aws-sdk-core 3.232.0 → 3.234.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ecdbb0ca615cde813f52b03861d36db189562c896e01499ed8dcd80768085300
-  data.tar.gz: 5ab8e9d52d9f7522afa27ff7c5c6e5e51f27f966ddba8bea62edb153307120c9
+  metadata.gz: 5c1e5a2e83ce7eed6192c024a73528481a7dc42684ad06ddede22f2fd4e30899
+  data.tar.gz: edf282bf751d428d5ef47c2784712b02e2cd6697068a0d31d2030a7eb994f6ab
 SHA512:
-  metadata.gz: b23f5bc51a113cfb8b6c0f7306d42c97872d2eff0c5fa0b395b9e714045c8a3446e91313d6d17317419520229ea809097e3abb794f2f448bd698ec982841032f
-  data.tar.gz: a02785a5b072cb04d27203fb6e990cfa01b10c59f8abdb221b0181b4d07d56a04d0bcc67f308a10fbeba0f3facdadabb77918815e10dbcd8629df25a6d41cc42
+  metadata.gz: 1d497dfce0f982be21901e8273bb9ed40cdf87c291fa7f094f2a593890d4262dc1e3d51db8fd9a0eb5e65681fe6fad4b1bd30f84b4df1c5694d6f2f3f723ca46
+  data.tar.gz: '0739213884f5ae50f264cb0a8e94ed7b231397736936c28fa2ac46506f1b2b5204721d0433c8ade2586cb39e3e108c685876f5ff01ae13821f58b014e95d350b'

data/CHANGELOG.md

@@ -1,6 +1,20 @@
 Unreleased Changes
 ------------------
 
+3.234.0 (2025-10-21)
+------------------
+
+* Issue - Fix `request_checksum_calculation` `when_required` mode to only calculate checksums when explicitly provided by user.
+
+* Feature - Add `CREDENTIALS_CODE` metric for `static_profile_` prefixed methods in default credential chain.
+
+3.233.0 (2025-09-23)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - This release includes exception definition and documentation updates.
+
 3.232.0 (2025-08-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.232.0
+3.234.0

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -7,7 +7,7 @@ module Aws
   # {Aws::STS::Client#assume_role}.
   #
   #     role_credentials = Aws::AssumeRoleCredentials.new(
-  #       client: Aws::STS::Client.new(...),
+  #       client: Aws::STS::Client.new(sts_options),
   #       role_arn: "linked::account::arn",
   #       role_session_name: "session-name"
   #     )
@@ -28,15 +28,15 @@ module Aws
     # @option options [Integer] :duration_seconds
     # @option options [String] :external_id
     # @option options [STS::Client] :client
-    # @option options [Callable] before_refresh Proc called before
+    # @option options [Proc] :before_refresh A Proc called before
     #   credentials are refreshed.  Useful for updating tokens.
-    #   `before_refresh` is called when AWS credentials are
-    #   required and need to be refreshed. Tokens can be refreshed using
-    #   the following example:
+    #   `:before_refresh` is called when AWS credentials are
+    #   required and need to be refreshed. See the example in this doc.
     #
-    #      before_refresh = Proc.new do |assume_role_credentials| do
-    #        assume_role_credentials.assume_role_params['token_code'] = update_token
-    #      end
+    # @example Tokens can be refreshed using a Proc.
+    #   before_refresh = Proc.new do |assume_role_credentials|
+    #     assume_role_credentials.assume_role_params['token_code'] = update_token
+    #   end
     #
     def initialize(options = {})
       client_opts = {}

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -9,11 +9,11 @@ module Aws
   # {Aws::STS::Client#assume_role_with_web_identity}.
   #
   #     role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
-  #       client: Aws::STS::Client.new(...),
+  #       client: Aws::STS::Client.new(sts_options),
   #       role_arn: "linked::account::arn",
   #       web_identity_token_file: "/path/to/token/file",
   #       role_session_name: "session-name"
-  #       ...
+  #       # ...
   #     )
   #     ec2 = Aws::EC2::Client.new(credentials: role_credentials)
   #

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -11,7 +11,7 @@ module Aws
     def resolve
       providers.each do |method_name, options|
         provider = send(method_name, options.merge(config: @config))
-        return provider if provider && provider.set?
+        return provider if provider&.set?
       end
       nil
     end
@@ -54,47 +54,65 @@ module Aws
     end
 
     def static_profile_assume_role_web_identity_credentials(options)
-      if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
-        Aws.shared_config.assume_role_web_identity_credentials_from_config(
+      return unless Aws.shared_config.config_enabled? && options[:config]&.profile
+
+      with_metrics('CREDENTIALS_CODE') do
+        creds = Aws.shared_config.assume_role_web_identity_credentials_from_config(
           profile: options[:config].profile,
           region: options[:config].region
         )
+        return unless creds
+
+        creds.metrics << 'CREDENTIALS_CODE'
+        creds
       end
     end
 
     def static_profile_sso_credentials(options)
-      if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
-        Aws.shared_config.sso_credentials_from_config(
+      return unless Aws.shared_config.config_enabled? && options[:config]&.profile
+
+      with_metrics('CREDENTIALS_CODE') do
+        creds = Aws.shared_config.sso_credentials_from_config(
           profile: options[:config].profile
         )
+        return unless creds
+
+        creds.metrics << 'CREDENTIALS_CODE'
+        creds
       end
     end
 
     def static_profile_assume_role_credentials(options)
-      if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
-        assume_role_with_profile(options, options[:config].profile)
+      return unless Aws.shared_config.config_enabled? && options[:config]&.profile
+
+      with_metrics('CREDENTIALS_CODE') do
+        creds = assume_role_with_profile(options, options[:config].profile)
+        return unless creds
+
+        creds.metrics << 'CREDENTIALS_CODE'
+        creds
       end
     end
 
     def static_profile_credentials(options)
-      if options[:config] && options[:config].profile
-        creds = SharedCredentials.new(profile_name: options[:config].profile)
-        creds.metrics = ['CREDENTIALS_PROFILE']
-        creds
-      end
+      return unless options[:config]&.profile
+
+      creds = SharedCredentials.new(profile_name: options[:config].profile)
+      creds.metrics << 'CREDENTIALS_PROFILE'
+      creds
     rescue Errors::NoSuchProfileError
       nil
     end
 
     def static_profile_process_credentials(options)
-      if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
-        process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
-        if process_provider
-          creds = ProcessCredentials.new([process_provider])
-          creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
-          creds
-        end
-      end
+      return unless Aws.shared_config.config_enabled? && options[:config]&.profile
+
+      process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
+      return unless process_provider
+
+      creds = ProcessCredentials.new([process_provider])
+      creds.metrics.concat(%w[CREDENTIALS_PROFILE_PROCESS CREDENTIALS_CODE])
+      creds
     rescue Errors::NoSuchProfileError
       nil
     end
@@ -122,7 +140,7 @@ module Aws
     end
 
     def determine_profile_name(options)
-      (options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
+      (options[:config]&.profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
     end
 
     def shared_credentials(options)
@@ -201,10 +219,14 @@ module Aws
         profile: profile_name,
         chain_config: @config
       }
-      if options[:config] && options[:config].region
+      if options[:config]&.region
         assume_opts[:region] = options[:config].region
       end
       Aws.shared_config.assume_role_credentials_from_config(assume_opts)
     end
+
+    def with_metrics(metrics, &block)
+      Aws::Plugins::UserAgent.metric(*metrics, &block)
+    end
   end
 end

data/lib/aws-sdk-core/ecs_credentials.rb

@@ -42,26 +42,26 @@ module Aws
     # @option options [Integer] :retries (5) Number of times to retry
     #   when retrieving credentials.
     # @option options [String] :ip_address ('169.254.170.2') This value is
-    #   ignored if `endpoint` is set and `credential_path` is not set.
-    # @option options [Integer] :port (80) This value is ignored if `endpoint`
-    #   is set and `credential_path` is not set.
+    #   ignored if `:endpoint` is set and `:credential_path` is not set.
+    # @option options [Integer] :port (80) This value is ignored if `:endpoint`
+    #   is set and `:credential_path` is not set.
     # @option options [String] :credential_path By default, the value of the
-    #   AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
+    #   `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` environment variable.
     # @option options [String] :endpoint The container credential endpoint.
-    #   By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI
-    #   environment variable. This value is ignored if `credential_path` or
-    #   ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set.
+    #   By default, this is the value of the `AWS_CONTAINER_CREDENTIALS_FULL_URI`
+    #   environment variable. This value is ignored if `:credential_path` or
+    #   `ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']` is set.
     # @option options [Float] :http_open_timeout (5)
     # @option options [Float] :http_read_timeout (5)
-    # @option options [Numeric, Proc] :delay By default, failures are retried
+    # @option options [IO] :http_debug_output (nil) HTTP wire
+    #   traces are sent to this object.  You can specify something
+    #   like `$stdout`.
+    # @option options [Numeric, Proc] :backoff By default, failures are retried
     #   with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can
     #   pass a number of seconds to sleep between failed attempts, or
     #   a Proc that accepts the number of failures.
-    # @option options [IO] :http_debug_output (nil) HTTP wire
-    #   traces are sent to this object.  You can specify something
-    #   like $stdout.
-    # @option options [Callable] before_refresh Proc called before
-    #   credentials are refreshed. `before_refresh` is called
+    # @option options [Proc] :before_refresh A Proc called before
+    #   credentials are refreshed. `:before_refresh` is called
     #   with an instance of this object when
     #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})

data/lib/aws-sdk-core/plugins/checksum_algorithm.rb

@@ -190,7 +190,6 @@ module Aws
               name: "x-amz-checksum-#{algorithm.downcase}",
               request_algorithm_header: request_algorithm_header(context)
             }
-
             context[:http_checksum][:request_algorithm] = request_algorithm
             calculate_request_checksum(context, request_algorithm)
           end
@@ -249,6 +248,7 @@ module Aws
           return unless context.operation.http_checksum
 
           input_member = context.operation.http_checksum['requestAlgorithmMember']
+
           context.params[input_member.to_sym] ||= DEFAULT_CHECKSUM if input_member
         end
 
@@ -271,25 +271,39 @@ module Aws
           context.operation.http_checksum['responseAlgorithms']
         end
 
-        def checksum_required?(context)
-          (http_checksum = context.operation.http_checksum) &&
-            (checksum_required = http_checksum['requestChecksumRequired']) &&
-            (checksum_required && context.config.request_checksum_calculation == 'when_required')
-        end
-
-        def checksum_optional?(context)
-          context.operation.http_checksum &&
-            context.config.request_checksum_calculation != 'when_required'
-        end
-
         def checksum_provided_as_header?(headers)
           headers.any? { |k, _| k.start_with?('x-amz-checksum-') }
         end
 
+        # Determines whether a request checksum should be calculated.
+        # 1. **No existing checksum in header**: Skips if checksum header already present
+        # 2. **Operation support**: Considers model, client configuration and user input.
         def should_calculate_request_checksum?(context)
           !checksum_provided_as_header?(context.http_request.headers) &&
-            request_algorithm_selection(context) &&
-            (checksum_required?(context) || checksum_optional?(context))
+            checksum_applicable?(context)
+        end
+
+        # Checks if checksum calculation should proceed based on operation requirements and client settings.
+        # Returns true when any of these conditions are met:
+        # 1. http checksum's requestChecksumRequired is true
+        # 2. Config for request_checksum_calculation is "when_supported"
+        # 3. Config for request_checksum_calculation is "when_required" AND user provided checksum algorithm
+        def checksum_applicable?(context)
+          http_checksum = context.operation.http_checksum
+          return false unless http_checksum
+
+          return true if http_checksum['requestChecksumRequired']
+
+          return false unless (algorithm_member = http_checksum['requestAlgorithmMember'])
+
+          case context.config.request_checksum_calculation
+          when 'when_supported'
+            true
+          when 'when_required'
+            !context.params[algorithm_member.to_sym].nil?
+          else
+            false
+          end
         end
 
         def choose_request_algorithm!(context)

data/lib/aws-sdk-core/refreshing_credentials.rb

@@ -1,28 +1,26 @@
 # frozen_string_literal: true
 
 module Aws
-
   # Base class used credential classes that can be refreshed. This
   # provides basic refresh logic in a thread-safe manner. Classes mixing in
-  # this module are expected to implement a #refresh method that populates
+  # this module are expected to implement a `#refresh` method that populates
   # the following instance variables:
   #
-  # * `@access_key_id`
-  # * `@secret_access_key`
-  # * `@session_token`
-  # * `@expiration`
+  # * `@credentials` ({Credentials})
+  # * `@expiration` (Time)
   #
-  # @api private
   module RefreshingCredentials
-
     SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
     ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
 
     CLIENT_EXCLUDE_OPTIONS = Set.new([:before_refresh]).freeze
 
+    # @param [Hash] options
+    # @option options [Proc] :before_refresh A Proc called before credentials are refreshed.
+    #   It accepts `self` as the only argument.
     def initialize(options = {})
       @mutex = Mutex.new
-      @before_refresh = options.delete(:before_refresh) if Hash === options
+      @before_refresh = options.delete(:before_refresh) if options.is_a?(Hash)
 
       @before_refresh.call(self) if @before_refresh
       refresh
@@ -59,7 +57,7 @@ module Aws
     # Otherwise, if we're approaching expiration, use the existing credentials
     # but attempt a refresh in the background.
     def refresh_if_near_expiration!
-      # Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
+      # NOTE: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
       # call, we check before doing so, and then we check within the mutex to avoid a race condition.
       # See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
       if near_expiration?(sync_expiration_length)
@@ -91,6 +89,5 @@ module Aws
         true
       end
     end
-
   end
 end

data/lib/aws-sdk-core/sso_credentials.rb

@@ -7,7 +7,7 @@ module Aws
   # {Aws::SSOTokenProvider} will be used to refresh the token if possible.
   # This class does NOT implement the SSO login token flow - tokens
   # must generated separately by running `aws login` from the
-  # AWS CLI with the correct profile. The `SSOCredentials` will
+  # AWS CLI with the correct profile. The {SSOCredentials} will
   # auto-refresh the AWS credentials from SSO.
   #
   #     # You must first run aws sso login --profile your-sso-profile

data/lib/aws-sdk-sso/client.rb

@@ -698,7 +698,7 @@ module Aws::SSO
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.232.0'
+      context[:gem_version] = '3.234.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -56,7 +56,7 @@ module Aws::SSO
   autoload :EndpointProvider, 'aws-sdk-sso/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sso/endpoints'
 
-  GEM_VERSION = '3.232.0'
+  GEM_VERSION = '3.234.0'
 
 end
 

data/lib/aws-sdk-ssooidc/client.rb

@@ -523,10 +523,9 @@ module Aws::SSOOIDC
     #   [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
     #
     # @option params [Array<String>] :scope
-    #   The list of scopes for which authorization is requested. The access
-    #   token that is issued is limited to the scopes that are granted. If
-    #   this value is not specified, IAM Identity Center authorizes all scopes
-    #   that are configured for the client during the call to RegisterClient.
+    #   The list of scopes for which authorization is requested. This
+    #   parameter has no effect; the access token will always include all
+    #   scopes configured during client registration.
     #
     # @option params [String] :redirect_uri
     #   Used only when calling this API for the Authorization Code grant type.
@@ -615,12 +614,26 @@ module Aws::SSOOIDC
       req.send_request(options)
     end
 
-    # Creates and returns access and refresh tokens for clients and
-    # applications that are authenticated using IAM entities. The access
+    # Creates and returns access and refresh tokens for authorized client
+    # applications that are authenticated using any IAM entity, such as a
+    # service role or user. These tokens might contain defined scopes that
+    # specify permissions such as `read:profile` or `write:data`. Through
+    # downscoping, you can use the scopes parameter to request tokens with
+    # reduced permissions compared to the original client application's
+    # permissions or, if applicable, the refresh token's scopes. The access
     # token can be used to fetch short-lived credentials for the assigned
     # Amazon Web Services accounts or to access application APIs using
     # `bearer` authentication.
     #
+    # <note markdown="1"> This API is used with Signature Version 4. For more information, see
+    # [Amazon Web Services Signature Version 4 for API Requests][1].
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html
+    #
     # @option params [required, String] :client_id
     #   The unique identifier string for the client or application. This value
     #   is an application ARN that has OAuth grants configured.
@@ -1068,7 +1081,7 @@ module Aws::SSOOIDC
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.232.0'
+      context[:gem_version] = '3.234.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc/client_api.rb

@@ -15,6 +15,7 @@ module Aws::SSOOIDC
     include Seahorse::Model
 
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
+    AccessDeniedExceptionReason = Shapes::StringShape.new(name: 'AccessDeniedExceptionReason')
     AccessToken = Shapes::StringShape.new(name: 'AccessToken')
     ArnType = Shapes::StringShape.new(name: 'ArnType')
     Assertion = Shapes::StringShape.new(name: 'Assertion')
@@ -46,6 +47,7 @@ module Aws::SSOOIDC
     InvalidGrantException = Shapes::StructureShape.new(name: 'InvalidGrantException')
     InvalidRedirectUriException = Shapes::StructureShape.new(name: 'InvalidRedirectUriException')
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
+    InvalidRequestExceptionReason = Shapes::StringShape.new(name: 'InvalidRequestExceptionReason')
     InvalidRequestRegionException = Shapes::StructureShape.new(name: 'InvalidRequestRegionException')
     InvalidScopeException = Shapes::StructureShape.new(name: 'InvalidScopeException')
     Location = Shapes::StringShape.new(name: 'Location')
@@ -69,6 +71,7 @@ module Aws::SSOOIDC
     UserCode = Shapes::StringShape.new(name: 'UserCode')
 
     AccessDeniedException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
+    AccessDeniedException.add_member(:reason, Shapes::ShapeRef.new(shape: AccessDeniedExceptionReason, location_name: "reason"))
     AccessDeniedException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
 
@@ -147,6 +150,7 @@ module Aws::SSOOIDC
     InvalidRedirectUriException.struct_class = Types::InvalidRedirectUriException
 
     InvalidRequestException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error"))
+    InvalidRequestException.add_member(:reason, Shapes::ShapeRef.new(shape: InvalidRequestExceptionReason, location_name: "reason"))
     InvalidRequestException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description"))
     InvalidRequestException.struct_class = Types::InvalidRequestException
 
@@ -282,6 +286,7 @@ module Aws::SSOOIDC
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRedirectUriException)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException)
+        o.errors << Shapes::ShapeRef.new(shape: SlowDownException)
       end)
 
       api.add_operation(:start_device_authorization, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-ssooidc/errors.rb

@@ -62,6 +62,11 @@ module Aws::SSOOIDC
         @data[:error]
       end
 
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
+
       # @return [String]
       def error_description
         @data[:error_description]
@@ -222,6 +227,11 @@ module Aws::SSOOIDC
         @data[:error]
       end
 
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
+
       # @return [String]
       def error_description
         @data[:error_description]

data/lib/aws-sdk-ssooidc/types.rb

@@ -17,6 +17,10 @@ module Aws::SSOOIDC
     #   `access_denied`.
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   A string that uniquely identifies a reason for the error.
+    #   @return [String]
+    #
     # @!attribute [rw] error_description
     #   Human-readable text providing additional information, used to assist
     #   the client developer in understanding the error that occurred.
@@ -26,6 +30,7 @@ module Aws::SSOOIDC
     #
     class AccessDeniedException < Struct.new(
       :error,
+      :reason,
       :error_description)
       SENSITIVE = []
       include Aws::Structure
@@ -54,14 +59,20 @@ module Aws::SSOOIDC
     end
 
     # This structure contains Amazon Web Services-specific parameter
-    # extensions for the token endpoint responses and includes the identity
-    # context.
+    # extensions and the [identity context][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html
     #
     # @!attribute [rw] identity_context
-    #   STS context assertion that carries a user identifier to the Amazon
-    #   Web Services service that it calls and can be used to obtain an
-    #   identity-enhanced IAM role session. This value corresponds to the
-    #   `sts:identity_context` claim in the ID token.
+    #   The trusted context assertion is signed and encrypted by STS. It
+    #   provides access to `sts:identity_context` claim in the `idToken`
+    #   without JWT parsing
+    #
+    #   Identity context comprises information that Amazon Web Services
+    #   services use to make authorization decisions when they receive
+    #   requests.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AwsAdditionalDetails AWS API Documentation
@@ -122,11 +133,9 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] scope
-    #   The list of scopes for which authorization is requested. The access
-    #   token that is issued is limited to the scopes that are granted. If
-    #   this value is not specified, IAM Identity Center authorizes all
-    #   scopes that are configured for the client during the call to
-    #   RegisterClient.
+    #   The list of scopes for which authorization is requested. This
+    #   parameter has no effect; the access token will always include all
+    #   scopes configured during client registration.
     #   @return [Array<String>]
     #
     # @!attribute [rw] redirect_uri
@@ -376,10 +385,8 @@ module Aws::SSOOIDC
     #   @return [Array<String>]
     #
     # @!attribute [rw] aws_additional_details
-    #   A structure containing information from the `idToken`. Only the
-    #   `identityContext` is in it, which is a value extracted from the
-    #   `idToken`. This provides direct access to identity information
-    #   without requiring JWT parsing.
+    #   A structure containing information from IAM Identity Center managed
+    #   user and group information.
     #   @return [Types::AwsAdditionalDetails]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation
@@ -538,6 +545,10 @@ module Aws::SSOOIDC
     #   `invalid_request`.
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   A string that uniquely identifies a reason for the error.
+    #   @return [String]
+    #
     # @!attribute [rw] error_description
     #   Human-readable text providing additional information, used to assist
     #   the client developer in understanding the error that occurred.
@@ -547,6 +558,7 @@ module Aws::SSOOIDC
     #
     class InvalidRequestException < Struct.new(
       :error,
+      :reason,
       :error_description)
       SENSITIVE = []
       include Aws::Structure

data/lib/aws-sdk-ssooidc.rb

@@ -56,7 +56,7 @@ module Aws::SSOOIDC
   autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.232.0'
+  GEM_VERSION = '3.234.0'
 
 end
 

data/lib/aws-sdk-sts/client.rb

@@ -2601,7 +2601,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.232.0'
+      context[:gem_version] = '3.234.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/customizations.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-# utility classes
 module Aws
   module STS
     autoload :Presigner, 'aws-sdk-sts/presigner'

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.232.0'
+  GEM_VERSION = '3.234.0'
 
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.232.0
+  version: 3.234.0
 platform: ruby
 authors:
 - Amazon Web Services