public class OidcCredentialProvider extends Object implements Provider
Follows the Provider CQS contract:
isExpired() / retrieve() are pure reads.refresh() is the only method that mutates state.Intended to be wrapped in a CredentialProvider, which serializes
refresh through a ReadWriteLock and
guarantees the isExpired → refresh → retrieve sequence. Direct use
(without wrapping) is not a supported mode.
| Constructor and Description |
|---|
OidcCredentialProvider(String roleTrn,
String roleSessionName,
String oidcTokenFile,
String rolePolicy,
String stsEndpoint) |
| Modifier and Type | Method and Description |
|---|---|
static OidcCredentialProvider |
fromEnvironment() |
boolean |
isExpired() |
void |
refresh() |
CredentialValue |
retrieve() |
void |
setDurationSeconds(int durationSeconds) |
void |
setExpireBufferSeconds(int expireBufferSeconds) |
void |
setMaxRetries(int maxRetries) |
void |
setRetryIntervalMs(int retryIntervalMs) |
void |
setSchema(String schema) |
public static OidcCredentialProvider fromEnvironment() throws ApiException
ApiExceptionpublic void refresh()
throws ApiException
refresh in interface ProviderApiExceptionpublic CredentialValue retrieve() throws ApiException
retrieve in interface ProviderApiExceptionpublic void setDurationSeconds(int durationSeconds)
public void setExpireBufferSeconds(int expireBufferSeconds)
public void setSchema(String schema)
public void setMaxRetries(int maxRetries)
public void setRetryIntervalMs(int retryIntervalMs)
Copyright © 2026. All rights reserved.