Implement a custom HttpSigner
  3. Configure the scheme on the client builder

Example - Custom authentication scheme with custom signer:

Overriding Built-in Auth Schemes

You can override built-in auth schemes by providing a custom implementation with the same scheme ID. The custom scheme will take precedence over the default.

Example - Overriding the default SigV4 scheme:

See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    IdentityProvider<T>
    identityProvider(IdentityProviders providers)
    Retrieve the identity provider associated with this authentication scheme.
    String
    schemeId()
    Retrieve the scheme ID, a unique identifier for the authentication scheme.
    HttpSigner<T>
    signer()
    Retrieve the signer associated with this authentication scheme.

  • Method Details

    • schemeId

      String schemeId()
      Retrieve the scheme ID, a unique identifier for the authentication scheme.

    • identityProvider

      IdentityProvider<T> identityProvider(IdentityProviders providers)
      Retrieve the identity provider associated with this authentication scheme. The identity generated by this provider is guaranteed to be supported by the signer in this authentication scheme.

      For example, if the scheme ID is aws.auth#sigv4, the provider returns an AwsCredentialsIdentity, if the scheme ID is httpBearerAuth, the provider returns a TokenIdentity.

      Note, the returned identity provider may differ from the type of identity provider retrieved from the provided IdentityProviders.

    • signer

      HttpSigner<T> signer()
      Retrieve the signer associated with this authentication scheme. This signer is guaranteed to support the identity generated by the identity provider in this authentication scheme.