aws-sdk-core 3.185.1 → 3.214.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +409 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-defaults/default_configuration.rb +1 -2
  5. data/lib/aws-defaults.rb +4 -1
  6. data/lib/aws-sdk-core/assume_role_credentials.rb +12 -5
  7. data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +13 -7
  8. data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
  9. data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
  10. data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
  11. data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
  12. data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
  13. data/lib/aws-sdk-core/cbor/decoder.rb +310 -0
  14. data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
  15. data/lib/aws-sdk-core/cbor.rb +53 -0
  16. data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
  17. data/lib/aws-sdk-core/client_stubs.rb +23 -19
  18. data/lib/aws-sdk-core/credential_provider.rb +1 -1
  19. data/lib/aws-sdk-core/credential_provider_chain.rb +13 -6
  20. data/lib/aws-sdk-core/credentials.rb +13 -6
  21. data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
  22. data/lib/aws-sdk-core/ecs_credentials.rb +78 -11
  23. data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
  24. data/lib/aws-sdk-core/endpoints/matchers.rb +6 -9
  25. data/lib/aws-sdk-core/endpoints.rb +74 -18
  26. data/lib/aws-sdk-core/error_handler.rb +41 -0
  27. data/lib/aws-sdk-core/errors.rb +11 -2
  28. data/lib/aws-sdk-core/event_emitter.rb +0 -16
  29. data/lib/aws-sdk-core/instance_profile_credentials.rb +55 -32
  30. data/lib/aws-sdk-core/json/builder.rb +8 -1
  31. data/lib/aws-sdk-core/json/error_handler.rb +17 -11
  32. data/lib/aws-sdk-core/json/handler.rb +13 -6
  33. data/lib/aws-sdk-core/json/json_engine.rb +3 -1
  34. data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
  35. data/lib/aws-sdk-core/json/parser.rb +32 -2
  36. data/lib/aws-sdk-core/json.rb +43 -14
  37. data/lib/aws-sdk-core/log/param_filter.rb +2 -2
  38. data/lib/aws-sdk-core/log.rb +10 -0
  39. data/lib/aws-sdk-core/lru_cache.rb +75 -0
  40. data/lib/aws-sdk-core/pageable_response.rb +1 -1
  41. data/lib/aws-sdk-core/param_validator.rb +7 -2
  42. data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
  43. data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +6 -3
  44. data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -0
  45. data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
  46. data/lib/aws-sdk-core/plugins/credentials_configuration.rb +9 -3
  47. data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
  48. data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -1
  49. data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
  50. data/lib/aws-sdk-core/plugins/logging.rb +2 -0
  51. data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
  52. data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
  53. data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
  54. data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
  55. data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
  56. data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
  57. data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
  58. data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
  59. data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
  60. data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
  61. data/lib/aws-sdk-core/plugins/sign.rb +27 -15
  62. data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
  63. data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
  64. data/lib/aws-sdk-core/plugins/stub_responses.rb +30 -2
  65. data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
  66. data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
  67. data/lib/aws-sdk-core/plugins/user_agent.rb +70 -26
  68. data/lib/aws-sdk-core/plugins.rb +39 -0
  69. data/lib/aws-sdk-core/process_credentials.rb +47 -28
  70. data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
  71. data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
  72. data/lib/aws-sdk-core/query/handler.rb +4 -4
  73. data/lib/aws-sdk-core/query/param_builder.rb +2 -2
  74. data/lib/aws-sdk-core/query.rb +2 -1
  75. data/lib/aws-sdk-core/refreshing_credentials.rb +12 -6
  76. data/lib/aws-sdk-core/resources.rb +8 -0
  77. data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
  78. data/lib/aws-sdk-core/rest/handler.rb +3 -4
  79. data/lib/aws-sdk-core/rest/request/body.rb +32 -5
  80. data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
  81. data/lib/aws-sdk-core/rest/request/headers.rb +14 -6
  82. data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
  83. data/lib/aws-sdk-core/rest/response/body.rb +15 -1
  84. data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
  85. data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
  86. data/lib/aws-sdk-core/rest.rb +1 -0
  87. data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
  88. data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
  89. data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
  90. data/lib/aws-sdk-core/rpc_v2/error_handler.rb +85 -0
  91. data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
  92. data/lib/aws-sdk-core/rpc_v2/parser.rb +90 -0
  93. data/lib/aws-sdk-core/rpc_v2.rb +69 -0
  94. data/lib/aws-sdk-core/shared_config.rb +7 -2
  95. data/lib/aws-sdk-core/shared_credentials.rb +0 -7
  96. data/lib/aws-sdk-core/sso_credentials.rb +2 -1
  97. data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
  98. data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
  99. data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
  100. data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
  101. data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
  102. data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
  103. data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
  104. data/lib/aws-sdk-core/stubbing.rb +22 -0
  105. data/lib/aws-sdk-core/telemetry/base.rb +177 -0
  106. data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
  107. data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
  108. data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
  109. data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
  110. data/lib/aws-sdk-core/telemetry.rb +78 -0
  111. data/lib/aws-sdk-core/util.rb +39 -0
  112. data/lib/aws-sdk-core/waiters/poller.rb +10 -5
  113. data/lib/aws-sdk-core/xml/builder.rb +17 -9
  114. data/lib/aws-sdk-core/xml/error_handler.rb +32 -42
  115. data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
  116. data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
  117. data/lib/aws-sdk-core/xml/parser.rb +2 -6
  118. data/lib/aws-sdk-core.rb +82 -107
  119. data/lib/aws-sdk-sso/client.rb +119 -55
  120. data/lib/aws-sdk-sso/client_api.rb +7 -0
  121. data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
  122. data/lib/aws-sdk-sso/endpoints.rb +2 -54
  123. data/lib/aws-sdk-sso/plugins/endpoints.rb +23 -22
  124. data/lib/aws-sdk-sso/types.rb +1 -0
  125. data/lib/aws-sdk-sso.rb +15 -11
  126. data/lib/aws-sdk-ssooidc/client.rb +504 -83
  127. data/lib/aws-sdk-ssooidc/client_api.rb +83 -1
  128. data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
  129. data/lib/aws-sdk-ssooidc/endpoint_provider.rb +2 -2
  130. data/lib/aws-sdk-ssooidc/endpoints.rb +2 -40
  131. data/lib/aws-sdk-ssooidc/errors.rb +52 -0
  132. data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +23 -20
  133. data/lib/aws-sdk-ssooidc/types.rb +373 -51
  134. data/lib/aws-sdk-ssooidc.rb +15 -11
  135. data/lib/aws-sdk-sts/client.rb +334 -105
  136. data/lib/aws-sdk-sts/client_api.rb +36 -10
  137. data/lib/aws-sdk-sts/customizations.rb +5 -1
  138. data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
  139. data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
  140. data/lib/aws-sdk-sts/endpoints.rb +2 -118
  141. data/lib/aws-sdk-sts/plugins/endpoints.rb +23 -30
  142. data/lib/aws-sdk-sts/presigner.rb +1 -1
  143. data/lib/aws-sdk-sts/types.rb +188 -30
  144. data/lib/aws-sdk-sts.rb +15 -11
  145. data/lib/seahorse/client/async_base.rb +1 -1
  146. data/lib/seahorse/client/async_response.rb +19 -0
  147. data/lib/seahorse/client/base.rb +18 -7
  148. data/lib/seahorse/client/h2/handler.rb +14 -3
  149. data/lib/seahorse/client/handler.rb +1 -1
  150. data/lib/seahorse/client/net_http/connection_pool.rb +11 -11
  151. data/lib/seahorse/client/net_http/handler.rb +21 -9
  152. data/lib/seahorse/client/net_http/patches.rb +1 -4
  153. data/lib/seahorse/client/plugin.rb +9 -0
  154. data/lib/seahorse/client/plugins/endpoint.rb +0 -1
  155. data/lib/seahorse/client/plugins/h2.rb +3 -3
  156. data/lib/seahorse/client/plugins/net_http.rb +57 -16
  157. data/lib/seahorse/client/request_context.rb +8 -1
  158. data/lib/seahorse/model/shapes.rb +2 -2
  159. data/sig/aws-sdk-core/client_stubs.rbs +10 -0
  160. data/sig/aws-sdk-core/errors.rbs +22 -0
  161. data/sig/aws-sdk-core/resources/collection.rbs +21 -0
  162. data/sig/aws-sdk-core/structure.rbs +4 -0
  163. data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
  164. data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
  165. data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
  166. data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
  167. data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
  168. data/sig/aws-sdk-core.rbs +7 -0
  169. data/sig/seahorse/client/base.rbs +25 -0
  170. data/sig/seahorse/client/handler_builder.rbs +16 -0
  171. data/sig/seahorse/client/response.rbs +61 -0
  172. metadata +61 -19
  173. /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
  174. /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
  175. /data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
  176. /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
  177. /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
@@ -22,6 +22,7 @@ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
22
22
  require 'aws-sdk-core/plugins/response_paging.rb'
23
23
  require 'aws-sdk-core/plugins/stub_responses.rb'
24
24
  require 'aws-sdk-core/plugins/idempotency_token.rb'
25
+ require 'aws-sdk-core/plugins/invocation_id.rb'
25
26
  require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
26
27
  require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
28
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
@@ -31,11 +32,10 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
31
32
  require 'aws-sdk-core/plugins/request_compression.rb'
32
33
  require 'aws-sdk-core/plugins/defaults_mode.rb'
33
34
  require 'aws-sdk-core/plugins/recursion_detection.rb'
35
+ require 'aws-sdk-core/plugins/telemetry.rb'
34
36
  require 'aws-sdk-core/plugins/sign.rb'
35
37
  require 'aws-sdk-core/plugins/protocols/rest_json.rb'
36
38
 
37
- Aws::Plugins::GlobalConfiguration.add_identifier(:ssooidc)
38
-
39
39
  module Aws::SSOOIDC
40
40
  # An API client for SSOOIDC. To construct a client, you need to configure a `:region` and `:credentials`.
41
41
  #
@@ -72,6 +72,7 @@ module Aws::SSOOIDC
72
72
  add_plugin(Aws::Plugins::ResponsePaging)
73
73
  add_plugin(Aws::Plugins::StubResponses)
74
74
  add_plugin(Aws::Plugins::IdempotencyToken)
75
+ add_plugin(Aws::Plugins::InvocationId)
75
76
  add_plugin(Aws::Plugins::JsonvalueConverter)
76
77
  add_plugin(Aws::Plugins::ClientMetricsPlugin)
77
78
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
@@ -81,12 +82,18 @@ module Aws::SSOOIDC
81
82
  add_plugin(Aws::Plugins::RequestCompression)
82
83
  add_plugin(Aws::Plugins::DefaultsMode)
83
84
  add_plugin(Aws::Plugins::RecursionDetection)
85
+ add_plugin(Aws::Plugins::Telemetry)
84
86
  add_plugin(Aws::Plugins::Sign)
85
87
  add_plugin(Aws::Plugins::Protocols::RestJson)
86
88
  add_plugin(Aws::SSOOIDC::Plugins::Endpoints)
87
89
 
88
90
  # @overload initialize(options)
89
91
  # @param [Hash] options
92
+ #
93
+ # @option options [Array<Seahorse::Client::Plugin>] :plugins ([]])
94
+ # A list of plugins to apply to the client. Each plugin is either a
95
+ # class name or an instance of a plugin class.
96
+ #
90
97
  # @option options [required, Aws::CredentialProvider] :credentials
91
98
  # Your AWS credentials. This can be an instance of any one of the
92
99
  # following classes:
@@ -121,13 +128,15 @@ module Aws::SSOOIDC
121
128
  # locations will be searched for credentials:
122
129
  #
123
130
  # * `Aws.config[:credentials]`
124
- # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
125
- # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
131
+ # * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
132
+ # `:account_id` options.
133
+ # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
134
+ # ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
126
135
  # * `~/.aws/credentials`
127
136
  # * `~/.aws/config`
128
137
  # * EC2/ECS IMDS instance profile - When used by default, the timeouts
129
138
  # are very aggressive. Construct and pass an instance of
130
- # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
139
+ # `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
131
140
  # enable retries and extended timeouts. Instance profile credential
132
141
  # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
133
142
  # to true.
@@ -146,6 +155,8 @@ module Aws::SSOOIDC
146
155
  #
147
156
  # @option options [String] :access_key_id
148
157
  #
158
+ # @option options [String] :account_id
159
+ #
149
160
  # @option options [Boolean] :active_endpoint_cache (false)
150
161
  # When set to `true`, a thread polling for endpoints will be running in
151
162
  # the background every 60 secs (default). Defaults to `false`.
@@ -196,10 +207,16 @@ module Aws::SSOOIDC
196
207
  # When set to 'true' the request body will not be compressed
197
208
  # for supported operations.
198
209
  #
199
- # @option options [String] :endpoint
200
- # The client endpoint is normally constructed from the `:region`
201
- # option. You should only configure an `:endpoint` when connecting
202
- # to test or custom endpoints. This should be a valid HTTP(S) URI.
210
+ # @option options [String, URI::HTTPS, URI::HTTP] :endpoint
211
+ # Normally you should not configure the `:endpoint` option
212
+ # directly. This is normally constructed from the `:region`
213
+ # option. Configuring `:endpoint` is normally reserved for
214
+ # connecting to test or custom endpoints. The endpoint should
215
+ # be a URI formatted like:
216
+ #
217
+ # 'http://example.com'
218
+ # 'https://example.com'
219
+ # 'http://example.com:123'
203
220
  #
204
221
  # @option options [Integer] :endpoint_cache_max_entries (1000)
205
222
  # Used for the maximum size limit of the LRU cache storing endpoints data
@@ -289,16 +306,25 @@ module Aws::SSOOIDC
289
306
  # throttling. This is a provisional mode that may change behavior
290
307
  # in the future.
291
308
  #
292
- #
293
309
  # @option options [String] :sdk_ua_app_id
294
310
  # A unique and opaque application ID that is appended to the
295
- # User-Agent header as app/<sdk_ua_app_id>. It should have a
296
- # maximum length of 50.
311
+ # User-Agent header as app/sdk_ua_app_id. It should have a
312
+ # maximum length of 50. This variable is sourced from environment
313
+ # variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
297
314
  #
298
315
  # @option options [String] :secret_access_key
299
316
  #
300
317
  # @option options [String] :session_token
301
318
  #
319
+ # @option options [Array] :sigv4a_signing_region_set
320
+ # A list of regions that should be signed with SigV4a signing. When
321
+ # not passed, a default `:sigv4a_signing_region_set` is searched for
322
+ # in the following locations:
323
+ #
324
+ # * `Aws.config[:sigv4a_signing_region_set]`
325
+ # * `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
326
+ # * `~/.aws/config`
327
+ #
302
328
  # @option options [Boolean] :stub_responses (false)
303
329
  # Causes the client to return stubbed responses. By default
304
330
  # fake responses are generated and returned. You can specify
@@ -308,6 +334,16 @@ module Aws::SSOOIDC
308
334
  # ** Please note ** When response stubbing is enabled, no HTTP
309
335
  # requests are made, and retries are disabled.
310
336
  #
337
+ # @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
338
+ # Allows you to provide a telemetry provider, which is used to
339
+ # emit telemetry data. By default, uses `NoOpTelemetryProvider` which
340
+ # will not record or emit any telemetry data. The SDK supports the
341
+ # following telemetry providers:
342
+ #
343
+ # * OpenTelemetry (OTel) - To use the OTel provider, install and require the
344
+ # `opentelemetry-sdk` gem and then, pass in an instance of a
345
+ # `Aws::Telemetry::OTelProvider` for telemetry provider.
346
+ #
311
347
  # @option options [Aws::TokenProvider] :token_provider
312
348
  # A Bearer Token Provider. This can be an instance of any one of the
313
349
  # following classes:
@@ -335,52 +371,75 @@ module Aws::SSOOIDC
335
371
  # sending the request.
336
372
  #
337
373
  # @option options [Aws::SSOOIDC::EndpointProvider] :endpoint_provider
338
- # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSOOIDC::EndpointParameters`
339
- #
340
- # @option options [URI::HTTP,String] :http_proxy A proxy to send
341
- # requests through. Formatted like 'http://proxy.com:123'.
342
- #
343
- # @option options [Float] :http_open_timeout (15) The number of
344
- # seconds to wait when opening a HTTP session before raising a
345
- # `Timeout::Error`.
346
- #
347
- # @option options [Float] :http_read_timeout (60) The default
348
- # number of seconds to wait for response data. This value can
349
- # safely be set per-request on the session.
350
- #
351
- # @option options [Float] :http_idle_timeout (5) The number of
352
- # seconds a connection is allowed to sit idle before it is
353
- # considered stale. Stale connections are closed and removed
354
- # from the pool before making a request.
374
+ # The endpoint provider used to resolve endpoints. Any object that responds to
375
+ # `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
376
+ # `Aws::SSOOIDC::EndpointParameters`.
377
+ #
378
+ # @option options [Float] :http_continue_timeout (1)
379
+ # The number of seconds to wait for a 100-continue response before sending the
380
+ # request body. This option has no effect unless the request has "Expect"
381
+ # header set to "100-continue". Defaults to `nil` which disables this
382
+ # behaviour. This value can safely be set per request on the session.
383
+ #
384
+ # @option options [Float] :http_idle_timeout (5)
385
+ # The number of seconds a connection is allowed to sit idle before it
386
+ # is considered stale. Stale connections are closed and removed from the
387
+ # pool before making a request.
388
+ #
389
+ # @option options [Float] :http_open_timeout (15)
390
+ # The default number of seconds to wait for response data.
391
+ # This value can safely be set per-request on the session.
392
+ #
393
+ # @option options [URI::HTTP,String] :http_proxy
394
+ # A proxy to send requests through. Formatted like 'http://proxy.com:123'.
395
+ #
396
+ # @option options [Float] :http_read_timeout (60)
397
+ # The default number of seconds to wait for response data.
398
+ # This value can safely be set per-request on the session.
399
+ #
400
+ # @option options [Boolean] :http_wire_trace (false)
401
+ # When `true`, HTTP debug output will be sent to the `:logger`.
402
+ #
403
+ # @option options [Proc] :on_chunk_received
404
+ # When a Proc object is provided, it will be used as callback when each chunk
405
+ # of the response body is received. It provides three arguments: the chunk,
406
+ # the number of bytes received, and the total number of
407
+ # bytes in the response (or nil if the server did not send a `content-length`).
408
+ #
409
+ # @option options [Proc] :on_chunk_sent
410
+ # When a Proc object is provided, it will be used as callback when each chunk
411
+ # of the request body is sent. It provides three arguments: the chunk,
412
+ # the number of bytes read from the body, and the total number of
413
+ # bytes in the body.
414
+ #
415
+ # @option options [Boolean] :raise_response_errors (true)
416
+ # When `true`, response errors are raised.
417
+ #
418
+ # @option options [String] :ssl_ca_bundle
419
+ # Full path to the SSL certificate authority bundle file that should be used when
420
+ # verifying peer certificates. If you do not pass `:ssl_ca_bundle` or
421
+ # `:ssl_ca_directory` the the system default will be used if available.
422
+ #
423
+ # @option options [String] :ssl_ca_directory
424
+ # Full path of the directory that contains the unbundled SSL certificate
425
+ # authority files for verifying peer certificates. If you do
426
+ # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the system
427
+ # default will be used if available.
355
428
  #
356
- # @option options [Float] :http_continue_timeout (1) The number of
357
- # seconds to wait for a 100-continue response before sending the
358
- # request body. This option has no effect unless the request has
359
- # "Expect" header set to "100-continue". Defaults to `nil` which
360
- # disables this behaviour. This value can safely be set per
361
- # request on the session.
429
+ # @option options [String] :ssl_ca_store
430
+ # Sets the X509::Store to verify peer certificate.
362
431
  #
363
- # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
364
- # in seconds.
432
+ # @option options [OpenSSL::X509::Certificate] :ssl_cert
433
+ # Sets a client certificate when creating http connections.
365
434
  #
366
- # @option options [Boolean] :http_wire_trace (false) When `true`,
367
- # HTTP debug output will be sent to the `:logger`.
435
+ # @option options [OpenSSL::PKey] :ssl_key
436
+ # Sets a client key when creating http connections.
368
437
  #
369
- # @option options [Boolean] :ssl_verify_peer (true) When `true`,
370
- # SSL peer certificates are verified when establishing a
371
- # connection.
438
+ # @option options [Float] :ssl_timeout
439
+ # Sets the SSL timeout in seconds
372
440
  #
373
- # @option options [String] :ssl_ca_bundle Full path to the SSL
374
- # certificate authority bundle file that should be used when
375
- # verifying peer certificates. If you do not pass
376
- # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
377
- # will be used if available.
378
- #
379
- # @option options [String] :ssl_ca_directory Full path of the
380
- # directory that contains the unbundled SSL certificate
381
- # authority files for verifying peer certificates. If you do
382
- # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
383
- # system default will be used if available.
441
+ # @option options [Boolean] :ssl_verify_peer (true)
442
+ # When `true`, SSL peer certificates are verified when establishing a connection.
384
443
  #
385
444
  def initialize(*args)
386
445
  super
@@ -388,61 +447,69 @@ module Aws::SSOOIDC
388
447
 
389
448
  # @!group API Operations
390
449
 
391
- # Creates and returns an access token for the authorized client. The
392
- # access token issued will be used to fetch short-term credentials for
393
- # the assigned roles in the AWS account.
450
+ # Creates and returns access and refresh tokens for clients that are
451
+ # authenticated using client secrets. The access token can be used to
452
+ # fetch short-term credentials for the assigned AWS accounts or to
453
+ # access application APIs using `bearer` authentication.
394
454
  #
395
455
  # @option params [required, String] :client_id
396
- # The unique identifier string for each client. This value should come
397
- # from the persisted result of the RegisterClient API.
456
+ # The unique identifier string for the client or application. This value
457
+ # comes from the result of the RegisterClient API.
398
458
  #
399
459
  # @option params [required, String] :client_secret
400
460
  # A secret string generated for the client. This value should come from
401
461
  # the persisted result of the RegisterClient API.
402
462
  #
403
463
  # @option params [required, String] :grant_type
404
- # Supports grant types for the authorization code, refresh token, and
405
- # device code request. For device code requests, specify the following
406
- # value:
464
+ # Supports the following OAuth grant types: Device Code and Refresh
465
+ # Token. Specify either of the following values, depending on the grant
466
+ # type that you want:
467
+ #
468
+ # * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
407
469
  #
408
- # `urn:ietf:params:oauth:grant-type:device_code `
470
+ # * Refresh Token - `refresh_token`
409
471
  #
410
472
  # For information about how to obtain the device code, see the
411
473
  # StartDeviceAuthorization topic.
412
474
  #
413
475
  # @option params [String] :device_code
414
- # Used only when calling this API for the device code grant type. This
415
- # short-term code is used to identify this authentication attempt. This
416
- # should come from an in-memory reference to the result of the
417
- # StartDeviceAuthorization API.
476
+ # Used only when calling this API for the Device Code grant type. This
477
+ # short-term code is used to identify this authorization request. This
478
+ # comes from the result of the StartDeviceAuthorization API.
418
479
  #
419
480
  # @option params [String] :code
420
- # The authorization code received from the authorization service. This
421
- # parameter is required to perform an authorization grant request to get
422
- # access to a token.
481
+ # Used only when calling this API for the Authorization Code grant type.
482
+ # The short-term code is used to identify this authorization request.
483
+ # This grant type is currently unsupported for the CreateToken API.
423
484
  #
424
485
  # @option params [String] :refresh_token
425
- # Currently, `refreshToken` is not yet implemented and is not supported.
486
+ # Used only when calling this API for the Refresh Token grant type. This
487
+ # token is used to refresh short-term tokens, such as the access token,
488
+ # that might expire.
489
+ #
426
490
  # For more information about the features and limitations of the current
427
491
  # IAM Identity Center OIDC implementation, see *Considerations for Using
428
492
  # this Guide* in the [IAM Identity Center OIDC API Reference][1].
429
493
  #
430
- # The token used to obtain an access token in the event that the access
431
- # token is invalid or expired.
432
- #
433
494
  #
434
495
  #
435
496
  # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
436
497
  #
437
498
  # @option params [Array<String>] :scope
438
- # The list of scopes that is defined by the client. Upon authorization,
439
- # this list is used to restrict permissions when granting an access
440
- # token.
499
+ # The list of scopes for which authorization is requested. The access
500
+ # token that is issued is limited to the scopes that are granted. If
501
+ # this value is not specified, IAM Identity Center authorizes all scopes
502
+ # that are configured for the client during the call to RegisterClient.
441
503
  #
442
504
  # @option params [String] :redirect_uri
443
- # The location of the application that will receive the authorization
444
- # code. Users authorize the service to send the request to this
445
- # location.
505
+ # Used only when calling this API for the Authorization Code grant type.
506
+ # This value specifies the location of the client or application that
507
+ # has registered to receive the authorization code.
508
+ #
509
+ # @option params [String] :code_verifier
510
+ # Used only when calling this API for the Authorization Code grant type.
511
+ # This value is generated by the client and presented to validate the
512
+ # original code challenge value the client passed at authorization time.
446
513
  #
447
514
  # @return [Types::CreateTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
448
515
  #
@@ -452,6 +519,44 @@ module Aws::SSOOIDC
452
519
  # * {Types::CreateTokenResponse#refresh_token #refresh_token} => String
453
520
  # * {Types::CreateTokenResponse#id_token #id_token} => String
454
521
  #
522
+ #
523
+ # @example Example: Call OAuth/OIDC /token endpoint for Device Code grant with Secret authentication
524
+ #
525
+ # resp = client.create_token({
526
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
527
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
528
+ # device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
529
+ # grant_type: "urn:ietf:params:oauth:grant-type:device-code",
530
+ # })
531
+ #
532
+ # resp.to_h outputs the following:
533
+ # {
534
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
535
+ # expires_in: 1579729529,
536
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
537
+ # token_type: "Bearer",
538
+ # }
539
+ #
540
+ # @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication
541
+ #
542
+ # resp = client.create_token({
543
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
544
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
545
+ # grant_type: "refresh_token",
546
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
547
+ # scope: [
548
+ # "codewhisperer:completions",
549
+ # ],
550
+ # })
551
+ #
552
+ # resp.to_h outputs the following:
553
+ # {
554
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
555
+ # expires_in: 1579729529,
556
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
557
+ # token_type: "Bearer",
558
+ # }
559
+ #
455
560
  # @example Request syntax with placeholder values
456
561
  #
457
562
  # resp = client.create_token({
@@ -463,6 +568,7 @@ module Aws::SSOOIDC
463
568
  # refresh_token: "RefreshToken",
464
569
  # scope: ["Scope"],
465
570
  # redirect_uri: "URI",
571
+ # code_verifier: "CodeVerifier",
466
572
  # })
467
573
  #
468
574
  # @example Response structure
@@ -482,6 +588,241 @@ module Aws::SSOOIDC
482
588
  req.send_request(options)
483
589
  end
484
590
 
591
+ # Creates and returns access and refresh tokens for clients and
592
+ # applications that are authenticated using IAM entities. The access
593
+ # token can be used to fetch short-term credentials for the assigned
594
+ # Amazon Web Services accounts or to access application APIs using
595
+ # `bearer` authentication.
596
+ #
597
+ # @option params [required, String] :client_id
598
+ # The unique identifier string for the client or application. This value
599
+ # is an application ARN that has OAuth grants configured.
600
+ #
601
+ # @option params [required, String] :grant_type
602
+ # Supports the following OAuth grant types: Authorization Code, Refresh
603
+ # Token, JWT Bearer, and Token Exchange. Specify one of the following
604
+ # values, depending on the grant type that you want:
605
+ #
606
+ # * Authorization Code - `authorization_code`
607
+ #
608
+ # * Refresh Token - `refresh_token`
609
+ #
610
+ # * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer`
611
+ #
612
+ # * Token Exchange - `urn:ietf:params:oauth:grant-type:token-exchange`
613
+ #
614
+ # @option params [String] :code
615
+ # Used only when calling this API for the Authorization Code grant type.
616
+ # This short-term code is used to identify this authorization request.
617
+ # The code is obtained through a redirect from IAM Identity Center to a
618
+ # redirect URI persisted in the Authorization Code GrantOptions for the
619
+ # application.
620
+ #
621
+ # @option params [String] :refresh_token
622
+ # Used only when calling this API for the Refresh Token grant type. This
623
+ # token is used to refresh short-term tokens, such as the access token,
624
+ # that might expire.
625
+ #
626
+ # For more information about the features and limitations of the current
627
+ # IAM Identity Center OIDC implementation, see *Considerations for Using
628
+ # this Guide* in the [IAM Identity Center OIDC API Reference][1].
629
+ #
630
+ #
631
+ #
632
+ # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
633
+ #
634
+ # @option params [String] :assertion
635
+ # Used only when calling this API for the JWT Bearer grant type. This
636
+ # value specifies the JSON Web Token (JWT) issued by a trusted token
637
+ # issuer. To authorize a trusted token issuer, configure the JWT Bearer
638
+ # GrantOptions for the application.
639
+ #
640
+ # @option params [Array<String>] :scope
641
+ # The list of scopes for which authorization is requested. The access
642
+ # token that is issued is limited to the scopes that are granted. If the
643
+ # value is not specified, IAM Identity Center authorizes all scopes
644
+ # configured for the application, including the following default
645
+ # scopes: `openid`, `aws`, `sts:identity_context`.
646
+ #
647
+ # @option params [String] :redirect_uri
648
+ # Used only when calling this API for the Authorization Code grant type.
649
+ # This value specifies the location of the client or application that
650
+ # has registered to receive the authorization code.
651
+ #
652
+ # @option params [String] :subject_token
653
+ # Used only when calling this API for the Token Exchange grant type.
654
+ # This value specifies the subject of the exchange. The value of the
655
+ # subject token must be an access token issued by IAM Identity Center to
656
+ # a different client or application. The access token must have
657
+ # authorized scopes that indicate the requested application as a target
658
+ # audience.
659
+ #
660
+ # @option params [String] :subject_token_type
661
+ # Used only when calling this API for the Token Exchange grant type.
662
+ # This value specifies the type of token that is passed as the subject
663
+ # of the exchange. The following value is supported:
664
+ #
665
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
666
+ #
667
+ # @option params [String] :requested_token_type
668
+ # Used only when calling this API for the Token Exchange grant type.
669
+ # This value specifies the type of token that the requester can receive.
670
+ # The following values are supported:
671
+ #
672
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
673
+ #
674
+ # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
675
+ #
676
+ # @option params [String] :code_verifier
677
+ # Used only when calling this API for the Authorization Code grant type.
678
+ # This value is generated by the client and presented to validate the
679
+ # original code challenge value the client passed at authorization time.
680
+ #
681
+ # @return [Types::CreateTokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
682
+ #
683
+ # * {Types::CreateTokenWithIAMResponse#access_token #access_token} => String
684
+ # * {Types::CreateTokenWithIAMResponse#token_type #token_type} => String
685
+ # * {Types::CreateTokenWithIAMResponse#expires_in #expires_in} => Integer
686
+ # * {Types::CreateTokenWithIAMResponse#refresh_token #refresh_token} => String
687
+ # * {Types::CreateTokenWithIAMResponse#id_token #id_token} => String
688
+ # * {Types::CreateTokenWithIAMResponse#issued_token_type #issued_token_type} => String
689
+ # * {Types::CreateTokenWithIAMResponse#scope #scope} => Array&lt;String&gt;
690
+ #
691
+ #
692
+ # @example Example: Call OAuth/OIDC /token endpoint for Authorization Code grant with IAM authentication
693
+ #
694
+ # resp = client.create_token_with_iam({
695
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
696
+ # code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE",
697
+ # grant_type: "authorization_code",
698
+ # redirect_uri: "https://mywebapp.example/redirect",
699
+ # scope: [
700
+ # "openid",
701
+ # "aws",
702
+ # "sts:identity_context",
703
+ # ],
704
+ # })
705
+ #
706
+ # resp.to_h outputs the following:
707
+ # {
708
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
709
+ # expires_in: 1579729529,
710
+ # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
711
+ # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
712
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
713
+ # scope: [
714
+ # "openid",
715
+ # "aws",
716
+ # "sts:identity_context",
717
+ # ],
718
+ # token_type: "Bearer",
719
+ # }
720
+ #
721
+ # @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with IAM authentication
722
+ #
723
+ # resp = client.create_token_with_iam({
724
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
725
+ # grant_type: "refresh_token",
726
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
727
+ # })
728
+ #
729
+ # resp.to_h outputs the following:
730
+ # {
731
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
732
+ # expires_in: 1579729529,
733
+ # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
734
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
735
+ # scope: [
736
+ # "openid",
737
+ # "aws",
738
+ # "sts:identity_context",
739
+ # ],
740
+ # token_type: "Bearer",
741
+ # }
742
+ #
743
+ # @example Example: Call OAuth/OIDC /token endpoint for JWT Bearer grant with IAM authentication
744
+ #
745
+ # resp = client.create_token_with_iam({
746
+ # assertion: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw",
747
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
748
+ # grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
749
+ # })
750
+ #
751
+ # resp.to_h outputs the following:
752
+ # {
753
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
754
+ # expires_in: 1579729529,
755
+ # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
756
+ # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
757
+ # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
758
+ # scope: [
759
+ # "openid",
760
+ # "aws",
761
+ # "sts:identity_context",
762
+ # ],
763
+ # token_type: "Bearer",
764
+ # }
765
+ #
766
+ # @example Example: Call OAuth/OIDC /token endpoint for Token Exchange grant with IAM authentication
767
+ #
768
+ # resp = client.create_token_with_iam({
769
+ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
770
+ # grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
771
+ # requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
772
+ # subject_token: "aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN",
773
+ # subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
774
+ # })
775
+ #
776
+ # resp.to_h outputs the following:
777
+ # {
778
+ # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
779
+ # expires_in: 1579729529,
780
+ # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM",
781
+ # issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
782
+ # scope: [
783
+ # "openid",
784
+ # "aws",
785
+ # "sts:identity_context",
786
+ # ],
787
+ # token_type: "Bearer",
788
+ # }
789
+ #
790
+ # @example Request syntax with placeholder values
791
+ #
792
+ # resp = client.create_token_with_iam({
793
+ # client_id: "ClientId", # required
794
+ # grant_type: "GrantType", # required
795
+ # code: "AuthCode",
796
+ # refresh_token: "RefreshToken",
797
+ # assertion: "Assertion",
798
+ # scope: ["Scope"],
799
+ # redirect_uri: "URI",
800
+ # subject_token: "SubjectToken",
801
+ # subject_token_type: "TokenTypeURI",
802
+ # requested_token_type: "TokenTypeURI",
803
+ # code_verifier: "CodeVerifier",
804
+ # })
805
+ #
806
+ # @example Response structure
807
+ #
808
+ # resp.access_token #=> String
809
+ # resp.token_type #=> String
810
+ # resp.expires_in #=> Integer
811
+ # resp.refresh_token #=> String
812
+ # resp.id_token #=> String
813
+ # resp.issued_token_type #=> String
814
+ # resp.scope #=> Array
815
+ # resp.scope[0] #=> String
816
+ #
817
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM AWS API Documentation
818
+ #
819
+ # @overload create_token_with_iam(params = {})
820
+ # @param [Hash] params ({})
821
+ def create_token_with_iam(params = {}, options = {})
822
+ req = build_request(:create_token_with_iam, params)
823
+ req.send_request(options)
824
+ end
825
+
485
826
  # Registers a client with IAM Identity Center. This allows clients to
486
827
  # initiate device authorization. The output should be persisted for
487
828
  # reuse through many authentication requests.
@@ -498,6 +839,28 @@ module Aws::SSOOIDC
498
839
  # this list is used to restrict permissions when granting an access
499
840
  # token.
500
841
  #
842
+ # @option params [Array<String>] :redirect_uris
843
+ # The list of redirect URI that are defined by the client. At completion
844
+ # of authorization, this list is used to restrict what locations the
845
+ # user agent can be redirected back to.
846
+ #
847
+ # @option params [Array<String>] :grant_types
848
+ # The list of OAuth 2.0 grant types that are defined by the client. This
849
+ # list is used to restrict the token granting flows available to the
850
+ # client.
851
+ #
852
+ # @option params [String] :issuer_url
853
+ # The IAM Identity Center Issuer URL associated with an instance of IAM
854
+ # Identity Center. This value is needed for user access to resources
855
+ # through the client.
856
+ #
857
+ # @option params [String] :entitled_application_arn
858
+ # This IAM Identity Center application ARN is used to define
859
+ # administrator-managed configuration for public client access to
860
+ # resources. At authorization, the scopes, grants, and redirect URI
861
+ # available to this client will be restricted by this application
862
+ # resource.
863
+ #
501
864
  # @return [Types::RegisterClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
502
865
  #
503
866
  # * {Types::RegisterClientResponse#client_id #client_id} => String
@@ -507,12 +870,45 @@ module Aws::SSOOIDC
507
870
  # * {Types::RegisterClientResponse#authorization_endpoint #authorization_endpoint} => String
508
871
  # * {Types::RegisterClientResponse#token_endpoint #token_endpoint} => String
509
872
  #
873
+ #
874
+ # @example Example: Call OAuth/OIDC /register-client endpoint
875
+ #
876
+ # resp = client.register_client({
877
+ # client_name: "My IDE Plugin",
878
+ # client_type: "public",
879
+ # entitled_application_arn: "arn:aws:sso::ACCOUNTID:application/ssoins-1111111111111111/apl-1111111111111111",
880
+ # grant_types: [
881
+ # "authorization_code",
882
+ # "refresh_token",
883
+ # ],
884
+ # issuer_url: "https://identitycenter.amazonaws.com/ssoins-1111111111111111",
885
+ # redirect_uris: [
886
+ # "127.0.0.1:PORT/oauth/callback",
887
+ # ],
888
+ # scopes: [
889
+ # "sso:account:access",
890
+ # "codewhisperer:completions",
891
+ # ],
892
+ # })
893
+ #
894
+ # resp.to_h outputs the following:
895
+ # {
896
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
897
+ # client_id_issued_at: 1579725929,
898
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
899
+ # client_secret_expires_at: 1587584729,
900
+ # }
901
+ #
510
902
  # @example Request syntax with placeholder values
511
903
  #
512
904
  # resp = client.register_client({
513
905
  # client_name: "ClientName", # required
514
906
  # client_type: "ClientType", # required
515
907
  # scopes: ["Scope"],
908
+ # redirect_uris: ["URI"],
909
+ # grant_types: ["GrantType"],
910
+ # issuer_url: "URI",
911
+ # entitled_application_arn: "ArnType",
516
912
  # })
517
913
  #
518
914
  # @example Response structure
@@ -546,8 +942,9 @@ module Aws::SSOOIDC
546
942
  # come from the persisted result of the RegisterClient API operation.
547
943
  #
548
944
  # @option params [required, String] :start_url
549
- # The URL for the AWS access portal. For more information, see [Using
550
- # the AWS access portal][1] in the *IAM Identity Center User Guide*.
945
+ # The URL for the Amazon Web Services access portal. For more
946
+ # information, see [Using the Amazon Web Services access portal][1] in
947
+ # the *IAM Identity Center User Guide*.
551
948
  #
552
949
  #
553
950
  #
@@ -562,6 +959,25 @@ module Aws::SSOOIDC
562
959
  # * {Types::StartDeviceAuthorizationResponse#expires_in #expires_in} => Integer
563
960
  # * {Types::StartDeviceAuthorizationResponse#interval #interval} => Integer
564
961
  #
962
+ #
963
+ # @example Example: Call OAuth/OIDC /start-device-authorization endpoint
964
+ #
965
+ # resp = client.start_device_authorization({
966
+ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
967
+ # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
968
+ # start_url: "https://identitycenter.amazonaws.com/ssoins-111111111111",
969
+ # })
970
+ #
971
+ # resp.to_h outputs the following:
972
+ # {
973
+ # device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
974
+ # expires_in: 1579729529,
975
+ # interval: 1,
976
+ # user_code: "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
977
+ # verification_uri: "https://device.sso.us-west-2.amazonaws.com",
978
+ # verification_uri_complete: "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
979
+ # }
980
+ #
565
981
  # @example Request syntax with placeholder values
566
982
  #
567
983
  # resp = client.start_device_authorization({
@@ -594,14 +1010,19 @@ module Aws::SSOOIDC
594
1010
  # @api private
595
1011
  def build_request(operation_name, params = {})
596
1012
  handlers = @handlers.for(operation_name)
1013
+ tracer = config.telemetry_provider.tracer_provider.tracer(
1014
+ Aws::Telemetry.module_to_tracer_name('Aws::SSOOIDC')
1015
+ )
597
1016
  context = Seahorse::Client::RequestContext.new(
598
1017
  operation_name: operation_name,
599
1018
  operation: config.api.operation(operation_name),
600
1019
  client: self,
601
1020
  params: params,
602
- config: config)
1021
+ config: config,
1022
+ tracer: tracer
1023
+ )
603
1024
  context[:gem_name] = 'aws-sdk-core'
604
- context[:gem_version] = '3.185.1'
1025
+ context[:gem_version] = '3.214.0'
605
1026
  Seahorse::Client::Request.new(handlers, context)
606
1027
  end
607
1028