aws-signing-common/aws.smithy.kotlin.runtime.auth.awssigning/AwsSigningConfig

AwsSigningConfig

class AwsSigningConfig(builder: AwsSigningConfig.Builder)

The configuration for an individual signing operation.

Constructors

Link copied to clipboard
constructor(builder: AwsSigningConfig.Builder)

Types

Link copied to clipboard
class Builder
Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val algorithm: AwsSigningAlgorithm

The algorithm to use when signing requests.

Link copied to clipboard
val credentials: Credentials

The AWS credentials to sign with

Link copied to clipboard
val expiresAfter: Duration?

Determines how long the signed request should be valid. If non-null and the signing transform is query param, then signing will add X-Amz-Expires to the query string, equal to the public value specified here. If this value is null or if header signing is being used then this parameter has no effect. Note that the resolution of expiration is in seconds.

Link copied to clipboard
val hashSpecification: HashSpecification

Determines the source of the canonical request's body public value. The default is HashSpecification.CalculateFromPayload, indicating that a public value will be calculated from the payload during signing.

Link copied to clipboard
val logRequest: Boolean

Flag enabling whether detailed trace logging is enabled (if the signer implementation supports it). When true signers should emit intermediate logging details such as the canonical request at the trace level. This is an opt-in configuration because these intermediate outputs may contain sensitive fields bound to headers, URI, or query parameters.

Link copied to clipboard
val normalizeUriPath: Boolean

Controls whether URI paths should be normalized when building the canonical request.

Link copied to clipboard
val omitSessionToken: Boolean

Determines whether the X-Amz-Security-Token query param should be omitted from the canonical signing calculation. Normally, this parameter is added during signing if the credentials have a session token. The only known case where this should be true is when signing a websocket handshake to IoT Core.

Link copied to clipboard
val region: String

The region for which requests will be signed.

Link copied to clipboard
val service: String

The name of service for which requests will be signed.

Link copied to clipboard
val shouldSignHeader: ShouldSignHeaderPredicate

A predicate to control which headers are a part of the canonical request. Note that skipping auth-required headers will result in an unusable signature. Headers injected by the signing process cannot be skipped.

Link copied to clipboard
val signatureType: AwsSignatureType

Indicates what type of signature to compute.

Link copied to clipboard
val signedBodyHeader: AwsSignedBodyHeader

Determines which body "hash" header, if any, should be added to the canonical request and the signed request.

Link copied to clipboard
val signingDate: Instant

Indicates the signing date/timestamp to use for the signature. Defaults to the current date at config construction time.

Link copied to clipboard
val useDoubleUriEncode: Boolean

Normally we assume the URI will be encoded once in preparation for transmission. Certain services do not decode before checking signature, requiring the URI to be double-encoded in the canonical request in order to match a signature check.

Functions

Link copied to clipboard
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka