com.amazonaws.services.cognitoidentity.AmazonCognitoIdentity Maven / Gradle / Ivy
Show all versions of aws-android-sdk-core Show documentation
/*
* Copyright 2010-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.cognitoidentity;
import com.amazonaws.*;
import com.amazonaws.regions.*;
import com.amazonaws.services.cognitoidentity.model.*;
/**
* Interface for accessing AmazonCognitoIdentity.
* Amazon Cognito
* Amazon Cognito is a web service that delivers scoped temporary
* credentials to mobile devices and other untrusted environments. Amazon
* Cognito uniquely identifies a device and supplies the user with a
* consistent identity over the lifetime of an application.
*
*
* Using Amazon Cognito, you can enable authentication with one or more
* third-party identity providers (Facebook, Google, or Login with
* Amazon), and you can also choose to support unauthenticated access
* from your app. Cognito delivers a unique identifier for each user and
* acts as an OpenID token provider trusted by AWS Security Token Service
* (STS) to access temporary, limited-privilege AWS credentials.
*
*
* To provide end-user credentials, first make an unsigned call to GetId.
* If the end user is authenticated with one of the supported identity
* providers, set the Logins map with the identity provider
* token. GetId returns a unique identifier for the user.
*
*
* Next, make an unsigned call to GetCredentialsForIdentity. This call
* expects the same Logins map as the GetId
* call, as well as the IdentityID originally returned by
* GetId . Assuming your identity pool has been configured
* via the SetIdentityPoolRoles operation,
* GetCredentialsForIdentity will return AWS credentials for
* your use. If your pool has not been configured with
* SetIdentityPoolRoles , or if you want to follow legacy
* flow, make an unsigned call to GetOpenIdToken, which returns the
* OpenID token necessary to call STS and retrieve AWS credentials. This
* call expects the same Logins map as the
* GetId call, as well as the IdentityID
* originally returned by GetId . The token returned by
* GetOpenIdToken can be passed to the STS operation
* AssumeRoleWithWebIdentity
* to retrieve AWS credentials.
*
*
* If you want to use Amazon Cognito in an Android, iOS, or Unity
* application, you will probably want to make API calls via the AWS
* Mobile SDK. To learn more, see the
* AWS Mobile SDK Developer Guide
* .
*
*/
public interface AmazonCognitoIdentity {
/**
* Overrides the default endpoint for this client ("https://cognito-identity.us-east-1.amazonaws.com").
* Callers can use this method to control which AWS region they want to work with.
*
* Callers can pass in just the endpoint (ex: "cognito-identity.us-east-1.amazonaws.com") or a full
* URL, including the protocol (ex: "https://cognito-identity.us-east-1.amazonaws.com"). If the
* protocol is not specified here, the default protocol from this client's
* {@link ClientConfiguration} will be used, which by default is HTTPS.
*
* For more information on using AWS regions with the AWS SDK for Java, and
* a complete list of all available endpoints for all AWS services, see:
*
* http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912
*
* This method is not threadsafe. An endpoint should be configured when the
* client is created and before any service requests are made. Changing it
* afterwards creates inevitable race conditions for any service requests in
* transit or retrying.
*
* @param endpoint
* The endpoint (ex: "cognito-identity.us-east-1.amazonaws.com") or a full URL,
* including the protocol (ex: "https://cognito-identity.us-east-1.amazonaws.com") of
* the region specific AWS endpoint this client will communicate
* with.
*
* @throws IllegalArgumentException
* If any problems are detected with the specified endpoint.
*/
public void setEndpoint(String endpoint) throws java.lang.IllegalArgumentException;
/**
* An alternative to {@link AmazonCognitoIdentity#setEndpoint(String)}, sets the
* regional endpoint for this client's service calls. Callers can use this
* method to control which AWS region they want to work with.
*
* By default, all service endpoints in all regions use the https protocol.
* To use http instead, specify it in the {@link ClientConfiguration}
* supplied at construction.
*
* This method is not threadsafe. A region should be configured when the
* client is created and before any service requests are made. Changing it
* afterwards creates inevitable race conditions for any service requests in
* transit or retrying.
*
* @param region
* The region this client will communicate with. See
* {@link Region#getRegion(com.amazonaws.regions.Regions)} for
* accessing a given region.
* @throws java.lang.IllegalArgumentException
* If the given region is null, or if this service isn't
* available in the given region. See
* {@link Region#isServiceSupported(String)}
* @see Region#getRegion(com.amazonaws.regions.Regions)
* @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration)
*/
public void setRegion(Region region) throws java.lang.IllegalArgumentException;
/**
*
* Gets an OpenID token, using a known Cognito ID. This known Cognito ID
* is returned by GetId. You can optionally add additional logins for the
* identity. Supplying multiple logins creates an implicit link.
*
*
* The OpenId token is valid for 15 minutes.
*
*
* This is a public API. You do not need any credentials to call this
* API.
*
*
* @param getOpenIdTokenRequest Container for the necessary parameters to
* execute the GetOpenIdToken service method on AmazonCognitoIdentity.
*
* @return The response from the GetOpenIdToken service method, as
* returned by AmazonCognitoIdentity.
*
* @throws NotAuthorizedException
* @throws TooManyRequestsException
* @throws InvalidParameterException
* @throws ResourceConflictException
* @throws ResourceNotFoundException
* @throws InternalErrorException
* @throws ExternalServiceException
*
* @throws AmazonClientException
* If any internal errors are encountered inside the client while
* attempting to make the request or handle the response. For example
* if a network connection is not available.
* @throws AmazonServiceException
* If an error response is returned by AmazonCognitoIdentity indicating
* either a problem with the data in the request, or a server side issue.
*/
public GetOpenIdTokenResult getOpenIdToken(GetOpenIdTokenRequest getOpenIdTokenRequest)
throws AmazonServiceException, AmazonClientException;
/**
*
* Generates (or retrieves) a Cognito ID. Supplying multiple logins will
* create an implicit linked account.
*
*
* This is a public API. You do not need any credentials to call this
* API.
*
*
* @param getIdRequest Container for the necessary parameters to execute
* the GetId service method on AmazonCognitoIdentity.
*
* @return The response from the GetId service method, as returned by
* AmazonCognitoIdentity.
*
* @throws NotAuthorizedException
* @throws LimitExceededException
* @throws TooManyRequestsException
* @throws InvalidParameterException
* @throws ResourceConflictException
* @throws ResourceNotFoundException
* @throws InternalErrorException
* @throws ExternalServiceException
*
* @throws AmazonClientException
* If any internal errors are encountered inside the client while
* attempting to make the request or handle the response. For example
* if a network connection is not available.
* @throws AmazonServiceException
* If an error response is returned by AmazonCognitoIdentity indicating
* either a problem with the data in the request, or a server side issue.
*/
public GetIdResult getId(GetIdRequest getIdRequest)
throws AmazonServiceException, AmazonClientException;
/**
*
* Returns credentials for the provided identity ID. Any provided logins
* will be validated against supported login providers. If the token is
* for cognito-identity.amazonaws.com, it will be passed through to AWS
* Security Token Service with the appropriate role for the token.
*
*
* This is a public API. You do not need any credentials to call this
* API.
*
*
* @param getCredentialsForIdentityRequest Container for the necessary
* parameters to execute the GetCredentialsForIdentity service method on
* AmazonCognitoIdentity.
*
* @return The response from the GetCredentialsForIdentity service
* method, as returned by AmazonCognitoIdentity.
*
* @throws NotAuthorizedException
* @throws InvalidIdentityPoolConfigurationException
* @throws TooManyRequestsException
* @throws InvalidParameterException
* @throws ResourceConflictException
* @throws ResourceNotFoundException
* @throws InternalErrorException
* @throws ExternalServiceException
*
* @throws AmazonClientException
* If any internal errors are encountered inside the client while
* attempting to make the request or handle the response. For example
* if a network connection is not available.
* @throws AmazonServiceException
* If an error response is returned by AmazonCognitoIdentity indicating
* either a problem with the data in the request, or a server side issue.
*/
public GetCredentialsForIdentityResult getCredentialsForIdentity(GetCredentialsForIdentityRequest getCredentialsForIdentityRequest)
throws AmazonServiceException, AmazonClientException;
/**
* Shuts down this client object, releasing any resources that might be held
* open. This is an optional method, and callers are not expected to call
* it, but can if they want to explicitly release any open resources. Once a
* client has been shutdown, it should not be used to make any more
* requests.
*/
public void shutdown();
/**
* Returns additional metadata for a previously executed successful request, typically used for
* debugging issues where a service isn't acting as expected. This data isn't considered part
* of the result data returned by an operation, so it's available through this separate,
* diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access
* this extra diagnostic information for an executed request, you should use this method
* to retrieve it as soon as possible after executing a request.
*
* @param request
* The originally executed request.
*
* @return The response metadata for the specified request, or null if none
* is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request);
}