npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@aws/bedrock-token-generator

v1.1.0

Published

A lightweight library for generating short-term bearer tokens for AWS Bedrock API authentication

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aws-bedrock-token-generatoraws-bedrock-token-generator

Keywords

awsbedrockbearer-tokenauthenticationamazontoken-generator

Readme

AWS Bedrock Token Generator for JavaScript/TypeScript

npm version License TypeScript Node.js Version

A lightweight library for generating short-term bearer tokens for AWS Bedrock API authentication.

Features

  • Simple API: Async functions that generate bearer tokens
  • Secure: Uses AWS SigV4 signing with configurable token expiration (up to 12 hours)
  • AWS SDK Integration: Seamlessly works with AWS credential providers
  • Lightweight: Minimal dependencies, focused functionality
  • Well-tested: Comprehensive unit tests with multiple scenarios
  • TypeScript: Full type definitions for better IDE experience

Installation

npm install @aws/bedrock-token-generator

Quick Start

Using Token Provider with Default Credential and Region Provider

import { getTokenProvider } from "@aws/bedrock-token-generator";

// Create a token provider that uses default credentials and region providers.
// You can configure it to use other credential providers.
const provideToken = getTokenProvider();

async function example() {
    
  const token = await provideToken();

  // Use the token for API calls. The token has a default expiration of 12 hour.
  // If the expiresInSeconds parameter is specified during token creation, the 
  // expiration can be configured up to a maximum of 12 hours. However, the actual 
  // token validity period will always be the minimum of the requested expiration 
  // time and the AWS credentials' expiry time
  console.log(`Bearer Token: ${token}`);
}

Using Token Provider with Credential Provider and Region

You can find the supported credentials provider here.

import { getTokenProvider } from "@aws/bedrock-token-generator";
import { fromTemporaryCredentials } from "@aws-sdk/credential-providers";

const provideToken = getTokenProvider({
  credentials: fromTemporaryCredentials({
    params: {
      RoleArn: "arn:aws:iam::123456789012:role/BedrockRole",
    },
  }),
  region: "us-east-1",
});

async function example() {
    
  const token = await provideToken();

  // Use the token for API calls. The token has a default expiration of 12 hour.
  // If the expiresInSeconds parameter is specified during token creation, the 
  // expiration can be configured up to a maximum of 12 hours. However, the actual 
  // token validity period will always be the minimum of the requested expiration 
  // time and the AWS credentials' expiry time
  console.log(`Bearer Token: ${token}`);
}

Using Token Provider with Specific Credentials, Region and Expiry

import { getTokenProvider } from "@aws/bedrock-token-generator";

const credentials = {
  accessKeyId: "YOUR_ACCESS_KEY_ID",
  secretAccessKey: "YOUR_SECRET_ACCESS_KEY",
  sessionToken: "YOUR_SESSION_TOKEN",
};

const provideToken = getTokenProvider({
  credentials,
  region: "us-east-1",
  expiresInSeconds: 7200,
});

async function example() {
  const token = await provideToken();

  // Use the token for API calls. The token has an expiration of 2 hour. However, the actual token validity period
  // will always be the minimum of the requested expiration time and the AWS credentials' expiry time
  console.log(`Bearer Token: ${token}`);
}

Using Stateless Function with Specific Credentials, Region and Expiry

import { getToken } from "@aws/bedrock-token-generator";

async function example() {
  const credentials = {
    accessKeyId: "YOUR_ACCESS_KEY_ID",
    secretAccessKey: "YOUR_SECRET_ACCESS_KEY",
    sessionToken: "YOUR_SESSION_TOKEN",
  };

  const token = await getToken({
    credentials,
    region: "us-east-1",
    expiresInSeconds: 7200,
  });

  // Use the token for API calls. The token has an expiration of 2 hour. However, the actual token validity period
  // will always be the minimum of the requested expiration time and the AWS credentials' expiry time
  console.log(`Bearer Token: ${token}`);
}

API Reference

Token Format

The generated tokens follow this format:

bedrock-api-key-<base64-encoded-presigned-url>&Version=1
  • Prefix: bedrock-api-key- identifies the token type
  • Payload: Base64-encoded presigned URL with embedded credentials
  • Version: &Version=1 for future compatibility
  • Expiration: The token has a default expiration of 12 hour. If the expiresInSeconds parameter is specified during token creation, the expiration can be configured up to a maximum of 12 hours. However, the actual token validity period will always be the minimum of the requested expiration time and the AWS credentials' expiry time.

Security Considerations

  • Token Expiration: The token has a default expiration of 12 hour. If the expiresInSeconds parameter is specified during token creation, the expiration can be configured up to a maximum of 12 hours. However, the actual token validity period will always be the minimum of the requested expiration time and the AWS credentials' expiry time. The token must be generated again once it expires, as it cannot be refreshed or extended.
  • Secure Storage: Store tokens securely and avoid logging them
  • Credential Management: Use IAM roles and temporary credentials when possible
  • Network Security: Always use HTTPS when transmitting tokens
  • Principle of Least Privilege: Ensure underlying credentials have minimal required permissions

Requirements

  • Node.js: 16.0.0 or later
  • TypeScript: 4.7.0 or later (for TypeScript users)

Development

Setting up Development Environment

# Clone the repository
git clone https://github.com/aws/aws-bedrock-token-generator-js.git
cd aws-bedrock-token-generator-js

# Install dependencies
npm install

# Build the project
npm run build

# Run tests
npm test

Running Tests

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run linter
npm run lint

# Format code
npm run format

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

Development Workflow

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature-name
  3. Make changes and add tests
  4. Run tests: npm test
  5. Format code: npm run format
  6. Submit a pull request

Support

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Related Projects

Changelog

See CHANGELOG.md for a list of changes and version history.