aws-sdk-core 3.201.2 → 3.226.1

data/lib/aws-sdk-ssooidc/endpoint_provider.rb

@@ -10,43 +10,39 @@
 module Aws::SSOOIDC
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
-                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {})
+                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"

data/lib/aws-sdk-ssooidc/endpoints.rb

@@ -12,61 +12,9 @@ module Aws::SSOOIDC
   # @api private
   module Endpoints
 
-    class CreateToken
-      def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
-        )
-      end
-    end
-
-    class CreateTokenWithIAM
-      def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
-        )
-      end
-    end
 
-    class RegisterClient
-      def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
-        )
-      end
+    def self.parameters_for_operation(context)
+      Aws::SSOOIDC::EndpointParameters.create(context.config)
     end
-
-    class StartDeviceAuthorization
-      def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
-        )
-      end
-    end
-
   end
 end

data/lib/aws-sdk-ssooidc/plugins/endpoints.rb

@@ -15,11 +15,11 @@ module Aws::SSOOIDC
         :endpoint_provider,
         doc_type: 'Aws::SSOOIDC::EndpointProvider',
         rbs_type: 'untyped',
-        docstring: 'The endpoint provider used to resolve endpoints. Any '\
-                   'object that responds to `#resolve_endpoint(parameters)` '\
-                   'where `parameters` is a Struct similar to '\
-                   '`Aws::SSOOIDC::EndpointParameters`'
-      ) do |cfg|
+        docstring: <<~DOCS) do |_cfg|
+The endpoint provider used to resolve endpoints. Any object that responds to
+`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+`Aws::SSOOIDC::EndpointParameters`.
+        DOCS
         Aws::SSOOIDC::EndpointProvider.new
       end
 
@@ -27,7 +27,7 @@ module Aws::SSOOIDC
       class Handler < Seahorse::Client::Handler
         def call(context)
           unless context[:discovered_endpoint]
-            params = parameters_for_operation(context)
+            params = Aws::SSOOIDC::Endpoints.parameters_for_operation(context)
             endpoint = context.config.endpoint_provider.resolve_endpoint(params)
 
             context.http_request.endpoint = endpoint.url
@@ -40,11 +40,23 @@ module Aws::SSOOIDC
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
-          @handler.call(context)
+          with_metrics(context) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(context, &block)
+          metrics = []
+          metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
+          if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
+            metrics << 'SIGV4A_SIGNING'
+          end
+          if context.config.credentials&.credentials&.account_id
+            metrics << 'RESOLVED_ACCOUNT_ID'
+          end
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
         def apply_endpoint_headers(context, headers)
           headers.each do |key, values|
             value = values
@@ -55,19 +67,6 @@ module Aws::SSOOIDC
             context.http_request.headers[key] = value
           end
         end
-
-        def parameters_for_operation(context)
-          case context.operation_name
-          when :create_token
-            Aws::SSOOIDC::Endpoints::CreateToken.build(context)
-          when :create_token_with_iam
-            Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context)
-          when :register_client
-            Aws::SSOOIDC::Endpoints::RegisterClient.build(context)
-          when :start_device_authorization
-            Aws::SSOOIDC::Endpoints::StartDeviceAuthorization.build(context)
-          end
-        end
       end
 
       def add_handlers(handlers, _config)

data/lib/aws-sdk-ssooidc/types.rb

@@ -53,6 +53,25 @@ module Aws::SSOOIDC
       include Aws::Structure
     end
 
+    # This structure contains Amazon Web Services-specific parameter
+    # extensions for the token endpoint responses and includes the identity
+    # context.
+    #
+    # @!attribute [rw] identity_context
+    #   STS context assertion that carries a user identifier to the Amazon
+    #   Web Services service that it calls and can be used to obtain an
+    #   identity-enhanced IAM role session. This value corresponds to the
+    #   `sts:identity_context` claim in the ID token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AwsAdditionalDetails AWS API Documentation
+    #
+    class AwsAdditionalDetails < Struct.new(
+      :identity_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] client_id
     #   The unique identifier string for the client or application. This
     #   value comes from the result of the RegisterClient API.
@@ -64,34 +83,32 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the
-    #   grant type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
-    #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
     #   @return [String]
     #
     # @!attribute [rw] device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
-    #   comes from the result of the StartDeviceAuthorization API.
+    #   short-lived code is used to identify this authorization request.
+    #   This comes from the result of the StartDeviceAuthorization API.
     #   @return [String]
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. The short-term code is used to identify this authorization
-    #   request. This grant type is currently unsupported for the
-    #   CreateToken API.
+    #   type. The short-lived code is used to identify this authorization
+    #   request.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -217,7 +234,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. This short-term code is used to identify this authorization
+    #   type. This short-lived code is used to identify this authorization
     #   request. The code is obtained through a redirect from IAM Identity
     #   Center to a redirect URI persisted in the Authorization Code
     #   GrantOptions for the application.
@@ -225,7 +242,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -358,6 +375,13 @@ module Aws::SSOOIDC
     #   token that is issued is limited to the scopes that are granted.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] aws_additional_details
+    #   A structure containing information from the `idToken`. Only the
+    #   `identityContext` is in it, which is a value extracted from the
+    #   `idToken`. This provides direct access to identity information
+    #   without requiring JWT parsing.
+    #   @return [Types::AwsAdditionalDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation
     #
     class CreateTokenWithIAMResponse < Struct.new(
@@ -367,7 +391,8 @@ module Aws::SSOOIDC
       :refresh_token,
       :id_token,
       :issued_token_type,
-      :scope)
+      :scope,
+      :aws_additional_details)
       SENSITIVE = [:access_token, :refresh_token, :id_token]
       include Aws::Structure
     end
@@ -606,7 +631,14 @@ module Aws::SSOOIDC
     # @!attribute [rw] grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client.
     #   This list is used to restrict the token granting flows available to
-    #   the client.
+    #   the client. Supports the following OAuth 2.0 grant types:
+    #   Authorization Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #   @return [Array<String>]
     #
     # @!attribute [rw] issuer_url
@@ -821,3 +853,4 @@ module Aws::SSOOIDC
 
   end
 end
+

data/lib/aws-sdk-ssooidc.rb

@@ -13,16 +13,7 @@ unless Module.const_defined?(:Aws)
   require 'aws-sigv4'
 end
 
-require_relative 'aws-sdk-ssooidc/types'
-require_relative 'aws-sdk-ssooidc/client_api'
-require_relative 'aws-sdk-ssooidc/plugins/endpoints.rb'
-require_relative 'aws-sdk-ssooidc/client'
-require_relative 'aws-sdk-ssooidc/errors'
-require_relative 'aws-sdk-ssooidc/resource'
-require_relative 'aws-sdk-ssooidc/endpoint_parameters'
-require_relative 'aws-sdk-ssooidc/endpoint_provider'
-require_relative 'aws-sdk-ssooidc/endpoints'
-require_relative 'aws-sdk-ssooidc/customizations'
+Aws::Plugins::GlobalConfiguration.add_identifier(:ssooidc)
 
 # This module provides support for AWS SSO OIDC. This module is available in the
 # `aws-sdk-core` gem.
@@ -53,7 +44,20 @@ require_relative 'aws-sdk-ssooidc/customizations'
 #
 # @!group service
 module Aws::SSOOIDC
+  autoload :Types, 'aws-sdk-ssooidc/types'
+  autoload :ClientApi, 'aws-sdk-ssooidc/client_api'
+  module Plugins
+    autoload :Endpoints, 'aws-sdk-ssooidc/plugins/endpoints.rb'
+  end
+  autoload :Client, 'aws-sdk-ssooidc/client'
+  autoload :Errors, 'aws-sdk-ssooidc/errors'
+  autoload :Resource, 'aws-sdk-ssooidc/resource'
+  autoload :EndpointParameters, 'aws-sdk-ssooidc/endpoint_parameters'
+  autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
+  autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.201.2'
+  GEM_VERSION = '3.226.1'
 
 end
+
+require_relative 'aws-sdk-ssooidc/customizations'