Web Identity Federation Playground

Step 1 - Authenticate with Identity Provider
When you enable Login with Amazon for your app, you supply a redirect URL that Amazon calls after the user logs in. Amazon passes the access token as a parameter in the redirect URL, which you then extract and use in Step 2. In this app, the redirect URL is this website. Learn more.
When you sign in with Google, you specify a callback function that executes after the user signs in. The callback function takes an object as input, and the object consists of several parameters. Most importantly, it contains the id token. Learn more.
When you sign in with Facebook, it will trigger an event and you will receive an object that contains the access token. You can take this access token and proceed with Step 2. Learn more.
Step 2 - Obtain Temporary Security Credentials
Now that you have an id token, you can obtain temporary security credentials by making an AssumeRoleWithWebIdentity request. You will assume a role that we created for you, shown in Step 3. Learn more.
Trust Policy

                
ProviderId
RoleArn
RoleSessionName
WebIdentityToken
Step 3 - Access AWS Resource
You can now make calls to AWS resources using your temporary security credentials (Secret Access Key, Access Key ID, and Session Token), with permissions defined by the Access Policy below.
Access Policy

                
Secret Access Key
Access Key ID
Session Token
Action

Request


          

Response