Skip to content

feat: Add Cognito Credentials provider #2001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Conversation

dayaffe
Copy link
Contributor

@dayaffe dayaffe commented Aug 6, 2025

Issue #

SWIFT-3751, #1082

Description of changes

  • Introduced Cognito Credentials Provider:
    Added a new ‎CognitoAWSCredentialIdentityResolver to enable credential resolution via Amazon Cognito Identity Pools.
  • Internal Client Generation:
    Generated and integrated the internal ‎AWSCognitoIdentity client and its dependencies.
  • Package Updates:
    Updated ‎Package.swift, CLI manifest builder, and related resources to include the new internal Cognito client and its dependencies.
  • Integration and Unit Tests:
    Added integration tests (‎CognitoAWSCredentialIdentityResolverTests) to verify end-to-end credential resolution using Cognito and STS.
    Added unit tests for the new resolver.
  • Codegen and Model Integration:
    Updated codegen and internal model integration to support Cognito Identity operations and dependencies.

New/existing dependencies impact assessment, if applicable

  • New Internal Target:
    Added ‎InternalAWSCognitoIdentity as an internal target with dependencies on existing AWS SDK and Smithy modules.
  • No External Dependencies:
    All new dependencies are internal and consistent with the existing dependency structure.

Conventional Commits

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dayaffe dayaffe force-pushed the day/cognito-provider branch from 3e431d7 to cd975ee Compare August 7, 2025 14:52
@dayaffe dayaffe force-pushed the day/cognito-provider branch from cd975ee to fb32eba Compare August 7, 2025 14:54
// SPDX-License-Identifier: Apache-2.0
//

// Code generated by smithy-swift-codegen. DO NOT EDIT!
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code generated based off service client, no need to review

// SPDX-License-Identifier: Apache-2.0
//

// Code generated by smithy-swift-codegen. DO NOT EDIT!
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code generated based off service client, no need to review

// SPDX-License-Identifier: Apache-2.0
//

// Code generated by smithy-swift-codegen. DO NOT EDIT!
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code generated based off service client, no need to review

// SPDX-License-Identifier: Apache-2.0
//

// Code generated by smithy-swift-codegen. DO NOT EDIT!
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code generated based off service client, no need to review

// SPDX-License-Identifier: Apache-2.0
//

// Code generated by smithy-swift-codegen. DO NOT EDIT!
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code generated based off service client, no need to review

@@ -0,0 +1,16 @@
[
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generated

@@ -94,7 +94,7 @@ private func integrationTestTarget(_ name: String) -> Target {
case "AWSSTS":
additionalDependencies = ["AWSIAM", "AWSCognitoIdentity"]
case "AWSCognitoIdentity":
additionalDependencies = ["AWSSTS"]
additionalDependencies = ["AWSSTS", "AWSIAM"]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the integration test I am using AWSIAM to make a call to getCallerIdentity using the cognito provider

import struct Foundation.Date
@_spi(FileBasedConfig) import AWSSDKCommon

protocol CognitoIdentityClientProtocol: Sendable {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This protocol is here only for testing purposes. It allows the test cases to utilize a mock CognitoIdentityClient and have it get used by the credentials provider

}

// testing-only initializer
internal init(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Internal init allows tests to pass in a mock via cognitoClient which conforms to protocol CognitoIdentityClientProtocol. Note that we are not applying this protocol to the actual service client for now which would enable users to pass in preconfigured instances of the client. Per discussions offline we don't see a need or want in the Swift SDK to allow that behavior.


import InternalAWSCognitoIdentity

protocol CognitoIdentityClientProtocol: Sendable {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This protocol is here only for testing purposes. It allows the test cases to utilize a mock CognitoIdentityClient and have it get used by the credentials provider

@dayaffe dayaffe requested a review from sichanyoo August 7, 2025 18:39
@dayaffe dayaffe requested a review from sichanyoo August 8, 2025 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants