Introduces ICoreAmazonSTSAsync

* Moves the definition of `CredentialsFromAssumeRoleAuthenticationAsync` into the new interface.
* Only attempts to call `CredentialsFromAssumeRoleAuthenticationAsync` if the STS client instance implements `ICoreAmazonSTSAsync`.

sdk/src/Core/Amazon.Runtime/Credentials/AssumeRoleAWSCredentials.cs

@@ -137,7 +137,7 @@ protected override CredentialsRefreshState GenerateNewCredentials()
             _logger.InfoFormat("New credentials created for assume role that expire at {0}", credentials.Expiration.ToString("yyyy-MM-ddTHH:mm:ss.fffffffK", CultureInfo.InvariantCulture));
             return new CredentialsRefreshState(credentials, credentials.Expiration);
         }
-        
+
 #if AWS_ASYNC_API
 #if NET8_0_OR_GREATER
         [System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessage("ReflectionAnalysis", "IL2026",
@@ -146,7 +146,7 @@ protected override CredentialsRefreshState GenerateNewCredentials()
         protected override async Task<CredentialsRefreshState> GenerateNewCredentialsAsync()
         {
             var region = FallbackRegionFactory.GetRegionEndpoint() ?? DefaultSTSClientRegion;
-            ICoreAmazonSTS coreSTSClient = GlobalRuntimeDependencyRegistry.Instance.GetInstance<ICoreAmazonSTS>(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME, 
+            ICoreAmazonSTS coreSTSClient = GlobalRuntimeDependencyRegistry.Instance.GetInstance<ICoreAmazonSTS>(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
                 new CreateInstanceContext(new SecurityTokenServiceClientContext {Action = SecurityTokenServiceClientContext.ActionContext.AssumeRoleAWSCredentials, Region = region, ProxySettings = Options?.ProxySettings } ));
 
             if (coreSTSClient == null)
@@ -179,8 +179,19 @@ protected override async Task<CredentialsRefreshState> GenerateNewCredentialsAsy
                     throw exception;
                 }
             }
-
-            var credentials = await coreSTSClient.CredentialsFromAssumeRoleAuthenticationAsync(RoleArn, RoleSessionName, Options).ConfigureAwait(false);
+
+            AssumeRoleImmutableCredentials credentials;
+            var coreSTSClientAsync = coreSTSClient as ICoreAmazonSTSAsync;
+            if (coreSTSClientAsync != null)
+            {
+                credentials = await coreSTSClientAsync.CredentialsFromAssumeRoleAuthenticationAsync(RoleArn, RoleSessionName, Options).ConfigureAwait(false);
+            }
+            else
+            {
+                _logger.InfoFormat("{0} does not implement {1}. AWSSDK.Core likely needs to be upgraded to a newer version.", coreSTSClient.GetType(), nameof(ICoreAmazonSTSAsync));
+                credentials = coreSTSClient.CredentialsFromAssumeRoleAuthentication(RoleArn, RoleSessionName, Options);
+            }
+
             _logger.InfoFormat("New credentials created for assume role that expire at {0}", credentials.Expiration.ToString("yyyy-MM-ddTHH:mm:ss.fffffffK", CultureInfo.InvariantCulture));
             return new CredentialsRefreshState(credentials, credentials.Expiration);
         }

sdk/src/Core/Amazon.Runtime/SharedInterfaces/ICoreAmazonSTS.cs

@@ -34,29 +34,6 @@ public interface ICoreAmazonSTS
         /// <returns></returns>
         AssumeRoleImmutableCredentials CredentialsFromAssumeRoleAuthentication(string roleArn, string roleSessionName, AssumeRoleAWSCredentialsOptions options);
 
-#if AWS_ASYNC_API
-        /// <summary>
-        /// <para>
-        /// This method is used internally to access the Amazon Security Token
-        /// service within other service assemblies.
-        /// Please use AmazonSecurityTokenServiceClient to access the Amazon Security Token
-        /// service instead.
-        /// </para>
-        /// Use Amazon Security Token Service to assume a role.
-        /// <remarks>
-        /// Proxy settings that are required for the HTTPS and STS calls made during the authentication/credential
-        /// generation process are supported and should have been configured on the STS ClientConfig instance
-        /// associated with the STS client instance exposing this interface.
-        /// </remarks>
-        /// </summary>
-        /// <param name="roleArn">The Amazon Resource Name (ARN) of the role to assume.</param>
-        /// <param name="roleSessionName"> An identifier for the assumed role session.</param>
-        /// <param name="options">Options to be used in the call to AssumeRole.</param>
-        /// <returns></returns>
-        Task<AssumeRoleImmutableCredentials> CredentialsFromAssumeRoleAuthenticationAsync(string roleArn, string roleSessionName, AssumeRoleAWSCredentialsOptions options);
-#endif
-
-
 #if !BCL // In the NETSTANDARD flavors of the SDK ICoreAmazonSTS is declared without CredentialsFromSAMLAuthentication,
     }             // we cannot add a new method to the interface for backward compatibility concerns. 
 

sdk/src/Core/Amazon.Runtime/SharedInterfaces/ICoreAmazonSTSAsync.cs

@@ -0,0 +1,35 @@
+using System.Threading.Tasks;
+
+namespace Amazon.Runtime.SharedInterfaces
+{
+#if AWS_ASYNC_API
+    /// <summary>
+    /// ICoreAmazonSTSAsync is not meant to be used directly. It defines Security Token
+    /// service with basic .NET types and allows other services to be able to use the service as
+    /// a runtime dependency. This interface is implemented by the AmazonSecurityTokenServiceClient
+    /// defined in the AWSSDK.SecurityToken assembly.
+    /// </summary>
+    public interface ICoreAmazonSTSAsync
+    {
+        /// <summary>
+        /// <para>
+        /// This method is used internally to access the Amazon Security Token
+        /// service within other service assemblies.
+        /// Please use AmazonSecurityTokenServiceClient to access the Amazon Security Token
+        /// service instead.
+        /// </para>
+        /// Use Amazon Security Token Service to assume a role.
+        /// <remarks>
+        /// Proxy settings that are required for the HTTPS and STS calls made during the authentication/credential
+        /// generation process are supported and should have been configured on the STS ClientConfig instance
+        /// associated with the STS client instance exposing this interface.
+        /// </remarks>
+        /// </summary>
+        /// <param name="roleArn">The Amazon Resource Name (ARN) of the role to assume.</param>
+        /// <param name="roleSessionName"> An identifier for the assumed role session.</param>
+        /// <param name="options">Options to be used in the call to AssumeRole.</param>
+        /// <returns></returns>
+        Task<AssumeRoleImmutableCredentials> CredentialsFromAssumeRoleAuthenticationAsync(string roleArn, string roleSessionName, AssumeRoleAWSCredentialsOptions options);
+    }
+#endif
+}

sdk/src/Services/SecurityToken/Custom/AmazonSecurityTokenServiceClient.Extension.cs

@@ -212,7 +212,7 @@ AssumeRoleImmutableCredentials ICoreAmazonSTS.CredentialsFromAssumeRoleAuthentic
                 throw exception;
             }
         }
-        
+
 #if AWS_ASYNC_API
         /// <summary>
         /// <see cref="ICoreAmazonSTS"/>
@@ -221,7 +221,7 @@ AssumeRoleImmutableCredentials ICoreAmazonSTS.CredentialsFromAssumeRoleAuthentic
         /// <param name="roleSessionName"></param>
         /// <param name="options"></param>
         /// <returns></returns>
-        async Task<AssumeRoleImmutableCredentials> ICoreAmazonSTS.CredentialsFromAssumeRoleAuthenticationAsync(string roleArn,
+        async Task<AssumeRoleImmutableCredentials> ICoreAmazonSTSAsync.CredentialsFromAssumeRoleAuthenticationAsync(string roleArn,
             string roleSessionName, AssumeRoleAWSCredentialsOptions options)
         {
             try

sdk/src/Services/SecurityToken/Custom/IAmazonSecurityTokenService.Extension.cs

@@ -20,6 +20,9 @@ namespace Amazon.SecurityToken
     public partial interface IAmazonSecurityTokenService : IDisposable, ICoreAmazonSTS
 #if NETSTANDARD20 || NETCOREAPP3_1_OR_GREATER
         , ICoreAmazonSTS_SAML
+#endif
+#if AWS_ASYNC_API
+        , ICoreAmazonSTSAsync
 #endif
     {
     }

sdk/src/Services/SecurityToken/GlobalSuppressions.cs

@@ -5,7 +5,7 @@
 // a specific target and scoped to a namespace, type, member, etc.
 
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1033:Interface methods should be callable by child types", Scope = "member", Target = "~M:Amazon.SecurityToken.AmazonSecurityTokenServiceClient.Amazon#Runtime#SharedInterfaces#ICoreAmazonSTS#CredentialsFromAssumeRoleAuthentication(System.String,System.String,Amazon.Runtime.AssumeRoleAWSCredentialsOptions)~Amazon.Runtime.AssumeRoleImmutableCredentials")]
-[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1033:Interface methods should be callable by child types", Scope = "member", Target = "~M:Amazon.SecurityToken.AmazonSecurityTokenServiceClient.Amazon#Runtime#SharedInterfaces#ICoreAmazonSTS#CredentialsFromAssumeRoleAuthenticationAsync(System.String,System.String,Amazon.Runtime.AssumeRoleAWSCredentialsOptions)~System.Threading.Tasks.Task{Amazon.Runtime.AssumeRoleImmutableCredentials}")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1033:Interface methods should be callable by child types", Scope = "member", Target = "~M:Amazon.SecurityToken.AmazonSecurityTokenServiceClient.Amazon#Runtime#SharedInterfaces#ICoreAmazonSTSAsync#CredentialsFromAssumeRoleAuthenticationAsync(System.String,System.String,Amazon.Runtime.AssumeRoleAWSCredentialsOptions)~System.Threading.Tasks.Task{Amazon.Runtime.AssumeRoleImmutableCredentials}")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1033:Interface methods should be callable by child types", Scope = "member", Target = "~M:Amazon.SecurityToken.AmazonSecurityTokenServiceClient.Amazon#Runtime#SharedInterfaces#ICoreAmazonSTS#CredentialsFromSAMLAuthentication(System.String,System.String,System.String,System.TimeSpan,System.Net.ICredentials)~Amazon.Runtime.SAMLImmutableCredentials")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1033:Interface methods should be callable by child types", Scope = "member", Target = "~M:Amazon.SecurityToken.AmazonSecurityTokenServiceClient.Amazon#Runtime#SharedInterfaces#ICoreAmazonSTS_WebIdentity#CredentialsFromAssumeRoleWithWebIdentityAuthentication(System.String,System.String,System.String,Amazon.Runtime.AssumeRoleWithWebIdentityCredentialsOptions)~Amazon.Runtime.AssumeRoleImmutableCredentials")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1033:Interface methods should be callable by child types", Scope = "member", Target = "~M:Amazon.SecurityToken.AmazonSecurityTokenServiceClient.Amazon#Runtime#SharedInterfaces#ICoreAmazonSTS_WebIdentity#CredentialsFromAssumeRoleWithWebIdentityAuthenticationAsync(System.String,System.String,System.String,Amazon.Runtime.AssumeRoleWithWebIdentityCredentialsOptions)~System.Threading.Tasks.Task{Amazon.Runtime.AssumeRoleImmutableCredentials}")]