Sts class

Security Token Service (STS) enables you to request temporary, limited-privilege credentials for users. This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials.

Constructors

Sts({String? region, AwsClientCredentials? credentials, AwsClientCredentialsProvider? credentialsProvider, Client? client, String? endpointUrl})

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

assumeRole({required String roleArn, required String roleSessionName, int? durationSeconds, String? externalId, String? policy, List<PolicyDescriptorType>? policyArns, List<ProvidedContext>? providedContexts, String? serialNumber, String? sourceIdentity, List<Tag>? tags, String? tokenCode, List<String>? transitiveTagKeys}) → Future<AssumeRoleResponse>

Returns a set of temporary security credentials that you can use to access Amazon Web Services resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

assumeRoleWithSAML({required String principalArn, required String roleArn, required String sAMLAssertion, int? durationSeconds, String? policy, List<PolicyDescriptorType>? policyArns}) → Future<AssumeRoleWithSAMLResponse>

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

assumeRoleWithWebIdentity({required String roleArn, required String roleSessionName, required String webIdentityToken, int? durationSeconds, String? policy, List<PolicyDescriptorType>? policyArns, String? providerId}) → Future<AssumeRoleWithWebIdentityResponse>

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible identity provider such as Google or Amazon Cognito federated identities.

assumeRoot({required String targetPrincipal, required PolicyDescriptorType taskPolicyArn, int? durationSeconds}) → Future<AssumeRootResponse>

Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization. You must use credentials from an Organizations management account or a delegated administrator account for IAM to call AssumeRoot. You cannot use root user credentials to make this call.

close() → void

Closes the internal HTTP client if none was provided at creation. If a client was passed as a constructor argument, this becomes a noop.

decodeAuthorizationMessage({required String encodedMessage}) → Future<DecodeAuthorizationMessageResponse>

Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request.

getAccessKeyInfo({required String accessKeyId}) → Future<GetAccessKeyInfoResponse>

Returns the account identifier for the specified access key ID.

getCallerIdentity() → Future<GetCallerIdentityResponse>

Returns details about the IAM user or role whose credentials are used to call the operation.

getDelegatedAccessToken({required String tradeInToken}) → Future<GetDelegatedAccessTokenResponse>

Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions associated with the assumed principal. This operation allows you to obtain credentials for a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services resources.

getFederationToken({required String name, int? durationSeconds, String? policy, List<PolicyDescriptorType>? policyArns, List<Tag>? tags}) → Future<GetFederationTokenResponse>

Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network.

getSessionToken({int? durationSeconds, String? serialNumber, String? tokenCode}) → Future<GetSessionTokenResponse>

Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 StopInstances.

getWebIdentityToken({required List<String> audience, required String signingAlgorithm, int? durationSeconds, List<Tag>? tags}) → Future<GetWebIdentityTokenResponse>

Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web Services identity. The returned JWT can be used to authenticate with external services that support OIDC discovery. The token is signed by Amazon Web Services STS and can be publicly verified using the verification keys published at the issuer's JWKS endpoint.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited