aws · chrisradek · Jan 20, 2017 · Jan 20, 2017 · Jan 20, 2017
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "CognitoIdentityCredentials",
+  "description": "Adds `clientConfig` as an optional parameter to the `CognitoIdentityCredentials` constructor. This parameter can be used to pass in client configuration to the underlying service clients."
+}
@@ -1,30 +1,43 @@
 import {Credentials} from '../credentials';
 import {AWSError} from '../error';
+import {ConfigurationOptions} from '../config';
 import CognitoIdentity = require('../../clients/cognitoidentity');
 import STS = require('../../clients/sts');
+
 export class CognitoIdentityCredentials extends Credentials {
-		/**
-		 * Creates a new credentials object.
-		 */
-		constructor(options?: CognitoIdentity.Types.GetIdInput|CognitoIdentity.Types.GetCredentialsForIdentityInput|CognitoIdentity.Types.GetOpenIdTokenInput|STS.Types.AssumeRoleWithWebIdentityRequest);
-		/**
-		 * Refreshes credentials using AWS.CognitoIdentity.getCredentialsForIdentity(), or AWS.STS.assumeRoleWithWebIdentity().
-		 */
-		refresh(callback: (err: AWSError) => void): void;
-        /**
-         * Clears the cached Cognito ID associated with the currently configured identity pool ID.
-         */
-        clearCachedId(): void;
-        /**
-         * The raw data response from the call to AWS.CognitoIdentity.getCredentialsForIdentity(), or AWS.STS.assumeRoleWithWebIdentity().
-         */
-        data: CognitoIdentity.Types.GetCredentialsForIdentityResponse|STS.Types.AssumeRoleWithWebIdentityResponse;
-        /**
-         * The Cognito ID returned by the last call to AWS.CognitoIdentity.getOpenIdToken().
-         */
-        identityId: string;
-        /**
-         * The map of params passed to AWS.CognitoIdentity.getId(), AWS.CognitoIdentity.getOpenIdToken(), and AWS.STS.assumeRoleWithWebIdentity().
-         */
-        params: CognitoIdentity.Types.GetIdInput|CognitoIdentity.Types.GetOpenIdTokenInput|STS.Types.AssumeRoleWithWebIdentityRequest;
-	}
+    /**
+     * Creates a new credentials object with optional configuration.
+     */
+    constructor(options: CognitoIdentityCredentials.CognitoIdentityOptions, clientConfig?: ConfigurationOptions);
+    /**
+     * Creates a new credentials object.
+     */
+    constructor(options?: CognitoIdentityCredentials.CognitoIdentityOptions);
+    /**
+     * Refreshes credentials using AWS.CognitoIdentity.getCredentialsForIdentity(), or AWS.STS.assumeRoleWithWebIdentity().
+     */
+    refresh(callback: (err: AWSError) => void): void;
+    /**
+     * Clears the cached Cognito ID associated with the currently configured identity pool ID.
+     */
+    clearCachedId(): void;
+    /**
+     * The raw data response from the call to AWS.CognitoIdentity.getCredentialsForIdentity(), or AWS.STS.assumeRoleWithWebIdentity().
+     */
+    data: CognitoIdentity.Types.GetCredentialsForIdentityResponse|STS.Types.AssumeRoleWithWebIdentityResponse;
+    /**
+     * The Cognito ID returned by the last call to AWS.CognitoIdentity.getOpenIdToken().
+     */
+    identityId: string;
+    /**
+     * The map of params passed to AWS.CognitoIdentity.getId(), AWS.CognitoIdentity.getOpenIdToken(), and AWS.STS.assumeRoleWithWebIdentity().
+     */
+    params: CognitoIdentity.Types.GetIdInput|CognitoIdentity.Types.GetOpenIdTokenInput|STS.Types.AssumeRoleWithWebIdentityRequest;
+}
+
+// Needed to expose interfaces on the class
+declare namespace CognitoIdentityCredentials {
+    export type CognitoIdentityCredentialsInputs = CognitoIdentity.GetIdInput|CognitoIdentity.GetCredentialsForIdentityInput|CognitoIdentity.GetOpenIdTokenInput|STS.AssumeRoleWithWebIdentityRequest;
+    export type CognitoIdentityOptions = CognitoIdentityCredentialsInputs & {LoginId?: string};
+    export type ClientConfiguration = ConfigurationOptions;
+}
@@ -102,18 +102,35 @@ AWS.CognitoIdentityCredentials = AWS.util.inherit(AWS.Credentials, {
    *     // and multiple users are signed in at once, used for caching
    *     LoginId: 'example@gmail.com'
    *
+   *   }, {
+   *      // optionally provide configuration to apply to the underlying service clients
+   *      // if configuration is not provided, then configuration will be pulled from AWS.config
+   *
+   *      // region should match the region your identity pool is located in
+   *      region: 'us-east-1',
+   *
+   *      // specify timeout options
+   *      httpOptions: {
+   *        timeout: 100
+   *      }
    *   });
    * @see AWS.CognitoIdentity.getId
    * @see AWS.CognitoIdentity.getCredentialsForIdentity
    * @see AWS.STS.assumeRoleWithWebIdentity
    * @see AWS.CognitoIdentity.getOpenIdToken
+   * @see AWS.Config
+   * @note If a region is not provided in the global AWS.config, or
+   *   specified in the `clientConfig` to the CognitoIdentityCredentials
+   *   constructor, you may encounter a 'Missing credentials in config' error
+   *   when calling making a service call.
    */
-  constructor: function CognitoIdentityCredentials(params) {
+  constructor: function CognitoIdentityCredentials(params, clientConfig) {
     AWS.Credentials.call(this);
     this.expired = true;
     this.params = params;
     this.data = null;
     this._identityId = null;
+    this._clientConfig = AWS.util.copy(clientConfig || {});
     this.loadCachedId();
     var self = this;
     Object.defineProperty(this, 'identityId', {
@@ -296,11 +313,15 @@ AWS.CognitoIdentityCredentials = AWS.util.inherit(AWS.Credentials, {
    * @api private
    */
   createClients: function() {
+    var clientConfig = this._clientConfig;
     this.webIdentityCredentials = this.webIdentityCredentials ||
-      new AWS.WebIdentityCredentials(this.params);
-    this.cognito = this.cognito ||
-      new CognitoIdentity({params: this.params});
-    this.sts = this.sts || new STS();
+      new AWS.WebIdentityCredentials(this.params, clientConfig);
+    if (!this.cognito) {
+      var cognitoConfig = AWS.util.merge({}, clientConfig);
+      cognitoConfig.params = this.params;
+      this.cognito = new CognitoIdentity(cognitoConfig);
+    }
+    this.sts = this.sts || new STS(clientConfig);
   },
 
   /**

@@ -1,12 +1,19 @@
 import {Credentials} from '../credentials';
 import {AWSError} from '../error';
+import {ConfigurationOptions} from '../config';
 import STS = require('../../clients/sts');
 export class WebIdentityCredentials extends Credentials {
+    /**
+     * Creates a new credentials object with optional configuraion.
+     * @param {Object} options - a map of options that are passed to the AWS.STS.assumeRole() or AWS.STS.getSessionToken() operations. If a RoleArn parameter is passed in, credentials will be based on the IAM role.
+     * @param {Object} clientConfig - a map of configuration options to pass to the underlying STS client.
+     */
+    constructor(options: WebIdentityCredentials.WebIdentityCredentialsOptions, clientConfig?: ConfigurationOptions);
     /**
      * Creates a new credentials object.
-     * @param {string} filename - a map of options that are passed to the AWS.STS.assumeRole() or AWS.STS.getSessionToken() operations. If a RoleArn parameter is passed in, credentials will be based on the IAM role.
+     * @param {string} options - a map of options that are passed to the AWS.STS.assumeRole() or AWS.STS.getSessionToken() operations. If a RoleArn parameter is passed in, credentials will be based on the IAM role.
      */
-    constructor(options?: STS.Types.AssumeRoleWithWebIdentityRequest);
+    constructor(options?: WebIdentityCredentials.WebIdentityCredentialsOptions);
     /**
      * Refreshes credentials using AWS.STS.assumeRoleWithWebIdentity().
      */
@@ -15,3 +22,9 @@ export class WebIdentityCredentials extends Credentials {
     data: STS.Types.AssumeRoleWithWebIdentityResponse;
     params: STS.Types.AssumeRoleWithWebIdentityRequest
 }
+
+// Needed to expose interfaces on the class
+declare namespace WebIdentityCredentials {
+    export type ClientConfiguration = ConfigurationOptions;
+    export type WebIdentityCredentialsOptions = STS.AssumeRoleWithWebIdentityRequest;
+}
@@ -49,15 +49,25 @@ AWS.WebIdentityCredentials = AWS.util.inherit(AWS.Credentials, {
    *     RoleArn: 'arn:aws:iam::1234567890:role/WebIdentity',
    *     WebIdentityToken: 'ABCDEFGHIJKLMNOP', // token from identity service
    *     RoleSessionName: 'web' // optional name, defaults to web-identity
+   *   }, {
+   *     // optionally provide configuration to apply to the underlying AWS.STS service client
+   *     // if configuration is not provided, then configuration will be pulled from AWS.config
+   *
+   *     // specify timeout options
+   *     httpOptions: {
+   *       timeout: 100
+   *     }
    *   });
    * @see AWS.STS.assumeRoleWithWebIdentity
+   * @see AWS.Config
    */
-  constructor: function WebIdentityCredentials(params) {
+  constructor: function WebIdentityCredentials(params, clientConfig) {
     AWS.Credentials.call(this);
     this.expired = true;
     this.params = params;
     this.params.RoleSessionName = this.params.RoleSessionName || 'web-identity';
     this.data = null;
+    this._clientConfig = AWS.util.copy(clientConfig || {});
   },
 
   /**
@@ -90,7 +100,11 @@ AWS.WebIdentityCredentials = AWS.util.inherit(AWS.Credentials, {
    * @api private
    */
   createClients: function() {
-    this.service = this.service || new STS({params: this.params});
+    if (!this.service) {
+      var stsConfig = AWS.util.merge({}, this._clientConfig);
+      stsConfig.params = this.params;
+      this.service = new STS(stsConfig);
+    }
   }
 
 });
@@ -693,6 +693,15 @@ describe 'AWS.WebIdentityCredentials', ->
       creds.createClients()
       expect(service).to.eql(creds.service)
 
+    it 'uses global config for service clients if client config ommitted', ->
+      creds.createClients();
+      expect(creds.service.config.httpOptions.timeout).to.equal(AWS.config.httpOptions.timeout)
+
+    it 'passes clientConfig to service clients', ->
+      creds = new AWS.WebIdentityCredentials({WebIdentityToken: 'token', RoleArn: 'arn'}, {httpOptions: {timeout: 50}})
+      creds.createClients();
+      expect(creds.service.config.httpOptions.timeout).to.equal(50);
+
   describe 'refresh', ->
     beforeEach -> setupClients()
 
@@ -896,6 +905,23 @@ describe 'AWS.CognitoIdentityCredentials', ->
       expect(creds.sts).to.eql(sts)
       expect(creds.webIdentityCredentials).to.eql(webIdentityCredentials)
 
+    it 'uses global config for service clients if client config ommitted', ->
+      creds.createClients();
+      expect(creds.cognito.config.region).to.equal(AWS.config.region);
+      expect(creds.cognito.config.httpOptions.timeout).to.equal(AWS.config.httpOptions.timeout);
+      expect(creds.sts.config.httpOptions.timeout).to.equal(AWS.config.httpOptions.timeout)
+      creds.webIdentityCredentials.createClients();
+      expect(creds.webIdentityCredentials.service.config.httpOptions.timeout).to.equal(AWS.config.httpOptions.timeout)
+
+    it 'passes clientConfig to service clients', ->
+      creds = new AWS.CognitoIdentityCredentials(initParams, {region: 'us-west-2', httpOptions: {timeout: 50}})
+      creds.createClients();
+      expect(creds.cognito.config.region).to.equal('us-west-2');
+      expect(creds.cognito.config.httpOptions.timeout).to.equal(50);
+      expect(creds.sts.config.httpOptions.timeout).to.equal(50);
+      creds.webIdentityCredentials.createClients();
+      expect(creds.webIdentityCredentials.service.config.httpOptions.timeout).to.equal(50);
+
   describe 'refresh', ->
     beforeEach -> setupClients()
 

@@ -0,0 +1,45 @@
+import {CognitoIdentityCredentials} from '../lib/credentials/cognito_identity_credentials';
+
+const creds1 = new CognitoIdentityCredentials();
+const creds2 = new CognitoIdentityCredentials({
+    IdentityPoolId: 'fake'
+});
+const creds3: CognitoIdentityCredentials = new CognitoIdentityCredentials({
+    IdentityId: 'id'
+});
+
+const creds4: CognitoIdentityCredentials = new CognitoIdentityCredentials({
+    IdentityId: 'id',
+    RoleArn: 'arn'
+});
+
+const credOptions: CognitoIdentityCredentials.CognitoIdentityOptions = {
+    IdentityId: 'id',
+    Logins: {
+        'graph.facebook.com': 'FBTOKEN',
+        'www.amazon.com': 'AMAZONTOKEN',
+        'accounts.google.com': 'GOOGLETOKEN',
+        'api.twitter.com': 'TWITTERTOKEN',
+        'www.digits.com': 'DIGITSTOKEN'
+    },
+    LoginId: 'example@gmail.com'
+};
+
+const creds5: CognitoIdentityCredentials = new CognitoIdentityCredentials(credOptions);
+
+// test client config
+const creds6: CognitoIdentityCredentials = new CognitoIdentityCredentials(credOptions, {
+    httpOptions: {
+        timeout: 50
+    },
+    region: 'us-west-2'
+});
+
+const config: CognitoIdentityCredentials.ClientConfiguration = {
+    httpOptions: {
+        timeout: 50
+    },
+    region: 'us-west-2'
+};
+
+const creds7: CognitoIdentityCredentials = new CognitoIdentityCredentials(credOptions, config);
@@ -0,0 +1,31 @@
+import {WebIdentityCredentials} from '../lib/credentials/web_identity_credentials';
+
+const creds1 = new WebIdentityCredentials();
+const creds2 = new WebIdentityCredentials({
+    WebIdentityToken: 'token',
+    RoleArn: 'arn',
+    RoleSessionName: 'web-identity'
+});
+const creds3: WebIdentityCredentials = new WebIdentityCredentials({
+    WebIdentityToken: 'token',
+    RoleArn: 'arn',
+    DurationSeconds: 100,
+    RoleSessionName: 'test'
+});
+
+const config: WebIdentityCredentials.ClientConfiguration = {
+    maxRetries: 5,
+    httpOptions: {
+        timeout: 50
+    }
+};
+
+const options: WebIdentityCredentials.WebIdentityCredentialsOptions = {
+    DurationSeconds: 10,
+    WebIdentityToken: 'token',
+    RoleArn: 'arn',
+    RoleSessionName: 'web-identity'
+};
+
+const creds4: WebIdentityCredentials = new WebIdentityCredentials(options);
+const creds5: WebIdentityCredentials = new WebIdentityCredentials(options, config);