Skip to content

Upfront Identity Fetching#327

Merged
richardwang1124 merged 10 commits intodecaffrom
credentials-rework
Sep 25, 2025
Merged

Upfront Identity Fetching#327
richardwang1124 merged 10 commits intodecaffrom
credentials-rework

Conversation

@mullermp
Copy link
Contributor

@mullermp mullermp commented Sep 16, 2025
edited
Loading

Rework of identity and credentials to be more like SDK v3.

Major changes:

  • Simplify identity classes by removing Identity base
  • Make all identity providers refreshable by default
  • Add expiration and set? into the identity provider interface
  • Resolve credentials up front on client config

@mullermp mullermp marked this pull request as draft September 16, 2025 20:07
@mullermp mullermp marked this pull request as ready for review September 19, 2025 18:38
@mullermp mullermp changed the title WIP: rework of credentials Upfront Identity Fetching Sep 19, 2025
richardwang1124
richardwang1124 reviewed Sep 19, 2025
View reviewed changes
gems/smithy-client/lib/smithy-client/refreshing_identity_provider.rb
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes

def initialize
def initialize(_options = {})
Copy link
Contributor

@richardwang1124 richardwang1124 Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the options parameter added back into the method header?

Copy link
Contributor Author

@mullermp mullermp Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose this is not necessary right now, but I may want to add back the before refresh callback. Is there a use case maybe with token file reading in SSO?

Copy link
Contributor

@richardwang1124 richardwang1124 Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do see that in v3 we have the before_refresh option in certain providers and @before_refresh member in the RefreshingCredentials, but I don't immediately see where this is used in the SDK code. Going through the default chain at least I don't think we use before_refresh for SSOCredentials. What use case were you thinking of?

Copy link
Contributor Author

@mullermp mullermp Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's used by customers. My thought was we can make it a list of callbacks and not just one proc, then we can register a default one that also reread the token file instead of building it into refresh, but I don't know if we care to do that. It was just a thought.

mullermp
mullermp commented Sep 22, 2025
View reviewed changes
richardwang1124
richardwang1124 approved these changes Sep 23, 2025
View reviewed changes
Copy link
Contributor

@richardwang1124 richardwang1124 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it looks good overall and changes to V4 are minor. Let me know if you end up keeping the options in the RefreshingIdentityProvider initializer.

@richardwang1124 richardwang1124 merged commit 2e67b41 into decaf Sep 25, 2025
20 checks passed
@richardwang1124 richardwang1124 deleted the credentials-rework branch September 25, 2025 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richardwang1124 richardwang1124 richardwang1124 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mullermp @richardwang1124