class AwsNativeSource implements ExternalAccountCredentialSourceInterface (View source)

Authenticates requests using AWS credentials.

Constants

private CRED_VERIFICATION_QUERY

Methods

__construct(string $audience, string $regionalCredVerificationUrl, string|null $regionUrl = null, string|null $securityCredentialsUrl = null, string|null $imdsv2SessionTokenUrl = null)

No description

string
fetchSubjectToken(callable|null $httpHandler = null)

No description

static string
getImdsV2SessionToken(string $imdsV2Url, callable $httpHandler)

No description

static array
getSignedRequestHeaders(string $region, string $host, string $accessKeyId, string $secretAccessKey, string|null $securityToken)

No description

static string|null
getRegionFromEnv()

No description

static string
getRegionFromUrl(callable $httpHandler, string $regionUrl, array $headers)

No description

static string
getRoleName(callable $httpHandler, string $securityCredentialsUrl, array $headers)

No description

static array
getSigningVarsFromUrl(callable $httpHandler, string $securityCredentialsUrl, string $roleName, array $headers)

No description

static array|null
getSigningVarsFromEnv()

No description

string|null
getCacheKey()

Gets the unique key for caching For AwsNativeSource the values are: Imdsv2SessionTokenUrl.SecurityCredentialsUrl.RegionUrl.RegionalCredVerificationUrl

Details

__construct(string $audience, string $regionalCredVerificationUrl, string|null $regionUrl = null, string|null $securityCredentialsUrl = null, string|null $imdsv2SessionTokenUrl = null)

No description

Parameters

string $audience

The audience for the credential.

string $regionalCredVerificationUrl

The regional AWS GetCallerIdentity action URL used to determine the AWS account ID and its roles. This is not called by this library, but is sent in the subject token to be called by the STS token server.

string|null $regionUrl

This URL should be used to determine the current AWS region needed for the signed request construction.

string|null $securityCredentialsUrl

The AWS metadata server URL used to retrieve the access key, secret key and security token needed to sign the GetCallerIdentity request.

string|null $imdsv2SessionTokenUrl

Presence of this URL enforces the auth libraries to fetch a Session Token from AWS. This field is required for EC2 instances using IMDSv2.

string fetchSubjectToken(callable|null $httpHandler = null)

No description

Parameters

callable|null $httpHandler

Return Value

string

static string getImdsV2SessionToken(string $imdsV2Url, callable $httpHandler)

internal  
 

No description

Parameters

string $imdsV2Url
callable $httpHandler

Return Value

string

static array getSignedRequestHeaders(string $region, string $host, string $accessKeyId, string $secretAccessKey, string|null $securityToken)

internal  
 

No description

Parameters

string $region
string $host
string $accessKeyId
string $secretAccessKey
string|null $securityToken

Return Value

array

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

static string|null getRegionFromEnv()

internal  
 

No description

Return Value

string|null

static string getRegionFromUrl(callable $httpHandler, string $regionUrl, array $headers)

internal  
 

No description

Parameters

callable $httpHandler
string $regionUrl
array $headers

Request headers to send in with the request.

Return Value

string

static string getRoleName(callable $httpHandler, string $securityCredentialsUrl, array $headers)

internal  
 

No description

Parameters

callable $httpHandler
string $securityCredentialsUrl
array $headers

Request headers to send in with the request.

Return Value

string

static array getSigningVarsFromUrl(callable $httpHandler, string $securityCredentialsUrl, string $roleName, array $headers)

internal  
 

No description

Parameters

callable $httpHandler
string $securityCredentialsUrl
string $roleName
array $headers

Request headers to send in with the request.

Return Value

array

static array|null getSigningVarsFromEnv()

internal  
 

No description

Return Value

array|null

string|null getCacheKey()

Gets the unique key for caching For AwsNativeSource the values are: Imdsv2SessionTokenUrl.SecurityCredentialsUrl.RegionUrl.RegionalCredVerificationUrl

Return Value

string|null