/**
* Returns a set of temporary security credentials for users who have been authenticated in a mobile
* or web application with a web identity provider, such as Login with Amazon, Facebook, or Google.
*
* @param string $roleArn The Amazon Resource Name (ARN) of the role that the caller is assuming.
* @param string $roleSessionName An identifier for the assumed role session.
* @param string $webIdentityToken The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
* @param string $providerId The fully-qualified host component of the domain name of the identity provider.
* @param string $policy An IAM policy in JSON format.
* @param integer $durationSeconds The duration, in seconds, of the role session.
*
* @return Guzzle\Service\Resource\Model
*
* @see http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_assumeRoleWithWebIdentity
*/
public function assumeRoleWithWebIdentity($roleArn, $roleSessionName, $webIdentityToken, $providerId = null, $policy = null, $durationSeconds = 3600)
{
$args = ['RoleArn' => $roleArn, 'RoleSessionName' => $roleSessionName, 'WebIdentityToken' => $webIdentityToken, 'DurationSeconds' => $durationSeconds];
if ($providerId !== null) {
$args['ProviderId'] = $providerId;
}
if ($policy !== null) {
$args['Policy'] = $policy;
}
return $this->client->assumeRoleWithWebIdentity($args);
}
/**
* @expectedException \Aws\Sts\Exception\StsException
* @expectedExceptionMessage Not authorized to perform sts:AssumeRoleWithWebIdentity
*/
public function testFailsOnBadWebIdentity()
{
$this->client->assumeRoleWithWebIdentity(array('RoleArn' => 'arn:aws:iam::123123123123:role/DummyRole.', 'RoleSessionName' => 'dummy-session-name', 'WebIdentityToken' => 'dummy-oauth-token', 'ProviderId' => 'dummy-provider-name', 'Policy' => json_encode(array('Statement' => array(array('Effect' => 'Deny', 'Action' => 's3:GetObject', 'Resource' => 'arn:aws:s3:::mybucket/dummy/*'))))));
}