Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add expiration to public interface for Credentials (and ReadOnlyCredentials)

See original GitHub issue

Re-opening #2391

I have a utility aws-export-credentials to allow AWS credentials to be retrieved in a variety of formats, like as environment variables. Adding this functionality to the AWS CLI is open as https://github.com/aws/aws-cli/issues/4668. The CLI caches credentials from, for example, assume role profiles. This would be nice for the “export credentials” functionality, but the Credentials class and ReadOnlyCredentials do not expose expiration as a public field.

I propose adding expiration as a public field to both Credentials and ReadOnlyCredentials, of type datetime.datetime, with None if there is no known expiration (the default implementation in the base Credentials class). RefreshableCredentials would return its existing _expiry_time.

Acknowledgements

I may be able to implement this feature request

SDK version used

N/A

Environment details (OS name and version, etc.)

N/A

Issue Analytics

State:
Created a year ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

tim-finnigancommented, Jun 15, 2022

Hi @benkehoe thanks for the feature request. I think further discussion is still needed to determine how your utility could be integrated into botocore. We actively mutate the expiry time in some of our providers so we’d need to think through how that could work with what you’re proposing here.

0reactions

benkehoecommented, Nov 15, 2022

I think moving the logic makes the most sense. Given that’s a big change, I might propose having an private _fuzzy_expiry that means the expiry_time on the ReadOnlyCredentials will not be set. What would users do with an expiration if they knew it was fuzzy? Better just to leave it as None, I think. Then if/when the logic gets moved, that gets removed and the expiration gets set. I don’t think it’s a problem to leave the expiration off; there’s no expiration for IAM User creds that will be rotated, for example.

Top Results From Across the Web

Please publicly expose expiration on AFOAuthCredential #46

This can easily be done if expiration is exposed publicly as a readonly property on AFOAuthCredential by adding @Property (readonly, nonatomic) N...

Requesting temporary security credentials - AWS Identity and ...

Request temporary security credentials from AWS Security Token Service. ... If you do not pass this parameter, the temporary credentials expire in one...

Set Assignment Expiration Details for Users in Permission ...

Set assignment expiration dates and assign permissions that expire to users via permission sets and permission set groups. Assigned users receive access t....

7.14 Git Tools - Credential Storage

Under the Hood · get is a request for a username/password pair. · store is a request to save a set of credentials...

auth package - JavaScript API reference - Firebase - Google

createUserWithEmailAndPassword(auth, email, password), Creates a new user account ... Set it to true to disable the warning banner attached to the DOM.