aws-sdk-core 3.185.1 → 3.214.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +409 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +1 -2
- data/lib/aws-defaults.rb +4 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +12 -5
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +13 -7
- data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
- data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
- data/lib/aws-sdk-core/cbor/decoder.rb +310 -0
- data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
- data/lib/aws-sdk-core/cbor.rb +53 -0
- data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
- data/lib/aws-sdk-core/client_stubs.rb +23 -19
- data/lib/aws-sdk-core/credential_provider.rb +1 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +13 -6
- data/lib/aws-sdk-core/credentials.rb +13 -6
- data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +78 -11
- data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
- data/lib/aws-sdk-core/endpoints/matchers.rb +6 -9
- data/lib/aws-sdk-core/endpoints.rb +74 -18
- data/lib/aws-sdk-core/error_handler.rb +41 -0
- data/lib/aws-sdk-core/errors.rb +11 -2
- data/lib/aws-sdk-core/event_emitter.rb +0 -16
- data/lib/aws-sdk-core/instance_profile_credentials.rb +55 -32
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +17 -11
- data/lib/aws-sdk-core/json/handler.rb +13 -6
- data/lib/aws-sdk-core/json/json_engine.rb +3 -1
- data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
- data/lib/aws-sdk-core/json/parser.rb +32 -2
- data/lib/aws-sdk-core/json.rb +43 -14
- data/lib/aws-sdk-core/log/param_filter.rb +2 -2
- data/lib/aws-sdk-core/log.rb +10 -0
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +7 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +6 -3
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +9 -3
- data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
- data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -1
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
- data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
- data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
- data/lib/aws-sdk-core/plugins/sign.rb +27 -15
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
- data/lib/aws-sdk-core/plugins/stub_responses.rb +30 -2
- data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
- data/lib/aws-sdk-core/plugins/user_agent.rb +70 -26
- data/lib/aws-sdk-core/plugins.rb +39 -0
- data/lib/aws-sdk-core/process_credentials.rb +47 -28
- data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/handler.rb +4 -4
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/query.rb +2 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +12 -6
- data/lib/aws-sdk-core/resources.rb +8 -0
- data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -4
- data/lib/aws-sdk-core/rest/request/body.rb +32 -5
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +14 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
- data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
- data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
- data/lib/aws-sdk-core/rpc_v2/error_handler.rb +85 -0
- data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
- data/lib/aws-sdk-core/rpc_v2/parser.rb +90 -0
- data/lib/aws-sdk-core/rpc_v2.rb +69 -0
- data/lib/aws-sdk-core/shared_config.rb +7 -2
- data/lib/aws-sdk-core/shared_credentials.rb +0 -7
- data/lib/aws-sdk-core/sso_credentials.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
- data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
- data/lib/aws-sdk-core/stubbing.rb +22 -0
- data/lib/aws-sdk-core/telemetry/base.rb +177 -0
- data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
- data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
- data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
- data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
- data/lib/aws-sdk-core/telemetry.rb +78 -0
- data/lib/aws-sdk-core/util.rb +39 -0
- data/lib/aws-sdk-core/waiters/poller.rb +10 -5
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +32 -42
- data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +2 -6
- data/lib/aws-sdk-core.rb +82 -107
- data/lib/aws-sdk-sso/client.rb +119 -55
- data/lib/aws-sdk-sso/client_api.rb +7 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-sso/endpoints.rb +2 -54
- data/lib/aws-sdk-sso/plugins/endpoints.rb +23 -22
- data/lib/aws-sdk-sso/types.rb +1 -0
- data/lib/aws-sdk-sso.rb +15 -11
- data/lib/aws-sdk-ssooidc/client.rb +504 -83
- data/lib/aws-sdk-ssooidc/client_api.rb +83 -1
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-ssooidc/endpoints.rb +2 -40
- data/lib/aws-sdk-ssooidc/errors.rb +52 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +23 -20
- data/lib/aws-sdk-ssooidc/types.rb +373 -51
- data/lib/aws-sdk-ssooidc.rb +15 -11
- data/lib/aws-sdk-sts/client.rb +334 -105
- data/lib/aws-sdk-sts/client_api.rb +36 -10
- data/lib/aws-sdk-sts/customizations.rb +5 -1
- data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
- data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-sts/endpoints.rb +2 -118
- data/lib/aws-sdk-sts/plugins/endpoints.rb +23 -30
- data/lib/aws-sdk-sts/presigner.rb +1 -1
- data/lib/aws-sdk-sts/types.rb +188 -30
- data/lib/aws-sdk-sts.rb +15 -11
- data/lib/seahorse/client/async_base.rb +1 -1
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +18 -7
- data/lib/seahorse/client/h2/handler.rb +14 -3
- data/lib/seahorse/client/handler.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +11 -11
- data/lib/seahorse/client/net_http/handler.rb +21 -9
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/endpoint.rb +0 -1
- data/lib/seahorse/client/plugins/h2.rb +3 -3
- data/lib/seahorse/client/plugins/net_http.rb +57 -16
- data/lib/seahorse/client/request_context.rb +8 -1
- data/lib/seahorse/model/shapes.rb +2 -2
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
- data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
- data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
- data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +61 -19
- /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
@@ -22,6 +22,7 @@ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
|
|
22
22
|
require 'aws-sdk-core/plugins/response_paging.rb'
|
23
23
|
require 'aws-sdk-core/plugins/stub_responses.rb'
|
24
24
|
require 'aws-sdk-core/plugins/idempotency_token.rb'
|
25
|
+
require 'aws-sdk-core/plugins/invocation_id.rb'
|
25
26
|
require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
|
26
27
|
require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
27
28
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
@@ -31,11 +32,10 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
31
32
|
require 'aws-sdk-core/plugins/request_compression.rb'
|
32
33
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
33
34
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
35
|
+
require 'aws-sdk-core/plugins/telemetry.rb'
|
34
36
|
require 'aws-sdk-core/plugins/sign.rb'
|
35
37
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
36
38
|
|
37
|
-
Aws::Plugins::GlobalConfiguration.add_identifier(:ssooidc)
|
38
|
-
|
39
39
|
module Aws::SSOOIDC
|
40
40
|
# An API client for SSOOIDC. To construct a client, you need to configure a `:region` and `:credentials`.
|
41
41
|
#
|
@@ -72,6 +72,7 @@ module Aws::SSOOIDC
|
|
72
72
|
add_plugin(Aws::Plugins::ResponsePaging)
|
73
73
|
add_plugin(Aws::Plugins::StubResponses)
|
74
74
|
add_plugin(Aws::Plugins::IdempotencyToken)
|
75
|
+
add_plugin(Aws::Plugins::InvocationId)
|
75
76
|
add_plugin(Aws::Plugins::JsonvalueConverter)
|
76
77
|
add_plugin(Aws::Plugins::ClientMetricsPlugin)
|
77
78
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
@@ -81,12 +82,18 @@ module Aws::SSOOIDC
|
|
81
82
|
add_plugin(Aws::Plugins::RequestCompression)
|
82
83
|
add_plugin(Aws::Plugins::DefaultsMode)
|
83
84
|
add_plugin(Aws::Plugins::RecursionDetection)
|
85
|
+
add_plugin(Aws::Plugins::Telemetry)
|
84
86
|
add_plugin(Aws::Plugins::Sign)
|
85
87
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
86
88
|
add_plugin(Aws::SSOOIDC::Plugins::Endpoints)
|
87
89
|
|
88
90
|
# @overload initialize(options)
|
89
91
|
# @param [Hash] options
|
92
|
+
#
|
93
|
+
# @option options [Array<Seahorse::Client::Plugin>] :plugins ([]])
|
94
|
+
# A list of plugins to apply to the client. Each plugin is either a
|
95
|
+
# class name or an instance of a plugin class.
|
96
|
+
#
|
90
97
|
# @option options [required, Aws::CredentialProvider] :credentials
|
91
98
|
# Your AWS credentials. This can be an instance of any one of the
|
92
99
|
# following classes:
|
@@ -121,13 +128,15 @@ module Aws::SSOOIDC
|
|
121
128
|
# locations will be searched for credentials:
|
122
129
|
#
|
123
130
|
# * `Aws.config[:credentials]`
|
124
|
-
# * The `:access_key_id`, `:secret_access_key`,
|
125
|
-
#
|
131
|
+
# * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
|
132
|
+
# `:account_id` options.
|
133
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
|
134
|
+
# ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
|
126
135
|
# * `~/.aws/credentials`
|
127
136
|
# * `~/.aws/config`
|
128
137
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
129
138
|
# are very aggressive. Construct and pass an instance of
|
130
|
-
# `Aws::
|
139
|
+
# `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
|
131
140
|
# enable retries and extended timeouts. Instance profile credential
|
132
141
|
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
133
142
|
# to true.
|
@@ -146,6 +155,8 @@ module Aws::SSOOIDC
|
|
146
155
|
#
|
147
156
|
# @option options [String] :access_key_id
|
148
157
|
#
|
158
|
+
# @option options [String] :account_id
|
159
|
+
#
|
149
160
|
# @option options [Boolean] :active_endpoint_cache (false)
|
150
161
|
# When set to `true`, a thread polling for endpoints will be running in
|
151
162
|
# the background every 60 secs (default). Defaults to `false`.
|
@@ -196,10 +207,16 @@ module Aws::SSOOIDC
|
|
196
207
|
# When set to 'true' the request body will not be compressed
|
197
208
|
# for supported operations.
|
198
209
|
#
|
199
|
-
# @option options [String] :endpoint
|
200
|
-
#
|
201
|
-
#
|
202
|
-
#
|
210
|
+
# @option options [String, URI::HTTPS, URI::HTTP] :endpoint
|
211
|
+
# Normally you should not configure the `:endpoint` option
|
212
|
+
# directly. This is normally constructed from the `:region`
|
213
|
+
# option. Configuring `:endpoint` is normally reserved for
|
214
|
+
# connecting to test or custom endpoints. The endpoint should
|
215
|
+
# be a URI formatted like:
|
216
|
+
#
|
217
|
+
# 'http://example.com'
|
218
|
+
# 'https://example.com'
|
219
|
+
# 'http://example.com:123'
|
203
220
|
#
|
204
221
|
# @option options [Integer] :endpoint_cache_max_entries (1000)
|
205
222
|
# Used for the maximum size limit of the LRU cache storing endpoints data
|
@@ -289,16 +306,25 @@ module Aws::SSOOIDC
|
|
289
306
|
# throttling. This is a provisional mode that may change behavior
|
290
307
|
# in the future.
|
291
308
|
#
|
292
|
-
#
|
293
309
|
# @option options [String] :sdk_ua_app_id
|
294
310
|
# A unique and opaque application ID that is appended to the
|
295
|
-
# User-Agent header as app
|
296
|
-
# maximum length of 50.
|
311
|
+
# User-Agent header as app/sdk_ua_app_id. It should have a
|
312
|
+
# maximum length of 50. This variable is sourced from environment
|
313
|
+
# variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
|
297
314
|
#
|
298
315
|
# @option options [String] :secret_access_key
|
299
316
|
#
|
300
317
|
# @option options [String] :session_token
|
301
318
|
#
|
319
|
+
# @option options [Array] :sigv4a_signing_region_set
|
320
|
+
# A list of regions that should be signed with SigV4a signing. When
|
321
|
+
# not passed, a default `:sigv4a_signing_region_set` is searched for
|
322
|
+
# in the following locations:
|
323
|
+
#
|
324
|
+
# * `Aws.config[:sigv4a_signing_region_set]`
|
325
|
+
# * `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
|
326
|
+
# * `~/.aws/config`
|
327
|
+
#
|
302
328
|
# @option options [Boolean] :stub_responses (false)
|
303
329
|
# Causes the client to return stubbed responses. By default
|
304
330
|
# fake responses are generated and returned. You can specify
|
@@ -308,6 +334,16 @@ module Aws::SSOOIDC
|
|
308
334
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
309
335
|
# requests are made, and retries are disabled.
|
310
336
|
#
|
337
|
+
# @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
|
338
|
+
# Allows you to provide a telemetry provider, which is used to
|
339
|
+
# emit telemetry data. By default, uses `NoOpTelemetryProvider` which
|
340
|
+
# will not record or emit any telemetry data. The SDK supports the
|
341
|
+
# following telemetry providers:
|
342
|
+
#
|
343
|
+
# * OpenTelemetry (OTel) - To use the OTel provider, install and require the
|
344
|
+
# `opentelemetry-sdk` gem and then, pass in an instance of a
|
345
|
+
# `Aws::Telemetry::OTelProvider` for telemetry provider.
|
346
|
+
#
|
311
347
|
# @option options [Aws::TokenProvider] :token_provider
|
312
348
|
# A Bearer Token Provider. This can be an instance of any one of the
|
313
349
|
# following classes:
|
@@ -335,52 +371,75 @@ module Aws::SSOOIDC
|
|
335
371
|
# sending the request.
|
336
372
|
#
|
337
373
|
# @option options [Aws::SSOOIDC::EndpointProvider] :endpoint_provider
|
338
|
-
# The endpoint provider used to resolve endpoints. Any object that responds to
|
339
|
-
#
|
340
|
-
#
|
341
|
-
#
|
342
|
-
#
|
343
|
-
#
|
344
|
-
#
|
345
|
-
# `
|
346
|
-
#
|
347
|
-
#
|
348
|
-
#
|
349
|
-
#
|
350
|
-
#
|
351
|
-
#
|
352
|
-
#
|
353
|
-
#
|
354
|
-
#
|
374
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to
|
375
|
+
# `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
|
376
|
+
# `Aws::SSOOIDC::EndpointParameters`.
|
377
|
+
#
|
378
|
+
# @option options [Float] :http_continue_timeout (1)
|
379
|
+
# The number of seconds to wait for a 100-continue response before sending the
|
380
|
+
# request body. This option has no effect unless the request has "Expect"
|
381
|
+
# header set to "100-continue". Defaults to `nil` which disables this
|
382
|
+
# behaviour. This value can safely be set per request on the session.
|
383
|
+
#
|
384
|
+
# @option options [Float] :http_idle_timeout (5)
|
385
|
+
# The number of seconds a connection is allowed to sit idle before it
|
386
|
+
# is considered stale. Stale connections are closed and removed from the
|
387
|
+
# pool before making a request.
|
388
|
+
#
|
389
|
+
# @option options [Float] :http_open_timeout (15)
|
390
|
+
# The default number of seconds to wait for response data.
|
391
|
+
# This value can safely be set per-request on the session.
|
392
|
+
#
|
393
|
+
# @option options [URI::HTTP,String] :http_proxy
|
394
|
+
# A proxy to send requests through. Formatted like 'http://proxy.com:123'.
|
395
|
+
#
|
396
|
+
# @option options [Float] :http_read_timeout (60)
|
397
|
+
# The default number of seconds to wait for response data.
|
398
|
+
# This value can safely be set per-request on the session.
|
399
|
+
#
|
400
|
+
# @option options [Boolean] :http_wire_trace (false)
|
401
|
+
# When `true`, HTTP debug output will be sent to the `:logger`.
|
402
|
+
#
|
403
|
+
# @option options [Proc] :on_chunk_received
|
404
|
+
# When a Proc object is provided, it will be used as callback when each chunk
|
405
|
+
# of the response body is received. It provides three arguments: the chunk,
|
406
|
+
# the number of bytes received, and the total number of
|
407
|
+
# bytes in the response (or nil if the server did not send a `content-length`).
|
408
|
+
#
|
409
|
+
# @option options [Proc] :on_chunk_sent
|
410
|
+
# When a Proc object is provided, it will be used as callback when each chunk
|
411
|
+
# of the request body is sent. It provides three arguments: the chunk,
|
412
|
+
# the number of bytes read from the body, and the total number of
|
413
|
+
# bytes in the body.
|
414
|
+
#
|
415
|
+
# @option options [Boolean] :raise_response_errors (true)
|
416
|
+
# When `true`, response errors are raised.
|
417
|
+
#
|
418
|
+
# @option options [String] :ssl_ca_bundle
|
419
|
+
# Full path to the SSL certificate authority bundle file that should be used when
|
420
|
+
# verifying peer certificates. If you do not pass `:ssl_ca_bundle` or
|
421
|
+
# `:ssl_ca_directory` the the system default will be used if available.
|
422
|
+
#
|
423
|
+
# @option options [String] :ssl_ca_directory
|
424
|
+
# Full path of the directory that contains the unbundled SSL certificate
|
425
|
+
# authority files for verifying peer certificates. If you do
|
426
|
+
# not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the system
|
427
|
+
# default will be used if available.
|
355
428
|
#
|
356
|
-
# @option options [
|
357
|
-
#
|
358
|
-
# request body. This option has no effect unless the request has
|
359
|
-
# "Expect" header set to "100-continue". Defaults to `nil` which
|
360
|
-
# disables this behaviour. This value can safely be set per
|
361
|
-
# request on the session.
|
429
|
+
# @option options [String] :ssl_ca_store
|
430
|
+
# Sets the X509::Store to verify peer certificate.
|
362
431
|
#
|
363
|
-
# @option options [
|
364
|
-
#
|
432
|
+
# @option options [OpenSSL::X509::Certificate] :ssl_cert
|
433
|
+
# Sets a client certificate when creating http connections.
|
365
434
|
#
|
366
|
-
# @option options [
|
367
|
-
#
|
435
|
+
# @option options [OpenSSL::PKey] :ssl_key
|
436
|
+
# Sets a client key when creating http connections.
|
368
437
|
#
|
369
|
-
# @option options [
|
370
|
-
#
|
371
|
-
# connection.
|
438
|
+
# @option options [Float] :ssl_timeout
|
439
|
+
# Sets the SSL timeout in seconds
|
372
440
|
#
|
373
|
-
# @option options [
|
374
|
-
#
|
375
|
-
# verifying peer certificates. If you do not pass
|
376
|
-
# `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
|
377
|
-
# will be used if available.
|
378
|
-
#
|
379
|
-
# @option options [String] :ssl_ca_directory Full path of the
|
380
|
-
# directory that contains the unbundled SSL certificate
|
381
|
-
# authority files for verifying peer certificates. If you do
|
382
|
-
# not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
|
383
|
-
# system default will be used if available.
|
441
|
+
# @option options [Boolean] :ssl_verify_peer (true)
|
442
|
+
# When `true`, SSL peer certificates are verified when establishing a connection.
|
384
443
|
#
|
385
444
|
def initialize(*args)
|
386
445
|
super
|
@@ -388,61 +447,69 @@ module Aws::SSOOIDC
|
|
388
447
|
|
389
448
|
# @!group API Operations
|
390
449
|
|
391
|
-
# Creates and returns
|
392
|
-
# access token
|
393
|
-
#
|
450
|
+
# Creates and returns access and refresh tokens for clients that are
|
451
|
+
# authenticated using client secrets. The access token can be used to
|
452
|
+
# fetch short-term credentials for the assigned AWS accounts or to
|
453
|
+
# access application APIs using `bearer` authentication.
|
394
454
|
#
|
395
455
|
# @option params [required, String] :client_id
|
396
|
-
# The unique identifier string for
|
397
|
-
# from the
|
456
|
+
# The unique identifier string for the client or application. This value
|
457
|
+
# comes from the result of the RegisterClient API.
|
398
458
|
#
|
399
459
|
# @option params [required, String] :client_secret
|
400
460
|
# A secret string generated for the client. This value should come from
|
401
461
|
# the persisted result of the RegisterClient API.
|
402
462
|
#
|
403
463
|
# @option params [required, String] :grant_type
|
404
|
-
# Supports
|
405
|
-
#
|
406
|
-
#
|
464
|
+
# Supports the following OAuth grant types: Device Code and Refresh
|
465
|
+
# Token. Specify either of the following values, depending on the grant
|
466
|
+
# type that you want:
|
467
|
+
#
|
468
|
+
# * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
|
407
469
|
#
|
408
|
-
#
|
470
|
+
# * Refresh Token - `refresh_token`
|
409
471
|
#
|
410
472
|
# For information about how to obtain the device code, see the
|
411
473
|
# StartDeviceAuthorization topic.
|
412
474
|
#
|
413
475
|
# @option params [String] :device_code
|
414
|
-
# Used only when calling this API for the
|
415
|
-
# short-term code is used to identify this
|
416
|
-
#
|
417
|
-
# StartDeviceAuthorization API.
|
476
|
+
# Used only when calling this API for the Device Code grant type. This
|
477
|
+
# short-term code is used to identify this authorization request. This
|
478
|
+
# comes from the result of the StartDeviceAuthorization API.
|
418
479
|
#
|
419
480
|
# @option params [String] :code
|
420
|
-
#
|
421
|
-
#
|
422
|
-
#
|
481
|
+
# Used only when calling this API for the Authorization Code grant type.
|
482
|
+
# The short-term code is used to identify this authorization request.
|
483
|
+
# This grant type is currently unsupported for the CreateToken API.
|
423
484
|
#
|
424
485
|
# @option params [String] :refresh_token
|
425
|
-
#
|
486
|
+
# Used only when calling this API for the Refresh Token grant type. This
|
487
|
+
# token is used to refresh short-term tokens, such as the access token,
|
488
|
+
# that might expire.
|
489
|
+
#
|
426
490
|
# For more information about the features and limitations of the current
|
427
491
|
# IAM Identity Center OIDC implementation, see *Considerations for Using
|
428
492
|
# this Guide* in the [IAM Identity Center OIDC API Reference][1].
|
429
493
|
#
|
430
|
-
# The token used to obtain an access token in the event that the access
|
431
|
-
# token is invalid or expired.
|
432
|
-
#
|
433
494
|
#
|
434
495
|
#
|
435
496
|
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
436
497
|
#
|
437
498
|
# @option params [Array<String>] :scope
|
438
|
-
# The list of scopes
|
439
|
-
#
|
440
|
-
#
|
499
|
+
# The list of scopes for which authorization is requested. The access
|
500
|
+
# token that is issued is limited to the scopes that are granted. If
|
501
|
+
# this value is not specified, IAM Identity Center authorizes all scopes
|
502
|
+
# that are configured for the client during the call to RegisterClient.
|
441
503
|
#
|
442
504
|
# @option params [String] :redirect_uri
|
443
|
-
#
|
444
|
-
#
|
445
|
-
#
|
505
|
+
# Used only when calling this API for the Authorization Code grant type.
|
506
|
+
# This value specifies the location of the client or application that
|
507
|
+
# has registered to receive the authorization code.
|
508
|
+
#
|
509
|
+
# @option params [String] :code_verifier
|
510
|
+
# Used only when calling this API for the Authorization Code grant type.
|
511
|
+
# This value is generated by the client and presented to validate the
|
512
|
+
# original code challenge value the client passed at authorization time.
|
446
513
|
#
|
447
514
|
# @return [Types::CreateTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
448
515
|
#
|
@@ -452,6 +519,44 @@ module Aws::SSOOIDC
|
|
452
519
|
# * {Types::CreateTokenResponse#refresh_token #refresh_token} => String
|
453
520
|
# * {Types::CreateTokenResponse#id_token #id_token} => String
|
454
521
|
#
|
522
|
+
#
|
523
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Device Code grant with Secret authentication
|
524
|
+
#
|
525
|
+
# resp = client.create_token({
|
526
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
527
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
528
|
+
# device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
|
529
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:device-code",
|
530
|
+
# })
|
531
|
+
#
|
532
|
+
# resp.to_h outputs the following:
|
533
|
+
# {
|
534
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
535
|
+
# expires_in: 1579729529,
|
536
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
537
|
+
# token_type: "Bearer",
|
538
|
+
# }
|
539
|
+
#
|
540
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication
|
541
|
+
#
|
542
|
+
# resp = client.create_token({
|
543
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
544
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
545
|
+
# grant_type: "refresh_token",
|
546
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
547
|
+
# scope: [
|
548
|
+
# "codewhisperer:completions",
|
549
|
+
# ],
|
550
|
+
# })
|
551
|
+
#
|
552
|
+
# resp.to_h outputs the following:
|
553
|
+
# {
|
554
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
555
|
+
# expires_in: 1579729529,
|
556
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
557
|
+
# token_type: "Bearer",
|
558
|
+
# }
|
559
|
+
#
|
455
560
|
# @example Request syntax with placeholder values
|
456
561
|
#
|
457
562
|
# resp = client.create_token({
|
@@ -463,6 +568,7 @@ module Aws::SSOOIDC
|
|
463
568
|
# refresh_token: "RefreshToken",
|
464
569
|
# scope: ["Scope"],
|
465
570
|
# redirect_uri: "URI",
|
571
|
+
# code_verifier: "CodeVerifier",
|
466
572
|
# })
|
467
573
|
#
|
468
574
|
# @example Response structure
|
@@ -482,6 +588,241 @@ module Aws::SSOOIDC
|
|
482
588
|
req.send_request(options)
|
483
589
|
end
|
484
590
|
|
591
|
+
# Creates and returns access and refresh tokens for clients and
|
592
|
+
# applications that are authenticated using IAM entities. The access
|
593
|
+
# token can be used to fetch short-term credentials for the assigned
|
594
|
+
# Amazon Web Services accounts or to access application APIs using
|
595
|
+
# `bearer` authentication.
|
596
|
+
#
|
597
|
+
# @option params [required, String] :client_id
|
598
|
+
# The unique identifier string for the client or application. This value
|
599
|
+
# is an application ARN that has OAuth grants configured.
|
600
|
+
#
|
601
|
+
# @option params [required, String] :grant_type
|
602
|
+
# Supports the following OAuth grant types: Authorization Code, Refresh
|
603
|
+
# Token, JWT Bearer, and Token Exchange. Specify one of the following
|
604
|
+
# values, depending on the grant type that you want:
|
605
|
+
#
|
606
|
+
# * Authorization Code - `authorization_code`
|
607
|
+
#
|
608
|
+
# * Refresh Token - `refresh_token`
|
609
|
+
#
|
610
|
+
# * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer`
|
611
|
+
#
|
612
|
+
# * Token Exchange - `urn:ietf:params:oauth:grant-type:token-exchange`
|
613
|
+
#
|
614
|
+
# @option params [String] :code
|
615
|
+
# Used only when calling this API for the Authorization Code grant type.
|
616
|
+
# This short-term code is used to identify this authorization request.
|
617
|
+
# The code is obtained through a redirect from IAM Identity Center to a
|
618
|
+
# redirect URI persisted in the Authorization Code GrantOptions for the
|
619
|
+
# application.
|
620
|
+
#
|
621
|
+
# @option params [String] :refresh_token
|
622
|
+
# Used only when calling this API for the Refresh Token grant type. This
|
623
|
+
# token is used to refresh short-term tokens, such as the access token,
|
624
|
+
# that might expire.
|
625
|
+
#
|
626
|
+
# For more information about the features and limitations of the current
|
627
|
+
# IAM Identity Center OIDC implementation, see *Considerations for Using
|
628
|
+
# this Guide* in the [IAM Identity Center OIDC API Reference][1].
|
629
|
+
#
|
630
|
+
#
|
631
|
+
#
|
632
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
633
|
+
#
|
634
|
+
# @option params [String] :assertion
|
635
|
+
# Used only when calling this API for the JWT Bearer grant type. This
|
636
|
+
# value specifies the JSON Web Token (JWT) issued by a trusted token
|
637
|
+
# issuer. To authorize a trusted token issuer, configure the JWT Bearer
|
638
|
+
# GrantOptions for the application.
|
639
|
+
#
|
640
|
+
# @option params [Array<String>] :scope
|
641
|
+
# The list of scopes for which authorization is requested. The access
|
642
|
+
# token that is issued is limited to the scopes that are granted. If the
|
643
|
+
# value is not specified, IAM Identity Center authorizes all scopes
|
644
|
+
# configured for the application, including the following default
|
645
|
+
# scopes: `openid`, `aws`, `sts:identity_context`.
|
646
|
+
#
|
647
|
+
# @option params [String] :redirect_uri
|
648
|
+
# Used only when calling this API for the Authorization Code grant type.
|
649
|
+
# This value specifies the location of the client or application that
|
650
|
+
# has registered to receive the authorization code.
|
651
|
+
#
|
652
|
+
# @option params [String] :subject_token
|
653
|
+
# Used only when calling this API for the Token Exchange grant type.
|
654
|
+
# This value specifies the subject of the exchange. The value of the
|
655
|
+
# subject token must be an access token issued by IAM Identity Center to
|
656
|
+
# a different client or application. The access token must have
|
657
|
+
# authorized scopes that indicate the requested application as a target
|
658
|
+
# audience.
|
659
|
+
#
|
660
|
+
# @option params [String] :subject_token_type
|
661
|
+
# Used only when calling this API for the Token Exchange grant type.
|
662
|
+
# This value specifies the type of token that is passed as the subject
|
663
|
+
# of the exchange. The following value is supported:
|
664
|
+
#
|
665
|
+
# * Access Token - `urn:ietf:params:oauth:token-type:access_token`
|
666
|
+
#
|
667
|
+
# @option params [String] :requested_token_type
|
668
|
+
# Used only when calling this API for the Token Exchange grant type.
|
669
|
+
# This value specifies the type of token that the requester can receive.
|
670
|
+
# The following values are supported:
|
671
|
+
#
|
672
|
+
# * Access Token - `urn:ietf:params:oauth:token-type:access_token`
|
673
|
+
#
|
674
|
+
# * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
|
675
|
+
#
|
676
|
+
# @option params [String] :code_verifier
|
677
|
+
# Used only when calling this API for the Authorization Code grant type.
|
678
|
+
# This value is generated by the client and presented to validate the
|
679
|
+
# original code challenge value the client passed at authorization time.
|
680
|
+
#
|
681
|
+
# @return [Types::CreateTokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
682
|
+
#
|
683
|
+
# * {Types::CreateTokenWithIAMResponse#access_token #access_token} => String
|
684
|
+
# * {Types::CreateTokenWithIAMResponse#token_type #token_type} => String
|
685
|
+
# * {Types::CreateTokenWithIAMResponse#expires_in #expires_in} => Integer
|
686
|
+
# * {Types::CreateTokenWithIAMResponse#refresh_token #refresh_token} => String
|
687
|
+
# * {Types::CreateTokenWithIAMResponse#id_token #id_token} => String
|
688
|
+
# * {Types::CreateTokenWithIAMResponse#issued_token_type #issued_token_type} => String
|
689
|
+
# * {Types::CreateTokenWithIAMResponse#scope #scope} => Array<String>
|
690
|
+
#
|
691
|
+
#
|
692
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Authorization Code grant with IAM authentication
|
693
|
+
#
|
694
|
+
# resp = client.create_token_with_iam({
|
695
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
696
|
+
# code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE",
|
697
|
+
# grant_type: "authorization_code",
|
698
|
+
# redirect_uri: "https://mywebapp.example/redirect",
|
699
|
+
# scope: [
|
700
|
+
# "openid",
|
701
|
+
# "aws",
|
702
|
+
# "sts:identity_context",
|
703
|
+
# ],
|
704
|
+
# })
|
705
|
+
#
|
706
|
+
# resp.to_h outputs the following:
|
707
|
+
# {
|
708
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
709
|
+
# expires_in: 1579729529,
|
710
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
|
711
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
712
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
713
|
+
# scope: [
|
714
|
+
# "openid",
|
715
|
+
# "aws",
|
716
|
+
# "sts:identity_context",
|
717
|
+
# ],
|
718
|
+
# token_type: "Bearer",
|
719
|
+
# }
|
720
|
+
#
|
721
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with IAM authentication
|
722
|
+
#
|
723
|
+
# resp = client.create_token_with_iam({
|
724
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
725
|
+
# grant_type: "refresh_token",
|
726
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
727
|
+
# })
|
728
|
+
#
|
729
|
+
# resp.to_h outputs the following:
|
730
|
+
# {
|
731
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
732
|
+
# expires_in: 1579729529,
|
733
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
734
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
735
|
+
# scope: [
|
736
|
+
# "openid",
|
737
|
+
# "aws",
|
738
|
+
# "sts:identity_context",
|
739
|
+
# ],
|
740
|
+
# token_type: "Bearer",
|
741
|
+
# }
|
742
|
+
#
|
743
|
+
# @example Example: Call OAuth/OIDC /token endpoint for JWT Bearer grant with IAM authentication
|
744
|
+
#
|
745
|
+
# resp = client.create_token_with_iam({
|
746
|
+
# assertion: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw",
|
747
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
748
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
|
749
|
+
# })
|
750
|
+
#
|
751
|
+
# resp.to_h outputs the following:
|
752
|
+
# {
|
753
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
754
|
+
# expires_in: 1579729529,
|
755
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
|
756
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
757
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
758
|
+
# scope: [
|
759
|
+
# "openid",
|
760
|
+
# "aws",
|
761
|
+
# "sts:identity_context",
|
762
|
+
# ],
|
763
|
+
# token_type: "Bearer",
|
764
|
+
# }
|
765
|
+
#
|
766
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Token Exchange grant with IAM authentication
|
767
|
+
#
|
768
|
+
# resp = client.create_token_with_iam({
|
769
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
770
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
|
771
|
+
# requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
772
|
+
# subject_token: "aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN",
|
773
|
+
# subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
774
|
+
# })
|
775
|
+
#
|
776
|
+
# resp.to_h outputs the following:
|
777
|
+
# {
|
778
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
779
|
+
# expires_in: 1579729529,
|
780
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM",
|
781
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
782
|
+
# scope: [
|
783
|
+
# "openid",
|
784
|
+
# "aws",
|
785
|
+
# "sts:identity_context",
|
786
|
+
# ],
|
787
|
+
# token_type: "Bearer",
|
788
|
+
# }
|
789
|
+
#
|
790
|
+
# @example Request syntax with placeholder values
|
791
|
+
#
|
792
|
+
# resp = client.create_token_with_iam({
|
793
|
+
# client_id: "ClientId", # required
|
794
|
+
# grant_type: "GrantType", # required
|
795
|
+
# code: "AuthCode",
|
796
|
+
# refresh_token: "RefreshToken",
|
797
|
+
# assertion: "Assertion",
|
798
|
+
# scope: ["Scope"],
|
799
|
+
# redirect_uri: "URI",
|
800
|
+
# subject_token: "SubjectToken",
|
801
|
+
# subject_token_type: "TokenTypeURI",
|
802
|
+
# requested_token_type: "TokenTypeURI",
|
803
|
+
# code_verifier: "CodeVerifier",
|
804
|
+
# })
|
805
|
+
#
|
806
|
+
# @example Response structure
|
807
|
+
#
|
808
|
+
# resp.access_token #=> String
|
809
|
+
# resp.token_type #=> String
|
810
|
+
# resp.expires_in #=> Integer
|
811
|
+
# resp.refresh_token #=> String
|
812
|
+
# resp.id_token #=> String
|
813
|
+
# resp.issued_token_type #=> String
|
814
|
+
# resp.scope #=> Array
|
815
|
+
# resp.scope[0] #=> String
|
816
|
+
#
|
817
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM AWS API Documentation
|
818
|
+
#
|
819
|
+
# @overload create_token_with_iam(params = {})
|
820
|
+
# @param [Hash] params ({})
|
821
|
+
def create_token_with_iam(params = {}, options = {})
|
822
|
+
req = build_request(:create_token_with_iam, params)
|
823
|
+
req.send_request(options)
|
824
|
+
end
|
825
|
+
|
485
826
|
# Registers a client with IAM Identity Center. This allows clients to
|
486
827
|
# initiate device authorization. The output should be persisted for
|
487
828
|
# reuse through many authentication requests.
|
@@ -498,6 +839,28 @@ module Aws::SSOOIDC
|
|
498
839
|
# this list is used to restrict permissions when granting an access
|
499
840
|
# token.
|
500
841
|
#
|
842
|
+
# @option params [Array<String>] :redirect_uris
|
843
|
+
# The list of redirect URI that are defined by the client. At completion
|
844
|
+
# of authorization, this list is used to restrict what locations the
|
845
|
+
# user agent can be redirected back to.
|
846
|
+
#
|
847
|
+
# @option params [Array<String>] :grant_types
|
848
|
+
# The list of OAuth 2.0 grant types that are defined by the client. This
|
849
|
+
# list is used to restrict the token granting flows available to the
|
850
|
+
# client.
|
851
|
+
#
|
852
|
+
# @option params [String] :issuer_url
|
853
|
+
# The IAM Identity Center Issuer URL associated with an instance of IAM
|
854
|
+
# Identity Center. This value is needed for user access to resources
|
855
|
+
# through the client.
|
856
|
+
#
|
857
|
+
# @option params [String] :entitled_application_arn
|
858
|
+
# This IAM Identity Center application ARN is used to define
|
859
|
+
# administrator-managed configuration for public client access to
|
860
|
+
# resources. At authorization, the scopes, grants, and redirect URI
|
861
|
+
# available to this client will be restricted by this application
|
862
|
+
# resource.
|
863
|
+
#
|
501
864
|
# @return [Types::RegisterClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
502
865
|
#
|
503
866
|
# * {Types::RegisterClientResponse#client_id #client_id} => String
|
@@ -507,12 +870,45 @@ module Aws::SSOOIDC
|
|
507
870
|
# * {Types::RegisterClientResponse#authorization_endpoint #authorization_endpoint} => String
|
508
871
|
# * {Types::RegisterClientResponse#token_endpoint #token_endpoint} => String
|
509
872
|
#
|
873
|
+
#
|
874
|
+
# @example Example: Call OAuth/OIDC /register-client endpoint
|
875
|
+
#
|
876
|
+
# resp = client.register_client({
|
877
|
+
# client_name: "My IDE Plugin",
|
878
|
+
# client_type: "public",
|
879
|
+
# entitled_application_arn: "arn:aws:sso::ACCOUNTID:application/ssoins-1111111111111111/apl-1111111111111111",
|
880
|
+
# grant_types: [
|
881
|
+
# "authorization_code",
|
882
|
+
# "refresh_token",
|
883
|
+
# ],
|
884
|
+
# issuer_url: "https://identitycenter.amazonaws.com/ssoins-1111111111111111",
|
885
|
+
# redirect_uris: [
|
886
|
+
# "127.0.0.1:PORT/oauth/callback",
|
887
|
+
# ],
|
888
|
+
# scopes: [
|
889
|
+
# "sso:account:access",
|
890
|
+
# "codewhisperer:completions",
|
891
|
+
# ],
|
892
|
+
# })
|
893
|
+
#
|
894
|
+
# resp.to_h outputs the following:
|
895
|
+
# {
|
896
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
897
|
+
# client_id_issued_at: 1579725929,
|
898
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
899
|
+
# client_secret_expires_at: 1587584729,
|
900
|
+
# }
|
901
|
+
#
|
510
902
|
# @example Request syntax with placeholder values
|
511
903
|
#
|
512
904
|
# resp = client.register_client({
|
513
905
|
# client_name: "ClientName", # required
|
514
906
|
# client_type: "ClientType", # required
|
515
907
|
# scopes: ["Scope"],
|
908
|
+
# redirect_uris: ["URI"],
|
909
|
+
# grant_types: ["GrantType"],
|
910
|
+
# issuer_url: "URI",
|
911
|
+
# entitled_application_arn: "ArnType",
|
516
912
|
# })
|
517
913
|
#
|
518
914
|
# @example Response structure
|
@@ -546,8 +942,9 @@ module Aws::SSOOIDC
|
|
546
942
|
# come from the persisted result of the RegisterClient API operation.
|
547
943
|
#
|
548
944
|
# @option params [required, String] :start_url
|
549
|
-
# The URL for the
|
550
|
-
# the
|
945
|
+
# The URL for the Amazon Web Services access portal. For more
|
946
|
+
# information, see [Using the Amazon Web Services access portal][1] in
|
947
|
+
# the *IAM Identity Center User Guide*.
|
551
948
|
#
|
552
949
|
#
|
553
950
|
#
|
@@ -562,6 +959,25 @@ module Aws::SSOOIDC
|
|
562
959
|
# * {Types::StartDeviceAuthorizationResponse#expires_in #expires_in} => Integer
|
563
960
|
# * {Types::StartDeviceAuthorizationResponse#interval #interval} => Integer
|
564
961
|
#
|
962
|
+
#
|
963
|
+
# @example Example: Call OAuth/OIDC /start-device-authorization endpoint
|
964
|
+
#
|
965
|
+
# resp = client.start_device_authorization({
|
966
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
967
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
968
|
+
# start_url: "https://identitycenter.amazonaws.com/ssoins-111111111111",
|
969
|
+
# })
|
970
|
+
#
|
971
|
+
# resp.to_h outputs the following:
|
972
|
+
# {
|
973
|
+
# device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
|
974
|
+
# expires_in: 1579729529,
|
975
|
+
# interval: 1,
|
976
|
+
# user_code: "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
|
977
|
+
# verification_uri: "https://device.sso.us-west-2.amazonaws.com",
|
978
|
+
# verification_uri_complete: "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
|
979
|
+
# }
|
980
|
+
#
|
565
981
|
# @example Request syntax with placeholder values
|
566
982
|
#
|
567
983
|
# resp = client.start_device_authorization({
|
@@ -594,14 +1010,19 @@ module Aws::SSOOIDC
|
|
594
1010
|
# @api private
|
595
1011
|
def build_request(operation_name, params = {})
|
596
1012
|
handlers = @handlers.for(operation_name)
|
1013
|
+
tracer = config.telemetry_provider.tracer_provider.tracer(
|
1014
|
+
Aws::Telemetry.module_to_tracer_name('Aws::SSOOIDC')
|
1015
|
+
)
|
597
1016
|
context = Seahorse::Client::RequestContext.new(
|
598
1017
|
operation_name: operation_name,
|
599
1018
|
operation: config.api.operation(operation_name),
|
600
1019
|
client: self,
|
601
1020
|
params: params,
|
602
|
-
config: config
|
1021
|
+
config: config,
|
1022
|
+
tracer: tracer
|
1023
|
+
)
|
603
1024
|
context[:gem_name] = 'aws-sdk-core'
|
604
|
-
context[:gem_version] = '3.
|
1025
|
+
context[:gem_version] = '3.214.0'
|
605
1026
|
Seahorse::Client::Request.new(handlers, context)
|
606
1027
|
end
|
607
1028
|
|