Aws::CognitoIdentity::Model::GetCredentialsForIdentityOutcome FetchCredsFromCognito()

in Gems/AWSClientAuth/Code/Source/Authorization/AWSClientAuthCognitoCachingAuthenticatedCredentialsProvider.cpp [30:100]

• 61 lines of code
• 8 McCabe index (conditional complexity)

    Aws::CognitoIdentity::Model::GetCredentialsForIdentityOutcome FetchCredsFromCognito(
        const Aws::CognitoIdentity::CognitoIdentityClient& cognitoIdentityClient,
        Aws::Auth::PersistentCognitoIdentityProvider& identityRepository,
        const char* logTag,
        bool includeLogins)
    {
        auto logins = identityRepository.GetLogins();
        Aws::Map<Aws::String, Aws::String> cognitoLogins;
        for (auto& login : logins)
        {
            cognitoLogins[login.first] = login.second.accessToken;
        }

        if (!identityRepository.HasIdentityId())
        {
            Aws::CognitoIdentity::Model::GetIdRequest getIdRequest;

            // Only call SetIdentityPoolId if there's actually a pool id.
            // SetIdentityPoolId will cause AWS to think there's an id even if it's empty.
            // This leads AWS API calls to pass back a warning about an "invalid" pool id,
            //     rather than (properly) passing back an error about not having a pool id.
            const Aws::String identityPoolId = identityRepository.GetIdentityPoolId();
            if (!identityPoolId.empty())
            {
                getIdRequest.SetIdentityPoolId(identityPoolId);
            }

            auto accountId = identityRepository.GetAccountId();
            if (!accountId.empty())
            {
                getIdRequest.SetAccountId(accountId);
                AWS_LOGSTREAM_INFO(logTag, "Identity not found, requesting an id for accountId "
                    << accountId << " identity pool id "
                    << identityPoolId << " with logins.");
            }
            else
            {
                AWS_LOGSTREAM_INFO(
                    logTag, "Identity not found, requesting an id for identity pool id %s" << identityPoolId << " with logins.");
            }
            if (includeLogins)
            {
                getIdRequest.SetLogins(cognitoLogins);
            }

            auto getIdOutcome = cognitoIdentityClient.GetId(getIdRequest);
            if (getIdOutcome.IsSuccess())
            {
                auto identityId = getIdOutcome.GetResult().GetIdentityId();
                AWS_LOGSTREAM_INFO(logTag, "Successfully retrieved identity: " << identityId);
                identityRepository.PersistIdentityId(identityId);
            }
            else
            {
                AWS_LOGSTREAM_ERROR(
                    logTag,
                    "Failed to retrieve identity. Error: " << getIdOutcome.GetError().GetExceptionName() << " "
                                                           << getIdOutcome.GetError().GetMessage());
                return Aws::CognitoIdentity::Model::GetCredentialsForIdentityOutcome(getIdOutcome.GetError());
            }
        }

        Aws::CognitoIdentity::Model::GetCredentialsForIdentityRequest getCredentialsForIdentityRequest;
        getCredentialsForIdentityRequest.SetIdentityId(identityRepository.GetIdentityId());
        if (includeLogins)
        {
            getCredentialsForIdentityRequest.SetLogins(cognitoLogins);
        }

        return cognitoIdentityClient.GetCredentialsForIdentity(getCredentialsForIdentityRequest);
    }