isAuthorizedWithToken
Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.
Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.
Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store
Samples
import aws.sdk.kotlin.services.verifiedpermissions.model.ActionIdentifier
import aws.sdk.kotlin.services.verifiedpermissions.model.EntityIdentifier
fun main() {
//sampleStart
// The following example requests an authorization decision for a user who was authenticated by Amazon
// Cognito. The request uses the identity token provided by Amazon Cognito instead of the access token. In this
// example, the specified information store is configured to return principals as entities of type CognitoUser.
// The policy store contains a policy with the following statement. permit principal CognitoUser
// "us-east-1_1a2b3c4d5|a1b2c3d4e5f6g7h8i9j0kalbmc", action, resource Photo "VacationPhoto94.jpg"
val resp = verifiedPermissionsClient.isAuthorizedWithToken {
policyStoreId = "C7v5xMplfFH3i3e4Jrzb1a"
action = ActionIdentifier {
actionId = "View"
actionType = "Action"
}
resource = EntityIdentifier {
entityId = "vacationPhoto94.jpg"
entityType = "Photo"
}
identityToken = "EgZjxMPlbWUyBggAEEUYOdIBCDM3NDlqMGo3qAIAsAIA"
}
//sampleEnd
}