|
iceberg-cpp
|
An AuthSession that signs requests with AWS SigV4. More...
#include <sigv4_auth_manager_internal.h>
Public Member Functions | |
| Result< HttpRequest > | Authenticate (HttpRequest request) override |
| Authenticate an outgoing HTTP request. | |
| Status | Close () override |
| Close the session and release any resources. | |
| const std::shared_ptr< AuthSession > & | delegate () const |
| const std::shared_ptr< Aws::Auth::AWSCredentialsProvider > & | credentials_provider () const |
Static Public Member Functions | |
| static Result< std::shared_ptr< SigV4AuthSession > > | Make (std::shared_ptr< AuthSession > delegate, std::string signing_region, std::string signing_name, std::shared_ptr< Aws::Auth::AWSCredentialsProvider > credentials_provider) |
| Creates a session registered with the AWS SDK lifecycle. | |
Static Public Member Functions inherited from iceberg::rest::auth::AuthSession | |
| static std::shared_ptr< AuthSession > | MakeDefault (std::unordered_map< std::string, std::string > headers) |
| Create a default session with static headers. | |
| static Result< std::shared_ptr< AuthSession > > | MakeOAuth2 (const OAuthTokenResponse &initial_token, const std::string &token_endpoint, const std::string &client_id, const std::string &client_secret, const std::string &scope, bool keep_refreshed, const std::unordered_map< std::string, std::string > &optional_oauth_params, HttpClient &client) |
| Create an OAuth2 session with automatic token refresh. | |
Static Public Attributes | |
| static constexpr std::string_view | kEmptyBodySha256 |
| SHA-256 hash of empty string, used for requests with no body. | |
| static constexpr std::string_view | kRelocatedHeaderPrefix = "Original-" |
| Prefix prepended to relocated headers that conflict with SigV4-signed headers. | |
An AuthSession that signs requests with AWS SigV4.
The request is first authenticated by the delegate AuthSession (e.g., OAuth2), then signed with SigV4. In case of conflicting headers, the Authorization header set by the delegate is relocated with an "Original-" prefix, then included in the canonical headers to sign.
See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html
Thread safety: Authenticate() is thread-safe as long as the delegate session is.
|
overridevirtual |
Authenticate an outgoing HTTP request.
Returns a request with authentication information (e.g., an Authorization header) added. Implementations must be idempotent. The request is passed by value so callers can move request bodies into the authentication path.
| request | The request to authenticate. |
Implements iceberg::rest::auth::AuthSession.
|
overridevirtual |
Close the session and release any resources.
This method is called when the session is no longer needed. For stateful sessions (e.g., OAuth2 with token refresh), this should stop any background threads and release resources.
Reimplemented from iceberg::rest::auth::AuthSession.
|
inline |
Exposed so derived sessions can reuse the chain instead of constructing a fresh DefaultAWSCredentialsProviderChain per derivation.
|
static |
Creates a session registered with the AWS SDK lifecycle.
Fails if the SDK is not initialized. Every session owns its lifecycle registration and unregisters on destruction.
|
staticconstexpr |
SHA-256 hash of empty string, used for requests with no body.