aws-sdk-core 3.191.1 → 3.228.0

data/lib/aws-sdk-ssooidc/types.rb

@@ -53,6 +53,25 @@ module Aws::SSOOIDC
       include Aws::Structure
     end
 
+    # This structure contains Amazon Web Services-specific parameter
+    # extensions for the token endpoint responses and includes the identity
+    # context.
+    #
+    # @!attribute [rw] identity_context
+    #   STS context assertion that carries a user identifier to the Amazon
+    #   Web Services service that it calls and can be used to obtain an
+    #   identity-enhanced IAM role session. This value corresponds to the
+    #   `sts:identity_context` claim in the ID token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AwsAdditionalDetails AWS API Documentation
+    #
+    class AwsAdditionalDetails < Struct.new(
+      :identity_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] client_id
     #   The unique identifier string for the client or application. This
     #   value comes from the result of the RegisterClient API.
@@ -64,34 +83,32 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the
-    #   grant type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
-    #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
     #   @return [String]
     #
     # @!attribute [rw] device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
-    #   comes from the result of the StartDeviceAuthorization API.
+    #   short-lived code is used to identify this authorization request.
+    #   This comes from the result of the StartDeviceAuthorization API.
     #   @return [String]
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. The short-term code is used to identify this authorization
-    #   request. This grant type is currently unsupported for the
-    #   CreateToken API.
+    #   type. The short-lived code is used to identify this authorization
+    #   request.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -118,6 +135,13 @@ module Aws::SSOOIDC
     #   that has registered to receive the authorization code.
     #   @return [String]
     #
+    # @!attribute [rw] code_verifier
+    #   Used only when calling this API for the Authorization Code grant
+    #   type. This value is generated by the client and presented to
+    #   validate the original code challenge value the client passed at
+    #   authorization time.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenRequest AWS API Documentation
     #
     class CreateTokenRequest < Struct.new(
@@ -128,14 +152,15 @@ module Aws::SSOOIDC
       :code,
       :refresh_token,
       :scope,
-      :redirect_uri)
-      SENSITIVE = [:client_secret, :refresh_token]
+      :redirect_uri,
+      :code_verifier)
+      SENSITIVE = [:client_secret, :refresh_token, :code_verifier]
       include Aws::Structure
     end
 
     # @!attribute [rw] access_token
-    #   A bearer token to access AWS accounts and applications assigned to a
-    #   user.
+    #   A bearer token to access Amazon Web Services accounts and
+    #   applications assigned to a user.
     #   @return [String]
     #
     # @!attribute [rw] token_type
@@ -209,7 +234,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. This short-term code is used to identify this authorization
+    #   type. This short-lived code is used to identify this authorization
     #   request. The code is obtained through a redirect from IAM Identity
     #   Center to a redirect URI persisted in the Authorization Code
     #   GrantOptions for the application.
@@ -217,7 +242,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -278,6 +303,13 @@ module Aws::SSOOIDC
     #   * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token`
     #   @return [String]
     #
+    # @!attribute [rw] code_verifier
+    #   Used only when calling this API for the Authorization Code grant
+    #   type. This value is generated by the client and presented to
+    #   validate the original code challenge value the client passed at
+    #   authorization time.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMRequest AWS API Documentation
     #
     class CreateTokenWithIAMRequest < Struct.new(
@@ -290,14 +322,15 @@ module Aws::SSOOIDC
       :redirect_uri,
       :subject_token,
       :subject_token_type,
-      :requested_token_type)
-      SENSITIVE = [:refresh_token, :assertion, :subject_token]
+      :requested_token_type,
+      :code_verifier)
+      SENSITIVE = [:refresh_token, :assertion, :subject_token, :code_verifier]
       include Aws::Structure
     end
 
     # @!attribute [rw] access_token
-    #   A bearer token to access AWS accounts and applications assigned to a
-    #   user.
+    #   A bearer token to access Amazon Web Services accounts and
+    #   applications assigned to a user.
     #   @return [String]
     #
     # @!attribute [rw] token_type
@@ -342,6 +375,13 @@ module Aws::SSOOIDC
     #   token that is issued is limited to the scopes that are granted.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] aws_additional_details
+    #   A structure containing information from the `idToken`. Only the
+    #   `identityContext` is in it, which is a value extracted from the
+    #   `idToken`. This provides direct access to identity information
+    #   without requiring JWT parsing.
+    #   @return [Types::AwsAdditionalDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation
     #
     class CreateTokenWithIAMResponse < Struct.new(
@@ -351,7 +391,8 @@ module Aws::SSOOIDC
       :refresh_token,
       :id_token,
       :issued_token_type,
-      :scope)
+      :scope,
+      :aws_additional_details)
       SENSITIVE = [:access_token, :refresh_token, :id_token]
       include Aws::Structure
     end
@@ -467,6 +508,28 @@ module Aws::SSOOIDC
       include Aws::Structure
     end
 
+    # Indicates that one or more redirect URI in the request is not
+    # supported for this operation.
+    #
+    # @!attribute [rw] error
+    #   Single error code. For this exception the value will be
+    #   `invalid_redirect_uri`.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_description
+    #   Human-readable text providing additional information, used to assist
+    #   the client developer in understanding the error that occurred.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidRedirectUriException AWS API Documentation
+    #
+    class InvalidRedirectUriException < Struct.new(
+      :error,
+      :error_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Indicates that something is wrong with the input to the request. For
     # example, a required parameter might be missing or out of range.
     #
@@ -559,12 +622,49 @@ module Aws::SSOOIDC
     #   granting an access token.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] redirect_uris
+    #   The list of redirect URI that are defined by the client. At
+    #   completion of authorization, this list is used to restrict what
+    #   locations the user agent can be redirected back to.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] grant_types
+    #   The list of OAuth 2.0 grant types that are defined by the client.
+    #   This list is used to restrict the token granting flows available to
+    #   the client. Supports the following OAuth 2.0 grant types:
+    #   Authorization Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] issuer_url
+    #   The IAM Identity Center Issuer URL associated with an instance of
+    #   IAM Identity Center. This value is needed for user access to
+    #   resources through the client.
+    #   @return [String]
+    #
+    # @!attribute [rw] entitled_application_arn
+    #   This IAM Identity Center application ARN is used to define
+    #   administrator-managed configuration for public client access to
+    #   resources. At authorization, the scopes, grants, and redirect URI
+    #   available to this client will be restricted by this application
+    #   resource.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClientRequest AWS API Documentation
     #
     class RegisterClientRequest < Struct.new(
       :client_name,
       :client_type,
-      :scopes)
+      :scopes,
+      :redirect_uris,
+      :grant_types,
+      :issuer_url,
+      :entitled_application_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -753,3 +853,4 @@ module Aws::SSOOIDC
 
   end
 end
+

data/lib/aws-sdk-ssooidc.rb

@@ -13,16 +13,7 @@ unless Module.const_defined?(:Aws)
   require 'aws-sigv4'
 end
 
-require_relative 'aws-sdk-ssooidc/types'
-require_relative 'aws-sdk-ssooidc/client_api'
-require_relative 'aws-sdk-ssooidc/plugins/endpoints.rb'
-require_relative 'aws-sdk-ssooidc/client'
-require_relative 'aws-sdk-ssooidc/errors'
-require_relative 'aws-sdk-ssooidc/resource'
-require_relative 'aws-sdk-ssooidc/endpoint_parameters'
-require_relative 'aws-sdk-ssooidc/endpoint_provider'
-require_relative 'aws-sdk-ssooidc/endpoints'
-require_relative 'aws-sdk-ssooidc/customizations'
+Aws::Plugins::GlobalConfiguration.add_identifier(:ssooidc)
 
 # This module provides support for AWS SSO OIDC. This module is available in the
 # `aws-sdk-core` gem.
@@ -53,7 +44,20 @@ require_relative 'aws-sdk-ssooidc/customizations'
 #
 # @!group service
 module Aws::SSOOIDC
+  autoload :Types, 'aws-sdk-ssooidc/types'
+  autoload :ClientApi, 'aws-sdk-ssooidc/client_api'
+  module Plugins
+    autoload :Endpoints, 'aws-sdk-ssooidc/plugins/endpoints.rb'
+  end
+  autoload :Client, 'aws-sdk-ssooidc/client'
+  autoload :Errors, 'aws-sdk-ssooidc/errors'
+  autoload :Resource, 'aws-sdk-ssooidc/resource'
+  autoload :EndpointParameters, 'aws-sdk-ssooidc/endpoint_parameters'
+  autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
+  autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.191.1'
+  GEM_VERSION = '3.228.0'
 
 end
+
+require_relative 'aws-sdk-ssooidc/customizations'