aws-sdk-core 3.186.0 → 3.187.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -35,6 +35,7 @@ module Aws::SSOOIDC
35
35
  # * {InvalidClientMetadataException}
36
36
  # * {InvalidGrantException}
37
37
  # * {InvalidRequestException}
38
+ # * {InvalidRequestRegionException}
38
39
  # * {InvalidScopeException}
39
40
  # * {SlowDownException}
40
41
  # * {UnauthorizedClientException}
@@ -206,6 +207,36 @@ module Aws::SSOOIDC
206
207
  end
207
208
  end
208
209
 
210
+ class InvalidRequestRegionException < ServiceError
211
+
212
+ # @param [Seahorse::Client::RequestContext] context
213
+ # @param [String] message
214
+ # @param [Aws::SSOOIDC::Types::InvalidRequestRegionException] data
215
+ def initialize(context, message, data = Aws::EmptyStructure.new)
216
+ super(context, message, data)
217
+ end
218
+
219
+ # @return [String]
220
+ def error
221
+ @data[:error]
222
+ end
223
+
224
+ # @return [String]
225
+ def error_description
226
+ @data[:error_description]
227
+ end
228
+
229
+ # @return [String]
230
+ def endpoint
231
+ @data[:endpoint]
232
+ end
233
+
234
+ # @return [String]
235
+ def region
236
+ @data[:region]
237
+ end
238
+ end
239
+
209
240
  class InvalidScopeException < ServiceError
210
241
 
211
242
  # @param [Seahorse::Client::RequestContext] context
@@ -58,6 +58,8 @@ module Aws::SSOOIDC
58
58
  case context.operation_name
59
59
  when :create_token
60
60
  Aws::SSOOIDC::Endpoints::CreateToken.build(context)
61
+ when :create_token_with_iam
62
+ Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context)
61
63
  when :register_client
62
64
  Aws::SSOOIDC::Endpoints::RegisterClient.build(context)
63
65
  when :start_device_authorization
@@ -13,9 +13,13 @@ module Aws::SSOOIDC
13
13
  # You do not have sufficient access to perform this action.
14
14
  #
15
15
  # @!attribute [rw] error
16
+ # Single error code. For this exception the value will be
17
+ # `access_denied`.
16
18
  # @return [String]
17
19
  #
18
20
  # @!attribute [rw] error_description
21
+ # Human-readable text providing additional information, used to assist
22
+ # the client developer in understanding the error that occurred.
19
23
  # @return [String]
20
24
  #
21
25
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AccessDeniedException AWS API Documentation
@@ -31,9 +35,13 @@ module Aws::SSOOIDC
31
35
  # session token is pending.
32
36
  #
33
37
  # @!attribute [rw] error
38
+ # Single error code. For this exception the value will be
39
+ # `authorization_pending`.
34
40
  # @return [String]
35
41
  #
36
42
  # @!attribute [rw] error_description
43
+ # Human-readable text providing additional information, used to assist
44
+ # the client developer in understanding the error that occurred.
37
45
  # @return [String]
38
46
  #
39
47
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AuthorizationPendingException AWS API Documentation
@@ -46,8 +54,8 @@ module Aws::SSOOIDC
46
54
  end
47
55
 
48
56
  # @!attribute [rw] client_id
49
- # The unique identifier string for each client. This value should come
50
- # from the persisted result of the RegisterClient API.
57
+ # The unique identifier string for the client or application. This
58
+ # value comes from the result of the RegisterClient API.
51
59
  # @return [String]
52
60
  #
53
61
  # @!attribute [rw] client_secret
@@ -56,38 +64,40 @@ module Aws::SSOOIDC
56
64
  # @return [String]
57
65
  #
58
66
  # @!attribute [rw] grant_type
59
- # Supports grant types for the authorization code, refresh token, and
60
- # device code request. For device code requests, specify the following
61
- # value:
67
+ # Supports the following OAuth grant types: Device Code and Refresh
68
+ # Token. Specify either of the following values, depending on the
69
+ # grant type that you want:
70
+ #
71
+ # * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
62
72
  #
63
- # `urn:ietf:params:oauth:grant-type:device_code `
73
+ # * Refresh Token - `refresh_token`
64
74
  #
65
75
  # For information about how to obtain the device code, see the
66
76
  # StartDeviceAuthorization topic.
67
77
  # @return [String]
68
78
  #
69
79
  # @!attribute [rw] device_code
70
- # Used only when calling this API for the device code grant type. This
71
- # short-term code is used to identify this authentication attempt.
72
- # This should come from an in-memory reference to the result of the
73
- # StartDeviceAuthorization API.
80
+ # Used only when calling this API for the Device Code grant type. This
81
+ # short-term code is used to identify this authorization request. This
82
+ # comes from the result of the StartDeviceAuthorization API.
74
83
  # @return [String]
75
84
  #
76
85
  # @!attribute [rw] code
77
- # The authorization code received from the authorization service. This
78
- # parameter is required to perform an authorization grant request to
79
- # get access to a token.
86
+ # Used only when calling this API for the Authorization Code grant
87
+ # type. The short-term code is used to identify this authorization
88
+ # request. This grant type is currently unsupported for the
89
+ # CreateToken API.
80
90
  # @return [String]
81
91
  #
82
92
  # @!attribute [rw] refresh_token
83
- # Currently, `refreshToken` is not yet implemented and is not
84
- # supported. For more information about the features and limitations
85
- # of the current IAM Identity Center OIDC implementation, see
86
- # *Considerations for Using this Guide* in the [IAM Identity Center
87
- # OIDC API Reference][1].
93
+ # Used only when calling this API for the Refresh Token grant type.
94
+ # This token is used to refresh short-term tokens, such as the access
95
+ # token, that might expire.
88
96
  #
89
- # The token used to obtain an access token in the event that the
90
- # access token is invalid or expired.
97
+ # For more information about the features and limitations of the
98
+ # current IAM Identity Center OIDC implementation, see *Considerations
99
+ # for Using this Guide* in the [IAM Identity Center OIDC API
100
+ # Reference][1].
91
101
  #
92
102
  #
93
103
  #
@@ -95,15 +105,17 @@ module Aws::SSOOIDC
95
105
  # @return [String]
96
106
  #
97
107
  # @!attribute [rw] scope
98
- # The list of scopes that is defined by the client. Upon
99
- # authorization, this list is used to restrict permissions when
100
- # granting an access token.
108
+ # The list of scopes for which authorization is requested. The access
109
+ # token that is issued is limited to the scopes that are granted. If
110
+ # this value is not specified, IAM Identity Center authorizes all
111
+ # scopes that are configured for the client during the call to
112
+ # RegisterClient.
101
113
  # @return [Array<String>]
102
114
  #
103
115
  # @!attribute [rw] redirect_uri
104
- # The location of the application that will receive the authorization
105
- # code. Users authorize the service to send the request to this
106
- # location.
116
+ # Used only when calling this API for the Authorization Code grant
117
+ # type. This value specifies the location of the client or application
118
+ # that has registered to receive the authorization code.
107
119
  # @return [String]
108
120
  #
109
121
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenRequest AWS API Documentation
@@ -117,18 +129,18 @@ module Aws::SSOOIDC
117
129
  :refresh_token,
118
130
  :scope,
119
131
  :redirect_uri)
120
- SENSITIVE = []
132
+ SENSITIVE = [:client_secret, :refresh_token]
121
133
  include Aws::Structure
122
134
  end
123
135
 
124
136
  # @!attribute [rw] access_token
125
- # An opaque token to access IAM Identity Center resources assigned to
126
- # a user.
137
+ # A bearer token to access AWS accounts and applications assigned to a
138
+ # user.
127
139
  # @return [String]
128
140
  #
129
141
  # @!attribute [rw] token_type
130
142
  # Used to notify the client that the returned token is an access
131
- # token. The supported type is `BearerToken`.
143
+ # token. The supported token type is `Bearer`.
132
144
  # @return [String]
133
145
  #
134
146
  # @!attribute [rw] expires_in
@@ -136,44 +148,211 @@ module Aws::SSOOIDC
136
148
  # @return [Integer]
137
149
  #
138
150
  # @!attribute [rw] refresh_token
139
- # Currently, `refreshToken` is not yet implemented and is not
140
- # supported. For more information about the features and limitations
141
- # of the current IAM Identity Center OIDC implementation, see
142
- # *Considerations for Using this Guide* in the [IAM Identity Center
143
- # OIDC API Reference][1].
144
- #
145
151
  # A token that, if present, can be used to refresh a previously issued
146
152
  # access token that might have expired.
147
153
  #
154
+ # For more information about the features and limitations of the
155
+ # current IAM Identity Center OIDC implementation, see *Considerations
156
+ # for Using this Guide* in the [IAM Identity Center OIDC API
157
+ # Reference][1].
158
+ #
148
159
  #
149
160
  #
150
161
  # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
151
162
  # @return [String]
152
163
  #
153
164
  # @!attribute [rw] id_token
154
- # Currently, `idToken` is not yet implemented and is not supported.
165
+ # The `idToken` is not implemented or supported. For more information
166
+ # about the features and limitations of the current IAM Identity
167
+ # Center OIDC implementation, see *Considerations for Using this
168
+ # Guide* in the [IAM Identity Center OIDC API Reference][1].
169
+ #
170
+ # A JSON Web Token (JWT) that identifies who is associated with the
171
+ # issued access token.
172
+ #
173
+ #
174
+ #
175
+ # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
176
+ # @return [String]
177
+ #
178
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenResponse AWS API Documentation
179
+ #
180
+ class CreateTokenResponse < Struct.new(
181
+ :access_token,
182
+ :token_type,
183
+ :expires_in,
184
+ :refresh_token,
185
+ :id_token)
186
+ SENSITIVE = [:access_token, :refresh_token, :id_token]
187
+ include Aws::Structure
188
+ end
189
+
190
+ # @!attribute [rw] client_id
191
+ # The unique identifier string for the client or application. This
192
+ # value is an application ARN that has OAuth grants configured.
193
+ # @return [String]
194
+ #
195
+ # @!attribute [rw] grant_type
196
+ # Supports the following OAuth grant types: Authorization Code,
197
+ # Refresh Token, JWT Bearer, and Token Exchange. Specify one of the
198
+ # following values, depending on the grant type that you want:
199
+ #
200
+ # * Authorization Code - `authorization_code`
201
+ #
202
+ # * Refresh Token - `refresh_token`
203
+ #
204
+ # * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer`
205
+ #
206
+ # * Token Exchange -
207
+ # `urn:ietf:params:oauth:grant-type:token-exchange`
208
+ # @return [String]
209
+ #
210
+ # @!attribute [rw] code
211
+ # Used only when calling this API for the Authorization Code grant
212
+ # type. This short-term code is used to identify this authorization
213
+ # request. The code is obtained through a redirect from IAM Identity
214
+ # Center to a redirect URI persisted in the Authorization Code
215
+ # GrantOptions for the application.
216
+ # @return [String]
217
+ #
218
+ # @!attribute [rw] refresh_token
219
+ # Used only when calling this API for the Refresh Token grant type.
220
+ # This token is used to refresh short-term tokens, such as the access
221
+ # token, that might expire.
222
+ #
155
223
  # For more information about the features and limitations of the
156
224
  # current IAM Identity Center OIDC implementation, see *Considerations
157
225
  # for Using this Guide* in the [IAM Identity Center OIDC API
158
226
  # Reference][1].
159
227
  #
160
- # The identifier of the user that associated with the access token, if
161
- # present.
228
+ #
229
+ #
230
+ # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
231
+ # @return [String]
232
+ #
233
+ # @!attribute [rw] assertion
234
+ # Used only when calling this API for the JWT Bearer grant type. This
235
+ # value specifies the JSON Web Token (JWT) issued by a trusted token
236
+ # issuer. To authorize a trusted token issuer, configure the JWT
237
+ # Bearer GrantOptions for the application.
238
+ # @return [String]
239
+ #
240
+ # @!attribute [rw] scope
241
+ # The list of scopes for which authorization is requested. The access
242
+ # token that is issued is limited to the scopes that are granted. If
243
+ # the value is not specified, IAM Identity Center authorizes all
244
+ # scopes configured for the application, including the following
245
+ # default scopes: `openid`, `aws`, `sts:identity_context`.
246
+ # @return [Array<String>]
247
+ #
248
+ # @!attribute [rw] redirect_uri
249
+ # Used only when calling this API for the Authorization Code grant
250
+ # type. This value specifies the location of the client or application
251
+ # that has registered to receive the authorization code.
252
+ # @return [String]
253
+ #
254
+ # @!attribute [rw] subject_token
255
+ # Used only when calling this API for the Token Exchange grant type.
256
+ # This value specifies the subject of the exchange. The value of the
257
+ # subject token must be an access token issued by IAM Identity Center
258
+ # to a different client or application. The access token must have
259
+ # authorized scopes that indicate the requested application as a
260
+ # target audience.
261
+ # @return [String]
262
+ #
263
+ # @!attribute [rw] subject_token_type
264
+ # Used only when calling this API for the Token Exchange grant type.
265
+ # This value specifies the type of token that is passed as the subject
266
+ # of the exchange. The following value is supported:
267
+ #
268
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
269
+ # @return [String]
270
+ #
271
+ # @!attribute [rw] requested_token_type
272
+ # Used only when calling this API for the Token Exchange grant type.
273
+ # This value specifies the type of token that the requester can
274
+ # receive. The following values are supported:
275
+ #
276
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
277
+ #
278
+ # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
279
+ # @return [String]
280
+ #
281
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMRequest AWS API Documentation
282
+ #
283
+ class CreateTokenWithIAMRequest < Struct.new(
284
+ :client_id,
285
+ :grant_type,
286
+ :code,
287
+ :refresh_token,
288
+ :assertion,
289
+ :scope,
290
+ :redirect_uri,
291
+ :subject_token,
292
+ :subject_token_type,
293
+ :requested_token_type)
294
+ SENSITIVE = [:refresh_token, :assertion, :subject_token]
295
+ include Aws::Structure
296
+ end
297
+
298
+ # @!attribute [rw] access_token
299
+ # A bearer token to access AWS accounts and applications assigned to a
300
+ # user.
301
+ # @return [String]
302
+ #
303
+ # @!attribute [rw] token_type
304
+ # Used to notify the requester that the returned token is an access
305
+ # token. The supported token type is `Bearer`.
306
+ # @return [String]
307
+ #
308
+ # @!attribute [rw] expires_in
309
+ # Indicates the time in seconds when an access token will expire.
310
+ # @return [Integer]
311
+ #
312
+ # @!attribute [rw] refresh_token
313
+ # A token that, if present, can be used to refresh a previously issued
314
+ # access token that might have expired.
315
+ #
316
+ # For more information about the features and limitations of the
317
+ # current IAM Identity Center OIDC implementation, see *Considerations
318
+ # for Using this Guide* in the [IAM Identity Center OIDC API
319
+ # Reference][1].
162
320
  #
163
321
  #
164
322
  #
165
323
  # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
166
324
  # @return [String]
167
325
  #
168
- # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenResponse AWS API Documentation
326
+ # @!attribute [rw] id_token
327
+ # A JSON Web Token (JWT) that identifies the user associated with the
328
+ # issued access token.
329
+ # @return [String]
169
330
  #
170
- class CreateTokenResponse < Struct.new(
331
+ # @!attribute [rw] issued_token_type
332
+ # Indicates the type of tokens that are issued by IAM Identity Center.
333
+ # The following values are supported:
334
+ #
335
+ # * Access Token - `urn:ietf:params:oauth:token-type:access_token`
336
+ #
337
+ # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
338
+ # @return [String]
339
+ #
340
+ # @!attribute [rw] scope
341
+ # The list of scopes for which authorization is granted. The access
342
+ # token that is issued is limited to the scopes that are granted.
343
+ # @return [Array<String>]
344
+ #
345
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation
346
+ #
347
+ class CreateTokenWithIAMResponse < Struct.new(
171
348
  :access_token,
172
349
  :token_type,
173
350
  :expires_in,
174
351
  :refresh_token,
175
- :id_token)
176
- SENSITIVE = []
352
+ :id_token,
353
+ :issued_token_type,
354
+ :scope)
355
+ SENSITIVE = [:access_token, :refresh_token, :id_token]
177
356
  include Aws::Structure
178
357
  end
179
358
 
@@ -181,9 +360,13 @@ module Aws::SSOOIDC
181
360
  # longer valid.
182
361
  #
183
362
  # @!attribute [rw] error
363
+ # Single error code. For this exception the value will be
364
+ # `expired_token`.
184
365
  # @return [String]
185
366
  #
186
367
  # @!attribute [rw] error_description
368
+ # Human-readable text providing additional information, used to assist
369
+ # the client developer in understanding the error that occurred.
187
370
  # @return [String]
188
371
  #
189
372
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/ExpiredTokenException AWS API Documentation
@@ -199,9 +382,13 @@ module Aws::SSOOIDC
199
382
  # process a request.
200
383
  #
201
384
  # @!attribute [rw] error
385
+ # Single error code. For this exception the value will be
386
+ # `server_error`.
202
387
  # @return [String]
203
388
  #
204
389
  # @!attribute [rw] error_description
390
+ # Human-readable text providing additional information, used to assist
391
+ # the client developer in understanding the error that occurred.
205
392
  # @return [String]
206
393
  #
207
394
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InternalServerException AWS API Documentation
@@ -218,9 +405,13 @@ module Aws::SSOOIDC
218
405
  # `clientId` or an expired `clientSecret`.
219
406
  #
220
407
  # @!attribute [rw] error
408
+ # Single error code. For this exception the value will be
409
+ # `invalid_client`.
221
410
  # @return [String]
222
411
  #
223
412
  # @!attribute [rw] error_description
413
+ # Human-readable text providing additional information, used to assist
414
+ # the client developer in understanding the error that occurred.
224
415
  # @return [String]
225
416
  #
226
417
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidClientException AWS API Documentation
@@ -236,9 +427,13 @@ module Aws::SSOOIDC
236
427
  # registration is invalid.
237
428
  #
238
429
  # @!attribute [rw] error
430
+ # Single error code. For this exception the value will be
431
+ # `invalid_client_metadata`.
239
432
  # @return [String]
240
433
  #
241
434
  # @!attribute [rw] error_description
435
+ # Human-readable text providing additional information, used to assist
436
+ # the client developer in understanding the error that occurred.
242
437
  # @return [String]
243
438
  #
244
439
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidClientMetadataException AWS API Documentation
@@ -254,9 +449,13 @@ module Aws::SSOOIDC
254
449
  # a client makes a CreateToken request with an invalid grant type.
255
450
  #
256
451
  # @!attribute [rw] error
452
+ # Single error code. For this exception the value will be
453
+ # `invalid_grant`.
257
454
  # @return [String]
258
455
  #
259
456
  # @!attribute [rw] error_description
457
+ # Human-readable text providing additional information, used to assist
458
+ # the client developer in understanding the error that occurred.
260
459
  # @return [String]
261
460
  #
262
461
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidGrantException AWS API Documentation
@@ -272,9 +471,13 @@ module Aws::SSOOIDC
272
471
  # example, a required parameter might be missing or out of range.
273
472
  #
274
473
  # @!attribute [rw] error
474
+ # Single error code. For this exception the value will be
475
+ # `invalid_request`.
275
476
  # @return [String]
276
477
  #
277
478
  # @!attribute [rw] error_description
479
+ # Human-readable text providing additional information, used to assist
480
+ # the client developer in understanding the error that occurred.
278
481
  # @return [String]
279
482
  #
280
483
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidRequestException AWS API Documentation
@@ -286,12 +489,50 @@ module Aws::SSOOIDC
286
489
  include Aws::Structure
287
490
  end
288
491
 
492
+ # Indicates that a token provided as input to the request was issued by
493
+ # and is only usable by calling IAM Identity Center endpoints in another
494
+ # region.
495
+ #
496
+ # @!attribute [rw] error
497
+ # Single error code. For this exception the value will be
498
+ # `invalid_request`.
499
+ # @return [String]
500
+ #
501
+ # @!attribute [rw] error_description
502
+ # Human-readable text providing additional information, used to assist
503
+ # the client developer in understanding the error that occurred.
504
+ # @return [String]
505
+ #
506
+ # @!attribute [rw] endpoint
507
+ # Indicates the IAM Identity Center endpoint which the requester may
508
+ # call with this token.
509
+ # @return [String]
510
+ #
511
+ # @!attribute [rw] region
512
+ # Indicates the region which the requester may call with this token.
513
+ # @return [String]
514
+ #
515
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidRequestRegionException AWS API Documentation
516
+ #
517
+ class InvalidRequestRegionException < Struct.new(
518
+ :error,
519
+ :error_description,
520
+ :endpoint,
521
+ :region)
522
+ SENSITIVE = []
523
+ include Aws::Structure
524
+ end
525
+
289
526
  # Indicates that the scope provided in the request is invalid.
290
527
  #
291
528
  # @!attribute [rw] error
529
+ # Single error code. For this exception the value will be
530
+ # `invalid_scope`.
292
531
  # @return [String]
293
532
  #
294
533
  # @!attribute [rw] error_description
534
+ # Human-readable text providing additional information, used to assist
535
+ # the client developer in understanding the error that occurred.
295
536
  # @return [String]
296
537
  #
297
538
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidScopeException AWS API Documentation
@@ -349,11 +590,11 @@ module Aws::SSOOIDC
349
590
  # @return [Integer]
350
591
  #
351
592
  # @!attribute [rw] authorization_endpoint
352
- # The endpoint where the client can request authorization.
593
+ # An endpoint that the client can use to request authorization.
353
594
  # @return [String]
354
595
  #
355
596
  # @!attribute [rw] token_endpoint
356
- # The endpoint where the client can get an access token.
597
+ # An endpoint that the client can use to create tokens.
357
598
  # @return [String]
358
599
  #
359
600
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClientResponse AWS API Documentation
@@ -365,7 +606,7 @@ module Aws::SSOOIDC
365
606
  :client_secret_expires_at,
366
607
  :authorization_endpoint,
367
608
  :token_endpoint)
368
- SENSITIVE = []
609
+ SENSITIVE = [:client_secret]
369
610
  include Aws::Structure
370
611
  end
371
612
 
@@ -373,9 +614,12 @@ module Aws::SSOOIDC
373
614
  # more than the service can handle.
374
615
  #
375
616
  # @!attribute [rw] error
617
+ # Single error code. For this exception the value will be `slow_down`.
376
618
  # @return [String]
377
619
  #
378
620
  # @!attribute [rw] error_description
621
+ # Human-readable text providing additional information, used to assist
622
+ # the client developer in understanding the error that occurred.
379
623
  # @return [String]
380
624
  #
381
625
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/SlowDownException AWS API Documentation
@@ -399,8 +643,9 @@ module Aws::SSOOIDC
399
643
  # @return [String]
400
644
  #
401
645
  # @!attribute [rw] start_url
402
- # The URL for the AWS access portal. For more information, see [Using
403
- # the AWS access portal][1] in the *IAM Identity Center User Guide*.
646
+ # The URL for the Amazon Web Services access portal. For more
647
+ # information, see [Using the Amazon Web Services access portal][1] in
648
+ # the *IAM Identity Center User Guide*.
404
649
  #
405
650
  #
406
651
  #
@@ -413,7 +658,7 @@ module Aws::SSOOIDC
413
658
  :client_id,
414
659
  :client_secret,
415
660
  :start_url)
416
- SENSITIVE = []
661
+ SENSITIVE = [:client_secret]
417
662
  include Aws::Structure
418
663
  end
419
664
 
@@ -466,9 +711,13 @@ module Aws::SSOOIDC
466
711
  # client.
467
712
  #
468
713
  # @!attribute [rw] error
714
+ # Single error code. For this exception the value will be
715
+ # `unauthorized_client`.
469
716
  # @return [String]
470
717
  #
471
718
  # @!attribute [rw] error_description
719
+ # Human-readable text providing additional information, used to assist
720
+ # the client developer in understanding the error that occurred.
472
721
  # @return [String]
473
722
  #
474
723
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/UnauthorizedClientException AWS API Documentation
@@ -484,9 +733,13 @@ module Aws::SSOOIDC
484
733
  # service.
485
734
  #
486
735
  # @!attribute [rw] error
736
+ # Single error code. For this exception the value will be
737
+ # `unsupported_grant_type`.
487
738
  # @return [String]
488
739
  #
489
740
  # @!attribute [rw] error_description
741
+ # Human-readable text providing additional information, used to assist
742
+ # the client developer in understanding the error that occurred.
490
743
  # @return [String]
491
744
  #
492
745
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/UnsupportedGrantTypeException AWS API Documentation
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
54
54
  # @!group service
55
55
  module Aws::SSOOIDC
56
56
 
57
- GEM_VERSION = '3.186.0'
57
+ GEM_VERSION = '3.187.0'
58
58
 
59
59
  end
@@ -767,7 +767,15 @@ module Aws::STS
767
767
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
768
768
  #
769
769
  # @option params [Array<Types::ProvidedContext>] :provided_contexts
770
- # Reserved for future use.
770
+ # A list of previously acquired trusted context assertions in the format
771
+ # of a JSON array. The trusted context assertion is signed and encrypted
772
+ # by Amazon Web Services STS.
773
+ #
774
+ # The following is an example of a `ProvidedContext` value that includes
775
+ # a single trusted context assertion and the ARN of the context provider
776
+ # from which the trusted context assertion was generated.
777
+ #
778
+ # `[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/identitycenter","ContextAssertion":"trusted-context-assertion"\}]`
771
779
  #
772
780
  # @return [Types::AssumeRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
773
781
  #
@@ -2344,7 +2352,7 @@ module Aws::STS
2344
2352
  params: params,
2345
2353
  config: config)
2346
2354
  context[:gem_name] = 'aws-sdk-core'
2347
- context[:gem_version] = '3.186.0'
2355
+ context[:gem_version] = '3.187.0'
2348
2356
  Seahorse::Client::Request.new(handlers, context)
2349
2357
  end
2350
2358