Skip to content

/AWS1/IF_CGI=>GETCREDENTIALSFORIDENTITY()

About GetCredentialsForIdentity

Returns credentials for the provided identity ID. Any provided logins will be validated against supported login providers. If the token is for cognito-identity.amazonaws.com, it will be passed through to Security Token Service with the appropriate role for the token.

This is a public API. You do not need any credentials to call this API.

Method Signature

METHODS /AWS1/IF_CGI~GETCREDENTIALSFORIDENTITY
  IMPORTING
    !IV_IDENTITYID TYPE /AWS1/CGIIDENTITYID OPTIONAL
    !IT_LOGINS TYPE /AWS1/CL_CGILOGINSMAP_W=>TT_LOGINSMAP OPTIONAL
    !IV_CUSTOMROLEARN TYPE /AWS1/CGIARNSTRING OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_cgigetcredsforidrsp
  RAISING
    /AWS1/CX_CGIEXTERNALSERVICEEX
    /AWS1/CX_CGIINTERNALERROREX
    /AWS1/CX_CGIINVIDPOOLCONFEX
    /AWS1/CX_CGIINVALIDPARAMETEREX
    /AWS1/CX_CGINOTAUTHORIZEDEX
    /AWS1/CX_CGIRESOURCECONFLICTEX
    /AWS1/CX_CGIRESOURCENOTFOUNDEX
    /AWS1/CX_CGITOOMANYREQUESTSEX
    /AWS1/CX_CGICLIENTEXC
    /AWS1/CX_CGISERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_identityid TYPE /AWS1/CGIIDENTITYID /AWS1/CGIIDENTITYID

A unique identifier in the format REGION:GUID.

Optional arguments:

it_logins TYPE /AWS1/CL_CGILOGINSMAP_W=>TT_LOGINSMAP TT_LOGINSMAP

A set of optional name-value pairs that map provider names to provider tokens. The name-value pair will follow the syntax "provider_name": "provider_user_identifier".

Logins should not be specified when trying to get credentials for an unauthenticated identity.

The Logins parameter is required when using identities associated with external identity providers such as Facebook. For examples of Logins maps, see the code examples in the External Identity Providers section of the Amazon Cognito Developer Guide.

iv_customrolearn TYPE /AWS1/CGIARNSTRING /AWS1/CGIARNSTRING

The Amazon Resource Name (ARN) of the role to be assumed when multiple roles were received in the token from the identity provider. For example, a SAML-based identity provider. This parameter is optional for identity providers that do not support role customization.

RETURNING

oo_output TYPE REF TO /aws1/cl_cgigetcredsforidrsp /AWS1/CL_CGIGETCREDSFORIDRSP

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->getcredentialsforidentity(
  it_logins = VALUE /aws1/cl_cgiloginsmap_w=>tt_loginsmap(
    (
      VALUE /aws1/cl_cgiloginsmap_w=>ts_loginsmap_maprow(
        value = new /aws1/cl_cgiloginsmap_w( |string| )
        key = |string|
      )
    )
  )
  iv_customrolearn = |string|
  iv_identityid = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_identityid = lo_result->get_identityid( ).
  lo_credentials = lo_result->get_credentials( ).
  IF lo_credentials IS NOT INITIAL.
    lv_accesskeystring = lo_credentials->get_accesskeyid( ).
    lv_secretkeystring = lo_credentials->get_secretkey( ).
    lv_sessiontokenstring = lo_credentials->get_sessiontoken( ).
    lv_datetype = lo_credentials->get_expiration( ).
  ENDIF.
ENDIF.