@SdkPublicApi @ThreadSafe public interface IdentityProvider<IdentityT extends Identity>

Interface for loading Identity that is used for authentication.

Identity providers are responsible for resolving credentials, tokens, or other authentication identities that are used by signers to authenticate requests. The SDK provides built-in identity providers for common identity types like AwsCredentialsIdentity and TokenIdentity.

Common Built-in Identity Providers

DefaultCredentialsProvider - Resolves AWS credentials from the default credential chain
StaticCredentialsProvider - Provides static AWS credentials
ProfileCredentialsProvider - Resolves credentials from AWS profiles
StsAssumeRoleCredentialsProvider - Assumes an IAM role using STS

How Identity Providers Work

Identity providers are selected by software.amazon.awssdk.http.auth.spi.scheme.AuthSchemes based on the identity type they produce. The SDK matches the identity type required by the auth scheme with the appropriate provider from IdentityProviders.

Implementing a Custom Identity Provider

You can implement custom identity providers for specialized authentication scenarios, such as retrieving credentials from a custom credential store or implementing a custom token provider.

Example - Custom credentials provider:

Using Identity Properties

Identity providers can read IdentityProperty values from the ResolveIdentityRequest to customize identity resolution based on request-specific parameters.

Example - Identity provider using properties:

See Also:

Identity
IdentityProviders
IdentityProperty
software.amazon.awssdk.http.auth.spi.scheme.AuthScheme

Method Summary

Modifier and Type

Method

Description

Class<IdentityT>

identityType()

Retrieve the class of identity this identity provider produces.

default CompletableFuture<? extends IdentityT>

resolveIdentity()

Resolve the identity from this identity provider.

default CompletableFuture<? extends IdentityT>

resolveIdentity(Consumer<ResolveIdentityRequest.Builder> consumer)

Resolve the identity from this identity provider.

CompletableFuture<? extends IdentityT>

resolveIdentity(ResolveIdentityRequest request)

Resolve the identity from this identity provider.

Method Details
- identityType
  
  Class<IdentityT> identityType()
  
  Retrieve the class of identity this identity provider produces. This is necessary for the SDK core to determine which identity provider should be used to resolve a specific type of identity.
- resolveIdentity
  
  CompletableFuture<? extends IdentityT> resolveIdentity(ResolveIdentityRequest request)
  
  Resolve the identity from this identity provider.
  
  Parameters:
  
  request - The request to resolve an Identity
- resolveIdentity
  
  default CompletableFuture<? extends IdentityT> resolveIdentity(Consumer<ResolveIdentityRequest.Builder> consumer)
  
  Resolve the identity from this identity provider. Similar to resolveIdentity(ResolveIdentityRequest), but takes a lambda to configure a new ResolveIdentityRequest.Builder. This removes the need to call ResolveIdentityRequest.builder() and SdkBuilder.build().
  
  Parameters:
  
  consumer - A Consumer to which an empty ResolveIdentityRequest.Builder will be given.
- resolveIdentity
  
  default CompletableFuture<? extends IdentityT> resolveIdentity()
  
  Resolve the identity from this identity provider.

Interface IdentityProvider<IdentityT extends Identity>

Method Summary

Method Details

identityType

resolveIdentity

resolveIdentity

resolveIdentity