Hello Auth0 community!
I have spend a long time trying to setup Auth0 as identity provider t access AWS resources. But either my understanding is not enough or the documents are not enough.
Here is the problem, I use Auth0 for authentication for my server-less application. I use AWS for backend.
First I used a custom authorizer to access private API calls. This part was easy. Next I have to find a way to get temporary credentials from AWS STS so that users can upload pictures in S3.
From what I understood, first I should setup Auth0 as Identity provider and AWS as service provider. The same scenario as enabling SSO. Since inly articles about enabling SSO are available, I followed the article and could setup the SSO. ( Configure Amazon Web Services for Single Sign-On )
Now that AWS is Service provider and Auth0 is IdP, I should somehow be able to programmatically get the temporary access key and secret from AWS. There is no clear article about this.
If I want to send a request to AWS STS, I would need a base64-token provided by IdP. I can’t find a way to get that code:
AWS.config.credentials = new AWS.SAMLCredentials({
RoleArn: 'arn:aws:iam::1234567890:role/SAMLRole',
PrincipalArn: 'arn:aws:iam::1234567890:role/SAMLPrincipal',
SAMLAssertion: 'base64-token', // base64-encoded token from IdP
});
Also, when I use lock to login, the returned access_token doesn’t contain SAML configurations.