AWS Client Auth Gem

The AWS Client Auth Gem lets authenticated or anonymous users access AWS services when running your game or simulation. It provides authentication options using any of the following supported identity providers:

The Gem gets AWS credentials from the Amazon Cognito identity pool based on the current authenticated login status. If a successful login is found for the user, authenticated AWS credentials are fetched. Otherwise, anonymous AWS credentials are fetched.

AWS credentials have shared ownership with AWS native SDK client objects. Credentials are refreshed or updated whenever a new user signs in, signs out, or refreshes tokens.

If multiple sign-ins are found, GetCredentials links those identities together. Then, you get the same identity going forward regardless of which authentication provider you use.

Features

This Gem has the following key features:

  • User management in an Amazon Cognito user pool

    • Sign-up with email or phone confirmation
    • Multi-factor authentication (MFA)
    • Forgotten password handling
  • Multiple authentication methods via the supported authentication providers.

    • Sign-in using a username and password in an Amazon Cognito user pool.
    • MFA sign-in using the OAuth password flow in an Amazon Cognito user pool.
    • MFA sign-in using the OAuth device flow in both Google and Login with Amazon.
    • Provider pattern to add implementations for custom authentication providers.
    • On-demand refreshing of expired tokens.
  • AWS credential retrieval for the authentication provider state.

    • Authenticated credentials for users signed in with valid tokens.
    • Anonymous credentials when no user is signed in.
    • Auto-refreshing of credentials using existing tokens.
    • Credentials refreshed upon refreshing of authenticated tokens.
    • Credentials invalidated upon sign-out.
    • Sharing of credentials with AWS native SDK service clients using the shared AWSCredentialsProvider object.
    • Linking of identities for multiple sign-ins across different authentication providers.

Enabling the AWS Client Auth Gem

To enable the AWS Client Auth Gem, do the following:

  1. Use O3DE Project Manager or the command line to add the AWS Client Auth Gem to your project. Note that AWS Client Auth requires the following Gems as dependencies:

  2. Build your project using Project Manager, Visual Studio, or CMake.

  3. To configure AWS Client Auth for your project, follow the instructions in Setting Up the AWS Client Auth Gem .


Copyright © 2022 Open 3D Engine Contributors

Documentation Distributed under CC BY 4.0.
For our trademark, privacy and antitrust policies, code of conduct, and terms of use, please click the applicable link below or see https://www.lfprojects.org.


The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Policy page.