aws-sdk-core 3.209.1 → 3.240.0

data/lib/aws-sdk-ssooidc/endpoint_provider.rb

@@ -10,43 +10,39 @@
 module Aws::SSOOIDC
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
-                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {})
+                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"

data/lib/aws-sdk-ssooidc/endpoints.rb

@@ -12,49 +12,9 @@ module Aws::SSOOIDC
   # @api private
   module Endpoints
 
-    class CreateToken
-      def self.build(context)
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
-        )
-      end
-    end
-
-    class CreateTokenWithIAM
-      def self.build(context)
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
-        )
-      end
-    end
 
-    class RegisterClient
-      def self.build(context)
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
-        )
-      end
+    def self.parameters_for_operation(context)
+      Aws::SSOOIDC::EndpointParameters.create(context.config)
     end
-
-    class StartDeviceAuthorization
-      def self.build(context)
-        Aws::SSOOIDC::EndpointParameters.new(
-          region: context.config.region,
-          use_dual_stack: context.config.use_dualstack_endpoint,
-          use_fips: context.config.use_fips_endpoint,
-          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
-        )
-      end
-    end
-
   end
 end

data/lib/aws-sdk-ssooidc/errors.rb

@@ -62,6 +62,11 @@ module Aws::SSOOIDC
         @data[:error]
       end
 
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
+
       # @return [String]
       def error_description
         @data[:error_description]
@@ -222,6 +227,11 @@ module Aws::SSOOIDC
         @data[:error]
       end
 
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
+
       # @return [String]
       def error_description
         @data[:error_description]

data/lib/aws-sdk-ssooidc/plugins/endpoints.rb

@@ -27,7 +27,7 @@ The endpoint provider used to resolve endpoints. Any object that responds to
       class Handler < Seahorse::Client::Handler
         def call(context)
           unless context[:discovered_endpoint]
-            params = parameters_for_operation(context)
+            params = Aws::SSOOIDC::Endpoints.parameters_for_operation(context)
             endpoint = context.config.endpoint_provider.resolve_endpoint(params)
 
             context.http_request.endpoint = endpoint.url
@@ -67,19 +67,6 @@ The endpoint provider used to resolve endpoints. Any object that responds to
             context.http_request.headers[key] = value
           end
         end
-
-        def parameters_for_operation(context)
-          case context.operation_name
-          when :create_token
-            Aws::SSOOIDC::Endpoints::CreateToken.build(context)
-          when :create_token_with_iam
-            Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context)
-          when :register_client
-            Aws::SSOOIDC::Endpoints::RegisterClient.build(context)
-          when :start_device_authorization
-            Aws::SSOOIDC::Endpoints::StartDeviceAuthorization.build(context)
-          end
-        end
       end
 
       def add_handlers(handlers, _config)

data/lib/aws-sdk-ssooidc/types.rb

@@ -17,6 +17,10 @@ module Aws::SSOOIDC
     #   `access_denied`.
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   A string that uniquely identifies a reason for the error.
+    #   @return [String]
+    #
     # @!attribute [rw] error_description
     #   Human-readable text providing additional information, used to assist
     #   the client developer in understanding the error that occurred.
@@ -26,6 +30,7 @@ module Aws::SSOOIDC
     #
     class AccessDeniedException < Struct.new(
       :error,
+      :reason,
       :error_description)
       SENSITIVE = []
       include Aws::Structure
@@ -53,6 +58,31 @@ module Aws::SSOOIDC
       include Aws::Structure
     end
 
+    # This structure contains Amazon Web Services-specific parameter
+    # extensions and the [identity context][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html
+    #
+    # @!attribute [rw] identity_context
+    #   The trusted context assertion is signed and encrypted by STS. It
+    #   provides access to `sts:identity_context` claim in the `idToken`
+    #   without JWT parsing
+    #
+    #   Identity context comprises information that Amazon Web Services
+    #   services use to make authorization decisions when they receive
+    #   requests.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AwsAdditionalDetails AWS API Documentation
+    #
+    class AwsAdditionalDetails < Struct.new(
+      :identity_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] client_id
     #   The unique identifier string for the client or application. This
     #   value comes from the result of the RegisterClient API.
@@ -64,34 +94,32 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the
-    #   grant type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
-    #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
     #   @return [String]
     #
     # @!attribute [rw] device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
-    #   comes from the result of the StartDeviceAuthorization API.
+    #   short-lived code is used to identify this authorization request.
+    #   This comes from the result of the StartDeviceAuthorization API.
     #   @return [String]
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. The short-term code is used to identify this authorization
-    #   request. This grant type is currently unsupported for the
-    #   CreateToken API.
+    #   type. The short-lived code is used to identify this authorization
+    #   request.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -105,11 +133,9 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] scope
-    #   The list of scopes for which authorization is requested. The access
-    #   token that is issued is limited to the scopes that are granted. If
-    #   this value is not specified, IAM Identity Center authorizes all
-    #   scopes that are configured for the client during the call to
-    #   RegisterClient.
+    #   The list of scopes for which authorization is requested. This
+    #   parameter has no effect; the access token will always include all
+    #   scopes configured during client registration.
     #   @return [Array<String>]
     #
     # @!attribute [rw] redirect_uri
@@ -217,7 +243,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. This short-term code is used to identify this authorization
+    #   type. This short-lived code is used to identify this authorization
     #   request. The code is obtained through a redirect from IAM Identity
     #   Center to a redirect URI persisted in the Authorization Code
     #   GrantOptions for the application.
@@ -225,7 +251,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -358,6 +384,11 @@ module Aws::SSOOIDC
     #   token that is issued is limited to the scopes that are granted.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] aws_additional_details
+    #   A structure containing information from IAM Identity Center managed
+    #   user and group information.
+    #   @return [Types::AwsAdditionalDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation
     #
     class CreateTokenWithIAMResponse < Struct.new(
@@ -367,7 +398,8 @@ module Aws::SSOOIDC
       :refresh_token,
       :id_token,
       :issued_token_type,
-      :scope)
+      :scope,
+      :aws_additional_details)
       SENSITIVE = [:access_token, :refresh_token, :id_token]
       include Aws::Structure
     end
@@ -513,6 +545,10 @@ module Aws::SSOOIDC
     #   `invalid_request`.
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   A string that uniquely identifies a reason for the error.
+    #   @return [String]
+    #
     # @!attribute [rw] error_description
     #   Human-readable text providing additional information, used to assist
     #   the client developer in understanding the error that occurred.
@@ -522,6 +558,7 @@ module Aws::SSOOIDC
     #
     class InvalidRequestException < Struct.new(
       :error,
+      :reason,
       :error_description)
       SENSITIVE = []
       include Aws::Structure
@@ -606,7 +643,14 @@ module Aws::SSOOIDC
     # @!attribute [rw] grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client.
     #   This list is used to restrict the token granting flows available to
-    #   the client.
+    #   the client. Supports the following OAuth 2.0 grant types:
+    #   Authorization Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #   @return [Array<String>]
     #
     # @!attribute [rw] issuer_url

data/lib/aws-sdk-ssooidc.rb

@@ -56,7 +56,7 @@ module Aws::SSOOIDC
   autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.209.1'
+  GEM_VERSION = '3.240.0'
 
 end