@aws-sdk/token-providers

@aws-sdk/token-providers

A collection of all token providers. The token providers should be used when the authorization type is going to be token based. For example, the bearer authorization type set using httpBearerAuth trait in Smithy.

Static Token Provider

import { fromStatic } from "@aws-sdk/token-providers";

const token = { token: "TOKEN" };
const staticTokenProvider = fromStatic(token);

const staticToken = await staticTokenProvider(); // returns { token: "TOKEN" }

SSO Token Provider

import { fromSso } from "@aws-sdk/token-providers";

// returns token from SSO token cache or ssoOidc.createToken() call.
const ssoToken = await fromSso();

Env Token Provider with Signing Name

import { fromEnvSigningName } from "@aws-sdk/token-providers";

// returns token from environment, where token's key is based on signing name.
const envSigningNameToken = await fromEnvSigningName({ signingName: "signing name" });

Token Provider Chain

import { nodeProvider } from "@aws-sdk/token-providers";

// returns token from default providers.
const token = await nodeProvider();

Development

This package contains a minimal copy of the SSO OIDC client, instead of relying on the full client, which would cause a circular dependency.

When regenerating the bundled version of the SSO OIDC client, run the esbuild.js script and then make the following changes:

• Remove any dependency of the generated client on the credential chain such that it would create a circular dependency back to this package. Because we only need the CreateTokenCommand, the client, and this command's associated Exceptions, it is possible to remove auth dependencies.
• Ensure all required packages are declared in the package.json of token-providers.

Changelog

3.893.0 (2025-09-19)

Features

• client-bedrock-agentcore-control: Add tagging and VPC support to AgentCore Runtime, Code Interpreter, and Browser resources. Add support for configuring request headers in Runtime. Fix AgentCore Runtime shape names. (9ab54a2)
• client-config-service: Add UNKNOWN state to RemediationExecutionState and add IN_PROGRESS/EXITED/UNKNOWN states to RemediationExecutionStepState. (9b89d93)
• client-connect: This release adds a persistent connection field to UserPhoneConfig that maintains agent's softphone media connection for faster call connections. (59e863b)
• client-license-manager-user-subscriptions: Added support for cross-account Active Directories. (22e49d1)
• client-medialive: Add MinBitrate for QVBR mode under H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames, SubGopLength fields under H265 output codec. (25f22be)
• clients: update client endpoints as of 2025-09-19 (3726908)

Similar packages

Other packages similar to @aws-sdk/token-providers

aws-sdk

The 'aws-sdk' package is the official AWS SDK for JavaScript, which includes a wide range of services and features for interacting with AWS. It provides comprehensive support for AWS services, including token management, but it is a larger package compared to @aws-sdk/token-providers, which is more focused on token providers.

aws-amplify

The 'aws-amplify' package is a JavaScript library for frontend and mobile developers building cloud-enabled applications. It includes support for authentication, including token management with Amazon Cognito. While it offers similar functionalities, it is more geared towards frontend development and user authentication flows.

aws-cdk

The 'aws-cdk' package is the AWS Cloud Development Kit, which allows developers to define cloud infrastructure using code. It includes support for managing authentication and authorization tokens as part of infrastructure as code. However, it is primarily focused on infrastructure management rather than just token providers.