InvalidTokenId error when using Accesskey and SecretAccessKey returned from the response of AssumeRoleWithCertificate.

[haylch]

Discussed in #19927

^{Originally posted by haylch June 13, 2024}
Hi, anyone can help?

Using the Accesskey and SecretAccessKey returned from the response of AssumeRoleWithCertificate and apply with the following code:

    	MinioClient minioClientConn = MinioClient.builder()
    			.endpoint(endpoint_url)
    			.credentials(accessKeyId, secretAccessKey)
    			.httpClient(okHttpClient)
    			.build();

I got the following exception:
Error occurred: error occurred
ErrorResponse(code = InvalidTokenId, message = The security token included in the request is invalid ...

How do I connect to MinIO using the response from AssumeRoleWithCertificate? Do I have to use the SessionToken? How do I use it in java?

[harshavardhana]

MinioClient minioClientConn = MinioClient.builder()
.endpoint(endpoint_url)
.credentials(accessKeyId, secretAccessKey)
.httpClient(okHttpClient)
.build();

You have to pass sessionToken as well

[harshavardhana]

Also, please either open a discussion or a GitHub issue—don't do both. Please do not spam everywhere.

[haylch]

How do I pass a sessionToken to it using minio java? The .credentials in MinioClient.builder() only accepts accessKeyId and secretAccessKey. Do you have an sample code on it for the connection?

[harshavardhana]

https://minio-java.min.io/io/minio/credentials/Credentials.html#Credentials-java.lang.String-java.lang.String-java.lang.String-io.minio.messages.ResponseDate-

and then this https://minio-java.min.io/io/minio/MinioClient.Builder.html#credentialsProvider-io.minio.credentials.Provider-

[haylch]

Thanks for your help. I got it working but I wonder if it is the correct or proper way to connect?

//Get credentials from AssumeRoleWithCertificate using CertificateIdentityProvider
Provider certIdentityProvider = new CertificateIdentityProvider(endpoint_url, sslSocketFactory, x509TrustManager, null, null);
Credentials credentials = certIdentityProvider.fetch();

//Use credentials from AssumeRoleWithCertificate to connect using StaticProvider
String accessKeyId = credentials.accessKey();
String secretAccessKey = credentials.secretKey();
String sessionToken = credentials.sessionToken();
Provider staticProvider = new StaticProvider(accessKeyId, secretAccessKey, sessionToken);

MinioClient minioClientConn = MinioClient.builder()
.endpoint(endpoint_url)
.credentialsProvider(staticProvider)
.httpClient(okHttpClient)
.build();

[harshavardhana]

//Get credentials from AssumeRoleWithCertificate using CertificateIdentityProvider
Provider certIdentityProvider = new CertificateIdentityProvider(endpoint_url, sslSocketFactory, x509TrustManager, null, null);

MinioClient minioClientConn = MinioClient.builder()
.endpoint(endpoint_url)
.credentialsProvider(certIdentityProvider)
.httpClient(okHttpClient)
.build();