aws-sdk-core 3.186.0 → 3.187.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/json/handler.rb +8 -1
- data/lib/aws-sdk-core/json/parser.rb +26 -1
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +338 -29
- data/lib/aws-sdk-ssooidc/client_api.rb +56 -1
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-ssooidc/endpoints.rb +14 -0
- data/lib/aws-sdk-ssooidc/errors.rb +31 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +2 -0
- data/lib/aws-sdk-ssooidc/types.rb +302 -49
- data/lib/aws-sdk-ssooidc.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +10 -2
- data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-sts/types.rb +18 -4
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 561667b57fedf978414b0b67a7f19b73b01efa69bdfdd5db8a08c27c010f7b18
|
4
|
+
data.tar.gz: 460eec65537106f724e800ef0f81508fc714903da611ac8807071109d560206d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 63ec538568fc713a797c3f4f8c775482e0e2da2b8ea6938c9c8b7366aa52a36606d5e2feed58f8475306217a7e4599843a7c98889046dc4ea2a2a15ee339d8c9
|
7
|
+
data.tar.gz: c09ed8f0ba5302dbd470132a01c759851eacaab6c18f93034d95e3b755c645fae03702d80e4f1fb20630a2407d778ed60b2a8740f809255e5d00cef89120a982
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,18 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.187.1 (2023-11-20)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Issue - For `awsQueryCompatible` services, default an empty list or map for shapes that were previously flattened in the query protocol.
|
8
|
+
|
9
|
+
3.187.0 (2023-11-17)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
13
|
+
|
14
|
+
* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
|
15
|
+
|
4
16
|
3.186.0 (2023-11-02)
|
5
17
|
------------------
|
6
18
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.187.1
|
@@ -59,7 +59,10 @@ module Aws
|
|
59
59
|
end
|
60
60
|
resp_struct
|
61
61
|
else
|
62
|
-
Parser.new(
|
62
|
+
Parser.new(
|
63
|
+
rules,
|
64
|
+
query_compatible: query_compatible?(context)
|
65
|
+
).parse(json == '' ? '{}' : json)
|
63
66
|
end
|
64
67
|
else
|
65
68
|
EmptyStructure.new
|
@@ -83,6 +86,10 @@ module Aws
|
|
83
86
|
context.config.simple_json
|
84
87
|
end
|
85
88
|
|
89
|
+
def query_compatible?(context)
|
90
|
+
context.config.api.metadata.key?('awsQueryCompatible')
|
91
|
+
end
|
92
|
+
|
86
93
|
end
|
87
94
|
end
|
88
95
|
end
|
@@ -10,8 +10,9 @@ module Aws
|
|
10
10
|
include Seahorse::Model::Shapes
|
11
11
|
|
12
12
|
# @param [Seahorse::Model::ShapeRef] rules
|
13
|
-
def initialize(rules)
|
13
|
+
def initialize(rules, query_compatible: false)
|
14
14
|
@rules = rules
|
15
|
+
@query_compatible = query_compatible
|
15
16
|
end
|
16
17
|
|
17
18
|
# @param [String<JSON>] json
|
@@ -32,6 +33,22 @@ module Aws
|
|
32
33
|
target[:unknown] = { 'name' => key, 'value' => value }
|
33
34
|
end
|
34
35
|
end
|
36
|
+
# In services that were previously Query/XML, members that were
|
37
|
+
# "flattened" defaulted to empty lists. In JSON, these values are nil,
|
38
|
+
# which is backwards incompatible. To preserve backwards compatibility,
|
39
|
+
# we set a default value of [] for these members.
|
40
|
+
if @query_compatible
|
41
|
+
ref.shape.members.each do |member_name, member_target|
|
42
|
+
next unless target[member_name].nil?
|
43
|
+
|
44
|
+
if flattened_list?(member_target.shape)
|
45
|
+
target[member_name] = []
|
46
|
+
elsif flattened_map?(member_target.shape)
|
47
|
+
target[member_name] = {}
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
35
52
|
if shape.union
|
36
53
|
# convert to subclass
|
37
54
|
member_subclass = shape.member_subclass(target.member).new
|
@@ -79,6 +96,14 @@ module Aws
|
|
79
96
|
value.is_a?(Numeric) ? Time.at(value) : Time.parse(value)
|
80
97
|
end
|
81
98
|
|
99
|
+
def flattened_list?(shape)
|
100
|
+
shape.is_a?(ListShape) && shape.flattened
|
101
|
+
end
|
102
|
+
|
103
|
+
def flattened_map?(shape)
|
104
|
+
shape.is_a?(MapShape) && shape.flattened
|
105
|
+
end
|
106
|
+
|
82
107
|
end
|
83
108
|
end
|
84
109
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
@@ -388,61 +388,64 @@ module Aws::SSOOIDC
|
|
388
388
|
|
389
389
|
# @!group API Operations
|
390
390
|
|
391
|
-
# Creates and returns
|
392
|
-
# access token
|
393
|
-
#
|
391
|
+
# Creates and returns access and refresh tokens for clients that are
|
392
|
+
# authenticated using client secrets. The access token can be used to
|
393
|
+
# fetch short-term credentials for the assigned AWS accounts or to
|
394
|
+
# access application APIs using `bearer` authentication.
|
394
395
|
#
|
395
396
|
# @option params [required, String] :client_id
|
396
|
-
# The unique identifier string for
|
397
|
-
# from the
|
397
|
+
# The unique identifier string for the client or application. This value
|
398
|
+
# comes from the result of the RegisterClient API.
|
398
399
|
#
|
399
400
|
# @option params [required, String] :client_secret
|
400
401
|
# A secret string generated for the client. This value should come from
|
401
402
|
# the persisted result of the RegisterClient API.
|
402
403
|
#
|
403
404
|
# @option params [required, String] :grant_type
|
404
|
-
# Supports
|
405
|
-
#
|
406
|
-
#
|
405
|
+
# Supports the following OAuth grant types: Device Code and Refresh
|
406
|
+
# Token. Specify either of the following values, depending on the grant
|
407
|
+
# type that you want:
|
407
408
|
#
|
408
|
-
# `urn:ietf:params:oauth:grant-type:device_code
|
409
|
+
# * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
|
410
|
+
#
|
411
|
+
# * Refresh Token - `refresh_token`
|
409
412
|
#
|
410
413
|
# For information about how to obtain the device code, see the
|
411
414
|
# StartDeviceAuthorization topic.
|
412
415
|
#
|
413
416
|
# @option params [String] :device_code
|
414
|
-
# Used only when calling this API for the
|
415
|
-
# short-term code is used to identify this
|
416
|
-
#
|
417
|
-
# StartDeviceAuthorization API.
|
417
|
+
# Used only when calling this API for the Device Code grant type. This
|
418
|
+
# short-term code is used to identify this authorization request. This
|
419
|
+
# comes from the result of the StartDeviceAuthorization API.
|
418
420
|
#
|
419
421
|
# @option params [String] :code
|
420
|
-
#
|
421
|
-
#
|
422
|
-
#
|
422
|
+
# Used only when calling this API for the Authorization Code grant type.
|
423
|
+
# The short-term code is used to identify this authorization request.
|
424
|
+
# This grant type is currently unsupported for the CreateToken API.
|
423
425
|
#
|
424
426
|
# @option params [String] :refresh_token
|
425
|
-
#
|
427
|
+
# Used only when calling this API for the Refresh Token grant type. This
|
428
|
+
# token is used to refresh short-term tokens, such as the access token,
|
429
|
+
# that might expire.
|
430
|
+
#
|
426
431
|
# For more information about the features and limitations of the current
|
427
432
|
# IAM Identity Center OIDC implementation, see *Considerations for Using
|
428
433
|
# this Guide* in the [IAM Identity Center OIDC API Reference][1].
|
429
434
|
#
|
430
|
-
# The token used to obtain an access token in the event that the access
|
431
|
-
# token is invalid or expired.
|
432
|
-
#
|
433
435
|
#
|
434
436
|
#
|
435
437
|
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
436
438
|
#
|
437
439
|
# @option params [Array<String>] :scope
|
438
|
-
# The list of scopes
|
439
|
-
#
|
440
|
-
#
|
440
|
+
# The list of scopes for which authorization is requested. The access
|
441
|
+
# token that is issued is limited to the scopes that are granted. If
|
442
|
+
# this value is not specified, IAM Identity Center authorizes all scopes
|
443
|
+
# that are configured for the client during the call to RegisterClient.
|
441
444
|
#
|
442
445
|
# @option params [String] :redirect_uri
|
443
|
-
#
|
444
|
-
#
|
445
|
-
#
|
446
|
+
# Used only when calling this API for the Authorization Code grant type.
|
447
|
+
# This value specifies the location of the client or application that
|
448
|
+
# has registered to receive the authorization code.
|
446
449
|
#
|
447
450
|
# @return [Types::CreateTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
448
451
|
#
|
@@ -452,6 +455,44 @@ module Aws::SSOOIDC
|
|
452
455
|
# * {Types::CreateTokenResponse#refresh_token #refresh_token} => String
|
453
456
|
# * {Types::CreateTokenResponse#id_token #id_token} => String
|
454
457
|
#
|
458
|
+
#
|
459
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Device Code grant with Secret authentication
|
460
|
+
#
|
461
|
+
# resp = client.create_token({
|
462
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
463
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
464
|
+
# device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
|
465
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:device-code",
|
466
|
+
# })
|
467
|
+
#
|
468
|
+
# resp.to_h outputs the following:
|
469
|
+
# {
|
470
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
471
|
+
# expires_in: 1579729529,
|
472
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
473
|
+
# token_type: "Bearer",
|
474
|
+
# }
|
475
|
+
#
|
476
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication
|
477
|
+
#
|
478
|
+
# resp = client.create_token({
|
479
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
480
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
481
|
+
# grant_type: "refresh_token",
|
482
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
483
|
+
# scope: [
|
484
|
+
# "codewhisperer:completions",
|
485
|
+
# ],
|
486
|
+
# })
|
487
|
+
#
|
488
|
+
# resp.to_h outputs the following:
|
489
|
+
# {
|
490
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
491
|
+
# expires_in: 1579729529,
|
492
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
493
|
+
# token_type: "Bearer",
|
494
|
+
# }
|
495
|
+
#
|
455
496
|
# @example Request syntax with placeholder values
|
456
497
|
#
|
457
498
|
# resp = client.create_token({
|
@@ -482,6 +523,234 @@ module Aws::SSOOIDC
|
|
482
523
|
req.send_request(options)
|
483
524
|
end
|
484
525
|
|
526
|
+
# Creates and returns access and refresh tokens for clients and
|
527
|
+
# applications that are authenticated using IAM entities. The access
|
528
|
+
# token can be used to fetch short-term credentials for the assigned AWS
|
529
|
+
# accounts or to access application APIs using `bearer` authentication.
|
530
|
+
#
|
531
|
+
# @option params [required, String] :client_id
|
532
|
+
# The unique identifier string for the client or application. This value
|
533
|
+
# is an application ARN that has OAuth grants configured.
|
534
|
+
#
|
535
|
+
# @option params [required, String] :grant_type
|
536
|
+
# Supports the following OAuth grant types: Authorization Code, Refresh
|
537
|
+
# Token, JWT Bearer, and Token Exchange. Specify one of the following
|
538
|
+
# values, depending on the grant type that you want:
|
539
|
+
#
|
540
|
+
# * Authorization Code - `authorization_code`
|
541
|
+
#
|
542
|
+
# * Refresh Token - `refresh_token`
|
543
|
+
#
|
544
|
+
# * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer`
|
545
|
+
#
|
546
|
+
# * Token Exchange - `urn:ietf:params:oauth:grant-type:token-exchange`
|
547
|
+
#
|
548
|
+
# @option params [String] :code
|
549
|
+
# Used only when calling this API for the Authorization Code grant type.
|
550
|
+
# This short-term code is used to identify this authorization request.
|
551
|
+
# The code is obtained through a redirect from IAM Identity Center to a
|
552
|
+
# redirect URI persisted in the Authorization Code GrantOptions for the
|
553
|
+
# application.
|
554
|
+
#
|
555
|
+
# @option params [String] :refresh_token
|
556
|
+
# Used only when calling this API for the Refresh Token grant type. This
|
557
|
+
# token is used to refresh short-term tokens, such as the access token,
|
558
|
+
# that might expire.
|
559
|
+
#
|
560
|
+
# For more information about the features and limitations of the current
|
561
|
+
# IAM Identity Center OIDC implementation, see *Considerations for Using
|
562
|
+
# this Guide* in the [IAM Identity Center OIDC API Reference][1].
|
563
|
+
#
|
564
|
+
#
|
565
|
+
#
|
566
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
567
|
+
#
|
568
|
+
# @option params [String] :assertion
|
569
|
+
# Used only when calling this API for the JWT Bearer grant type. This
|
570
|
+
# value specifies the JSON Web Token (JWT) issued by a trusted token
|
571
|
+
# issuer. To authorize a trusted token issuer, configure the JWT Bearer
|
572
|
+
# GrantOptions for the application.
|
573
|
+
#
|
574
|
+
# @option params [Array<String>] :scope
|
575
|
+
# The list of scopes for which authorization is requested. The access
|
576
|
+
# token that is issued is limited to the scopes that are granted. If the
|
577
|
+
# value is not specified, IAM Identity Center authorizes all scopes
|
578
|
+
# configured for the application, including the following default
|
579
|
+
# scopes: `openid`, `aws`, `sts:identity_context`.
|
580
|
+
#
|
581
|
+
# @option params [String] :redirect_uri
|
582
|
+
# Used only when calling this API for the Authorization Code grant type.
|
583
|
+
# This value specifies the location of the client or application that
|
584
|
+
# has registered to receive the authorization code.
|
585
|
+
#
|
586
|
+
# @option params [String] :subject_token
|
587
|
+
# Used only when calling this API for the Token Exchange grant type.
|
588
|
+
# This value specifies the subject of the exchange. The value of the
|
589
|
+
# subject token must be an access token issued by IAM Identity Center to
|
590
|
+
# a different client or application. The access token must have
|
591
|
+
# authorized scopes that indicate the requested application as a target
|
592
|
+
# audience.
|
593
|
+
#
|
594
|
+
# @option params [String] :subject_token_type
|
595
|
+
# Used only when calling this API for the Token Exchange grant type.
|
596
|
+
# This value specifies the type of token that is passed as the subject
|
597
|
+
# of the exchange. The following value is supported:
|
598
|
+
#
|
599
|
+
# * Access Token - `urn:ietf:params:oauth:token-type:access_token`
|
600
|
+
#
|
601
|
+
# @option params [String] :requested_token_type
|
602
|
+
# Used only when calling this API for the Token Exchange grant type.
|
603
|
+
# This value specifies the type of token that the requester can receive.
|
604
|
+
# The following values are supported:
|
605
|
+
#
|
606
|
+
# * Access Token - `urn:ietf:params:oauth:token-type:access_token`
|
607
|
+
#
|
608
|
+
# * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
|
609
|
+
#
|
610
|
+
# @return [Types::CreateTokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
611
|
+
#
|
612
|
+
# * {Types::CreateTokenWithIAMResponse#access_token #access_token} => String
|
613
|
+
# * {Types::CreateTokenWithIAMResponse#token_type #token_type} => String
|
614
|
+
# * {Types::CreateTokenWithIAMResponse#expires_in #expires_in} => Integer
|
615
|
+
# * {Types::CreateTokenWithIAMResponse#refresh_token #refresh_token} => String
|
616
|
+
# * {Types::CreateTokenWithIAMResponse#id_token #id_token} => String
|
617
|
+
# * {Types::CreateTokenWithIAMResponse#issued_token_type #issued_token_type} => String
|
618
|
+
# * {Types::CreateTokenWithIAMResponse#scope #scope} => Array<String>
|
619
|
+
#
|
620
|
+
#
|
621
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Authorization Code grant with IAM authentication
|
622
|
+
#
|
623
|
+
# resp = client.create_token_with_iam({
|
624
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
625
|
+
# code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE",
|
626
|
+
# grant_type: "authorization_code",
|
627
|
+
# redirect_uri: "https://mywebapp.example/redirect",
|
628
|
+
# scope: [
|
629
|
+
# "openid",
|
630
|
+
# "aws",
|
631
|
+
# "sts:identity_context",
|
632
|
+
# ],
|
633
|
+
# })
|
634
|
+
#
|
635
|
+
# resp.to_h outputs the following:
|
636
|
+
# {
|
637
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
638
|
+
# expires_in: 1579729529,
|
639
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
|
640
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
641
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
642
|
+
# scope: [
|
643
|
+
# "openid",
|
644
|
+
# "aws",
|
645
|
+
# "sts:identity_context",
|
646
|
+
# ],
|
647
|
+
# token_type: "Bearer",
|
648
|
+
# }
|
649
|
+
#
|
650
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with IAM authentication
|
651
|
+
#
|
652
|
+
# resp = client.create_token_with_iam({
|
653
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
654
|
+
# grant_type: "refresh_token",
|
655
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
656
|
+
# })
|
657
|
+
#
|
658
|
+
# resp.to_h outputs the following:
|
659
|
+
# {
|
660
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
661
|
+
# expires_in: 1579729529,
|
662
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
663
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
664
|
+
# scope: [
|
665
|
+
# "openid",
|
666
|
+
# "aws",
|
667
|
+
# "sts:identity_context",
|
668
|
+
# ],
|
669
|
+
# token_type: "Bearer",
|
670
|
+
# }
|
671
|
+
#
|
672
|
+
# @example Example: Call OAuth/OIDC /token endpoint for JWT Bearer grant with IAM authentication
|
673
|
+
#
|
674
|
+
# resp = client.create_token_with_iam({
|
675
|
+
# assertion: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw",
|
676
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
677
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
|
678
|
+
# })
|
679
|
+
#
|
680
|
+
# resp.to_h outputs the following:
|
681
|
+
# {
|
682
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
683
|
+
# expires_in: 1579729529,
|
684
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
|
685
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token",
|
686
|
+
# refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN",
|
687
|
+
# scope: [
|
688
|
+
# "openid",
|
689
|
+
# "aws",
|
690
|
+
# "sts:identity_context",
|
691
|
+
# ],
|
692
|
+
# token_type: "Bearer",
|
693
|
+
# }
|
694
|
+
#
|
695
|
+
# @example Example: Call OAuth/OIDC /token endpoint for Token Exchange grant with IAM authentication
|
696
|
+
#
|
697
|
+
# resp = client.create_token_with_iam({
|
698
|
+
# client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222",
|
699
|
+
# grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
|
700
|
+
# requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
701
|
+
# subject_token: "aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN",
|
702
|
+
# subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
703
|
+
# })
|
704
|
+
#
|
705
|
+
# resp.to_h outputs the following:
|
706
|
+
# {
|
707
|
+
# access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
|
708
|
+
# expires_in: 1579729529,
|
709
|
+
# id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM",
|
710
|
+
# issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
711
|
+
# scope: [
|
712
|
+
# "openid",
|
713
|
+
# "aws",
|
714
|
+
# "sts:identity_context",
|
715
|
+
# ],
|
716
|
+
# token_type: "Bearer",
|
717
|
+
# }
|
718
|
+
#
|
719
|
+
# @example Request syntax with placeholder values
|
720
|
+
#
|
721
|
+
# resp = client.create_token_with_iam({
|
722
|
+
# client_id: "ClientId", # required
|
723
|
+
# grant_type: "GrantType", # required
|
724
|
+
# code: "AuthCode",
|
725
|
+
# refresh_token: "RefreshToken",
|
726
|
+
# assertion: "Assertion",
|
727
|
+
# scope: ["Scope"],
|
728
|
+
# redirect_uri: "URI",
|
729
|
+
# subject_token: "SubjectToken",
|
730
|
+
# subject_token_type: "TokenTypeURI",
|
731
|
+
# requested_token_type: "TokenTypeURI",
|
732
|
+
# })
|
733
|
+
#
|
734
|
+
# @example Response structure
|
735
|
+
#
|
736
|
+
# resp.access_token #=> String
|
737
|
+
# resp.token_type #=> String
|
738
|
+
# resp.expires_in #=> Integer
|
739
|
+
# resp.refresh_token #=> String
|
740
|
+
# resp.id_token #=> String
|
741
|
+
# resp.issued_token_type #=> String
|
742
|
+
# resp.scope #=> Array
|
743
|
+
# resp.scope[0] #=> String
|
744
|
+
#
|
745
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM AWS API Documentation
|
746
|
+
#
|
747
|
+
# @overload create_token_with_iam(params = {})
|
748
|
+
# @param [Hash] params ({})
|
749
|
+
def create_token_with_iam(params = {}, options = {})
|
750
|
+
req = build_request(:create_token_with_iam, params)
|
751
|
+
req.send_request(options)
|
752
|
+
end
|
753
|
+
|
485
754
|
# Registers a client with IAM Identity Center. This allows clients to
|
486
755
|
# initiate device authorization. The output should be persisted for
|
487
756
|
# reuse through many authentication requests.
|
@@ -507,6 +776,26 @@ module Aws::SSOOIDC
|
|
507
776
|
# * {Types::RegisterClientResponse#authorization_endpoint #authorization_endpoint} => String
|
508
777
|
# * {Types::RegisterClientResponse#token_endpoint #token_endpoint} => String
|
509
778
|
#
|
779
|
+
#
|
780
|
+
# @example Example: Call OAuth/OIDC /register-client endpoint
|
781
|
+
#
|
782
|
+
# resp = client.register_client({
|
783
|
+
# client_name: "My IDE Plugin",
|
784
|
+
# client_type: "public",
|
785
|
+
# scopes: [
|
786
|
+
# "sso:account:access",
|
787
|
+
# "codewhisperer:completions",
|
788
|
+
# ],
|
789
|
+
# })
|
790
|
+
#
|
791
|
+
# resp.to_h outputs the following:
|
792
|
+
# {
|
793
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
794
|
+
# client_id_issued_at: 1579725929,
|
795
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
796
|
+
# client_secret_expires_at: 1587584729,
|
797
|
+
# }
|
798
|
+
#
|
510
799
|
# @example Request syntax with placeholder values
|
511
800
|
#
|
512
801
|
# resp = client.register_client({
|
@@ -546,8 +835,9 @@ module Aws::SSOOIDC
|
|
546
835
|
# come from the persisted result of the RegisterClient API operation.
|
547
836
|
#
|
548
837
|
# @option params [required, String] :start_url
|
549
|
-
# The URL for the
|
550
|
-
# the
|
838
|
+
# The URL for the Amazon Web Services access portal. For more
|
839
|
+
# information, see [Using the Amazon Web Services access portal][1] in
|
840
|
+
# the *IAM Identity Center User Guide*.
|
551
841
|
#
|
552
842
|
#
|
553
843
|
#
|
@@ -562,6 +852,25 @@ module Aws::SSOOIDC
|
|
562
852
|
# * {Types::StartDeviceAuthorizationResponse#expires_in #expires_in} => Integer
|
563
853
|
# * {Types::StartDeviceAuthorizationResponse#interval #interval} => Integer
|
564
854
|
#
|
855
|
+
#
|
856
|
+
# @example Example: Call OAuth/OIDC /start-device-authorization endpoint
|
857
|
+
#
|
858
|
+
# resp = client.start_device_authorization({
|
859
|
+
# client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID",
|
860
|
+
# client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0",
|
861
|
+
# start_url: "https://identitycenter.amazonaws.com/ssoins-111111111111",
|
862
|
+
# })
|
863
|
+
#
|
864
|
+
# resp.to_h outputs the following:
|
865
|
+
# {
|
866
|
+
# device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE",
|
867
|
+
# expires_in: 1579729529,
|
868
|
+
# interval: 1,
|
869
|
+
# user_code: "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
|
870
|
+
# verification_uri: "https://device.sso.us-west-2.amazonaws.com",
|
871
|
+
# verification_uri_complete: "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
|
872
|
+
# }
|
873
|
+
#
|
565
874
|
# @example Request syntax with placeholder values
|
566
875
|
#
|
567
876
|
# resp = client.start_device_authorization({
|
@@ -601,7 +910,7 @@ module Aws::SSOOIDC
|
|
601
910
|
params: params,
|
602
911
|
config: config)
|
603
912
|
context[:gem_name] = 'aws-sdk-core'
|
604
|
-
context[:gem_version] = '3.
|
913
|
+
context[:gem_version] = '3.187.1'
|
605
914
|
Seahorse::Client::Request.new(handlers, context)
|
606
915
|
end
|
607
916
|
|