aws-sdk-core 3.181.0 → 3.209.1

data/lib/aws-sdk-ssooidc/client_api.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 module Aws::SSOOIDC
   # @api private
   module ClientApi
@@ -15,30 +16,41 @@ module Aws::SSOOIDC
 
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccessToken = Shapes::StringShape.new(name: 'AccessToken')
+    ArnType = Shapes::StringShape.new(name: 'ArnType')
+    Assertion = Shapes::StringShape.new(name: 'Assertion')
     AuthCode = Shapes::StringShape.new(name: 'AuthCode')
     AuthorizationPendingException = Shapes::StructureShape.new(name: 'AuthorizationPendingException')
     ClientId = Shapes::StringShape.new(name: 'ClientId')
     ClientName = Shapes::StringShape.new(name: 'ClientName')
     ClientSecret = Shapes::StringShape.new(name: 'ClientSecret')
     ClientType = Shapes::StringShape.new(name: 'ClientType')
+    CodeVerifier = Shapes::StringShape.new(name: 'CodeVerifier')
     CreateTokenRequest = Shapes::StructureShape.new(name: 'CreateTokenRequest')
     CreateTokenResponse = Shapes::StructureShape.new(name: 'CreateTokenResponse')
+    CreateTokenWithIAMRequest = Shapes::StructureShape.new(name: 'CreateTokenWithIAMRequest')
+    CreateTokenWithIAMResponse = Shapes::StructureShape.new(name: 'CreateTokenWithIAMResponse')
     DeviceCode = Shapes::StringShape.new(name: 'DeviceCode')
     Error = Shapes::StringShape.new(name: 'Error')
     ErrorDescription = Shapes::StringShape.new(name: 'ErrorDescription')
     ExpirationInSeconds = Shapes::IntegerShape.new(name: 'ExpirationInSeconds')
     ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException')
     GrantType = Shapes::StringShape.new(name: 'GrantType')
+    GrantTypes = Shapes::ListShape.new(name: 'GrantTypes')
     IdToken = Shapes::StringShape.new(name: 'IdToken')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
     IntervalInSeconds = Shapes::IntegerShape.new(name: 'IntervalInSeconds')
     InvalidClientException = Shapes::StructureShape.new(name: 'InvalidClientException')
     InvalidClientMetadataException = Shapes::StructureShape.new(name: 'InvalidClientMetadataException')
     InvalidGrantException = Shapes::StructureShape.new(name: 'InvalidGrantException')
+    InvalidRedirectUriException = Shapes::StructureShape.new(name: 'InvalidRedirectUriException')
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
+    InvalidRequestRegionException = Shapes::StructureShape.new(name: 'InvalidRequestRegionException')
     InvalidScopeException = Shapes::StructureShape.new(name: 'InvalidScopeException')
+    Location = Shapes::StringShape.new(name: 'Location')
     LongTimeStampType = Shapes::IntegerShape.new(name: 'LongTimeStampType')
+    RedirectUris = Shapes::ListShape.new(name: 'RedirectUris')
     RefreshToken = Shapes::StringShape.new(name: 'RefreshToken')
+    Region = Shapes::StringShape.new(name: 'Region')
     RegisterClientRequest = Shapes::StructureShape.new(name: 'RegisterClientRequest')
     RegisterClientResponse = Shapes::StructureShape.new(name: 'RegisterClientResponse')
     Scope = Shapes::StringShape.new(name: 'Scope')
@@ -46,7 +58,9 @@ module Aws::SSOOIDC
     SlowDownException = Shapes::StructureShape.new(name: 'SlowDownException')
     StartDeviceAuthorizationRequest = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationRequest')
     StartDeviceAuthorizationResponse = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationResponse')
+    SubjectToken = Shapes::StringShape.new(name: 'SubjectToken')
     TokenType = Shapes::StringShape.new(name: 'TokenType')
+    TokenTypeURI = Shapes::StringShape.new(name: 'TokenTypeURI')
     URI = Shapes::StringShape.new(name: 'URI')
     UnauthorizedClientException = Shapes::StructureShape.new(name: 'UnauthorizedClientException')
     UnsupportedGrantTypeException = Shapes::StructureShape.new(name: 'UnsupportedGrantTypeException')
@@ -68,6 +82,7 @@ module Aws::SSOOIDC
     CreateTokenRequest.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
     CreateTokenRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
     CreateTokenRequest.add_member(:redirect_uri, Shapes::ShapeRef.new(shape: URI, location_name: "redirectUri"))
+    CreateTokenRequest.add_member(:code_verifier, Shapes::ShapeRef.new(shape: CodeVerifier, location_name: "codeVerifier"))
     CreateTokenRequest.struct_class = Types::CreateTokenRequest
 
     CreateTokenResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessToken, location_name: "accessToken"))
@@ -77,10 +92,34 @@ module Aws::SSOOIDC
     CreateTokenResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
     CreateTokenResponse.struct_class = Types::CreateTokenResponse
 
+    CreateTokenWithIAMRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, required: true, location_name: "clientId"))
+    CreateTokenWithIAMRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: GrantType, required: true, location_name: "grantType"))
+    CreateTokenWithIAMRequest.add_member(:code, Shapes::ShapeRef.new(shape: AuthCode, location_name: "code"))
+    CreateTokenWithIAMRequest.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
+    CreateTokenWithIAMRequest.add_member(:assertion, Shapes::ShapeRef.new(shape: Assertion, location_name: "assertion"))
+    CreateTokenWithIAMRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
+    CreateTokenWithIAMRequest.add_member(:redirect_uri, Shapes::ShapeRef.new(shape: URI, location_name: "redirectUri"))
+    CreateTokenWithIAMRequest.add_member(:subject_token, Shapes::ShapeRef.new(shape: SubjectToken, location_name: "subjectToken"))
+    CreateTokenWithIAMRequest.add_member(:subject_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "subjectTokenType"))
+    CreateTokenWithIAMRequest.add_member(:requested_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "requestedTokenType"))
+    CreateTokenWithIAMRequest.add_member(:code_verifier, Shapes::ShapeRef.new(shape: CodeVerifier, location_name: "codeVerifier"))
+    CreateTokenWithIAMRequest.struct_class = Types::CreateTokenWithIAMRequest
+
+    CreateTokenWithIAMResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessToken, location_name: "accessToken"))
+    CreateTokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: TokenType, location_name: "tokenType"))
+    CreateTokenWithIAMResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: ExpirationInSeconds, location_name: "expiresIn"))
+    CreateTokenWithIAMResponse.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
+    CreateTokenWithIAMResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
+    CreateTokenWithIAMResponse.add_member(:issued_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "issuedTokenType"))
+    CreateTokenWithIAMResponse.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
+    CreateTokenWithIAMResponse.struct_class = Types::CreateTokenWithIAMResponse
+
     ExpiredTokenException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
     ExpiredTokenException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     ExpiredTokenException.struct_class = Types::ExpiredTokenException
 
+    GrantTypes.member = Shapes::ShapeRef.new(shape: GrantType)
+
     InternalServerException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
     InternalServerException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     InternalServerException.struct_class = Types::InternalServerException
@@ -97,17 +136,33 @@ module Aws::SSOOIDC
     InvalidGrantException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     InvalidGrantException.struct_class = Types::InvalidGrantException
 
+    InvalidRedirectUriException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
+    InvalidRedirectUriException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
+    InvalidRedirectUriException.struct_class = Types::InvalidRedirectUriException
+
     InvalidRequestException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
     InvalidRequestException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     InvalidRequestException.struct_class = Types::InvalidRequestException
 
+    InvalidRequestRegionException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
+    InvalidRequestRegionException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
+    InvalidRequestRegionException.add_member(:endpoint, Shapes::ShapeRef.new(shape: Location, location_name: "endpoint"))
+    InvalidRequestRegionException.add_member(:region, Shapes::ShapeRef.new(shape: Region, location_name: "region"))
+    InvalidRequestRegionException.struct_class = Types::InvalidRequestRegionException
+
     InvalidScopeException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
     InvalidScopeException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     InvalidScopeException.struct_class = Types::InvalidScopeException
 
+    RedirectUris.member = Shapes::ShapeRef.new(shape: URI)
+
     RegisterClientRequest.add_member(:client_name, Shapes::ShapeRef.new(shape: ClientName, required: true, location_name: "clientName"))
     RegisterClientRequest.add_member(:client_type, Shapes::ShapeRef.new(shape: ClientType, required: true, location_name: "clientType"))
     RegisterClientRequest.add_member(:scopes, Shapes::ShapeRef.new(shape: Scopes, location_name: "scopes"))
+    RegisterClientRequest.add_member(:redirect_uris, Shapes::ShapeRef.new(shape: RedirectUris, location_name: "redirectUris"))
+    RegisterClientRequest.add_member(:grant_types, Shapes::ShapeRef.new(shape: GrantTypes, location_name: "grantTypes"))
+    RegisterClientRequest.add_member(:issuer_url, Shapes::ShapeRef.new(shape: URI, location_name: "issuerUrl"))
+    RegisterClientRequest.add_member(:entitled_application_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "entitledApplicationArn"))
     RegisterClientRequest.struct_class = Types::RegisterClientRequest
 
     RegisterClientResponse.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, location_name: "clientId"))
@@ -153,14 +208,16 @@ module Aws::SSOOIDC
 
       api.metadata = {
         "apiVersion" => "2019-06-10",
+        "auth" => ["aws.auth#sigv4"],
         "endpointPrefix" => "oidc",
         "jsonVersion" => "1.1",
         "protocol" => "rest-json",
+        "protocols" => ["rest-json"],
         "serviceAbbreviation" => "SSO OIDC",
         "serviceFullName" => "AWS SSO OIDC",
         "serviceId" => "SSO OIDC",
         "signatureVersion" => "v4",
-        "signingName" => "awsssooidc",
+        "signingName" => "sso-oauth",
         "uid" => "sso-oidc-2019-06-10",
       }
 
@@ -169,6 +226,7 @@ module Aws::SSOOIDC
         o.http_method = "POST"
         o.http_request_uri = "/token"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: CreateTokenRequest)
         o.output = Shapes::ShapeRef.new(shape: CreateTokenResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
@@ -184,17 +242,40 @@ module Aws::SSOOIDC
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
       end)
 
+      api.add_operation(:create_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateTokenWithIAM"
+        o.http_method = "POST"
+        o.http_request_uri = "/token?aws_iam=t"
+        o.input = Shapes::ShapeRef.new(shape: CreateTokenWithIAMRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateTokenWithIAMResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidClientException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidGrantException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedClientException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException)
+        o.errors << Shapes::ShapeRef.new(shape: AuthorizationPendingException)
+        o.errors << Shapes::ShapeRef.new(shape: SlowDownException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestRegionException)
+      end)
+
       api.add_operation(:register_client, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RegisterClient"
         o.http_method = "POST"
         o.http_request_uri = "/client/register"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: RegisterClientRequest)
         o.output = Shapes::ShapeRef.new(shape: RegisterClientResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidClientMetadataException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRedirectUriException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException)
       end)
 
       api.add_operation(:start_device_authorization, Seahorse::Model::Operation.new.tap do |o|
@@ -202,6 +283,7 @@ module Aws::SSOOIDC
         o.http_method = "POST"
         o.http_request_uri = "/device_authorization"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: StartDeviceAuthorizationRequest)
         o.output = Shapes::ShapeRef.new(shape: StartDeviceAuthorizationResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)

data/lib/aws-sdk-ssooidc/endpoint_provider.rb

@@ -14,36 +14,42 @@ module Aws::SSOOIDC
       use_dual_stack = parameters.use_dual_stack
       use_fips = parameters.use_fips
       endpoint = parameters.endpoint
-      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
-          end
-          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-        end
+      if Aws::Endpoints::Matchers.set?(endpoint)
         if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
         if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
+              if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
+                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
       raise ArgumentError, 'No endpoint could be resolved'
 
     end

data/lib/aws-sdk-ssooidc/endpoints.rb

@@ -14,42 +14,44 @@ module Aws::SSOOIDC
 
     class CreateToken
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
+        )
+      end
+    end
+
+    class CreateTokenWithIAM
+      def self.build(context)
+        Aws::SSOOIDC::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class RegisterClient
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class StartDeviceAuthorization
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end

data/lib/aws-sdk-ssooidc/errors.rb

@@ -34,7 +34,9 @@ module Aws::SSOOIDC
   # * {InvalidClientException}
   # * {InvalidClientMetadataException}
   # * {InvalidGrantException}
+  # * {InvalidRedirectUriException}
   # * {InvalidRequestException}
+  # * {InvalidRequestRegionException}
   # * {InvalidScopeException}
   # * {SlowDownException}
   # * {UnauthorizedClientException}
@@ -186,6 +188,26 @@ module Aws::SSOOIDC
       end
     end
 
+    class InvalidRedirectUriException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::SSOOIDC::Types::InvalidRedirectUriException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def error
+        @data[:error]
+      end
+
+      # @return [String]
+      def error_description
+        @data[:error_description]
+      end
+    end
+
     class InvalidRequestException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -206,6 +228,36 @@ module Aws::SSOOIDC
       end
     end
 
+    class InvalidRequestRegionException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::SSOOIDC::Types::InvalidRequestRegionException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def error
+        @data[:error]
+      end
+
+      # @return [String]
+      def error_description
+        @data[:error_description]
+      end
+
+      # @return [String]
+      def endpoint
+        @data[:endpoint]
+      end
+
+      # @return [String]
+      def region
+        @data[:region]
+      end
+    end
+
     class InvalidScopeException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-ssooidc/plugins/endpoints.rb

@@ -14,35 +14,49 @@ module Aws::SSOOIDC
       option(
         :endpoint_provider,
         doc_type: 'Aws::SSOOIDC::EndpointProvider',
-        docstring: 'The endpoint provider used to resolve endpoints. Any '\
-                   'object that responds to `#resolve_endpoint(parameters)` '\
-                   'where `parameters` is a Struct similar to '\
-                   '`Aws::SSOOIDC::EndpointParameters`'
-      ) do |cfg|
+        rbs_type: 'untyped',
+        docstring: <<~DOCS) do |_cfg|
+The endpoint provider used to resolve endpoints. Any object that responds to
+`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+`Aws::SSOOIDC::EndpointParameters`.
+        DOCS
         Aws::SSOOIDC::EndpointProvider.new
       end
 
       # @api private
       class Handler < Seahorse::Client::Handler
         def call(context)
-          # If endpoint was discovered, do not resolve or apply the endpoint.
           unless context[:discovered_endpoint]
             params = parameters_for_operation(context)
             endpoint = context.config.endpoint_provider.resolve_endpoint(params)
 
             context.http_request.endpoint = endpoint.url
             apply_endpoint_headers(context, endpoint.headers)
+
+            context[:endpoint_params] = params
+            context[:endpoint_properties] = endpoint.properties
           end
 
-          context[:endpoint_params] = params
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
-          @handler.call(context)
+          with_metrics(context) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(context, &block)
+          metrics = []
+          metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
+          if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
+            metrics << 'SIGV4A_SIGNING'
+          end
+          if context.config.credentials&.credentials&.account_id
+            metrics << 'RESOLVED_ACCOUNT_ID'
+          end
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
         def apply_endpoint_headers(context, headers)
           headers.each do |key, values|
             value = values
@@ -58,6 +72,8 @@ module Aws::SSOOIDC
           case context.operation_name
           when :create_token
             Aws::SSOOIDC::Endpoints::CreateToken.build(context)
+          when :create_token_with_iam
+            Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context)
           when :register_client
             Aws::SSOOIDC::Endpoints::RegisterClient.build(context)
           when :start_device_authorization