bind out log-in provider (#798)

sbiscigl · TingDaoK · web-flow · commit d603ba093b57 · 2025-11-19T15:57:53.000-05:00
Co-authored-by: Dengke Tang &lt;dengket@amazon.com&gt;
diff --git a/crt/aws-c-auth b/crt/aws-c-auth
@@ -1 +1 @@
-Subproject commit ab03bdd996437d9097953ebb9495de71b6adc537
+Subproject commit 672feed19bb91bc389876f49aaa7c538dc879be5
diff --git a/crt/aws-c-cal b/crt/aws-c-cal
@@ -1 +1 @@
-Subproject commit 918ed33dd1b09ddef973d39c017739cfc253fc40
+Subproject commit de3b28840a59339f24012f25348f2c70a7ea45d6
diff --git a/crt/aws-c-common b/crt/aws-c-common
@@ -1 +1 @@
-Subproject commit 31578beb2309330fece3fb3a66035a568a2641e7
+Subproject commit 95515a8b1ff40d5bb14f965ca4cbbe99ad1843df
diff --git a/crt/aws-c-http b/crt/aws-c-http
@@ -1 +1 @@
-Subproject commit bbfc5a7bcf1a6c238205abcac62d5d14dd0da7ef
+Subproject commit 07302aa4a2892adbbf95ee6d458db3bb240030d3
diff --git a/crt/aws-c-io b/crt/aws-c-io
@@ -1 +1 @@
-Subproject commit 1af325b54bba2e95a640a5be5ffe0b27e4ead79c
+Subproject commit 9cf142c08c28d5b1195aae09d2c05a6d17502e09
diff --git a/crt/aws-lc b/crt/aws-lc
@@ -1 +1 @@
-Subproject commit 5a9df2190d9ecab090a62030f94a6ada6789a436
+Subproject commit 7187ab572ddcdae4fa408e932d3e878c9941137b
diff --git a/crt/s2n b/crt/s2n
@@ -1 +1 @@
-Subproject commit 30f40f2345a89570ed3c4cee2274942f1ebf85fa
+Subproject commit 6aefe741f17489211f6c28e837c1a65ee66a1ef2
diff --git a/include/aws/crt/auth/Credentials.h b/include/aws/crt/auth/Credentials.h
@@ -494,6 +494,44 @@ namespace Aws
                 Io::TlsConnectionOptions TlsConnectionOptions;
             };
 
+            /**
+             * Configuration options for the STS Web Identity credentials provider
+             */
+            struct AWS_CRT_CPP_API CredentialsProviderLoginConfig
+            {
+                CredentialsProviderLoginConfig();
+
+                /**
+                 * The arn associated with the AWS login session.
+                 */
+                String LoginSession;
+
+                /**
+                 * Overrides the login cache directory. by default the cache directory
+                 * is located at `~/.aws/login/cache`.
+                 */
+                String LoginCacheOverride;
+
+                /**
+                 * The region associated with the AWS Login call
+                 */
+                String LoginRegion;
+
+                /**
+                 * Connection bootstrap to use to create the http connection required to
+                 * query credentials from the STS provider
+                 *
+                 * Note: If null, then the default ClientBootstrap is used
+                 * (see Aws::Crt::ApiHandle::GetOrCreateStaticDefaultClientBootstrap)
+                 */
+                Io::ClientBootstrap *Bootstrap;
+
+                /**
+                 * TLS configuration for secure socket connections.
+                 */
+                Io::TlsConnectionOptions TlsConnectionOptions;
+            };
+
             /**
              * Simple credentials provider implementation that wraps one of the internal C-based implementations.
              *
@@ -625,6 +663,13 @@ namespace Aws
                     const CredentialsProviderSTSWebIdentityConfig &config,
                     Allocator *allocator = ApiAllocator());
 
+                /**
+                 * Creates a AWS Login based credentials provider
+                 */
+                static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderLogin(
+                    const CredentialsProviderLoginConfig &config,
+                    Allocator *allocator = ApiAllocator());
+
               private:
                 static void s_onCredentialsResolved(aws_credentials *credentials, int error_code, void *user_data);
 
diff --git a/source/auth/Credentials.cpp b/source/auth/Credentials.cpp
@@ -514,6 +514,34 @@ namespace Aws
                 return s_CreateWrappedProvider(
                     aws_credentials_provider_new_sts_web_identity(allocator, &raw_config), allocator);
             }
+
+            CredentialsProviderLoginConfig::CredentialsProviderLoginConfig() : Bootstrap(nullptr) {}
+
+            std::shared_ptr<ICredentialsProvider> CredentialsProvider::CreateCredentialsProviderLogin(
+                const CredentialsProviderLoginConfig &config,
+                Allocator *allocator)
+            {
+                struct aws_credentials_provider_login_options raw_config;
+                AWS_ZERO_STRUCT(raw_config);
+
+                raw_config.login_session = aws_byte_cursor_from_c_str(config.LoginSession.c_str());
+                raw_config.login_cache_directory_override =
+                    aws_byte_cursor_from_c_str(config.LoginCacheOverride.c_str());
+                raw_config.login_region = aws_byte_cursor_from_c_str(config.LoginRegion.c_str());
+
+                raw_config.bootstrap =
+                    (config.Bootstrap != nullptr)
+                        ? config.Bootstrap->GetUnderlyingHandle()
+                        : ApiHandle::GetOrCreateStaticDefaultClientBootstrap()->GetUnderlyingHandle();
+
+                const auto connectionOptions = config.TlsConnectionOptions.GetUnderlyingHandle();
+                if (connectionOptions != nullptr)
+                {
+                    raw_config.tls_ctx = connectionOptions->ctx;
+                }
+
+                return s_CreateWrappedProvider(aws_credentials_provider_new_login(allocator, &raw_config), allocator);
+            }
         } // namespace Auth
     } // namespace Crt
 } // namespace Aws
