in src/AWSMSKAuthTokenGenerator.cs [237:288]
public async ValueTask<(string, long)> GenerateAuthTokenFromCredentialsProvider(Func<AWSCredentials> credentialsProvider, RegionEndpoint region, bool useAsync = true)
{
if (credentialsProvider == null)
{
throw new ArgumentNullException(nameof(credentialsProvider));
}
if (region == null)
{
throw new ArgumentNullException(nameof(region));
}
AWSCredentials credentials = credentialsProvider.Invoke();
if (credentials == null)
{
throw new ArgumentNullException(nameof(credentials));
}
var immutableCredentials = useAsync ? await credentials.GetCredentialsAsync() : credentials.GetCredentials();
_logger.LogDebug("Generating auth token using credentials with access key id: {accessKey}", immutableCredentials.AccessKey);
var authTokenRequest = new GenerateMSKAuthTokenRequest();
IRequest request = new DefaultRequest(authTokenRequest, ServiceName);
request.UseQueryString = true;
request.HttpMethod = HTTPMethod;
request.Parameters.Add(XAmzExpires, ExpiryDuration.TotalSeconds.ToString(CultureInfo.InvariantCulture));
request.Parameters.Add(ActionKey, ActionValue);
var hostName = string.Format(HostnameStringFormat, region.SystemName);
request.Endpoint = new UriBuilder(Scheme, hostName).Uri;
if (immutableCredentials.UseToken)
{
request.Parameters[XAmzSecurityToken] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(request, null, new RequestMetrics(),
immutableCredentials.AccessKey,
immutableCredentials.SecretKey, ServiceName, region.SystemName);
var authorization = signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(request);
var authTokenString = $"{url.AbsoluteUri}&{GetUserAgent()}&{authorization}";
var byteArray = System.Text.Encoding.UTF8.GetBytes(authTokenString);
var expiryMs = new DateTimeOffset(signingResult.DateTime.Add(ExpiryDuration)).ToUnixTimeSeconds() * 1000;
return (Convert.ToBase64String(byteArray).Replace('+', '-').Replace('/', '_').TrimEnd('='), expiryMs);
}