Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider, such as Login with Amazon, Facebook, or Google. AssumeRoleWithWebIdentity is an API call that does not require the use of AWS security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term AWS credentials in the application or by deploying server-based proxy services that use long-term AWS credentials. For more information, see Creating a Mobile Application with Third-Party Sign-In in AWS Security Token Service .

The temporary security credentials consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS service APIs. The credentials are valid for the duration that you specified when calling AssumeRoleWithWebIdentity , which can be from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the temporary security credentials are valid for 1 hour.

The temporary security credentials that are returned from the AssumeRoleWithWebIdentity response have the permissions that are associated with the access policy of the role being assumed. You can further restrict the permissions of the temporary security credentials by passing a policy in the request. The resulting permissions are an intersection of the role's access policy and the policy that you passed. These policies and any applicable resource-based policies are evaluated when calls to AWS service APIs are made using the temporary security credentials.

Before your application can call AssumeRoleWithWebIdentity , you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy. For more information, see Creating Temporary Security Credentials for Mobile Apps Using Third-Party Identity Providers.

Namespace: Amazon.SecurityToken
Assembly: AWSSDK.dll
Version: 2.0.0.3

Syntax

public virtual AssumeRoleWithWebIdentityResponse AssumeRoleWithWebIdentity(
         AssumeRoleWithWebIdentityRequest request
)

Parameters

request: Type: Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest

Return Value
Type: Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityResponse
The response from the AssumeRoleWithWebIdentity service method, as returned by AmazonSecurityTokenService.

Exceptions

Exception	Condition
Amazon.SecurityToken.Model.PackedPolicyTooLargeException
Amazon.SecurityToken.Model.IDPRejectedClaimException
Amazon.SecurityToken.Model.MalformedPolicyDocumentException
Amazon.SecurityToken.Model.InvalidIdentityTokenException
Amazon.SecurityToken.Model.ExpiredTokenException
Amazon.SecurityToken.Model.IDPCommunicationErrorException

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

AmazonSecurityTokenServiceClient.AssumeRoleWithWebIdentity Method (AssumeRoleWithWebIdentityRequest)

Syntax

Parameters

Exceptions

Version Information