aws-sdk-core 3.185.0 → 3.187.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +52 -30
- data/lib/aws-sdk-core/json/handler.rb +8 -1
- data/lib/aws-sdk-core/json/parser.rb +27 -2
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +43 -29
- data/lib/aws-sdk-core/shared_config.rb +1 -0
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +338 -29
- data/lib/aws-sdk-ssooidc/client_api.rb +56 -1
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-ssooidc/endpoints.rb +14 -0
- data/lib/aws-sdk-ssooidc/errors.rb +31 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +2 -0
- data/lib/aws-sdk-ssooidc/types.rb +302 -49
- data/lib/aws-sdk-ssooidc.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +10 -2
- data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-sts/types.rb +18 -4
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
@@ -388,61 +388,64 @@ module Aws::SSOOIDC
|
|
388
388
|
|
389
389
|
# @!group API Operations
|
390
390
|
|
391
|
-
# Creates and returns
|
392
|
-
# access token
|
393
|
-
#
|
391
|
+
# Creates and returns access and refresh tokens for clients that are
|
392
|
+
# authenticated using client secrets. The access token can be used to
|
393
|
+
# fetch short-term credentials for the assigned AWS accounts or to
|
394
|
+
# access application APIs using `bearer` authentication.
|
394
395
|
#
|
395
396
|
# @option params [required, String] :client_id
|
396
|
-
# The unique identifier string for
|
397
|
-
# from the
|
397
|
+
# The unique identifier string for the client or application. This value
|
398
|
+
# comes from the result of the RegisterClient API.
|
398
399
|
#
|
399
400
|
# @option params [required, String] :client_secret
|
400
401
|
# A secret string generated for the client. This value should come from
|
401
402
|
# the persisted result of the RegisterClient API.
|
402
403
|
#
|
403
404
|
# @option params [required, String] :grant_type
|
404
|
-
# Supports
|
405
|
-
#
|
406
|
-
#
|
405
|
+
# Supports the following OAuth grant types: Device Code and Refresh
|
406
|
+
# Token. Specify either of the following values, depending on the grant
|
407
|
+
# type that you want:
|
407
408
|
#
|
408
|
-
# `urn:ietf:params:oauth:grant-type:device_code
|
409
|
+
# * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
|
410
|
+
#
|
411
|
+
# * Refresh Token - `refresh_token`
|
409
412
|
#
|
410
413
|
# For information about how to obtain the device code, see the
|
411
414
|
# StartDeviceAuthorization topic.
|
412
415
|
#
|
413
416
|
# @option params [String] :device_code
|
414
|
-
# Used only when calling this API for the
|
415
|
-
# short-term code is used to identify this
|
416
|
-
#
|
417
|
-
# StartDeviceAuthorization API.
|
417
|
+
# Used only when calling this API for the Device Code grant type. This
|
418
|
+
# short-term code is used to identify this authorization request. This
|
419
|
+
# comes from the result of the StartDeviceAuthorization API.
|
418
420
|
#
|
419
421
|
# @option params [String] :code
|
420
|
-
#
|
421
|
-
#
|
422
|
-
#
|
422
|
+
# Used only when calling this API for the Authorization Code grant type.
|
423
|
+
# The short-term code is used to identify this authorization request.
|
424
|
+
# This grant type is currently unsupported for the CreateToken API.
|
423
425
|
#
|
424
426
|
# @option params [String] :refresh_token
|
425
|
-
#
|
427
|
+
# Used only when calling this API for the Refresh Token grant type. This
|
428
|
+
# token is used to refresh short-term tokens, such as the access token,
|
429
|
+
# that might expire.
|
430
|
+
#
|
426
431
|
# For more information about the features and limitations of the current
|
427
432
|
# IAM Identity Center OIDC implementation, see *Considerations for Using
|
428
433
|
# this Guide* in the [IAM Identity Center OIDC API Reference][1].
|
429
434
|
#
|
430
|
-
# The token used to obtain an access token in the event that the access
|
431
|
-
# token is invalid or expired.
|
432
|
-
#
|
433
435
|
#
|
434
436
|
#
|
435
437
|
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
436
438
|
#
|
437
439
|
# @option params [Array<String>] :scope
|
438
|
-
# The list of scopes
|
439
|
-
#
|
440
|
-
#
|
440
|
+
# The list of scopes for which authorization is requested. The access
|
441
|
+
# token that is issued is limited to the scopes that are granted. If
|
442
|
+
# this value is not specified, IAM Identity Center authorizes all scopes
|
443
|
+
# that are configured for the client during the call to RegisterClient.
|
441
444
|
#
|
442
445
|
# @option params [String] :redirect_uri
|
443
|
-
#
|
444
|
-
#
|
445
|
-
#
|
446
|
+
# Used only when calling this API for the Authorization Code grant type.
|
447
|
+
# This value specifies the location of the client or application that
|
448
|
+
# has registered to receive the authorization code.
|
446
449
|
#
|
447
450
|
# @return [Types::CreateTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
448
451
|
#
|
@@ -452,6 +455,44 @@ module Aws::SSOOIDC
|
|
452
455
|
# * {Types::CreateTokenResponse#refresh_token #refresh_token} => String
|
453
456
|
# * {Types::CreateTokenResponse#id_token #id_token} => String
|
454
457
|
#
|
458
|
+
#
|
459
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Device Code grant with Secret authentication
|
460
|
+
#
|
461
|
+
# resp = client.create_token({
|
462
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
463
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
464
|
+
# device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
|
465
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:device-code",
|
466
|
+
# })
|
467
|
+
#
|
468
|
+
# resp.to_h outputs the following:
|
469
|
+
# {
|
470
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
471
|
+
# expires_in: 1579729529,
|
472
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
473
|
+
# token_type: "Bearer",
|
474
|
+
# }
|
475
|
+
#
|
476
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication
|
477
|
+
#
|
478
|
+
# resp = client.create_token({
|
479
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
480
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
481
|
+
# grant_type: "refresh_token",
|
482
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
483
|
+
# scope: [
|
484
|
+
# "codewhisperer:completions",
|
485
|
+
# ],
|
486
|
+
# })
|
487
|
+
#
|
488
|
+
# resp.to_h outputs the following:
|
489
|
+
# {
|
490
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
491
|
+
# expires_in: 1579729529,
|
492
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
493
|
+
# token_type: "Bearer",
|
494
|
+
# }
|
495
|
+
#
|
455
496
|
# @example Request syntax with placeholder values
|
456
497
|
#
|
457
498
|
# resp = client.create_token({
|
@@ -482,6 +523,234 @@ module Aws::SSOOIDC
|
|
482
523
|
req.send_request(options)
|
483
524
|
end
|
484
525
|
|
526
|
+
# Creates and returns access and refresh tokens for clients and
|
527
|
+
# applications that are authenticated using IAM entities. The access
|
528
|
+
# token can be used to fetch short-term credentials for the assigned AWS
|
529
|
+
# accounts or to access application APIs using `bearer` authentication.
|
530
|
+
#
|
531
|
+
# @option params [required, String] :client_id
|
532
|
+
# The unique identifier string for the client or application. This value
|
533
|
+
# is an application ARN that has OAuth grants configured.
|
534
|
+
#
|
535
|
+
# @option params [required, String] :grant_type
|
536
|
+
# Supports the following OAuth grant types: Authorization Code, Refresh
|
537
|
+
# Token, JWT Bearer, and Token Exchange. Specify one of the following
|
538
|
+
# values, depending on the grant type that you want:
|
539
|
+
#
|
540
|
+
# * Authorization Code - `authorization_code`
|
541
|
+
#
|
542
|
+
# * Refresh Token - `refresh_token`
|
543
|
+
#
|
544
|
+
# * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer`
|
545
|
+
#
|
546
|
+
# * Token Exchange - `urn:ietf:params:oauth:grant-type:token-exchange`
|
547
|
+
#
|
548
|
+
# @option params [String] :code
|
549
|
+
# Used only when calling this API for the Authorization Code grant type.
|
550
|
+
# This short-term code is used to identify this authorization request.
|
551
|
+
# The code is obtained through a redirect from IAM Identity Center to a
|
552
|
+
# redirect URI persisted in the Authorization Code GrantOptions for the
|
553
|
+
# application.
|
554
|
+
#
|
555
|
+
# @option params [String] :refresh_token
|
556
|
+
# Used only when calling this API for the Refresh Token grant type. This
|
557
|
+
# token is used to refresh short-term tokens, such as the access token,
|
558
|
+
# that might expire.
|
559
|
+
#
|
560
|
+
# For more information about the features and limitations of the current
|
561
|
+
# IAM Identity Center OIDC implementation, see *Considerations for Using
|
562
|
+
# this Guide* in the [IAM Identity Center OIDC API Reference][1].
|
563
|
+
#
|
564
|
+
#
|
565
|
+
#
|
566
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
567
|
+
#
|
568
|
+
# @option params [String] :assertion
|
569
|
+
# Used only when calling this API for the JWT Bearer grant type. This
|
570
|
+
# value specifies the JSON Web Token (JWT) issued by a trusted token
|
571
|
+
# issuer. To authorize a trusted token issuer, configure the JWT Bearer
|
572
|
+
# GrantOptions for the application.
|
573
|
+
#
|
574
|
+
# @option params [Array<String>] :scope
|
575
|
+
# The list of scopes for which authorization is requested. The access
|
576
|
+
# token that is issued is limited to the scopes that are granted. If the
|
577
|
+
# value is not specified, IAM Identity Center authorizes all scopes
|
578
|
+
# configured for the application, including the following default
|
579
|
+
# scopes: `openid`, `aws`, `sts:identity_context`.
|
580
|
+
#
|
581
|
+
# @option params [String] :redirect_uri
|
582
|
+
# Used only when calling this API for the Authorization Code grant type.
|
583
|
+
# This value specifies the location of the client or application that
|
584
|
+
# has registered to receive the authorization code.
|
585
|
+
#
|
586
|
+
# @option params [String] :subject_token
|
587
|
+
# Used only when calling this API for the Token Exchange grant type.
|
588
|
+
# This value specifies the subject of the exchange. The value of the
|
589
|
+
# subject token must be an access token issued by IAM Identity Center to
|
590
|
+
# a different client or application. The access token must have
|
591
|
+
# authorized scopes that indicate the requested application as a target
|
592
|
+
# audience.
|
593
|
+
#
|
594
|
+
# @option params [String] :subject_token_type
|
595
|
+
# Used only when calling this API for the Token Exchange grant type.
|
596
|
+
# This value specifies the type of token that is passed as the subject
|
597
|
+
# of the exchange. The following value is supported:
|
598
|
+
#
|
599
|
+
# * Access Token - `urn:ietf:params:oauth:token-type:access_token`
|
600
|
+
#
|
601
|
+
# @option params [String] :requested_token_type
|
602
|
+
# Used only when calling this API for the Token Exchange grant type.
|
603
|
+
# This value specifies the type of token that the requester can receive.
|
604
|
+
# The following values are supported:
|
605
|
+
#
|
606
|
+
# * Access Token - `urn:ietf:params:oauth:token-type:access_token`
|
607
|
+
#
|
608
|
+
# * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
|
609
|
+
#
|
610
|
+
# @return [Types::CreateTokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
611
|
+
#
|
612
|
+
# * {Types::CreateTokenWithIAMResponse#access_token #access_token} => String
|
613
|
+
# * {Types::CreateTokenWithIAMResponse#token_type #token_type} => String
|
614
|
+
# * {Types::CreateTokenWithIAMResponse#expires_in #expires_in} => Integer
|
615
|
+
# * {Types::CreateTokenWithIAMResponse#refresh_token #refresh_token} => String
|
616
|
+
# * {Types::CreateTokenWithIAMResponse#id_token #id_token} => String
|
617
|
+
# * {Types::CreateTokenWithIAMResponse#issued_token_type #issued_token_type} => String
|
618
|
+
# * {Types::CreateTokenWithIAMResponse#scope #scope} => Array<String>
|
619
|
+
#
|
620
|
+
#
|
621
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Authorization Code grant with IAM authentication
|
622
|
+
#
|
623
|
+
# resp = client.create_token_with_iam({
|
624
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
625
|
+
# code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE",
|
626
|
+
# grant_type: "authorization_code",
|
627
|
+
# redirect_uri: "https://mywebapp.example/redirect",
|
628
|
+
# scope: [
|
629
|
+
# "openid",
|
630
|
+
# "aws",
|
631
|
+
# "sts:identity_context",
|
632
|
+
# ],
|
633
|
+
# })
|
634
|
+
#
|
635
|
+
# resp.to_h outputs the following:
|
636
|
+
# {
|
637
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
638
|
+
# expires_in: 1579729529,
|
639
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
|
640
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
641
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
642
|
+
# scope: [
|
643
|
+
# "openid",
|
644
|
+
# "aws",
|
645
|
+
# "sts:identity_context",
|
646
|
+
# ],
|
647
|
+
# token_type: "Bearer",
|
648
|
+
# }
|
649
|
+
#
|
650
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with IAM authentication
|
651
|
+
#
|
652
|
+
# resp = client.create_token_with_iam({
|
653
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
654
|
+
# grant_type: "refresh_token",
|
655
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
656
|
+
# })
|
657
|
+
#
|
658
|
+
# resp.to_h outputs the following:
|
659
|
+
# {
|
660
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
661
|
+
# expires_in: 1579729529,
|
662
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
663
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
664
|
+
# scope: [
|
665
|
+
# "openid",
|
666
|
+
# "aws",
|
667
|
+
# "sts:identity_context",
|
668
|
+
# ],
|
669
|
+
# token_type: "Bearer",
|
670
|
+
# }
|
671
|
+
#
|
672
|
+
# @example Example: Call OAuth/OIDC /token endpoint for JWT Bearer grant with IAM authentication
|
673
|
+
#
|
674
|
+
# resp = client.create_token_with_iam({
|
675
|
+
# assertion: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw",
|
676
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
677
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
|
678
|
+
# })
|
679
|
+
#
|
680
|
+
# resp.to_h outputs the following:
|
681
|
+
# {
|
682
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
683
|
+
# expires_in: 1579729529,
|
684
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
|
685
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
686
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
687
|
+
# scope: [
|
688
|
+
# "openid",
|
689
|
+
# "aws",
|
690
|
+
# "sts:identity_context",
|
691
|
+
# ],
|
692
|
+
# token_type: "Bearer",
|
693
|
+
# }
|
694
|
+
#
|
695
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Token Exchange grant with IAM authentication
|
696
|
+
#
|
697
|
+
# resp = client.create_token_with_iam({
|
698
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
699
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
|
700
|
+
# requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
701
|
+
# subject_token: "aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN",
|
702
|
+
# subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
703
|
+
# })
|
704
|
+
#
|
705
|
+
# resp.to_h outputs the following:
|
706
|
+
# {
|
707
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
708
|
+
# expires_in: 1579729529,
|
709
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM",
|
710
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
711
|
+
# scope: [
|
712
|
+
# "openid",
|
713
|
+
# "aws",
|
714
|
+
# "sts:identity_context",
|
715
|
+
# ],
|
716
|
+
# token_type: "Bearer",
|
717
|
+
# }
|
718
|
+
#
|
719
|
+
# @example Request syntax with placeholder values
|
720
|
+
#
|
721
|
+
# resp = client.create_token_with_iam({
|
722
|
+
# client_id: "ClientId", # required
|
723
|
+
# grant_type: "GrantType", # required
|
724
|
+
# code: "AuthCode",
|
725
|
+
# refresh_token: "RefreshToken",
|
726
|
+
# assertion: "Assertion",
|
727
|
+
# scope: ["Scope"],
|
728
|
+
# redirect_uri: "URI",
|
729
|
+
# subject_token: "SubjectToken",
|
730
|
+
# subject_token_type: "TokenTypeURI",
|
731
|
+
# requested_token_type: "TokenTypeURI",
|
732
|
+
# })
|
733
|
+
#
|
734
|
+
# @example Response structure
|
735
|
+
#
|
736
|
+
# resp.access_token #=> String
|
737
|
+
# resp.token_type #=> String
|
738
|
+
# resp.expires_in #=> Integer
|
739
|
+
# resp.refresh_token #=> String
|
740
|
+
# resp.id_token #=> String
|
741
|
+
# resp.issued_token_type #=> String
|
742
|
+
# resp.scope #=> Array
|
743
|
+
# resp.scope[0] #=> String
|
744
|
+
#
|
745
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM AWS API Documentation
|
746
|
+
#
|
747
|
+
# @overload create_token_with_iam(params = {})
|
748
|
+
# @param [Hash] params ({})
|
749
|
+
def create_token_with_iam(params = {}, options = {})
|
750
|
+
req = build_request(:create_token_with_iam, params)
|
751
|
+
req.send_request(options)
|
752
|
+
end
|
753
|
+
|
485
754
|
# Registers a client with IAM Identity Center. This allows clients to
|
486
755
|
# initiate device authorization. The output should be persisted for
|
487
756
|
# reuse through many authentication requests.
|
@@ -507,6 +776,26 @@ module Aws::SSOOIDC
|
|
507
776
|
# * {Types::RegisterClientResponse#authorization_endpoint #authorization_endpoint} => String
|
508
777
|
# * {Types::RegisterClientResponse#token_endpoint #token_endpoint} => String
|
509
778
|
#
|
779
|
+
#
|
780
|
+
# @example Example: Call OAuth/OIDC /register-client endpoint
|
781
|
+
#
|
782
|
+
# resp = client.register_client({
|
783
|
+
# client_name: "My IDE Plugin",
|
784
|
+
# client_type: "public",
|
785
|
+
# scopes: [
|
786
|
+
# "sso:account:access",
|
787
|
+
# "codewhisperer:completions",
|
788
|
+
# ],
|
789
|
+
# })
|
790
|
+
#
|
791
|
+
# resp.to_h outputs the following:
|
792
|
+
# {
|
793
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
794
|
+
# client_id_issued_at: 1579725929,
|
795
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
796
|
+
# client_secret_expires_at: 1587584729,
|
797
|
+
# }
|
798
|
+
#
|
510
799
|
# @example Request syntax with placeholder values
|
511
800
|
#
|
512
801
|
# resp = client.register_client({
|
@@ -546,8 +835,9 @@ module Aws::SSOOIDC
|
|
546
835
|
# come from the persisted result of the RegisterClient API operation.
|
547
836
|
#
|
548
837
|
# @option params [required, String] :start_url
|
549
|
-
# The URL for the
|
550
|
-
# the
|
838
|
+
# The URL for the Amazon Web Services access portal. For more
|
839
|
+
# information, see [Using the Amazon Web Services access portal][1] in
|
840
|
+
# the *IAM Identity Center User Guide*.
|
551
841
|
#
|
552
842
|
#
|
553
843
|
#
|
@@ -562,6 +852,25 @@ module Aws::SSOOIDC
|
|
562
852
|
# * {Types::StartDeviceAuthorizationResponse#expires_in #expires_in} => Integer
|
563
853
|
# * {Types::StartDeviceAuthorizationResponse#interval #interval} => Integer
|
564
854
|
#
|
855
|
+
#
|
856
|
+
# @example Example: Call OAuth/OIDC /start-device-authorization endpoint
|
857
|
+
#
|
858
|
+
# resp = client.start_device_authorization({
|
859
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
860
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
861
|
+
# start_url: "https://identitycenter.amazonaws.com/ssoins-111111111111",
|
862
|
+
# })
|
863
|
+
#
|
864
|
+
# resp.to_h outputs the following:
|
865
|
+
# {
|
866
|
+
# device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
|
867
|
+
# expires_in: 1579729529,
|
868
|
+
# interval: 1,
|
869
|
+
# user_code: "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
|
870
|
+
# verification_uri: "https://device.sso.us-west-2.amazonaws.com",
|
871
|
+
# verification_uri_complete: "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
|
872
|
+
# }
|
873
|
+
#
|
565
874
|
# @example Request syntax with placeholder values
|
566
875
|
#
|
567
876
|
# resp = client.start_device_authorization({
|
@@ -601,7 +910,7 @@ module Aws::SSOOIDC
|
|
601
910
|
params: params,
|
602
911
|
config: config)
|
603
912
|
context[:gem_name] = 'aws-sdk-core'
|
604
|
-
context[:gem_version] = '3.
|
913
|
+
context[:gem_version] = '3.187.1'
|
605
914
|
Seahorse::Client::Request.new(handlers, context)
|
606
915
|
end
|
607
916
|
|
@@ -15,6 +15,7 @@ module Aws::SSOOIDC
|
|
15
15
|
|
16
16
|
AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
|
17
17
|
AccessToken = Shapes::StringShape.new(name: 'AccessToken')
|
18
|
+
Assertion = Shapes::StringShape.new(name: 'Assertion')
|
18
19
|
AuthCode = Shapes::StringShape.new(name: 'AuthCode')
|
19
20
|
AuthorizationPendingException = Shapes::StructureShape.new(name: 'AuthorizationPendingException')
|
20
21
|
ClientId = Shapes::StringShape.new(name: 'ClientId')
|
@@ -23,6 +24,8 @@ module Aws::SSOOIDC
|
|
23
24
|
ClientType = Shapes::StringShape.new(name: 'ClientType')
|
24
25
|
CreateTokenRequest = Shapes::StructureShape.new(name: 'CreateTokenRequest')
|
25
26
|
CreateTokenResponse = Shapes::StructureShape.new(name: 'CreateTokenResponse')
|
27
|
+
CreateTokenWithIAMRequest = Shapes::StructureShape.new(name: 'CreateTokenWithIAMRequest')
|
28
|
+
CreateTokenWithIAMResponse = Shapes::StructureShape.new(name: 'CreateTokenWithIAMResponse')
|
26
29
|
DeviceCode = Shapes::StringShape.new(name: 'DeviceCode')
|
27
30
|
Error = Shapes::StringShape.new(name: 'Error')
|
28
31
|
ErrorDescription = Shapes::StringShape.new(name: 'ErrorDescription')
|
@@ -36,9 +39,12 @@ module Aws::SSOOIDC
|
|
36
39
|
InvalidClientMetadataException = Shapes::StructureShape.new(name: 'InvalidClientMetadataException')
|
37
40
|
InvalidGrantException = Shapes::StructureShape.new(name: 'InvalidGrantException')
|
38
41
|
InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
|
42
|
+
InvalidRequestRegionException = Shapes::StructureShape.new(name: 'InvalidRequestRegionException')
|
39
43
|
InvalidScopeException = Shapes::StructureShape.new(name: 'InvalidScopeException')
|
44
|
+
Location = Shapes::StringShape.new(name: 'Location')
|
40
45
|
LongTimeStampType = Shapes::IntegerShape.new(name: 'LongTimeStampType')
|
41
46
|
RefreshToken = Shapes::StringShape.new(name: 'RefreshToken')
|
47
|
+
Region = Shapes::StringShape.new(name: 'Region')
|
42
48
|
RegisterClientRequest = Shapes::StructureShape.new(name: 'RegisterClientRequest')
|
43
49
|
RegisterClientResponse = Shapes::StructureShape.new(name: 'RegisterClientResponse')
|
44
50
|
Scope = Shapes::StringShape.new(name: 'Scope')
|
@@ -46,7 +52,9 @@ module Aws::SSOOIDC
|
|
46
52
|
SlowDownException = Shapes::StructureShape.new(name: 'SlowDownException')
|
47
53
|
StartDeviceAuthorizationRequest = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationRequest')
|
48
54
|
StartDeviceAuthorizationResponse = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationResponse')
|
55
|
+
SubjectToken = Shapes::StringShape.new(name: 'SubjectToken')
|
49
56
|
TokenType = Shapes::StringShape.new(name: 'TokenType')
|
57
|
+
TokenTypeURI = Shapes::StringShape.new(name: 'TokenTypeURI')
|
50
58
|
URI = Shapes::StringShape.new(name: 'URI')
|
51
59
|
UnauthorizedClientException = Shapes::StructureShape.new(name: 'UnauthorizedClientException')
|
52
60
|
UnsupportedGrantTypeException = Shapes::StructureShape.new(name: 'UnsupportedGrantTypeException')
|
@@ -77,6 +85,27 @@ module Aws::SSOOIDC
|
|
77
85
|
CreateTokenResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
|
78
86
|
CreateTokenResponse.struct_class = Types::CreateTokenResponse
|
79
87
|
|
88
|
+
CreateTokenWithIAMRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, required: true, location_name: "clientId"))
|
89
|
+
CreateTokenWithIAMRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: GrantType, required: true, location_name: "grantType"))
|
90
|
+
CreateTokenWithIAMRequest.add_member(:code, Shapes::ShapeRef.new(shape: AuthCode, location_name: "code"))
|
91
|
+
CreateTokenWithIAMRequest.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
|
92
|
+
CreateTokenWithIAMRequest.add_member(:assertion, Shapes::ShapeRef.new(shape: Assertion, location_name: "assertion"))
|
93
|
+
CreateTokenWithIAMRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
|
94
|
+
CreateTokenWithIAMRequest.add_member(:redirect_uri, Shapes::ShapeRef.new(shape: URI, location_name: "redirectUri"))
|
95
|
+
CreateTokenWithIAMRequest.add_member(:subject_token, Shapes::ShapeRef.new(shape: SubjectToken, location_name: "subjectToken"))
|
96
|
+
CreateTokenWithIAMRequest.add_member(:subject_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "subjectTokenType"))
|
97
|
+
CreateTokenWithIAMRequest.add_member(:requested_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "requestedTokenType"))
|
98
|
+
CreateTokenWithIAMRequest.struct_class = Types::CreateTokenWithIAMRequest
|
99
|
+
|
100
|
+
CreateTokenWithIAMResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessToken, location_name: "accessToken"))
|
101
|
+
CreateTokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: TokenType, location_name: "tokenType"))
|
102
|
+
CreateTokenWithIAMResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: ExpirationInSeconds, location_name: "expiresIn"))
|
103
|
+
CreateTokenWithIAMResponse.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken"))
|
104
|
+
CreateTokenWithIAMResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
|
105
|
+
CreateTokenWithIAMResponse.add_member(:issued_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "issuedTokenType"))
|
106
|
+
CreateTokenWithIAMResponse.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope"))
|
107
|
+
CreateTokenWithIAMResponse.struct_class = Types::CreateTokenWithIAMResponse
|
108
|
+
|
80
109
|
ExpiredTokenException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
|
81
110
|
ExpiredTokenException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
|
82
111
|
ExpiredTokenException.struct_class = Types::ExpiredTokenException
|
@@ -101,6 +130,12 @@ module Aws::SSOOIDC
|
|
101
130
|
InvalidRequestException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
|
102
131
|
InvalidRequestException.struct_class = Types::InvalidRequestException
|
103
132
|
|
133
|
+
InvalidRequestRegionException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
|
134
|
+
InvalidRequestRegionException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
|
135
|
+
InvalidRequestRegionException.add_member(:endpoint, Shapes::ShapeRef.new(shape: Location, location_name: "endpoint"))
|
136
|
+
InvalidRequestRegionException.add_member(:region, Shapes::ShapeRef.new(shape: Region, location_name: "region"))
|
137
|
+
InvalidRequestRegionException.struct_class = Types::InvalidRequestRegionException
|
138
|
+
|
104
139
|
InvalidScopeException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
|
105
140
|
InvalidScopeException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
|
106
141
|
InvalidScopeException.struct_class = Types::InvalidScopeException
|
@@ -160,7 +195,7 @@ module Aws::SSOOIDC
|
|
160
195
|
"serviceFullName" => "AWS SSO OIDC",
|
161
196
|
"serviceId" => "SSO OIDC",
|
162
197
|
"signatureVersion" => "v4",
|
163
|
-
"signingName" => "
|
198
|
+
"signingName" => "sso-oauth",
|
164
199
|
"uid" => "sso-oidc-2019-06-10",
|
165
200
|
}
|
166
201
|
|
@@ -184,6 +219,26 @@ module Aws::SSOOIDC
|
|
184
219
|
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
185
220
|
end)
|
186
221
|
|
222
|
+
api.add_operation(:create_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
|
223
|
+
o.name = "CreateTokenWithIAM"
|
224
|
+
o.http_method = "POST"
|
225
|
+
o.http_request_uri = "/token?aws_iam=t"
|
226
|
+
o.input = Shapes::ShapeRef.new(shape: CreateTokenWithIAMRequest)
|
227
|
+
o.output = Shapes::ShapeRef.new(shape: CreateTokenWithIAMResponse)
|
228
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
229
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidClientException)
|
230
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidGrantException)
|
231
|
+
o.errors << Shapes::ShapeRef.new(shape: UnauthorizedClientException)
|
232
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException)
|
233
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException)
|
234
|
+
o.errors << Shapes::ShapeRef.new(shape: AuthorizationPendingException)
|
235
|
+
o.errors << Shapes::ShapeRef.new(shape: SlowDownException)
|
236
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
237
|
+
o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException)
|
238
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
239
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestRegionException)
|
240
|
+
end)
|
241
|
+
|
187
242
|
api.add_operation(:register_client, Seahorse::Model::Operation.new.tap do |o|
|
188
243
|
o.name = "RegisterClient"
|
189
244
|
o.http_method = "POST"
|
@@ -32,8 +32,8 @@ module Aws::SSOOIDC
|
|
32
32
|
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
33
33
|
end
|
34
34
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
36
|
-
if Aws::Endpoints::Matchers.string_equals?(
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
|
36
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
|
37
37
|
return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {})
|
38
38
|
end
|
39
39
|
return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
@@ -26,6 +26,20 @@ module Aws::SSOOIDC
|
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
+
class CreateTokenWithIAM
|
30
|
+
def self.build(context)
|
31
|
+
unless context.config.regional_endpoint
|
32
|
+
endpoint = context.config.endpoint.to_s
|
33
|
+
end
|
34
|
+
Aws::SSOOIDC::EndpointParameters.new(
|
35
|
+
region: context.config.region,
|
36
|
+
use_dual_stack: context.config.use_dualstack_endpoint,
|
37
|
+
use_fips: context.config.use_fips_endpoint,
|
38
|
+
endpoint: endpoint,
|
39
|
+
)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
29
43
|
class RegisterClient
|
30
44
|
def self.build(context)
|
31
45
|
unless context.config.regional_endpoint
|
@@ -35,6 +35,7 @@ module Aws::SSOOIDC
|
|
35
35
|
# * {InvalidClientMetadataException}
|
36
36
|
# * {InvalidGrantException}
|
37
37
|
# * {InvalidRequestException}
|
38
|
+
# * {InvalidRequestRegionException}
|
38
39
|
# * {InvalidScopeException}
|
39
40
|
# * {SlowDownException}
|
40
41
|
# * {UnauthorizedClientException}
|
@@ -206,6 +207,36 @@ module Aws::SSOOIDC
|
|
206
207
|
end
|
207
208
|
end
|
208
209
|
|
210
|
+
class InvalidRequestRegionException < ServiceError
|
211
|
+
|
212
|
+
# @param [Seahorse::Client::RequestContext] context
|
213
|
+
# @param [String] message
|
214
|
+
# @param [Aws::SSOOIDC::Types::InvalidRequestRegionException] data
|
215
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
216
|
+
super(context, message, data)
|
217
|
+
end
|
218
|
+
|
219
|
+
# @return [String]
|
220
|
+
def error
|
221
|
+
@data[:error]
|
222
|
+
end
|
223
|
+
|
224
|
+
# @return [String]
|
225
|
+
def error_description
|
226
|
+
@data[:error_description]
|
227
|
+
end
|
228
|
+
|
229
|
+
# @return [String]
|
230
|
+
def endpoint
|
231
|
+
@data[:endpoint]
|
232
|
+
end
|
233
|
+
|
234
|
+
# @return [String]
|
235
|
+
def region
|
236
|
+
@data[:region]
|
237
|
+
end
|
238
|
+
end
|
239
|
+
|
209
240
|
class InvalidScopeException < ServiceError
|
210
241
|
|
211
242
|
# @param [Seahorse::Client::RequestContext] context
|
@@ -58,6 +58,8 @@ module Aws::SSOOIDC
|
|
58
58
|
case context.operation_name
|
59
59
|
when :create_token
|
60
60
|
Aws::SSOOIDC::Endpoints::CreateToken.build(context)
|
61
|
+
when :create_token_with_iam
|
62
|
+
Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context)
|
61
63
|
when :register_client
|
62
64
|
Aws::SSOOIDC::Endpoints::RegisterClient.build(context)
|
63
65
|
when :start_device_authorization
|