aws · sbaluja · Nov 28, 2025 · Nov 28, 2025 · Dec 1, 2025
diff --git a/src/aws-cpp-sdk-core/include/aws/core/AmazonWebServiceRequest.h b/src/aws-cpp-sdk-core/include/aws/core/AmazonWebServiceRequest.h
@@ -19,6 +19,7 @@
 #include <aws/core/utils/memory/stl/AWSString.h>
 #include <aws/core/utils/stream/ResponseStream.h>
 #include <aws/core/endpoint/internal/AWSEndpointAttribute.h>
+#include <smithy/identity/auth/AuthSchemeOption.h>
 
 namespace Aws
 {
@@ -231,6 +232,8 @@ namespace Aws
         RetryContext GetRetryContext() const { return m_retryContext; }
 
         void SetRetryContext(const RetryContext& context) const { m_retryContext = context; }
+
+        virtual Aws::Vector<smithy::AuthSchemeOption> GetRequestSpecificSupportedAuth() const { return {}; }
     protected:
         /**
          * Default does nothing. Override this to convert what would otherwise be the payload of the

diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/AWSAuthSigner.h b/src/aws-cpp-sdk-core/include/aws/core/auth/AWSAuthSigner.h
@@ -11,5 +11,4 @@
 #include <aws/core/auth/signer/AWSAuthV4Signer.h>
 #include <aws/core/auth/signer/AWSAuthEventStreamV4Signer.h>
 #include <aws/core/auth/signer/AWSNullSigner.h>
-
 // This is a header that represents old legacy all-in-one header to maintain backward compatibility
diff --git a/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClient.h b/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClient.h
@@ -188,7 +188,7 @@ namespace client
                 }
             }
 
-            Aws::Vector<AuthSchemeOption> authSchemeOptions = m_authSchemeResolver->resolveAuthScheme(identityParams);
+            Aws::Vector<AuthSchemeOption> authSchemeOptions = ctx.m_authResolver == nullptr ? m_authSchemeResolver->resolveAuthScheme(identityParams) : ctx.m_authResolver->resolveAuthScheme(identityParams);
 
             auto authSchemeOptionIt = std::find_if(authSchemeOptions.begin(), authSchemeOptions.end(),
                                                    [this](const AuthSchemeOption& opt)

diff --git a/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientAsyncRequestContext.h b/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientAsyncRequestContext.h
@@ -12,6 +12,7 @@
 #include <smithy/Smithy_EXPORTS.h>
 #include <smithy/identity/auth/AuthSchemeOption.h>
 #include <smithy/interceptor/InterceptorContext.h>
+#include <smithy/identity/auth/AuthSchemeResolverBase.h>
 
 namespace smithy
 {
@@ -71,18 +72,21 @@ namespace smithy
             std::shared_ptr<Aws::Utils::Threading::Executor> m_pExecutor;
             std::shared_ptr<interceptor::InterceptorContext> m_interceptorContext;
             std::shared_ptr<smithy::AwsIdentity> m_awsIdentity;
+            std::shared_ptr<smithy::AuthSchemeResolverBase<>> m_authResolver;
 
             AwsSmithyClientAsyncRequestContext() = default;
 
             AwsSmithyClientAsyncRequestContext(
                 Aws::AmazonWebServiceRequest const * const request,
                 const char* requestName,
-                std::shared_ptr<Aws::Utils::Threading::Executor> pExecutor):
+                std::shared_ptr<Aws::Utils::Threading::Executor> pExecutor,
+                std::shared_ptr<smithy::AuthSchemeResolverBase<>> authResolver):
                 m_invocationId{Aws::Utils::UUID::PseudoRandomUUID()},
                 m_pRequest{request},
                 m_requestName{requestName ? requestName : m_pRequest ?  m_pRequest->GetServiceRequestName() : ""},
                 m_retryCount{0},
-                m_pExecutor{pExecutor}
+                m_pExecutor{pExecutor},
+                m_authResolver{authResolver}
             {
 
             }

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/NoAuthScheme.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/NoAuthScheme.h
@@ -0,0 +1,85 @@
+/**
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#pragma once
+
+#include <smithy/identity/auth/AuthScheme.h>
+#include <smithy/identity/auth/built-in/NoAuthSchemeOption.h>
+
+#include <smithy/identity/identity/AwsCredentialIdentityBase.h>
+#include <smithy/identity/signer/built-in/NoAuthSigner.h>
+#include <smithy/identity/resolver/built-in/NoAuthIdentityResolver.h>
+
+namespace smithy {
+    constexpr char NOAUTH[] = "smithy.api#noAuth";
+
+    class NoAuthScheme : public AuthScheme<AwsCredentialIdentityBase>
+    {
+    public:
+        using AwsCredentialIdentityResolverT = IdentityResolverBase<IdentityT>;
+        using AwsCredentialSignerT = AwsSignerBase<IdentityT>;
+
+        explicit NoAuthScheme()
+            : AuthScheme(NOAUTH),
+            m_signer{Aws::MakeShared<AwsNoAuthSigner>("NoAuthScheme")},
+            m_identityResolver{Aws::MakeShared<NoAuthIdentityResolver>("NoAuthScheme")}
+        {
+            assert(m_signer);
+            assert(m_identityResolver);
+        }
+
+        explicit NoAuthScheme(std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver,
+                                    const Aws::String& serviceName,
+                                    const Aws::String& region)
+              : AuthScheme(NOAUTH),
+              m_signer{Aws::MakeShared<AwsNoAuthSigner>("NoAuthScheme")},
+              m_identityResolver{Aws::MakeShared<NoAuthIdentityResolver>("NoAuthScheme")}
+          {
+            AWS_UNREFERENCED_PARAM(identityResolver);
+            AWS_UNREFERENCED_PARAM(serviceName);
+            AWS_UNREFERENCED_PARAM(region);
+            assert(m_signer);
+            assert(m_identityResolver);
+          }
+
+        explicit NoAuthScheme(const Aws::String& serviceName,
+                                  const Aws::String& region)
+            : NoAuthScheme(nullptr, serviceName, region)
+        {
+          assert(m_signer);
+          assert(m_identityResolver);
+        }
+
+        //legacy constructors
+        explicit NoAuthScheme(std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver, const Aws::String& serviceName, const Aws::String& region, Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy policy, bool urlEscape)
+            :  AuthScheme(NOAUTH),
+            m_signer{Aws::MakeShared<AwsNoAuthSigner>("NoAuthScheme")},
+            m_identityResolver{Aws::MakeShared<NoAuthIdentityResolver>("NoAuthScheme")}
+        {
+          AWS_UNREFERENCED_PARAM(identityResolver);
+          AWS_UNREFERENCED_PARAM(serviceName);
+          AWS_UNREFERENCED_PARAM(region);
+          AWS_UNREFERENCED_PARAM(policy);
+          AWS_UNREFERENCED_PARAM(urlEscape);
+          assert(m_signer);
+          assert(m_identityResolver);
+        }
+
+        virtual ~NoAuthScheme() = default;
+
+        std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver() override
+        {
+            return m_identityResolver;
+        }
+
+        std::shared_ptr<AwsCredentialSignerT> signer() override
+        {
+            return m_signer;
+        }
+
+    protected:
+        std::shared_ptr<AwsCredentialSignerT> m_signer;
+        std::shared_ptr<AwsCredentialIdentityResolverT> m_identityResolver;
+    };
+}
diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/NoAuthSchemeOption.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/NoAuthSchemeOption.h
@@ -0,0 +1,15 @@
+/**
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#pragma once
+
+#include <smithy/Smithy_EXPORTS.h>
+#include <smithy/identity/auth/AuthSchemeOption.h>
+
+namespace smithy {
+    struct NoAuthSchemeOption
+    {
+        static SMITHY_API AuthSchemeOption noAuthSchemeOption;
+    };
+}
diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/identity/impl/AwsBearerTokenIdentityImpl.h b/src/aws-cpp-sdk-core/include/smithy/identity/identity/impl/AwsBearerTokenIdentityImpl.h
@@ -8,9 +8,9 @@
 #include <smithy/identity/identity/AwsBearerTokenIdentity.h>
 
 namespace smithy {
-const Aws::String &AwsBearerTokenIdentity::token() const { return m_token; }
+inline const Aws::String &AwsBearerTokenIdentity::token() const { return m_token; }
 
-Aws::Crt::Optional<AwsIdentity::DateTime>
+inline Aws::Crt::Optional<AwsIdentity::DateTime>
 AwsBearerTokenIdentity::expiration() const
 {
     return m_expiration;

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/resolver/built-in/NoAuthIdentityResolver.h b/src/aws-cpp-sdk-core/include/smithy/identity/resolver/built-in/NoAuthIdentityResolver.h
@@ -0,0 +1,30 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#pragma once
+
+#include <smithy/identity/resolver/AwsCredentialIdentityResolver.h>
+
+#include <aws/core/auth/AWSCredentials.h>
+
+namespace smithy {
+    /**
+     * A no-auth identity resolver that returns empty credentials for unauthenticated requests
+     */
+    class NoAuthIdentityResolver : public AwsCredentialIdentityResolver {
+    public:
+        NoAuthIdentityResolver() = default;
+        virtual ~NoAuthIdentityResolver() = default;
+
+        ResolveIdentityFutureOutcome getIdentity(const IdentityProperties& identityProperties, const AdditionalParameters& additionalParameters) override
+        {
+            AWS_UNREFERENCED_PARAM(identityProperties);
+            AWS_UNREFERENCED_PARAM(additionalParameters);
+
+            auto smithyCreds = Aws::MakeUnique<AwsCredentialIdentity>("NoAuthIdentityResolver");
+            // Return empty identity for no-auth scenarios
+            return {std::move(smithyCreds)};
+        }
+    };
+}
diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/signer/built-in/NoAuthSigner.h b/src/aws-cpp-sdk-core/include/smithy/identity/signer/built-in/NoAuthSigner.h
@@ -0,0 +1,51 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#pragma once
+
+#include <smithy/identity/signer/AwsSignerBase.h>
+#include <smithy/identity/identity/AwsCredentialIdentityBase.h>
+#include <aws/core/auth/signer/AWSNullSigner.h>
+
+namespace smithy {
+    /**
+     * A smithy NoAuth signer wrapper on top of legacy SDK null signer
+     */
+    class AwsNoAuthSigner : public AwsSignerBase<AwsCredentialIdentityBase> {
+    public:
+        explicit AwsNoAuthSigner()
+            : legacySigner()
+        {
+        }
+
+        SigningFutureOutcome sign(std::shared_ptr<HttpRequest> httpRequest, const AwsCredentialIdentityBase& identity, SigningProperties properties) override
+        {
+            AWS_UNREFERENCED_PARAM(identity);
+            AWS_UNREFERENCED_PARAM(properties);
+            assert(httpRequest);
+            bool success = legacySigner.SignRequest(*httpRequest);
+            if (success)
+            {
+                return SigningFutureOutcome(std::move(httpRequest));
+            }
+            return SigningError(Aws::Client::CoreErrors::MEMORY_ALLOCATION, "", "Failed to sign the request with noauth", false);
+        }
+
+        SigningFutureOutcome presign(std::shared_ptr<HttpRequest> httpRequest, const AwsCredentialIdentityBase& identity, SigningProperties properties, const Aws::String& region, const Aws::String& serviceName, long long expirationTimeInSeconds) override
+        {
+            AWS_UNREFERENCED_PARAM(httpRequest);
+            AWS_UNREFERENCED_PARAM(identity);
+            AWS_UNREFERENCED_PARAM(properties);
+            AWS_UNREFERENCED_PARAM(region);
+            AWS_UNREFERENCED_PARAM(serviceName);
+            AWS_UNREFERENCED_PARAM(expirationTimeInSeconds);
+            return SigningFutureOutcome(std::move(httpRequest));
+        }
+
+        virtual ~AwsNoAuthSigner() = default;
+
+    protected:
+        Aws::Client::AWSNullSigner legacySigner;
+    };
+}
diff --git a/src/aws-cpp-sdk-core/source/smithy/client/AwsSmithyClientBase.cpp b/src/aws-cpp-sdk-core/source/smithy/client/AwsSmithyClientBase.cpp
@@ -22,7 +22,7 @@
 #include <aws/core/utils/threading/Executor.h>
 #include <aws/core/utils/threading/SameThreadExecutor.h>
 #include <aws/crt/Variant.h>
-
+#include <smithy/identity/auth/built-in/GenericAuthSchemeResolver.h>
 
 using namespace smithy::client;
 using namespace smithy::interceptor;
@@ -201,9 +201,10 @@ bool AwsSmithyClientBase::ResolveIdentityAuth(
       responseHandler(std::move(identityOutcome));
       return false;
     }
-
     pRequestCtx->m_awsIdentity = std::move(identityOutcome.GetResultWithOwnership());
 
+
+
     // get endpoint params from operation context
     const auto contextEndpointParameters = this->GetContextEndpointParameters(*pRequestCtx);
 
@@ -254,9 +255,9 @@ void AwsSmithyClientBase::MakeRequestAsync(Aws::AmazonWebServiceRequest const* c
         AWS_LOGSTREAM_FATAL(AWS_SMITHY_CLIENT_LOG, "Unable to continue AWSClient request: response handler is missing!");
         return;
     }
-
+    auto authResolver = request->GetRequestSpecificSupportedAuth().empty() ? nullptr : Aws::MakeShared<GenericAuthSchemeResolver<>>(AWS_SMITHY_CLIENT_LOG, request->GetRequestSpecificSupportedAuth());
     std::shared_ptr<AwsSmithyClientAsyncRequestContext> pRequestCtx =
-        Aws::MakeShared<AwsSmithyClientAsyncRequestContext>(AWS_SMITHY_CLIENT_LOG, request, requestName, pExecutor );
+        Aws::MakeShared<AwsSmithyClientAsyncRequestContext>(AWS_SMITHY_CLIENT_LOG, request, requestName, pExecutor, authResolver);
     if (!pRequestCtx)
     {
         AWS_LOGSTREAM_ERROR(AWS_SMITHY_CLIENT_LOG, "Failed to allocate an AwsSmithyClientAsyncRequestContext under a shared ptr");
@@ -702,8 +703,9 @@ AwsSmithyClientBase::ResolveEndpointOutcome AwsSmithyClientBase::ResolveEndpoint
     {
         outcome = std::move(asyncOutcome);
     };
-
-    std::shared_ptr<AwsSmithyClientAsyncRequestContext> pRequestCtx = Aws::MakeShared<AwsSmithyClientAsyncRequestContext>(AWS_SMITHY_CLIENT_LOG, request, requestName, nullptr);
+
+    auto authResolver = request->GetRequestSpecificSupportedAuth().empty() ? nullptr : Aws::MakeShared<GenericAuthSchemeResolver<>>(AWS_SMITHY_CLIENT_LOG, request->GetRequestSpecificSupportedAuth());
+    std::shared_ptr<AwsSmithyClientAsyncRequestContext> pRequestCtx = Aws::MakeShared<AwsSmithyClientAsyncRequestContext>(AWS_SMITHY_CLIENT_LOG, request, requestName, nullptr, authResolver);
     if (!pRequestCtx)
     {
         AWS_LOGSTREAM_ERROR(AWS_SMITHY_CLIENT_LOG, "Failed to allocate an AwsSmithyClientAsyncRequestContext under a shared ptr");

diff --git a/src/aws-cpp-sdk-core/source/smithy/identity/AuthSchemeOption.cpp b/src/aws-cpp-sdk-core/source/smithy/identity/AuthSchemeOption.cpp
@@ -4,7 +4,9 @@
   */
 #include <smithy/identity/auth/built-in/SigV4AuthSchemeOption.h>
 #include <smithy/identity/auth/built-in/SigV4aAuthSchemeOption.h>
+#include <smithy/identity/auth/built-in/NoAuthSchemeOption.h>
 using namespace smithy;
 
 AuthSchemeOption SigV4AuthSchemeOption::sigV4AuthSchemeOption = AuthSchemeOption("aws.auth#sigv4");
 AuthSchemeOption SigV4aAuthSchemeOption::sigV4aAuthSchemeOption = AuthSchemeOption("aws.auth#sigv4a");
+AuthSchemeOption NoAuthSchemeOption::noAuthSchemeOption = AuthSchemeOption("smithy.api#noAuth");