Skip to content

Add Support for Multiple Auth Schemes and SigV4a #3999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: development
Choose a base branch
from
Open

Add Support for Multiple Auth Schemes and SigV4a #3999

wants to merge 4 commits into from

Conversation

AlexDaines
Copy link
Contributor

Description

Implements multi-auth scheme support. This enables clients to configure and prioritize the available authentication schemes (SigV4, SigV4a, Bearer, NoAuth) through multiple configuration sources.

Key changes made:

  • Added AuthScheme, AuthSchemePreference, and resolver infrastructure
  • Implemented configuration hierarchy: client > env vars > config file > global
  • Added SigV4a region set configuration support
  • Preserved backwards compatibility via extension methods pattern (no breaking interface changes)
  • Added comprehensive test coverage

Motivation and Context

Required for upcoming SigV4a adoption and services that need flexible auth scheme selection. Several teams have been waiting on this capability for cross-region signing and failover scenarios.

Testing

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • My code follows the code style of this project
  • My change requires a change to the documentation
  • I have updated the documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes
  • All new and existing tests passed

License

  • I confirm that this pull request can be released under the Apache 2 license

@AlexDaines AlexDaines requested a review from Copilot September 4, 2025 16:30
Copilot
Copilot AI reviewed Sep 4, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements comprehensive multi-authentication scheme support for the AWS .NET SDK, enabling flexible authentication scheme configuration and prioritization with SigV4a region set support. The implementation introduces new configuration options while maintaining backwards compatibility with existing SignatureMethod patterns.

Key changes include:

  • Added authentication scheme preference configuration with multiple sources (client, environment, config file, global)
  • Implemented SigV4a region set configuration support
  • Created comprehensive resolver infrastructure for authentication scheme prioritization

Reviewed Changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated no comments.

Show a summary per file
File Description
sdk/test/UnitTests/Custom/Runtime/SigV4aRegionSetConfigurationTests.cs Comprehensive test coverage for SigV4a region set configuration including validation, parsing, and source precedence
sdk/test/UnitTests/Custom/Runtime/AuthSchemeTests.cs Unit tests for AuthScheme class covering predefined schemes, equality, and validation
sdk/test/UnitTests/Custom/Runtime/AuthSchemeResolverTests.cs Tests for DefaultAuthSchemeResolver including preference application and configuration hierarchy
sdk/test/UnitTests/Custom/Runtime/AuthSchemePreferenceTests.cs Test coverage for AuthSchemePreference parsing, validation, and case-sensitive matching
sdk/test/UnitTests/Custom/Runtime/AuthSchemeIntegrationTests.cs Integration tests for auth scheme preference application in BaseAuthResolverHandler
sdk/test/UnitTests/Custom/Runtime/AuthSchemeIntegrationSimpleTests.cs Basic integration tests for AuthSchemeOption constants and simple resolver functionality
sdk/test/UnitTests/Custom/Runtime/AuthSchemeConfigurationTests.cs Tests for configuration resolution from environment variables and global settings
sdk/test/UnitTests/Custom/Runtime/AuthSchemeBackwardsCompatibilityTests.cs Backwards compatibility tests ensuring legacy SignatureMethod behavior is preserved
sdk/test/NetStandard/UnitTests/ClientConfigTests.cs Updated client config property list to include new authentication scheme properties
sdk/src/Core/Amazon.Util/Internal/RootConfig.cs Added AuthSchemePreference and SigV4aRegionSetConfiguration to root configuration
sdk/src/Core/Amazon.Runtime/SigV4aRegionSetConfiguration.cs Implementation of SigV4a region set configuration with multiple source support
sdk/src/Core/Amazon.Runtime/Pipeline/Handlers/BaseAuthResolverHandler.cs Enhanced auth resolution with preference application and scheme conversion logic
sdk/src/Core/Amazon.Runtime/Internal/Util/SafeConfigurationResolver.cs Utility for safe configuration resolution with consistent error handling
sdk/src/Core/Amazon.Runtime/Internal/Util/HashCodeHelper.cs Helper utility for consistent hash code generation across SDK types
sdk/src/Core/Amazon.Runtime/Internal/Settings/SettingsConstants.cs Added constants for new authentication scheme configuration keys
sdk/src/Core/Amazon.Runtime/IClientConfig.cs Interface updates to accommodate new authentication scheme properties
sdk/src/Core/Amazon.Runtime/IAuthSchemeResolver.cs Interface definition for authentication scheme resolution
sdk/src/Core/Amazon.Runtime/EnvironmentConfigurationProvider.cs Provider for reading authentication scheme configuration from environment variables
sdk/src/Core/Amazon.Runtime/DefaultAuthSchemeResolver.cs Default implementation of auth scheme resolution with preference-based prioritization
sdk/src/Core/Amazon.Runtime/ClientConfigExtensions.cs Extension methods for backwards-compatible access to new authentication properties
sdk/src/Core/Amazon.Runtime/ClientConfig.cs Updated ClientConfig with new authentication scheme properties and legacy compatibility tracking
sdk/src/Core/Amazon.Runtime/AuthSchemePreference.cs Implementation of authentication scheme preference list with parsing and validation
sdk/src/Core/Amazon.Runtime/AuthSchemeConfigurationResolver.cs Central resolver for authentication scheme configuration with precedence hierarchy
sdk/src/Core/Amazon.Runtime/AuthScheme.cs Core AuthScheme class with predefined schemes and equality implementation
sdk/src/Core/AWSConfigs.cs Global configuration properties for authentication scheme preferences and SigV4a region sets
generator/.DevConfigs/3aa6313d-9526-40ba-b09c-e046e0d4ef2f.json Development configuration for minor version release with detailed changelog

@dscpinheiro dscpinheiro changed the base branch from main to development September 4, 2025 16:34
dscpinheiro
dscpinheiro reviewed Sep 4, 2025
View reviewed changes
sdk/src/Core/Amazon.Runtime/AuthScheme.cs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added @muhammad-othman and I as reviewers, but even before we take a look you shouldn't have to create these classes. V4 already has auth schemes defined here: https://github.com/aws/aws-sdk-net/tree/b6b4057137cbb6bf39bc9f22687a3441921b1d33/sdk/src/Core/Amazon.Runtime/Credentials/Internal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dscpinheiro dscpinheiro dscpinheiro left review comments

Copilot code review Copilot Copilot left review comments

@muhammad-othman muhammad-othman Awaiting requested review from muhammad-othman

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlexDaines @dscpinheiro