blob: ff14c8a37126e8b52bd978282b6fa90b1630c77d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/core/auth/signer/AWSAuthBearerSigner.h>
#include <aws/core/auth/bearer-token-provider/AWSBearerTokenProviderBase.h>
#include <aws/core/utils/logging/LogMacros.h>
#include <aws/core/http/HttpRequest.h>
namespace Aws
{
namespace Auth
{
const char BEARER_SIGNER[] = "Bearer";
}
namespace Client
{
static const char LOGGING_TAG[] = "AWSAuthBearerSigner";
static const char AUTHORIZATION_HEADER[] = "authorization";
bool AWSAuthBearerSigner::SignRequest(Aws::Http::HttpRequest& ioRequest) const
{
if(Aws::Http::Scheme::HTTPS != ioRequest.GetUri().GetScheme())
{
// Clients MUST always use TLS (https) or equivalent transport security
// when making requests with bearer tokens.
// https://datatracker.ietf.org/doc/html/rfc6750
AWS_LOGSTREAM_ERROR(LOGGING_TAG, "HTTPS scheme must be used with a bearer token authorization");
return false;
}
if(!m_bearerTokenProvider)
{
AWS_LOGSTREAM_FATAL(LOGGING_TAG, "Unexpected nullptr AWSAuthBearerSigner::m_bearerTokenProvider");
return false;
}
const Aws::Auth::AWSBearerToken& token = m_bearerTokenProvider->GetAWSBearerToken();
if(token.IsExpiredOrEmpty())
{
AWS_LOGSTREAM_ERROR(LOGGING_TAG, "Invalid bearer token to use: expired or empty");
return false;
}
ioRequest.SetHeaderValue(AUTHORIZATION_HEADER, "Bearer " + token.GetToken());
return true;
}
}
}
|
