Web Federated Identity Examples - AWS SDK for JavaScript

We announced the upcoming end-of-support for AWS SDK for JavaScript v2. We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Web Federated Identity Examples

Here are a few examples of using web federated identity to obtain credentials in browser JavaScript. These examples must be run from an http:// or https:// host scheme to ensure the identity provider can redirect to your application.

Login with Amazon Example

The following code shows how to use Login with Amazon as an identity provider.

<a href="#" id="login"> <img border="0" alt="Login with Amazon" src="https://images-na.ssl-images-amazon.com/images/G/01/lwa/btnLWA_gold_156x32.png" width="156" height="32" /> </a> <div id="amazon-root"></div> <script type="text/javascript"> var s3 = null; var clientId = 'amzn1.application-oa2-client.1234567890abcdef'; // client ID var roleArn = 'arn:aws:iam::<AWS_ACCOUNT_ID>:role/<WEB_IDENTITY_ROLE_NAME>'; window.onAmazonLoginReady = function() { amazon.Login.setClientId(clientId); // set client ID document.getElementById('login').onclick = function() { amazon.Login.authorize({scope: 'profile'}, function(response) { if (!response.error) { // logged in AWS.config.credentials = new AWS.WebIdentityCredentials({ RoleArn: roleArn, ProviderId: 'www.amazon.com', WebIdentityToken: response.access_token }); s3 = new AWS.S3(); console.log('You are now logged in.'); } else { console.log('There was a problem logging you in.'); } }); }; }; (function(d) { var a = d.createElement('script'); a.type = 'text/javascript'; a.async = true; a.id = 'amazon-login-sdk'; a.src = 'https://api-cdn.amazon.com/sdk/login1.js'; d.getElementById('amazon-root').appendChild(a); })(document); </script>

Facebook Login Example

The following code shows how to use Facebook Login as an identity provider:

<button id="login">Login</button> <div id="fb-root"></div> <script type="text/javascript"> var s3 = null; var appId = '1234567890'; // Facebook app ID var roleArn = 'arn:aws:iam::<AWS_ACCOUNT_ID>:role/<WEB_IDENTITY_ROLE_NAME>'; window.fbAsyncInit = function() { // init the FB JS SDK FB.init({appId: appId}); document.getElementById('login').onclick = function() { FB.login(function (response) { if (response.authResponse) { // logged in AWS.config.credentials = new AWS.WebIdentityCredentials({ RoleArn: roleArn, ProviderId: 'graph.facebook.com', WebIdentityToken: response.authResponse.accessToken }); s3 = new AWS.S3; console.log('You are now logged in.'); } else { console.log('There was a problem logging you in.'); } }); }; }; // Load the FB JS SDK asynchronously (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); </script>

Google+ Sign-in Example

The following code shows how to use Google+ Sign-in as an identity provider. The access token used for web identity federation from Google is stored in response.id_token instead of access_token like other identity providers.

<span id="login" class="g-signin" data-height="short" data-callback="loginToGoogle" data-cookiepolicy="single_host_origin" data-requestvisibleactions="http://schemas.google.com/AddActivity" data-scope="https://www.googleapis.com/auth/plus.login"> </span> <script type="text/javascript"> var s3 = null; var clientID = '1234567890.apps.googleusercontent.com'; // Google client ID var roleArn = 'arn:aws:iam::<AWS_ACCOUNT_ID>:role/<WEB_IDENTITY_ROLE_NAME>'; document.getElementById('login').setAttribute('data-clientid', clientID); function loginToGoogle(response) { if (!response.error) { AWS.config.credentials = new AWS.WebIdentityCredentials({ RoleArn: roleArn, WebIdentityToken: response.id_token }); s3 = new AWS.S3(); console.log('You are now logged in.'); } else { console.log('There was a problem logging you in.'); } } (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/client:plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script>