aws-sdk-core 3.252.0 → 3.253.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 96694b8f2f5836a441a97a28c54192ac0c7ecd4bc17ce0e7f38aa1979f4b44ce
4
- data.tar.gz: 22beaae2d0474238fb04148a1b388ce0de31efa1f8f2ac5c7daff1315cfbb44f
3
+ metadata.gz: 1247f6da5460ed459d1ac0f815b87533c392520ead96493388af7bf93b416d6c
4
+ data.tar.gz: 0a12db04017a03fb85be3f57f36230ffb09ce880374147c99acf41526779a2cd
5
5
  SHA512:
6
- metadata.gz: 40fa25ff493916dd88b63b5bc77f18675e066fbf74a38773adee76b1ec6b4376430d03fb53697ddb0759e11c41815e54c7e30bba71cd0622571f1ae18a47a2d8
7
- data.tar.gz: c81b88488d9029025ecec32d86b9fd83ae71b8e144025eaf859227e75996d8f9b1bce06ee375de7f9ac00eea06d36a48744f79b49db4ab3b636596fbcf2a8d19
6
+ metadata.gz: 37ebe8075e08b7f183fc59920a4ae8d16b434644bd43f0e99110787548e4742ce3816d461a80519517581282a23f3de149202dc9e1a0bba9b81e7d75acaf5153
7
+ data.tar.gz: fb38b7be043ef6ba002a8d90b26dfd8d6ef4b97f02a3135f2ee434816fd9151d56d033df646880665482eed580a58438859a90df4257d7e2bdeefc8c92fcedf8
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.253.0 (2026-07-08)
5
+ ------------------
6
+
7
+ * Feature - Updated Aws::Signin::Client with the latest API changes.
8
+
9
+ * Feature - Adds support for OAuth 2.0 token operations in AWS Sign-In, CreateOAuth2TokenWithIAM (client credentials flow), IntrospectOAuth2TokenWithIAM (token inspection), and RevokeOAuth2TokenWithIAM (token revocation).
10
+
4
11
  3.252.0 (2026-06-10)
5
12
  ------------------
6
13
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.252.0
1
+ 3.253.0
@@ -559,6 +559,45 @@ module Aws::Signin
559
559
  req.send_request(options)
560
560
  end
561
561
 
562
+ # Grants permission to exchange client credentials for an OAuth 2.0
563
+ # access token scoped to a resource that can be used to access AWS
564
+ # services from applications
565
+ #
566
+ # @option params [required, String] :grant_type
567
+ # OAuth 2.0 grant type. Must be "client\_credentials".
568
+ #
569
+ # @option params [required, String] :resource
570
+ # The OAuth resource for which the access token is requested. Example:
571
+ # "aws-mcp.amazonaws.com".
572
+ #
573
+ # @return [Types::CreateOAuth2TokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
574
+ #
575
+ # * {Types::CreateOAuth2TokenWithIAMResponse#access_token #access_token} => String
576
+ # * {Types::CreateOAuth2TokenWithIAMResponse#token_type #token_type} => String
577
+ # * {Types::CreateOAuth2TokenWithIAMResponse#expires_in #expires_in} => Integer
578
+ #
579
+ # @example Request syntax with placeholder values
580
+ #
581
+ # resp = client.create_o_auth_2_token_with_iam({
582
+ # grant_type: "ClientCredentialsGrantType", # required
583
+ # resource: "CreateOAuth2TokenWithIAMRequestResourceString", # required
584
+ # })
585
+ #
586
+ # @example Response structure
587
+ #
588
+ # resp.access_token #=> String
589
+ # resp.token_type #=> String
590
+ # resp.expires_in #=> Integer
591
+ #
592
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAM AWS API Documentation
593
+ #
594
+ # @overload create_o_auth_2_token_with_iam(params = {})
595
+ # @param [Hash] params ({})
596
+ def create_o_auth_2_token_with_iam(params = {}, options = {})
597
+ req = build_request(:create_o_auth_2_token_with_iam, params)
598
+ req.send_request(options)
599
+ end
600
+
562
601
  # Delete console authorization configuration with automatic scope
563
602
  # detection
564
603
  #
@@ -684,6 +723,79 @@ module Aws::Signin
684
723
  req.send_request(options)
685
724
  end
686
725
 
726
+ # Grants permission to inspect the metadata and state of an OAuth 2.0
727
+ # access token or refresh token
728
+ #
729
+ # Implements RFC 7662 OAuth 2.0 Token Introspection over a
730
+ # SigV4-authenticated endpoint. Inspects the metadata of an
731
+ # access\_token or refresh\_token issued by AWS Sign-In and returns the
732
+ # claims associated with it.
733
+ #
734
+ # Inactive token semantics (RFC 7662 §2.2): when the supplied token is
735
+ # unknown, expired, revoked, malformed, or owned by a different account,
736
+ # the response body is exactly \{ "active": false } with all other
737
+ # claims omitted.
738
+ #
739
+ # @option params [required, String] :token
740
+ # The string value of the token to introspect. May be either an
741
+ # access\_token or a refresh\_token issued by AWS Sign-In.
742
+ #
743
+ # @option params [String] :token_type_hint
744
+ # Optional hint about the type of the token submitted for introspection.
745
+ # The server uses this hint to optimize lookup, but still falls back to
746
+ # the other token type on miss. Allowed values: access\_token,
747
+ # refresh\_token.
748
+ #
749
+ # @return [Types::IntrospectOAuth2TokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
750
+ #
751
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#active #active} => Boolean
752
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#client_id #client_id} => String
753
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#user_id #user_id} => String
754
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#token_type #token_type} => String
755
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#exp #exp} => Integer
756
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#iat #iat} => Integer
757
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#nbf #nbf} => Integer
758
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#sub #sub} => String
759
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#aud #aud} => String
760
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#iss #iss} => String
761
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#jti #jti} => String
762
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#account_id #account_id} => String
763
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#signin_session #signin_session} => String
764
+ # * {Types::IntrospectOAuth2TokenWithIAMResponse#resource #resource} => String
765
+ #
766
+ # @example Request syntax with placeholder values
767
+ #
768
+ # resp = client.introspect_o_auth_2_token_with_iam({
769
+ # token: "IntrospectionToken", # required
770
+ # token_type_hint: "TokenTypeHint",
771
+ # })
772
+ #
773
+ # @example Response structure
774
+ #
775
+ # resp.active #=> Boolean
776
+ # resp.client_id #=> String
777
+ # resp.user_id #=> String
778
+ # resp.token_type #=> String
779
+ # resp.exp #=> Integer
780
+ # resp.iat #=> Integer
781
+ # resp.nbf #=> Integer
782
+ # resp.sub #=> String
783
+ # resp.aud #=> String
784
+ # resp.iss #=> String
785
+ # resp.jti #=> String
786
+ # resp.account_id #=> String
787
+ # resp.signin_session #=> String
788
+ # resp.resource #=> String
789
+ #
790
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAM AWS API Documentation
791
+ #
792
+ # @overload introspect_o_auth_2_token_with_iam(params = {})
793
+ # @param [Hash] params ({})
794
+ def introspect_o_auth_2_token_with_iam(params = {}, options = {})
795
+ req = build_request(:introspect_o_auth_2_token_with_iam, params)
796
+ req.send_request(options)
797
+ end
798
+
687
799
  # Retrieve all permission statements in the account's SignIn
688
800
  # resource-based policy
689
801
  #
@@ -820,6 +932,39 @@ module Aws::Signin
820
932
  req.send_request(options)
821
933
  end
822
934
 
935
+ # Grants permission to revoke an OAuth 2.0 refresh token and its
936
+ # associated refresh tokens
937
+ #
938
+ # Revokes a refresh\_token issued by AWS Sign-In, invalidating the
939
+ # entire token chain so that the refresh\_token can no longer be used to
940
+ # mint new access\_tokens.
941
+ #
942
+ # Idempotency: revoking an already-revoked, expired, or otherwise
943
+ # invalid token still returns 200 OK with an empty body. Only the
944
+ # refresh\_token type is accepted.
945
+ #
946
+ # @option params [required, String] :token
947
+ # The refresh\_token to revoke. Must be a refresh\_token issued by AWS
948
+ # Sign-In (prefix "ASOR"); access\_tokens are not accepted for
949
+ # revocation.
950
+ #
951
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
952
+ #
953
+ # @example Request syntax with placeholder values
954
+ #
955
+ # resp = client.revoke_o_auth_2_token_with_iam({
956
+ # token: "RevocationToken", # required
957
+ # })
958
+ #
959
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAM AWS API Documentation
960
+ #
961
+ # @overload revoke_o_auth_2_token_with_iam(params = {})
962
+ # @param [Hash] params ({})
963
+ def revoke_o_auth_2_token_with_iam(params = {}, options = {})
964
+ req = build_request(:revoke_o_auth_2_token_with_iam, params)
965
+ req.send_request(options)
966
+ end
967
+
823
968
  # @!endgroup
824
969
 
825
970
  # @param params ({})
@@ -838,7 +983,7 @@ module Aws::Signin
838
983
  tracer: tracer
839
984
  )
840
985
  context[:gem_name] = 'aws-sdk-core'
841
- context[:gem_version] = '3.252.0'
986
+ context[:gem_version] = '3.253.0'
842
987
  Seahorse::Client::Request.new(handlers, context)
843
988
  end
844
989
 
@@ -16,8 +16,11 @@ module Aws::Signin
16
16
 
17
17
  AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
18
18
  AccessToken = Shapes::StructureShape.new(name: 'AccessToken')
19
+ AccountId = Shapes::StringShape.new(name: 'AccountId')
19
20
  AuthorizationCode = Shapes::StringShape.new(name: 'AuthorizationCode')
21
+ BearerTokenType = Shapes::StringShape.new(name: 'BearerTokenType')
20
22
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
23
+ ClientCredentialsGrantType = Shapes::StringShape.new(name: 'ClientCredentialsGrantType')
21
24
  ClientId = Shapes::StringShape.new(name: 'ClientId')
22
25
  ClientToken = Shapes::StringShape.new(name: 'ClientToken')
23
26
  CodeVerifier = Shapes::StringShape.new(name: 'CodeVerifier')
@@ -31,6 +34,9 @@ module Aws::Signin
31
34
  CreateOAuth2TokenRequestBody = Shapes::StructureShape.new(name: 'CreateOAuth2TokenRequestBody')
32
35
  CreateOAuth2TokenResponse = Shapes::StructureShape.new(name: 'CreateOAuth2TokenResponse')
33
36
  CreateOAuth2TokenResponseBody = Shapes::StructureShape.new(name: 'CreateOAuth2TokenResponseBody')
37
+ CreateOAuth2TokenWithIAMRequest = Shapes::StructureShape.new(name: 'CreateOAuth2TokenWithIAMRequest')
38
+ CreateOAuth2TokenWithIAMRequestResourceString = Shapes::StringShape.new(name: 'CreateOAuth2TokenWithIAMRequestResourceString')
39
+ CreateOAuth2TokenWithIAMResponse = Shapes::StructureShape.new(name: 'CreateOAuth2TokenWithIAMResponse')
34
40
  DeleteConsoleAuthorizationConfigurationInput = Shapes::StructureShape.new(name: 'DeleteConsoleAuthorizationConfigurationInput')
35
41
  DeleteConsoleAuthorizationConfigurationOutput = Shapes::StructureShape.new(name: 'DeleteConsoleAuthorizationConfigurationOutput')
36
42
  DeleteResourcePermissionStatementInput = Shapes::StructureShape.new(name: 'DeleteResourcePermissionStatementInput')
@@ -44,10 +50,16 @@ module Aws::Signin
44
50
  GrantType = Shapes::StringShape.new(name: 'GrantType')
45
51
  IdToken = Shapes::StringShape.new(name: 'IdToken')
46
52
  InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
53
+ IntrospectOAuth2TokenWithIAMRequest = Shapes::StructureShape.new(name: 'IntrospectOAuth2TokenWithIAMRequest')
54
+ IntrospectOAuth2TokenWithIAMResponse = Shapes::StructureShape.new(name: 'IntrospectOAuth2TokenWithIAMResponse')
55
+ IntrospectedTokenType = Shapes::StringShape.new(name: 'IntrospectedTokenType')
56
+ IntrospectionToken = Shapes::StringShape.new(name: 'IntrospectionToken')
47
57
  ListResourcePermissionStatementsInput = Shapes::StructureShape.new(name: 'ListResourcePermissionStatementsInput')
48
58
  ListResourcePermissionStatementsOutput = Shapes::StructureShape.new(name: 'ListResourcePermissionStatementsOutput')
59
+ Long = Shapes::IntegerShape.new(name: 'Long')
49
60
  NextToken = Shapes::StringShape.new(name: 'NextToken')
50
61
  OAuth2ErrorCode = Shapes::StringShape.new(name: 'OAuth2ErrorCode')
62
+ OAuthAccessToken = Shapes::StringShape.new(name: 'OAuthAccessToken')
51
63
  PermissionStatementSummaries = Shapes::ListShape.new(name: 'PermissionStatementSummaries')
52
64
  PermissionStatementSummary = Shapes::StructureShape.new(name: 'PermissionStatementSummary')
53
65
  PolicyActions = Shapes::ListShape.new(name: 'PolicyActions')
@@ -62,6 +74,9 @@ module Aws::Signin
62
74
  RefreshToken = Shapes::StringShape.new(name: 'RefreshToken')
63
75
  RequestedRegion = Shapes::StringShape.new(name: 'RequestedRegion')
64
76
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
77
+ RevocationToken = Shapes::StringShape.new(name: 'RevocationToken')
78
+ RevokeOAuth2TokenWithIAMRequest = Shapes::StructureShape.new(name: 'RevokeOAuth2TokenWithIAMRequest')
79
+ RevokeOAuth2TokenWithIAMResponse = Shapes::StructureShape.new(name: 'RevokeOAuth2TokenWithIAMResponse')
65
80
  ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
66
81
  SigninResourceBasedPolicy = Shapes::StructureShape.new(name: 'SigninResourceBasedPolicy')
67
82
  SourceIp = Shapes::StringShape.new(name: 'SourceIp')
@@ -70,7 +85,9 @@ module Aws::Signin
70
85
  StatementId = Shapes::StringShape.new(name: 'StatementId')
71
86
  String = Shapes::StringShape.new(name: 'String')
72
87
  TargetId = Shapes::StringShape.new(name: 'TargetId')
88
+ TokenExpiresIn = Shapes::IntegerShape.new(name: 'TokenExpiresIn')
73
89
  TokenType = Shapes::StringShape.new(name: 'TokenType')
90
+ TokenTypeHint = Shapes::StringShape.new(name: 'TokenTypeHint')
74
91
  TooManyRequestsError = Shapes::StructureShape.new(name: 'TooManyRequestsError')
75
92
  ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
76
93
  VpcSourceIp = Shapes::StringShape.new(name: 'VpcSourceIp')
@@ -121,6 +138,15 @@ module Aws::Signin
121
138
  CreateOAuth2TokenResponseBody.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
122
139
  CreateOAuth2TokenResponseBody.struct_class = Types::CreateOAuth2TokenResponseBody
123
140
 
141
+ CreateOAuth2TokenWithIAMRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: ClientCredentialsGrantType, required: true, location_name: "grant_type"))
142
+ CreateOAuth2TokenWithIAMRequest.add_member(:resource, Shapes::ShapeRef.new(shape: CreateOAuth2TokenWithIAMRequestResourceString, required: true, location_name: "resource"))
143
+ CreateOAuth2TokenWithIAMRequest.struct_class = Types::CreateOAuth2TokenWithIAMRequest
144
+
145
+ CreateOAuth2TokenWithIAMResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: OAuthAccessToken, required: true, location_name: "access_token"))
146
+ CreateOAuth2TokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: BearerTokenType, required: true, location_name: "token_type"))
147
+ CreateOAuth2TokenWithIAMResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: TokenExpiresIn, required: true, location_name: "expires_in"))
148
+ CreateOAuth2TokenWithIAMResponse.struct_class = Types::CreateOAuth2TokenWithIAMResponse
149
+
124
150
  DeleteConsoleAuthorizationConfigurationInput.add_member(:target_id, Shapes::ShapeRef.new(shape: TargetId, location_name: "targetId"))
125
151
  DeleteConsoleAuthorizationConfigurationInput.struct_class = Types::DeleteConsoleAuthorizationConfigurationInput
126
152
 
@@ -152,6 +178,26 @@ module Aws::Signin
152
178
  InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
153
179
  InternalServerException.struct_class = Types::InternalServerException
154
180
 
181
+ IntrospectOAuth2TokenWithIAMRequest.add_member(:token, Shapes::ShapeRef.new(shape: IntrospectionToken, required: true, location_name: "token"))
182
+ IntrospectOAuth2TokenWithIAMRequest.add_member(:token_type_hint, Shapes::ShapeRef.new(shape: TokenTypeHint, location_name: "token_type_hint"))
183
+ IntrospectOAuth2TokenWithIAMRequest.struct_class = Types::IntrospectOAuth2TokenWithIAMRequest
184
+
185
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:active, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "active"))
186
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:client_id, Shapes::ShapeRef.new(shape: String, location_name: "client_id"))
187
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:user_id, Shapes::ShapeRef.new(shape: String, location_name: "user_id"))
188
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: IntrospectedTokenType, location_name: "token_type"))
189
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:exp, Shapes::ShapeRef.new(shape: Long, location_name: "exp"))
190
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:iat, Shapes::ShapeRef.new(shape: Long, location_name: "iat"))
191
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:nbf, Shapes::ShapeRef.new(shape: Long, location_name: "nbf"))
192
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:sub, Shapes::ShapeRef.new(shape: String, location_name: "sub"))
193
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:aud, Shapes::ShapeRef.new(shape: String, location_name: "aud"))
194
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:iss, Shapes::ShapeRef.new(shape: String, location_name: "iss"))
195
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:jti, Shapes::ShapeRef.new(shape: String, location_name: "jti"))
196
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "account_id"))
197
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:signin_session, Shapes::ShapeRef.new(shape: String, location_name: "signin_session"))
198
+ IntrospectOAuth2TokenWithIAMResponse.add_member(:resource, Shapes::ShapeRef.new(shape: String, location_name: "resource"))
199
+ IntrospectOAuth2TokenWithIAMResponse.struct_class = Types::IntrospectOAuth2TokenWithIAMResponse
200
+
155
201
  ListResourcePermissionStatementsInput.add_member(:max_results, Shapes::ShapeRef.new(shape: ConsolePermissionMaxResults, location_name: "maxResults"))
156
202
  ListResourcePermissionStatementsInput.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
157
203
  ListResourcePermissionStatementsInput.struct_class = Types::ListResourcePermissionStatementsInput
@@ -205,6 +251,11 @@ module Aws::Signin
205
251
  ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
206
252
  ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
207
253
 
254
+ RevokeOAuth2TokenWithIAMRequest.add_member(:token, Shapes::ShapeRef.new(shape: RevocationToken, required: true, location_name: "token"))
255
+ RevokeOAuth2TokenWithIAMRequest.struct_class = Types::RevokeOAuth2TokenWithIAMRequest
256
+
257
+ RevokeOAuth2TokenWithIAMResponse.struct_class = Types::RevokeOAuth2TokenWithIAMResponse
258
+
208
259
  ServiceQuotaExceededException.add_member(:error, Shapes::ShapeRef.new(shape: OAuth2ErrorCode, required: true, location_name: "error"))
209
260
  ServiceQuotaExceededException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
210
261
  ServiceQuotaExceededException.struct_class = Types::ServiceQuotaExceededException
@@ -254,6 +305,18 @@ module Aws::Signin
254
305
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
255
306
  end)
256
307
 
308
+ api.add_operation(:create_o_auth_2_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
309
+ o.name = "CreateOAuth2TokenWithIAM"
310
+ o.http_method = "POST"
311
+ o.http_request_uri = "/v1/token?x-amz-client-auth-method=iam"
312
+ o.input = Shapes::ShapeRef.new(shape: CreateOAuth2TokenWithIAMRequest)
313
+ o.output = Shapes::ShapeRef.new(shape: CreateOAuth2TokenWithIAMResponse)
314
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsError)
315
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
316
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
317
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
318
+ end)
319
+
257
320
  api.add_operation(:delete_console_authorization_configuration, Seahorse::Model::Operation.new.tap do |o|
258
321
  o.name = "DeleteConsoleAuthorizationConfiguration"
259
322
  o.http_method = "POST"
@@ -305,6 +368,18 @@ module Aws::Signin
305
368
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
306
369
  end)
307
370
 
371
+ api.add_operation(:introspect_o_auth_2_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
372
+ o.name = "IntrospectOAuth2TokenWithIAM"
373
+ o.http_method = "POST"
374
+ o.http_request_uri = "/v1/introspect?x-amz-client-auth-method=iam"
375
+ o.input = Shapes::ShapeRef.new(shape: IntrospectOAuth2TokenWithIAMRequest)
376
+ o.output = Shapes::ShapeRef.new(shape: IntrospectOAuth2TokenWithIAMResponse)
377
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsError)
378
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
379
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
380
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
381
+ end)
382
+
308
383
  api.add_operation(:list_resource_permission_statements, Seahorse::Model::Operation.new.tap do |o|
309
384
  o.name = "ListResourcePermissionStatements"
310
385
  o.http_method = "POST"
@@ -351,6 +426,18 @@ module Aws::Signin
351
426
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
352
427
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
353
428
  end)
429
+
430
+ api.add_operation(:revoke_o_auth_2_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
431
+ o.name = "RevokeOAuth2TokenWithIAM"
432
+ o.http_method = "POST"
433
+ o.http_request_uri = "/v1/revoke?x-amz-client-auth-method=iam"
434
+ o.input = Shapes::ShapeRef.new(shape: RevokeOAuth2TokenWithIAMRequest)
435
+ o.output = Shapes::ShapeRef.new(shape: RevokeOAuth2TokenWithIAMResponse)
436
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsError)
437
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
438
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
439
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
440
+ end)
354
441
  end
355
442
 
356
443
  end
@@ -35,12 +35,18 @@ module Aws::Signin
35
35
  #
36
36
  # @return [boolean]
37
37
  #
38
+ # @!attribute is_o_auth_endpoint
39
+ # Indicates if the operation targets the OAuth token endpoint
40
+ #
41
+ # @return [boolean]
42
+ #
38
43
  EndpointParameters = Struct.new(
39
44
  :use_dual_stack,
40
45
  :use_fips,
41
46
  :endpoint,
42
47
  :region,
43
48
  :is_control_plane,
49
+ :is_o_auth_endpoint,
44
50
  ) do
45
51
  include Aws::Structure
46
52
 
@@ -52,6 +58,7 @@ module Aws::Signin
52
58
  'Endpoint' => :endpoint,
53
59
  'Region' => :region,
54
60
  'IsControlPlane' => :is_control_plane,
61
+ 'IsOAuthEndpoint' => :is_o_auth_endpoint,
55
62
  }.freeze
56
63
  end
57
64
 
@@ -63,6 +70,7 @@ module Aws::Signin
63
70
  self[:endpoint] = options[:endpoint]
64
71
  self[:region] = options[:region]
65
72
  self[:is_control_plane] = options[:is_control_plane]
73
+ self[:is_o_auth_endpoint] = options[:is_o_auth_endpoint]
66
74
  end
67
75
 
68
76
  def self.create(config, options={})
@@ -19,6 +19,12 @@ module Aws::Signin
19
19
  end
20
20
  return Aws::Endpoints::Endpoint.new(url: "https://signin.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "signin", "signingRegion" => "#{parameters.region}"}]})
21
21
  end
22
+ if Aws::Endpoints::Matchers.set?(parameters.is_o_auth_endpoint) && Aws::Endpoints::Matchers.boolean_equals?(parameters.is_o_auth_endpoint, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
23
+ raise ArgumentError, "FIPS endpoints are not supported for OAuth operations. Disable FIPS or use a non-OAuth operation."
24
+ end
25
+ if Aws::Endpoints::Matchers.set?(parameters.is_o_auth_endpoint) && Aws::Endpoints::Matchers.boolean_equals?(parameters.is_o_auth_endpoint, true) && Aws::Endpoints::Matchers.set?(parameters.region) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
26
+ return Aws::Endpoints::Endpoint.new(url: "https://#{parameters.region}.oauth.signin.aws", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "signin", "signingRegion" => "#{parameters.region}"}]})
27
+ end
22
28
  if Aws::Endpoints::Matchers.set?(parameters.region) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, false) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
23
29
  return Aws::Endpoints::Endpoint.new(url: "https://#{parameters.region}.signin.aws.amazon.com", headers: {}, properties: {})
24
30
  end
@@ -12,6 +12,15 @@ module Aws::Signin
12
12
  # @api private
13
13
  module Endpoints
14
14
 
15
+ class CreateOAuth2TokenWithIAM
16
+ def self.build(context)
17
+ Aws::Signin::EndpointParameters.create(
18
+ context.config,
19
+ is_o_auth_endpoint: true,
20
+ )
21
+ end
22
+ end
23
+
15
24
  class DeleteConsoleAuthorizationConfiguration
16
25
  def self.build(context)
17
26
  Aws::Signin::EndpointParameters.create(
@@ -48,6 +57,15 @@ module Aws::Signin
48
57
  end
49
58
  end
50
59
 
60
+ class IntrospectOAuth2TokenWithIAM
61
+ def self.build(context)
62
+ Aws::Signin::EndpointParameters.create(
63
+ context.config,
64
+ is_o_auth_endpoint: true,
65
+ )
66
+ end
67
+ end
68
+
51
69
  class ListResourcePermissionStatements
52
70
  def self.build(context)
53
71
  Aws::Signin::EndpointParameters.create(
@@ -75,9 +93,20 @@ module Aws::Signin
75
93
  end
76
94
  end
77
95
 
96
+ class RevokeOAuth2TokenWithIAM
97
+ def self.build(context)
98
+ Aws::Signin::EndpointParameters.create(
99
+ context.config,
100
+ is_o_auth_endpoint: true,
101
+ )
102
+ end
103
+ end
104
+
78
105
 
79
106
  def self.parameters_for_operation(context)
80
107
  case context.operation_name
108
+ when :create_o_auth_2_token_with_iam
109
+ CreateOAuth2TokenWithIAM.build(context)
81
110
  when :delete_console_authorization_configuration
82
111
  DeleteConsoleAuthorizationConfiguration.build(context)
83
112
  when :delete_resource_permission_statement
@@ -86,12 +115,16 @@ module Aws::Signin
86
115
  GetConsoleAuthorizationConfiguration.build(context)
87
116
  when :get_resource_policy
88
117
  GetResourcePolicy.build(context)
118
+ when :introspect_o_auth_2_token_with_iam
119
+ IntrospectOAuth2TokenWithIAM.build(context)
89
120
  when :list_resource_permission_statements
90
121
  ListResourcePermissionStatements.build(context)
91
122
  when :put_console_authorization_configuration
92
123
  PutConsoleAuthorizationConfiguration.build(context)
93
124
  when :put_resource_permission_statement
94
125
  PutResourcePermissionStatement.build(context)
126
+ when :revoke_o_auth_2_token_with_iam
127
+ RevokeOAuth2TokenWithIAM.build(context)
95
128
  else
96
129
  Aws::Signin::EndpointParameters.create(context.config)
97
130
  end
@@ -45,9 +45,7 @@ module Aws::Signin
45
45
 
46
46
  # AWS credentials structure containing temporary access credentials
47
47
  #
48
- # The scoped-down, 15 minute duration AWS credentials. Scoping down will
49
- # be based on CLI policy (CLI team needs to create it). Similar to cloud
50
- # shell implementation.
48
+ # Scoped, temporary AWS credentials with a 15-minute duration.
51
49
  #
52
50
  # @!attribute [rw] access_key_id
53
51
  # AWS access key ID for temporary credentials
@@ -232,6 +230,55 @@ module Aws::Signin
232
230
  include Aws::Structure
233
231
  end
234
232
 
233
+ # Input structure for CreateOAuth2TokenWithIAM operation
234
+ #
235
+ # @!attribute [rw] grant_type
236
+ # OAuth 2.0 grant type. Must be "client\_credentials".
237
+ # @return [String]
238
+ #
239
+ # @!attribute [rw] resource
240
+ # The OAuth resource for which the access token is requested. Example:
241
+ # "aws-mcp.amazonaws.com".
242
+ # @return [String]
243
+ #
244
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAMRequest AWS API Documentation
245
+ #
246
+ class CreateOAuth2TokenWithIAMRequest < Struct.new(
247
+ :grant_type,
248
+ :resource)
249
+ SENSITIVE = []
250
+ include Aws::Structure
251
+ end
252
+
253
+ # Output structure for CreateOAuth2TokenWithIAM operation
254
+ #
255
+ # Contains the JWT access token, token type, and expiration per RFC 6749
256
+ # §5.1.
257
+ #
258
+ # @!attribute [rw] access_token
259
+ # JWT access token containing principal identity, resource scope, and
260
+ # session metadata
261
+ # @return [String]
262
+ #
263
+ # @!attribute [rw] token_type
264
+ # Always "Bearer" per OAuth 2.1 specification
265
+ # @return [String]
266
+ #
267
+ # @!attribute [rw] expires_in
268
+ # Token lifetime in seconds. Value is the minimum of session validity
269
+ # and 1 hour.
270
+ # @return [Integer]
271
+ #
272
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAMResponse AWS API Documentation
273
+ #
274
+ class CreateOAuth2TokenWithIAMResponse < Struct.new(
275
+ :access_token,
276
+ :token_type,
277
+ :expires_in)
278
+ SENSITIVE = [:access_token]
279
+ include Aws::Structure
280
+ end
281
+
235
282
  # Input for DeleteConsoleAuthorizationConfiguration operation
236
283
  #
237
284
  # @!attribute [rw] target_id
@@ -384,6 +431,125 @@ module Aws::Signin
384
431
  include Aws::Structure
385
432
  end
386
433
 
434
+ # Input structure for IntrospectOAuth2TokenWithIAM operation
435
+ #
436
+ # RFC 7662 §2.1 introspection request. Contains the token to inspect and
437
+ # an optional hint about the token's type.
438
+ #
439
+ # @!attribute [rw] token
440
+ # The string value of the token to introspect. May be either an
441
+ # access\_token or a refresh\_token issued by AWS Sign-In.
442
+ # @return [String]
443
+ #
444
+ # @!attribute [rw] token_type_hint
445
+ # Optional hint about the type of the token submitted for
446
+ # introspection. The server uses this hint to optimize lookup, but
447
+ # still falls back to the other token type on miss. Allowed values:
448
+ # access\_token, refresh\_token.
449
+ # @return [String]
450
+ #
451
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAMRequest AWS API Documentation
452
+ #
453
+ class IntrospectOAuth2TokenWithIAMRequest < Struct.new(
454
+ :token,
455
+ :token_type_hint)
456
+ SENSITIVE = [:token]
457
+ include Aws::Structure
458
+ end
459
+
460
+ # Output structure for IntrospectOAuth2TokenWithIAM operation
461
+ #
462
+ # RFC 7662 §2.2 introspection response. Only `active` is required; all
463
+ # other claims are omitted when the token is inactive.
464
+ #
465
+ # @!attribute [rw] active
466
+ # Indicates whether the token is currently active. `true` only when
467
+ # the token is valid, has not expired, has not been revoked, and
468
+ # belongs to the caller's account.
469
+ # @return [Boolean]
470
+ #
471
+ # @!attribute [rw] client_id
472
+ # Client identifier for the OAuth 2.0 client that requested the token.
473
+ # @return [String]
474
+ #
475
+ # @!attribute [rw] user_id
476
+ # User identifier matching sts:GetCallerIdentity's `UserId` field for
477
+ # the token's subject principal (e.g. "AIDAEXAMPLE" for an IAM user,
478
+ # or "AROAEXAMPLE:session-name" for an assumed role).
479
+ # @return [String]
480
+ #
481
+ # @!attribute [rw] token_type
482
+ # Indicates which kind of token was introspected. One of
483
+ # "access\_token" or "refresh\_token".
484
+ # @return [String]
485
+ #
486
+ # @!attribute [rw] exp
487
+ # Token expiration time as a NumericDate (Unix epoch seconds).
488
+ # @return [Integer]
489
+ #
490
+ # @!attribute [rw] iat
491
+ # Token issuance time as a NumericDate (Unix epoch seconds).
492
+ # @return [Integer]
493
+ #
494
+ # @!attribute [rw] nbf
495
+ # Token "not before" time as a NumericDate (Unix epoch seconds).
496
+ # @return [Integer]
497
+ #
498
+ # @!attribute [rw] sub
499
+ # Subject of the token: the IAM principal ARN. For assumed-role
500
+ # sessions, this is the session ARN (matches sts:GetCallerIdentity's
501
+ # `Arn` field), e.g.
502
+ # arn:aws:sts::123456789012:assumed-role/MyRole/session-name.
503
+ # @return [String]
504
+ #
505
+ # @!attribute [rw] aud
506
+ # Audience of the token: the OAuth resource the token is scoped to
507
+ # (for example, "aws-mcp.amazonaws.com"). Omitted for refresh tokens.
508
+ # @return [String]
509
+ #
510
+ # @!attribute [rw] iss
511
+ # Issuer of the token. Always "signin.amazonaws.com" for AWS Sign-In.
512
+ # @return [String]
513
+ #
514
+ # @!attribute [rw] jti
515
+ # Unique identifier for the token.
516
+ # @return [String]
517
+ #
518
+ # @!attribute [rw] account_id
519
+ # 12-digit AWS account ID of the token's subject principal.
520
+ # @return [String]
521
+ #
522
+ # @!attribute [rw] signin_session
523
+ # AWS Sign-In session ARN bound to the token, of the form
524
+ # arn:aws:signin:\{region}:\{account}:session/\{uuid}.
525
+ # @return [String]
526
+ #
527
+ # @!attribute [rw] resource
528
+ # The OAuth resource the token is scoped to during Human OAuth flow.
529
+ # Only present for refresh token introspection.
530
+ # @return [String]
531
+ #
532
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAMResponse AWS API Documentation
533
+ #
534
+ class IntrospectOAuth2TokenWithIAMResponse < Struct.new(
535
+ :active,
536
+ :client_id,
537
+ :user_id,
538
+ :token_type,
539
+ :exp,
540
+ :iat,
541
+ :nbf,
542
+ :sub,
543
+ :aud,
544
+ :iss,
545
+ :jti,
546
+ :account_id,
547
+ :signin_session,
548
+ :resource)
549
+ SENSITIVE = []
550
+ include Aws::Structure
551
+ end
552
+
387
553
  # Input for ListResourcePermissionStatements operation
388
554
  #
389
555
  # @!attribute [rw] max_results
@@ -605,6 +771,34 @@ module Aws::Signin
605
771
  include Aws::Structure
606
772
  end
607
773
 
774
+ # Input structure for RevokeOAuth2TokenWithIAM operation
775
+ #
776
+ # RFC 7009 §2.1 revocation request. Contains the refresh\_token to
777
+ # revoke.
778
+ #
779
+ # @!attribute [rw] token
780
+ # The refresh\_token to revoke. Must be a refresh\_token issued by AWS
781
+ # Sign-In (prefix "ASOR"); access\_tokens are not accepted for
782
+ # revocation.
783
+ # @return [String]
784
+ #
785
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAMRequest AWS API Documentation
786
+ #
787
+ class RevokeOAuth2TokenWithIAMRequest < Struct.new(
788
+ :token)
789
+ SENSITIVE = [:token]
790
+ include Aws::Structure
791
+ end
792
+
793
+ # Output structure for RevokeOAuth2TokenWithIAM operation
794
+ #
795
+ # RFC 7009 §2.2 revocation response. The endpoint returns 200 OK with an
796
+ # empty body on success; there are no response fields.
797
+ #
798
+ # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAMResponse AWS API Documentation
799
+ #
800
+ class RevokeOAuth2TokenWithIAMResponse < Aws::EmptyStructure; end
801
+
608
802
  # Error thrown when service quota is exceeded
609
803
  #
610
804
  # HTTP Status Code: 402 Payment Required (used as quota exceeded
@@ -56,7 +56,7 @@ module Aws::Signin
56
56
  autoload :EndpointProvider, 'aws-sdk-signin/endpoint_provider'
57
57
  autoload :Endpoints, 'aws-sdk-signin/endpoints'
58
58
 
59
- GEM_VERSION = '3.252.0'
59
+ GEM_VERSION = '3.253.0'
60
60
 
61
61
  end
62
62
 
@@ -696,7 +696,7 @@ module Aws::SSO
696
696
  tracer: tracer
697
697
  )
698
698
  context[:gem_name] = 'aws-sdk-core'
699
- context[:gem_version] = '3.252.0'
699
+ context[:gem_version] = '3.253.0'
700
700
  Seahorse::Client::Request.new(handlers, context)
701
701
  end
702
702
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -56,7 +56,7 @@ module Aws::SSO
56
56
  autoload :EndpointProvider, 'aws-sdk-sso/endpoint_provider'
57
57
  autoload :Endpoints, 'aws-sdk-sso/endpoints'
58
58
 
59
- GEM_VERSION = '3.252.0'
59
+ GEM_VERSION = '3.253.0'
60
60
 
61
61
  end
62
62
 
@@ -1079,7 +1079,7 @@ module Aws::SSOOIDC
1079
1079
  tracer: tracer
1080
1080
  )
1081
1081
  context[:gem_name] = 'aws-sdk-core'
1082
- context[:gem_version] = '3.252.0'
1082
+ context[:gem_version] = '3.253.0'
1083
1083
  Seahorse::Client::Request.new(handlers, context)
1084
1084
  end
1085
1085
 
@@ -56,7 +56,7 @@ module Aws::SSOOIDC
56
56
  autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
57
57
  autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
58
58
 
59
- GEM_VERSION = '3.252.0'
59
+ GEM_VERSION = '3.253.0'
60
60
 
61
61
  end
62
62
 
@@ -2723,7 +2723,7 @@ module Aws::STS
2723
2723
  tracer: tracer
2724
2724
  )
2725
2725
  context[:gem_name] = 'aws-sdk-core'
2726
- context[:gem_version] = '3.252.0'
2726
+ context[:gem_version] = '3.253.0'
2727
2727
  Seahorse::Client::Request.new(handlers, context)
2728
2728
  end
2729
2729
 
data/lib/aws-sdk-sts.rb CHANGED
@@ -56,7 +56,7 @@ module Aws::STS
56
56
  autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
57
57
  autoload :Endpoints, 'aws-sdk-sts/endpoints'
58
58
 
59
- GEM_VERSION = '3.252.0'
59
+ GEM_VERSION = '3.253.0'
60
60
 
61
61
  end
62
62
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.252.0
4
+ version: 3.253.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services