aws-sdk-core 3.185.0 → 3.187.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -388,61 +388,64 @@ module Aws::SSOOIDC
388
388
 
389
389
  # @!group API Operations
390
390
 
391
- # Creates and returns an access token for the authorized client. The
392
- # access token issued will be used to fetch short-term credentials for
393
- # the assigned roles in the AWS account.
391
+ # Creates and returns access and refresh tokens for clients that are
392
+ # authenticated using client secrets. The access token can be used to
393
+ # fetch short-term credentials for the assigned AWS accounts or to
394
+ # access application APIs using `bearer` authentication.
394
395
  #
395
396
  # @option params [required, String] :client_id
396
- # The unique identifier string for each client. This value should come
397
- # from the persisted result of the RegisterClient API.
397
+ # The unique identifier string for the client or application. This value
398
+ # comes from the result of the RegisterClient API.
398
399
  #
399
400
  # @option params [required, String] :client_secret
400
401
  # A secret string generated for the client. This value should come from
401
402
  # the persisted result of the RegisterClient API.
402
403
  #
403
404
  # @option params [required, String] :grant_type
404
- # Supports grant types for the authorization code, refresh token, and
405
- # device code request. For device code requests, specify the following
406
- # value:
405
+ # Supports the following OAuth grant types: Device Code and Refresh
406
+ # Token. Specify either of the following values, depending on the grant
407
+ # type that you want:
407
408
  #
408
- # `urn:ietf:params:oauth:grant-type:device_code `
409
+ # * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
410
+ #
411
+ # * Refresh Token - `refresh_token`
409
412
  #
410
413
  # For information about how to obtain the device code, see the
411
414
  # StartDeviceAuthorization topic.
412
415
  #
413
416
  # @option params [String] :device_code
414
- # Used only when calling this API for the device code grant type. This
415
- # short-term code is used to identify this authentication attempt. This
416
- # should come from an in-memory reference to the result of the
417
- # StartDeviceAuthorization API.
417
+ # Used only when calling this API for the Device Code grant type. This
418
+ # short-term code is used to identify this authorization request. This
419
+ # comes from the result of the StartDeviceAuthorization API.
418
420
  #
419
421
  # @option params [String] :code
420
- # The authorization code received from the authorization service. This
421
- # parameter is required to perform an authorization grant request to get
422
- # access to a token.
422
+ # Used only when calling this API for the Authorization Code grant type.
423
+ # The short-term code is used to identify this authorization request.
424
+ # This grant type is currently unsupported for the CreateToken API.
423
425
  #
424
426
  # @option params [String] :refresh_token
425
- # Currently, `refreshToken` is not yet implemented and is not supported.
427
+ # Used only when calling this API for the Refresh Token grant type. This
428
+ # token is used to refresh short-term tokens, such as the access token,
429
+ # that might expire.
430
+ #
426
431
  # For more information about the features and limitations of the current
427
432
  # IAM Identity Center OIDC implementation, see *Considerations for Using
428
433
  # this Guide* in the [IAM Identity Center OIDC API Reference][1].
429
434
  #
430
- # The token used to obtain an access token in the event that the access
431
- # token is invalid or expired.
432
- #
433
435
  #
434
436
  #
435
437
  # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
436
438
  #
437
439
  # @option params [Array<String>] :scope
438
- # The list of scopes that is defined by the client. Upon authorization,
439
- # this list is used to restrict permissions when granting an access
440
- # token.
440
+ # The list of scopes for which authorization is requested. The access
441
+ # token that is issued is limited to the scopes that are granted. If
442
+ # this value is not specified, IAM Identity Center authorizes all scopes
443
+ # that are configured for the client during the call to RegisterClient.
441
444
  #
442
445
  # @option params [String] :redirect_uri
443
- # The location of the application that will receive the authorization
444
- # code. Users authorize the service to send the request to this
445
- # location.
446
+ # Used only when calling this API for the Authorization Code grant type.
447
+ # This value specifies the location of the client or application that
448
+ # has registered to receive the authorization code.
446
449
  #
447
450
  # @return [Types::CreateTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
448
451
  #
@@ -452,6 +455,44 @@ module Aws::SSOOIDC
452
455
  # * {Types::CreateTokenResponse#refresh_token #refresh_token} => String
453
456
  # * {Types::CreateTokenResponse#id_token #id_token} => String
454
457
  #
458
+ #
459
+ # @example Example: Call OAuth/OIDC /token endpoint for Device Code grant with Secret authentication
460
+ #
461
+ # resp = client.create_token({
462
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
463
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
464
+ # device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
465
+ # grant_type: "urn:ietf:params:oauth:grant-type:device-code",
466
+ # })
467
+ #
468
+ # resp.to_h outputs the following:
469
+ # {
470
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
471
+ # expires_in: 1579729529,
472
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
473
+ # token_type: "Bearer",
474
+ # }
475
+ #
476
+ # @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication
477
+ #
478
+ # resp = client.create_token({
479
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
480
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
481
+ # grant_type: "refresh_token",
482
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
483
+ # scope: [
484
+ # "codewhisperer:completions",
485
+ # ],
486
+ # })
487
+ #
488
+ # resp.to_h outputs the following:
489
+ # {
490
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
491
+ # expires_in: 1579729529,
492
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
493
+ # token_type: "Bearer",
494
+ # }
495
+ #
455
496
  # @example Request syntax with placeholder values
456
497
  #
457
498
  # resp = client.create_token({
@@ -482,6 +523,234 @@ module Aws::SSOOIDC
482
523
  req.send_request(options)
483
524
  end
484
525
 
526
+ # Creates and returns access and refresh tokens for clients and
527
+ # applications that are authenticated using IAM entities. The access
528
+ # token can be used to fetch short-term credentials for the assigned AWS
529
+ # accounts or to access application APIs using `bearer` authentication.
530
+ #
531
+ # @option params [required, String] :client_id
532
+ # The unique identifier string for the client or application. This value
533
+ # is an application ARN that has OAuth grants configured.
534
+ #
535
+ # @option params [required, String] :grant_type
536
+ # Supports the following OAuth grant types: Authorization Code, Refresh
537
+ # Token, JWT Bearer, and Token Exchange. Specify one of the following
538
+ # values, depending on the grant type that you want:
539
+ #
540
+ # * Authorization Code - `authorization_code`
541
+ #
542
+ # * Refresh Token - `refresh_token`
543
+ #
544
+ # * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer`
545
+ #
546
+ # * Token Exchange - `urn:ietf:params:oauth:grant-type:token-exchange`
547
+ #
548
+ # @option params [String] :code
549
+ # Used only when calling this API for the Authorization Code grant type.
550
+ # This short-term code is used to identify this authorization request.
551
+ # The code is obtained through a redirect from IAM Identity Center to a
552
+ # redirect URI persisted in the Authorization Code GrantOptions for the
553
+ # application.
554
+ #
555
+ # @option params [String] :refresh_token
556
+ # Used only when calling this API for the Refresh Token grant type. This
557
+ # token is used to refresh short-term tokens, such as the access token,
558
+ # that might expire.
559
+ #
560
+ # For more information about the features and limitations of the current
561
+ # IAM Identity Center OIDC implementation, see *Considerations for Using
562
+ # this Guide* in the [IAM Identity Center OIDC API Reference][1].
563
+ #
564
+ #
565
+ #
566
+ # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
567
+ #
568
+ # @option params [String] :assertion
569
+ # Used only when calling this API for the JWT Bearer grant type. This
570
+ # value specifies the JSON Web Token (JWT) issued by a trusted token
571
+ # issuer. To authorize a trusted token issuer, configure the JWT Bearer
572
+ # GrantOptions for the application.
573
+ #
574
+ # @option params [Array<String>] :scope
575
+ # The list of scopes for which authorization is requested. The access
576
+ # token that is issued is limited to the scopes that are granted. If the
577
+ # value is not specified, IAM Identity Center authorizes all scopes
578
+ # configured for the application, including the following default
579
+ # scopes: `openid`, `aws`, `sts:identity_context`.
580
+ #
581
+ # @option params [String] :redirect_uri
582
+ # Used only when calling this API for the Authorization Code grant type.
583
+ # This value specifies the location of the client or application that
584
+ # has registered to receive the authorization code.
585
+ #
586
+ # @option params [String] :subject_token
587
+ # Used only when calling this API for the Token Exchange grant type.
588
+ # This value specifies the subject of the exchange. The value of the
589
+ # subject token must be an access token issued by IAM Identity Center to
590
+ # a different client or application. The access token must have
591
+ # authorized scopes that indicate the requested application as a target
592
+ # audience.
593
+ #
594
+ # @option params [String] :subject_token_type
595
+ # Used only when calling this API for the Token Exchange grant type.
596
+ # This value specifies the type of token that is passed as the subject
597
+ # of the exchange. The following value is supported:
598
+ #
599
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
600
+ #
601
+ # @option params [String] :requested_token_type
602
+ # Used only when calling this API for the Token Exchange grant type.
603
+ # This value specifies the type of token that the requester can receive.
604
+ # The following values are supported:
605
+ #
606
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
607
+ #
608
+ # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
609
+ #
610
+ # @return [Types::CreateTokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
611
+ #
612
+ # * {Types::CreateTokenWithIAMResponse#access_token #access_token} => String
613
+ # * {Types::CreateTokenWithIAMResponse#token_type #token_type} => String
614
+ # * {Types::CreateTokenWithIAMResponse#expires_in #expires_in} => Integer
615
+ # * {Types::CreateTokenWithIAMResponse#refresh_token #refresh_token} => String
616
+ # * {Types::CreateTokenWithIAMResponse#id_token #id_token} => String
617
+ # * {Types::CreateTokenWithIAMResponse#issued_token_type #issued_token_type} => String
618
+ # * {Types::CreateTokenWithIAMResponse#scope #scope} => Array&lt;String&gt;
619
+ #
620
+ #
621
+ # @example Example: Call OAuth/OIDC /token endpoint for Authorization Code grant with IAM authentication
622
+ #
623
+ # resp = client.create_token_with_iam({
624
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
625
+ # code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE",
626
+ # grant_type: "authorization_code",
627
+ # redirect_uri: "https://mywebapp.example/redirect",
628
+ # scope: [
629
+ # "openid",
630
+ # "aws",
631
+ # "sts:identity_context",
632
+ # ],
633
+ # })
634
+ #
635
+ # resp.to_h outputs the following:
636
+ # {
637
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
638
+ # expires_in: 1579729529,
639
+ # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
640
+ # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
641
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
642
+ # scope: [
643
+ # "openid",
644
+ # "aws",
645
+ # "sts:identity_context",
646
+ # ],
647
+ # token_type: "Bearer",
648
+ # }
649
+ #
650
+ # @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with IAM authentication
651
+ #
652
+ # resp = client.create_token_with_iam({
653
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
654
+ # grant_type: "refresh_token",
655
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
656
+ # })
657
+ #
658
+ # resp.to_h outputs the following:
659
+ # {
660
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
661
+ # expires_in: 1579729529,
662
+ # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
663
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
664
+ # scope: [
665
+ # "openid",
666
+ # "aws",
667
+ # "sts:identity_context",
668
+ # ],
669
+ # token_type: "Bearer",
670
+ # }
671
+ #
672
+ # @example Example: Call OAuth/OIDC /token endpoint for JWT Bearer grant with IAM authentication
673
+ #
674
+ # resp = client.create_token_with_iam({
675
+ # assertion: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw",
676
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
677
+ # grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
678
+ # })
679
+ #
680
+ # resp.to_h outputs the following:
681
+ # {
682
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
683
+ # expires_in: 1579729529,
684
+ # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
685
+ # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
686
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
687
+ # scope: [
688
+ # "openid",
689
+ # "aws",
690
+ # "sts:identity_context",
691
+ # ],
692
+ # token_type: "Bearer",
693
+ # }
694
+ #
695
+ # @example Example: Call OAuth/OIDC /token endpoint for Token Exchange grant with IAM authentication
696
+ #
697
+ # resp = client.create_token_with_iam({
698
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
699
+ # grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
700
+ # requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
701
+ # subject_token: "aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN",
702
+ # subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
703
+ # })
704
+ #
705
+ # resp.to_h outputs the following:
706
+ # {
707
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
708
+ # expires_in: 1579729529,
709
+ # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM",
710
+ # issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
711
+ # scope: [
712
+ # "openid",
713
+ # "aws",
714
+ # "sts:identity_context",
715
+ # ],
716
+ # token_type: "Bearer",
717
+ # }
718
+ #
719
+ # @example Request syntax with placeholder values
720
+ #
721
+ # resp = client.create_token_with_iam({
722
+ # client_id: "ClientId", # required
723
+ # grant_type: "GrantType", # required
724
+ # code: "AuthCode",
725
+ # refresh_token: "RefreshToken",
726
+ # assertion: "Assertion",
727
+ # scope: ["Scope"],
728
+ # redirect_uri: "URI",
729
+ # subject_token: "SubjectToken",
730
+ # subject_token_type: "TokenTypeURI",
731
+ # requested_token_type: "TokenTypeURI",
732
+ # })
733
+ #
734
+ # @example Response structure
735
+ #
736
+ # resp.access_token #=> String
737
+ # resp.token_type #=> String
738
+ # resp.expires_in #=> Integer
739
+ # resp.refresh_token #=> String
740
+ # resp.id_token #=> String
741
+ # resp.issued_token_type #=> String
742
+ # resp.scope #=> Array
743
+ # resp.scope[0] #=> String
744
+ #
745
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM AWS API Documentation
746
+ #
747
+ # @overload create_token_with_iam(params = {})
748
+ # @param [Hash] params ({})
749
+ def create_token_with_iam(params = {}, options = {})
750
+ req = build_request(:create_token_with_iam, params)
751
+ req.send_request(options)
752
+ end
753
+
485
754
  # Registers a client with IAM Identity Center. This allows clients to
486
755
  # initiate device authorization. The output should be persisted for
487
756
  # reuse through many authentication requests.
@@ -507,6 +776,26 @@ module Aws::SSOOIDC
507
776
  # * {Types::RegisterClientResponse#authorization_endpoint #authorization_endpoint} => String
508
777
  # * {Types::RegisterClientResponse#token_endpoint #token_endpoint} => String
509
778
  #
779
+ #
780
+ # @example Example: Call OAuth/OIDC /register-client endpoint
781
+ #
782
+ # resp = client.register_client({
783
+ # client_name: "My IDE Plugin",
784
+ # client_type: "public",
785
+ # scopes: [
786
+ # "sso:account:access",
787
+ # "codewhisperer:completions",
788
+ # ],
789
+ # })
790
+ #
791
+ # resp.to_h outputs the following:
792
+ # {
793
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
794
+ # client_id_issued_at: 1579725929,
795
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
796
+ # client_secret_expires_at: 1587584729,
797
+ # }
798
+ #
510
799
  # @example Request syntax with placeholder values
511
800
  #
512
801
  # resp = client.register_client({
@@ -546,8 +835,9 @@ module Aws::SSOOIDC
546
835
  # come from the persisted result of the RegisterClient API operation.
547
836
  #
548
837
  # @option params [required, String] :start_url
549
- # The URL for the AWS access portal. For more information, see [Using
550
- # the AWS access portal][1] in the *IAM Identity Center User Guide*.
838
+ # The URL for the Amazon Web Services access portal. For more
839
+ # information, see [Using the Amazon Web Services access portal][1] in
840
+ # the *IAM Identity Center User Guide*.
551
841
  #
552
842
  #
553
843
  #
@@ -562,6 +852,25 @@ module Aws::SSOOIDC
562
852
  # * {Types::StartDeviceAuthorizationResponse#expires_in #expires_in} => Integer
563
853
  # * {Types::StartDeviceAuthorizationResponse#interval #interval} => Integer
564
854
  #
855
+ #
856
+ # @example Example: Call OAuth/OIDC /start-device-authorization endpoint
857
+ #
858
+ # resp = client.start_device_authorization({
859
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
860
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
861
+ # start_url: "https://identitycenter.amazonaws.com/ssoins-111111111111",
862
+ # })
863
+ #
864
+ # resp.to_h outputs the following:
865
+ # {
866
+ # device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
867
+ # expires_in: 1579729529,
868
+ # interval: 1,
869
+ # user_code: "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
870
+ # verification_uri: "https://device.sso.us-west-2.amazonaws.com",
871
+ # verification_uri_complete: "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
872
+ # }
873
+ #
565
874
  # @example Request syntax with placeholder values
566
875
  #
567
876
  # resp = client.start_device_authorization({
@@ -601,7 +910,7 @@ module Aws::SSOOIDC
601
910
  params: params,
602
911
  config: config)
603
912
  context[:gem_name] = 'aws-sdk-core'
604
- context[:gem_version] = '3.185.0'
913
+ context[:gem_version] = '3.187.1'
605
914
  Seahorse::Client::Request.new(handlers, context)
606
915
  end
607
916
 
@@ -15,6 +15,7 @@ module Aws::SSOOIDC
15
15
 
16
16
  AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
17
17
  AccessToken = Shapes::StringShape.new(name: 'AccessToken')
18
+ Assertion = Shapes::StringShape.new(name: 'Assertion')
18
19
  AuthCode = Shapes::StringShape.new(name: 'AuthCode')
19
20
  AuthorizationPendingException = Shapes::StructureShape.new(name: 'AuthorizationPendingException')
20
21
  ClientId = Shapes::StringShape.new(name: 'ClientId')
@@ -23,6 +24,8 @@ module Aws::SSOOIDC
23
24
  ClientType = Shapes::StringShape.new(name: 'ClientType')
24
25
  CreateTokenRequest = Shapes::StructureShape.new(name: 'CreateTokenRequest')
25
26
  CreateTokenResponse = Shapes::StructureShape.new(name: 'CreateTokenResponse')
27
+ CreateTokenWithIAMRequest = Shapes::StructureShape.new(name: 'CreateTokenWithIAMRequest')
28
+ CreateTokenWithIAMResponse = Shapes::StructureShape.new(name: 'CreateTokenWithIAMResponse')
26
29
  DeviceCode = Shapes::StringShape.new(name: 'DeviceCode')
27
30
  Error = Shapes::StringShape.new(name: 'Error')
28
31
  ErrorDescription = Shapes::StringShape.new(name: 'ErrorDescription')
@@ -36,9 +39,12 @@ module Aws::SSOOIDC
36
39
  InvalidClientMetadataException = Shapes::StructureShape.new(name: 'InvalidClientMetadataException')
37
40
  InvalidGrantException = Shapes::StructureShape.new(name: 'InvalidGrantException')
38
41
  InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
42
+ InvalidRequestRegionException = Shapes::StructureShape.new(name: 'InvalidRequestRegionException')
39
43
  InvalidScopeException = Shapes::StructureShape.new(name: 'InvalidScopeException')
44
+ Location = Shapes::StringShape.new(name: 'Location')
40
45
  LongTimeStampType = Shapes::IntegerShape.new(name: 'LongTimeStampType')
41
46
  RefreshToken = Shapes::StringShape.new(name: 'RefreshToken')
47
+ Region = Shapes::StringShape.new(name: 'Region')
42
48
  RegisterClientRequest = Shapes::StructureShape.new(name: 'RegisterClientRequest')
43
49
  RegisterClientResponse = Shapes::StructureShape.new(name: 'RegisterClientResponse')
44
50
  Scope = Shapes::StringShape.new(name: 'Scope')
@@ -46,7 +52,9 @@ module Aws::SSOOIDC
46
52
  SlowDownException = Shapes::StructureShape.new(name: 'SlowDownException')
47
53
  StartDeviceAuthorizationRequest = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationRequest')
48
54
  StartDeviceAuthorizationResponse = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationResponse')
55
+ SubjectToken = Shapes::StringShape.new(name: 'SubjectToken')
49
56
  TokenType = Shapes::StringShape.new(name: 'TokenType')
57
+ TokenTypeURI = Shapes::StringShape.new(name: 'TokenTypeURI')
50
58
  URI = Shapes::StringShape.new(name: 'URI')
51
59
  UnauthorizedClientException = Shapes::StructureShape.new(name: 'UnauthorizedClientException')
52
60
  UnsupportedGrantTypeException = Shapes::StructureShape.new(name: 'UnsupportedGrantTypeException')
@@ -77,6 +85,27 @@ module Aws::SSOOIDC
77
85
  CreateTokenResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
78
86
  CreateTokenResponse.struct_class = Types::CreateTokenResponse
79
87
 
88
+ CreateTokenWithIAMRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, required: true, location_name: "clientId"))
89
+ CreateTokenWithIAMRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: GrantType, required: true, location_name: "grantType"))
90
+ CreateTokenWithIAMRequest.add_member(:code, Shapes::ShapeRef.new(shape: AuthCode, location_name: "code"))
91
+ CreateTokenWithIAMRequest.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
92
+ CreateTokenWithIAMRequest.add_member(:assertion, Shapes::ShapeRef.new(shape: Assertion, location_name: "assertion"))
93
+ CreateTokenWithIAMRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
94
+ CreateTokenWithIAMRequest.add_member(:redirect_uri, Shapes::ShapeRef.new(shape: URI, location_name: "redirectUri"))
95
+ CreateTokenWithIAMRequest.add_member(:subject_token, Shapes::ShapeRef.new(shape: SubjectToken, location_name: "subjectToken"))
96
+ CreateTokenWithIAMRequest.add_member(:subject_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "subjectTokenType"))
97
+ CreateTokenWithIAMRequest.add_member(:requested_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "requestedTokenType"))
98
+ CreateTokenWithIAMRequest.struct_class = Types::CreateTokenWithIAMRequest
99
+
100
+ CreateTokenWithIAMResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessToken, location_name: "accessToken"))
101
+ CreateTokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: TokenType, location_name: "tokenType"))
102
+ CreateTokenWithIAMResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: ExpirationInSeconds, location_name: "expiresIn"))
103
+ CreateTokenWithIAMResponse.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
104
+ CreateTokenWithIAMResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
105
+ CreateTokenWithIAMResponse.add_member(:issued_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "issuedTokenType"))
106
+ CreateTokenWithIAMResponse.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
107
+ CreateTokenWithIAMResponse.struct_class = Types::CreateTokenWithIAMResponse
108
+
80
109
  ExpiredTokenException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
81
110
  ExpiredTokenException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
82
111
  ExpiredTokenException.struct_class = Types::ExpiredTokenException
@@ -101,6 +130,12 @@ module Aws::SSOOIDC
101
130
  InvalidRequestException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
102
131
  InvalidRequestException.struct_class = Types::InvalidRequestException
103
132
 
133
+ InvalidRequestRegionException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
134
+ InvalidRequestRegionException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
135
+ InvalidRequestRegionException.add_member(:endpoint, Shapes::ShapeRef.new(shape: Location, location_name: "endpoint"))
136
+ InvalidRequestRegionException.add_member(:region, Shapes::ShapeRef.new(shape: Region, location_name: "region"))
137
+ InvalidRequestRegionException.struct_class = Types::InvalidRequestRegionException
138
+
104
139
  InvalidScopeException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
105
140
  InvalidScopeException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
106
141
  InvalidScopeException.struct_class = Types::InvalidScopeException
@@ -160,7 +195,7 @@ module Aws::SSOOIDC
160
195
  "serviceFullName" => "AWS SSO OIDC",
161
196
  "serviceId" => "SSO OIDC",
162
197
  "signatureVersion" => "v4",
163
- "signingName" => "awsssooidc",
198
+ "signingName" => "sso-oauth",
164
199
  "uid" => "sso-oidc-2019-06-10",
165
200
  }
166
201
 
@@ -184,6 +219,26 @@ module Aws::SSOOIDC
184
219
  o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
185
220
  end)
186
221
 
222
+ api.add_operation(:create_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
223
+ o.name = "CreateTokenWithIAM"
224
+ o.http_method = "POST"
225
+ o.http_request_uri = "/token?aws_iam=t"
226
+ o.input = Shapes::ShapeRef.new(shape: CreateTokenWithIAMRequest)
227
+ o.output = Shapes::ShapeRef.new(shape: CreateTokenWithIAMResponse)
228
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
229
+ o.errors << Shapes::ShapeRef.new(shape: InvalidClientException)
230
+ o.errors << Shapes::ShapeRef.new(shape: InvalidGrantException)
231
+ o.errors << Shapes::ShapeRef.new(shape: UnauthorizedClientException)
232
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException)
233
+ o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException)
234
+ o.errors << Shapes::ShapeRef.new(shape: AuthorizationPendingException)
235
+ o.errors << Shapes::ShapeRef.new(shape: SlowDownException)
236
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
237
+ o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException)
238
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
239
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestRegionException)
240
+ end)
241
+
187
242
  api.add_operation(:register_client, Seahorse::Model::Operation.new.tap do |o|
188
243
  o.name = "RegisterClient"
189
244
  o.http_method = "POST"
@@ -32,8 +32,8 @@ module Aws::SSOOIDC
32
32
  raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
33
33
  end
34
34
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
35
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
36
- if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
35
+ if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
36
+ if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
37
37
  return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {})
38
38
  end
39
39
  return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
@@ -26,6 +26,20 @@ module Aws::SSOOIDC
26
26
  end
27
27
  end
28
28
 
29
+ class CreateTokenWithIAM
30
+ def self.build(context)
31
+ unless context.config.regional_endpoint
32
+ endpoint = context.config.endpoint.to_s
33
+ end
34
+ Aws::SSOOIDC::EndpointParameters.new(
35
+ region: context.config.region,
36
+ use_dual_stack: context.config.use_dualstack_endpoint,
37
+ use_fips: context.config.use_fips_endpoint,
38
+ endpoint: endpoint,
39
+ )
40
+ end
41
+ end
42
+
29
43
  class RegisterClient
30
44
  def self.build(context)
31
45
  unless context.config.regional_endpoint
@@ -35,6 +35,7 @@ module Aws::SSOOIDC
35
35
  # * {InvalidClientMetadataException}
36
36
  # * {InvalidGrantException}
37
37
  # * {InvalidRequestException}
38
+ # * {InvalidRequestRegionException}
38
39
  # * {InvalidScopeException}
39
40
  # * {SlowDownException}
40
41
  # * {UnauthorizedClientException}
@@ -206,6 +207,36 @@ module Aws::SSOOIDC
206
207
  end
207
208
  end
208
209
 
210
+ class InvalidRequestRegionException < ServiceError
211
+
212
+ # @param [Seahorse::Client::RequestContext] context
213
+ # @param [String] message
214
+ # @param [Aws::SSOOIDC::Types::InvalidRequestRegionException] data
215
+ def initialize(context, message, data = Aws::EmptyStructure.new)
216
+ super(context, message, data)
217
+ end
218
+
219
+ # @return [String]
220
+ def error
221
+ @data[:error]
222
+ end
223
+
224
+ # @return [String]
225
+ def error_description
226
+ @data[:error_description]
227
+ end
228
+
229
+ # @return [String]
230
+ def endpoint
231
+ @data[:endpoint]
232
+ end
233
+
234
+ # @return [String]
235
+ def region
236
+ @data[:region]
237
+ end
238
+ end
239
+
209
240
  class InvalidScopeException < ServiceError
210
241
 
211
242
  # @param [Seahorse::Client::RequestContext] context
@@ -58,6 +58,8 @@ module Aws::SSOOIDC
58
58
  case context.operation_name
59
59
  when :create_token
60
60
  Aws::SSOOIDC::Endpoints::CreateToken.build(context)
61
+ when :create_token_with_iam
62
+ Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context)
61
63
  when :register_client
62
64
  Aws::SSOOIDC::Endpoints::RegisterClient.build(context)
63
65
  when :start_device_authorization