in python/awis.py [0:0]
def refresh_credentials(user):
client_idp = boto3.client('cognito-idp', region_name=cognito_region, aws_access_key_id='', aws_secret_access_key='')
client_identity = boto3.client('cognito-identity', region_name='us-east-1')
password = getpass.getpass('Password: ')
response = client_idp.initiate_auth(
ClientId=cognito_client_id,
AuthFlow='USER_PASSWORD_AUTH',
AuthParameters={
'USERNAME': user,
'PASSWORD': password
}
)
idtoken = response['AuthenticationResult']['IdToken']
response = client_identity.get_id(
IdentityPoolId=cognito_identity_pool_id,
Logins={
'cognito-idp.us-east-1.amazonaws.com/'+cognito_user_pool_id: idtoken
}
)
identityid = response['IdentityId']
response = client_identity.get_credentials_for_identity(
IdentityId=identityid,
Logins={
'cognito-idp.us-east-1.amazonaws.com/'+cognito_user_pool_id: idtoken
}
)
config = ConfigParser()
config['DEFAULT'] = {'aws_access_key_id': response['Credentials']['AccessKeyId'],
'aws_secret_access_key': response['Credentials']['SecretKey'],
'aws_session_token': response['Credentials']['SessionToken'],
'expiration': time.mktime(response['Credentials']['Expiration'].timetuple())
}
print('Writing new credentials to %s\n' % credentials_file)
with open(credentials_file, 'w') as configfile:
config.write(configfile)
configfile.close()