diff --git a/AmplifyPlugins/Core/AWSPluginsCore/Auth/AuthAWSCredentialsProvider.swift b/AmplifyPlugins/Core/AWSPluginsCore/Auth/AuthAWSCredentialsProvider.swift index c08e8821c8..9739e1066f 100644 --- a/AmplifyPlugins/Core/AWSPluginsCore/Auth/AuthAWSCredentialsProvider.swift +++ b/AmplifyPlugins/Core/AWSPluginsCore/Auth/AuthAWSCredentialsProvider.swift @@ -35,16 +35,42 @@ public protocol AWSCredentialsProvider { func fetchAWSCredentials() async throws -> AWSCredentials } -public protocol AWSTemporaryCredentials: AWSCredentials { - - var sessionToken: String { get } +/** + Represents AWS credentials. - var expiration: Date { get } -} + Typically refers to long-term credentials that do not expire unless manually rotated or deactivated. + These credentials are generally associated with an IAM (Identity and Access Management) user and are used to authenticate API requests to AWS services. + - Properties: + - accessKeyId: A unique identifier. + - secretAccessKey: A secret key used to sign requests cryptographically. + */ public protocol AWSCredentials { + /// A unique identifier. var accessKeyId: String { get } + /// A secret key used to sign requests cryptographically. var secretAccessKey: String { get } } + +/** + Represents temporary AWS credentials. + + Refers to short-term credentials generated by AWS STS (Security Token Service). + These credentials are used for temporary access, often for applications, temporary roles, federated users, or scenarios requiring limited-time access. + + - Inherits: AWSCredentials + + - Properties: + - sessionToken: A token that is required when using temporary security credentials to sign requests. + - expiration: The expiration date and time of the temporary credentials. + */ +public protocol AWSTemporaryCredentials: AWSCredentials { + + /// A token that is required when using temporary security credentials to sign requests. + var sessionToken: String { get } + + /// The expiration date and time of the temporary credentials. + var expiration: Date { get } +}