aws-sdk-core 3.130.2 → 3.136.0

data/lib/aws-sdk-ssooidc/types.rb

@@ -0,0 +1,498 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSOOIDC
+  module Types
+
+    # You do not have sufficient access to perform this action.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AccessDeniedException AWS API Documentation
+    #
+    class AccessDeniedException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that a request to authorize a client with an access user
+    # session token is pending.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AuthorizationPendingException AWS API Documentation
+    #
+    class AuthorizationPendingException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass CreateTokenRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_id: "ClientId", # required
+    #         client_secret: "ClientSecret", # required
+    #         grant_type: "GrantType", # required
+    #         device_code: "DeviceCode",
+    #         code: "AuthCode",
+    #         refresh_token: "RefreshToken",
+    #         scope: ["Scope"],
+    #         redirect_uri: "URI",
+    #       }
+    #
+    # @!attribute [rw] client_id
+    #   The unique identifier string for each client. This value should come
+    #   from the persisted result of the RegisterClient API.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret
+    #   A secret string generated for the client. This value should come
+    #   from the persisted result of the RegisterClient API.
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_type
+    #   Supports grant types for authorization code, refresh token, and
+    #   device code request.
+    #   @return [String]
+    #
+    # @!attribute [rw] device_code
+    #   Used only when calling this API for the device code grant type. This
+    #   short-term code is used to identify this authentication attempt.
+    #   This should come from an in-memory reference to the result of the
+    #   StartDeviceAuthorization API.
+    #   @return [String]
+    #
+    # @!attribute [rw] code
+    #   The authorization code received from the authorization service. This
+    #   parameter is required to perform an authorization grant request to
+    #   get access to a token.
+    #   @return [String]
+    #
+    # @!attribute [rw] refresh_token
+    #   The token used to obtain an access token in the event that the
+    #   access token is invalid or expired. This token is not issued by the
+    #   service.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   The list of scopes that is defined by the client. Upon
+    #   authorization, this list is used to restrict permissions when
+    #   granting an access token.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] redirect_uri
+    #   The location of the application that will receive the authorization
+    #   code. Users authorize the service to send the request to this
+    #   location.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenRequest AWS API Documentation
+    #
+    class CreateTokenRequest < Struct.new(
+      :client_id,
+      :client_secret,
+      :grant_type,
+      :device_code,
+      :code,
+      :refresh_token,
+      :scope,
+      :redirect_uri)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_token
+    #   An opaque token to access AWS SSO resources assigned to a user.
+    #   @return [String]
+    #
+    # @!attribute [rw] token_type
+    #   Used to notify the client that the returned token is an access
+    #   token. The supported type is `BearerToken`.
+    #   @return [String]
+    #
+    # @!attribute [rw] expires_in
+    #   Indicates the time in seconds when an access token will expire.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] refresh_token
+    #   A token that, if present, can be used to refresh a previously issued
+    #   access token that might have expired.
+    #   @return [String]
+    #
+    # @!attribute [rw] id_token
+    #   The identifier of the user that associated with the access token, if
+    #   present.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenResponse AWS API Documentation
+    #
+    class CreateTokenResponse < Struct.new(
+      :access_token,
+      :token_type,
+      :expires_in,
+      :refresh_token,
+      :id_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the token issued by the service is expired and is no
+    # longer valid.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/ExpiredTokenException AWS API Documentation
+    #
+    class ExpiredTokenException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that an error from the service occurred while trying to
+    # process a request.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InternalServerException AWS API Documentation
+    #
+    class InternalServerException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the `clientId` or `clientSecret` in the request is
+    # invalid. For example, this can occur when a client sends an incorrect
+    # `clientId` or an expired `clientSecret`.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidClientException AWS API Documentation
+    #
+    class InvalidClientException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the client information sent in the request during
+    # registration is invalid.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidClientMetadataException AWS API Documentation
+    #
+    class InvalidClientMetadataException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that a request contains an invalid grant. This can occur if
+    # a client makes a CreateToken request with an invalid grant type.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidGrantException AWS API Documentation
+    #
+    class InvalidGrantException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that something is wrong with the input to the request. For
+    # example, a required parameter might be missing or out of range.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidRequestException AWS API Documentation
+    #
+    class InvalidRequestException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the scope provided in the request is invalid.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidScopeException AWS API Documentation
+    #
+    class InvalidScopeException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass RegisterClientRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_name: "ClientName", # required
+    #         client_type: "ClientType", # required
+    #         scopes: ["Scope"],
+    #       }
+    #
+    # @!attribute [rw] client_name
+    #   The friendly name of the client.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_type
+    #   The type of client. The service supports only `public` as a client
+    #   type. Anything other than public will be rejected by the service.
+    #   @return [String]
+    #
+    # @!attribute [rw] scopes
+    #   The list of scopes that are defined by the client. Upon
+    #   authorization, this list is used to restrict permissions when
+    #   granting an access token.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClientRequest AWS API Documentation
+    #
+    class RegisterClientRequest < Struct.new(
+      :client_name,
+      :client_type,
+      :scopes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] client_id
+    #   The unique identifier string for each client. This client uses this
+    #   identifier to get authenticated by the service in subsequent calls.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret
+    #   A secret string generated for the client. The client will use this
+    #   string to get authenticated by the service in subsequent calls.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_id_issued_at
+    #   Indicates the time at which the `clientId` and `clientSecret` were
+    #   issued.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] client_secret_expires_at
+    #   Indicates the time at which the `clientId` and `clientSecret` will
+    #   become invalid.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] authorization_endpoint
+    #   The endpoint where the client can request authorization.
+    #   @return [String]
+    #
+    # @!attribute [rw] token_endpoint
+    #   The endpoint where the client can get an access token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClientResponse AWS API Documentation
+    #
+    class RegisterClientResponse < Struct.new(
+      :client_id,
+      :client_secret,
+      :client_id_issued_at,
+      :client_secret_expires_at,
+      :authorization_endpoint,
+      :token_endpoint)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the client is making the request too frequently and is
+    # more than the service can handle.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/SlowDownException AWS API Documentation
+    #
+    class SlowDownException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass StartDeviceAuthorizationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_id: "ClientId", # required
+    #         client_secret: "ClientSecret", # required
+    #         start_url: "URI", # required
+    #       }
+    #
+    # @!attribute [rw] client_id
+    #   The unique identifier string for the client that is registered with
+    #   AWS SSO. This value should come from the persisted result of the
+    #   RegisterClient API operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret
+    #   A secret string that is generated for the client. This value should
+    #   come from the persisted result of the RegisterClient API operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_url
+    #   The URL for the AWS SSO user portal. For more information, see
+    #   [Using the User Portal][1] in the *AWS Single Sign-On User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorizationRequest AWS API Documentation
+    #
+    class StartDeviceAuthorizationRequest < Struct.new(
+      :client_id,
+      :client_secret,
+      :start_url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] device_code
+    #   The short-lived code that is used by the device when polling for a
+    #   session token.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_code
+    #   A one-time user verification code. This is needed to authorize an
+    #   in-use device.
+    #   @return [String]
+    #
+    # @!attribute [rw] verification_uri
+    #   The URI of the verification page that takes the `userCode` to
+    #   authorize the device.
+    #   @return [String]
+    #
+    # @!attribute [rw] verification_uri_complete
+    #   An alternate URL that the client can use to automatically launch a
+    #   browser. This process skips the manual step in which the user visits
+    #   the verification page and enters their code.
+    #   @return [String]
+    #
+    # @!attribute [rw] expires_in
+    #   Indicates the number of seconds in which the verification code will
+    #   become invalid.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] interval
+    #   Indicates the number of seconds the client must wait between
+    #   attempts when polling for a session.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorizationResponse AWS API Documentation
+    #
+    class StartDeviceAuthorizationResponse < Struct.new(
+      :device_code,
+      :user_code,
+      :verification_uri,
+      :verification_uri_complete,
+      :expires_in,
+      :interval)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the client is not currently authorized to make the
+    # request. This can happen when a `clientId` is not issued for a public
+    # client.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/UnauthorizedClientException AWS API Documentation
+    #
+    class UnauthorizedClientException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates that the grant type in the request is not supported by the
+    # service.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/UnsupportedGrantTypeException AWS API Documentation
+    #
+    class UnsupportedGrantTypeException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+  end
+end

data/lib/aws-sdk-ssooidc.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+unless Module.const_defined?(:Aws)
+  require 'aws-sdk-core'
+  require 'aws-sigv4'
+end
+
+require_relative 'aws-sdk-ssooidc/types'
+require_relative 'aws-sdk-ssooidc/client_api'
+require_relative 'aws-sdk-ssooidc/client'
+require_relative 'aws-sdk-ssooidc/errors'
+require_relative 'aws-sdk-ssooidc/resource'
+require_relative 'aws-sdk-ssooidc/customizations'
+
+# This module provides support for AWS SSO OIDC. This module is available in the
+# `aws-sdk-core` gem.
+#
+# # Client
+#
+# The {Client} class provides one method for each API operation. Operation
+# methods each accept a hash of request parameters and return a response
+# structure.
+#
+#     ssooidc = Aws::SSOOIDC::Client.new
+#     resp = ssooidc.create_token(params)
+#
+# See {Client} for more information.
+#
+# # Errors
+#
+# Errors returned from AWS SSO OIDC are defined in the
+# {Errors} module and all extend {Errors::ServiceError}.
+#
+#     begin
+#       # do stuff
+#     rescue Aws::SSOOIDC::Errors::ServiceError
+#       # rescues all AWS SSO OIDC API errors
+#     end
+#
+# See {Errors} for more information.
+#
+# @!group service
+module Aws::SSOOIDC
+
+  GEM_VERSION = '3.136.0'
+
+end

data/lib/aws-sdk-sts/client.rb

@@ -2145,6 +2145,14 @@ module Aws::STS
     # Credentials][1] and [Comparing the Amazon Web Services STS API
     # operations][2] in the *IAM User Guide*.
     #
+    # <note markdown="1"> No permissions are required for users to perform this operation. The
+    # purpose of the `sts:GetSessionToken` operation is to authenticate the
+    # user using MFA. You cannot use policies to control authentication
+    # operations. For more information, see [Permissions for
+    # GetSessionToken][3] in the *IAM User Guide*.
+    #
+    #  </note>
+    #
     # **Session Duration**
     #
     # The `GetSessionToken` operation must be called by using the long-term
@@ -2170,7 +2178,7 @@ module Aws::STS
     #
     # <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
     # Services account root user credentials. Instead, follow our [best
-    # practices][3] by creating one or more IAM users, giving them the
+    # practices][4] by creating one or more IAM users, giving them the
     # necessary permissions, and using IAM users for everyday interaction
     # with Amazon Web Services.
     #
@@ -2186,14 +2194,15 @@ module Aws::STS
     #
     # For more information about using `GetSessionToken` to create temporary
     # credentials, go to [Temporary Credentials for Users in Untrusted
-    # Environments][4] in the *IAM User Guide*.
+    # Environments][5] in the *IAM User Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
     # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
-    # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
-    # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
+    # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
+    # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
+    # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
     #
     # @option params [Integer] :duration_seconds
     #   The duration, in seconds, that the credentials should remain valid.
@@ -2290,7 +2299,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.130.2'
+      context[:gem_version] = '3.136.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.130.2'
+  GEM_VERSION = '3.136.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.130.2
+  version: 3.136.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-22 00:00:00.000000000 Z
+date: 2022-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath
@@ -16,14 +16,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.1
 - !ruby/object:Gem::Dependency
   name: aws-partitions
   requirement: !ruby/object:Gem::Requirement
@@ -139,6 +145,7 @@ files:
 - lib/aws-sdk-core/plugins/apig_authorizer_token.rb
 - lib/aws-sdk-core/plugins/apig_credentials_configuration.rb
 - lib/aws-sdk-core/plugins/apig_user_agent.rb
+- lib/aws-sdk-core/plugins/bearer_authorization.rb
 - lib/aws-sdk-core/plugins/checksum_algorithm.rb
 - lib/aws-sdk-core/plugins/client_metrics_plugin.rb
 - lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb
@@ -183,6 +190,7 @@ files:
 - lib/aws-sdk-core/query/param_builder.rb
 - lib/aws-sdk-core/query/param_list.rb
 - lib/aws-sdk-core/refreshing_credentials.rb
+- lib/aws-sdk-core/refreshing_token.rb
 - lib/aws-sdk-core/resources/collection.rb
 - lib/aws-sdk-core/rest.rb
 - lib/aws-sdk-core/rest/handler.rb
@@ -198,6 +206,8 @@ files:
 - lib/aws-sdk-core/shared_config.rb
 - lib/aws-sdk-core/shared_credentials.rb
 - lib/aws-sdk-core/sso_credentials.rb
+- lib/aws-sdk-core/sso_token_provider.rb
+- lib/aws-sdk-core/static_token_provider.rb
 - lib/aws-sdk-core/structure.rb
 - lib/aws-sdk-core/stubbing/data_applicator.rb
 - lib/aws-sdk-core/stubbing/empty_stub.rb
@@ -210,6 +220,9 @@ files:
 - lib/aws-sdk-core/stubbing/protocols/rest_xml.rb
 - lib/aws-sdk-core/stubbing/stub_data.rb
 - lib/aws-sdk-core/stubbing/xml_error.rb
+- lib/aws-sdk-core/token.rb
+- lib/aws-sdk-core/token_provider.rb
+- lib/aws-sdk-core/token_provider_chain.rb
 - lib/aws-sdk-core/type_builder.rb
 - lib/aws-sdk-core/util.rb
 - lib/aws-sdk-core/waiters.rb
@@ -238,6 +251,13 @@ files:
 - lib/aws-sdk-sso/errors.rb
 - lib/aws-sdk-sso/resource.rb
 - lib/aws-sdk-sso/types.rb
+- lib/aws-sdk-ssooidc.rb
+- lib/aws-sdk-ssooidc/client.rb
+- lib/aws-sdk-ssooidc/client_api.rb
+- lib/aws-sdk-ssooidc/customizations.rb
+- lib/aws-sdk-ssooidc/errors.rb
+- lib/aws-sdk-ssooidc/resource.rb
+- lib/aws-sdk-ssooidc/types.rb
 - lib/aws-sdk-sts.rb
 - lib/aws-sdk-sts/client.rb
 - lib/aws-sdk-sts/client_api.rb