aws-sdk-core 3.252.0 → 3.253.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-signin/client.rb +146 -1
- data/lib/aws-sdk-signin/client_api.rb +87 -0
- data/lib/aws-sdk-signin/endpoint_parameters.rb +8 -0
- data/lib/aws-sdk-signin/endpoint_provider.rb +6 -0
- data/lib/aws-sdk-signin/endpoints.rb +33 -0
- data/lib/aws-sdk-signin/types.rb +197 -3
- data/lib/aws-sdk-signin.rb +1 -1
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +1 -1
- data/lib/aws-sdk-ssooidc.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1247f6da5460ed459d1ac0f815b87533c392520ead96493388af7bf93b416d6c
|
|
4
|
+
data.tar.gz: 0a12db04017a03fb85be3f57f36230ffb09ce880374147c99acf41526779a2cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 37ebe8075e08b7f183fc59920a4ae8d16b434644bd43f0e99110787548e4742ce3816d461a80519517581282a23f3de149202dc9e1a0bba9b81e7d75acaf5153
|
|
7
|
+
data.tar.gz: fb38b7be043ef6ba002a8d90b26dfd8d6ef4b97f02a3135f2ee434816fd9151d56d033df646880665482eed580a58438859a90df4257d7e2bdeefc8c92fcedf8
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
3.253.0 (2026-07-08)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Updated Aws::Signin::Client with the latest API changes.
|
|
8
|
+
|
|
9
|
+
* Feature - Adds support for OAuth 2.0 token operations in AWS Sign-In, CreateOAuth2TokenWithIAM (client credentials flow), IntrospectOAuth2TokenWithIAM (token inspection), and RevokeOAuth2TokenWithIAM (token revocation).
|
|
10
|
+
|
|
4
11
|
3.252.0 (2026-06-10)
|
|
5
12
|
------------------
|
|
6
13
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.253.0
|
|
@@ -559,6 +559,45 @@ module Aws::Signin
|
|
|
559
559
|
req.send_request(options)
|
|
560
560
|
end
|
|
561
561
|
|
|
562
|
+
# Grants permission to exchange client credentials for an OAuth 2.0
|
|
563
|
+
# access token scoped to a resource that can be used to access AWS
|
|
564
|
+
# services from applications
|
|
565
|
+
#
|
|
566
|
+
# @option params [required, String] :grant_type
|
|
567
|
+
# OAuth 2.0 grant type. Must be "client\_credentials".
|
|
568
|
+
#
|
|
569
|
+
# @option params [required, String] :resource
|
|
570
|
+
# The OAuth resource for which the access token is requested. Example:
|
|
571
|
+
# "aws-mcp.amazonaws.com".
|
|
572
|
+
#
|
|
573
|
+
# @return [Types::CreateOAuth2TokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
574
|
+
#
|
|
575
|
+
# * {Types::CreateOAuth2TokenWithIAMResponse#access_token #access_token} => String
|
|
576
|
+
# * {Types::CreateOAuth2TokenWithIAMResponse#token_type #token_type} => String
|
|
577
|
+
# * {Types::CreateOAuth2TokenWithIAMResponse#expires_in #expires_in} => Integer
|
|
578
|
+
#
|
|
579
|
+
# @example Request syntax with placeholder values
|
|
580
|
+
#
|
|
581
|
+
# resp = client.create_o_auth_2_token_with_iam({
|
|
582
|
+
# grant_type: "ClientCredentialsGrantType", # required
|
|
583
|
+
# resource: "CreateOAuth2TokenWithIAMRequestResourceString", # required
|
|
584
|
+
# })
|
|
585
|
+
#
|
|
586
|
+
# @example Response structure
|
|
587
|
+
#
|
|
588
|
+
# resp.access_token #=> String
|
|
589
|
+
# resp.token_type #=> String
|
|
590
|
+
# resp.expires_in #=> Integer
|
|
591
|
+
#
|
|
592
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAM AWS API Documentation
|
|
593
|
+
#
|
|
594
|
+
# @overload create_o_auth_2_token_with_iam(params = {})
|
|
595
|
+
# @param [Hash] params ({})
|
|
596
|
+
def create_o_auth_2_token_with_iam(params = {}, options = {})
|
|
597
|
+
req = build_request(:create_o_auth_2_token_with_iam, params)
|
|
598
|
+
req.send_request(options)
|
|
599
|
+
end
|
|
600
|
+
|
|
562
601
|
# Delete console authorization configuration with automatic scope
|
|
563
602
|
# detection
|
|
564
603
|
#
|
|
@@ -684,6 +723,79 @@ module Aws::Signin
|
|
|
684
723
|
req.send_request(options)
|
|
685
724
|
end
|
|
686
725
|
|
|
726
|
+
# Grants permission to inspect the metadata and state of an OAuth 2.0
|
|
727
|
+
# access token or refresh token
|
|
728
|
+
#
|
|
729
|
+
# Implements RFC 7662 OAuth 2.0 Token Introspection over a
|
|
730
|
+
# SigV4-authenticated endpoint. Inspects the metadata of an
|
|
731
|
+
# access\_token or refresh\_token issued by AWS Sign-In and returns the
|
|
732
|
+
# claims associated with it.
|
|
733
|
+
#
|
|
734
|
+
# Inactive token semantics (RFC 7662 §2.2): when the supplied token is
|
|
735
|
+
# unknown, expired, revoked, malformed, or owned by a different account,
|
|
736
|
+
# the response body is exactly \{ "active": false } with all other
|
|
737
|
+
# claims omitted.
|
|
738
|
+
#
|
|
739
|
+
# @option params [required, String] :token
|
|
740
|
+
# The string value of the token to introspect. May be either an
|
|
741
|
+
# access\_token or a refresh\_token issued by AWS Sign-In.
|
|
742
|
+
#
|
|
743
|
+
# @option params [String] :token_type_hint
|
|
744
|
+
# Optional hint about the type of the token submitted for introspection.
|
|
745
|
+
# The server uses this hint to optimize lookup, but still falls back to
|
|
746
|
+
# the other token type on miss. Allowed values: access\_token,
|
|
747
|
+
# refresh\_token.
|
|
748
|
+
#
|
|
749
|
+
# @return [Types::IntrospectOAuth2TokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
750
|
+
#
|
|
751
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#active #active} => Boolean
|
|
752
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#client_id #client_id} => String
|
|
753
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#user_id #user_id} => String
|
|
754
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#token_type #token_type} => String
|
|
755
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#exp #exp} => Integer
|
|
756
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#iat #iat} => Integer
|
|
757
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#nbf #nbf} => Integer
|
|
758
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#sub #sub} => String
|
|
759
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#aud #aud} => String
|
|
760
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#iss #iss} => String
|
|
761
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#jti #jti} => String
|
|
762
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#account_id #account_id} => String
|
|
763
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#signin_session #signin_session} => String
|
|
764
|
+
# * {Types::IntrospectOAuth2TokenWithIAMResponse#resource #resource} => String
|
|
765
|
+
#
|
|
766
|
+
# @example Request syntax with placeholder values
|
|
767
|
+
#
|
|
768
|
+
# resp = client.introspect_o_auth_2_token_with_iam({
|
|
769
|
+
# token: "IntrospectionToken", # required
|
|
770
|
+
# token_type_hint: "TokenTypeHint",
|
|
771
|
+
# })
|
|
772
|
+
#
|
|
773
|
+
# @example Response structure
|
|
774
|
+
#
|
|
775
|
+
# resp.active #=> Boolean
|
|
776
|
+
# resp.client_id #=> String
|
|
777
|
+
# resp.user_id #=> String
|
|
778
|
+
# resp.token_type #=> String
|
|
779
|
+
# resp.exp #=> Integer
|
|
780
|
+
# resp.iat #=> Integer
|
|
781
|
+
# resp.nbf #=> Integer
|
|
782
|
+
# resp.sub #=> String
|
|
783
|
+
# resp.aud #=> String
|
|
784
|
+
# resp.iss #=> String
|
|
785
|
+
# resp.jti #=> String
|
|
786
|
+
# resp.account_id #=> String
|
|
787
|
+
# resp.signin_session #=> String
|
|
788
|
+
# resp.resource #=> String
|
|
789
|
+
#
|
|
790
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAM AWS API Documentation
|
|
791
|
+
#
|
|
792
|
+
# @overload introspect_o_auth_2_token_with_iam(params = {})
|
|
793
|
+
# @param [Hash] params ({})
|
|
794
|
+
def introspect_o_auth_2_token_with_iam(params = {}, options = {})
|
|
795
|
+
req = build_request(:introspect_o_auth_2_token_with_iam, params)
|
|
796
|
+
req.send_request(options)
|
|
797
|
+
end
|
|
798
|
+
|
|
687
799
|
# Retrieve all permission statements in the account's SignIn
|
|
688
800
|
# resource-based policy
|
|
689
801
|
#
|
|
@@ -820,6 +932,39 @@ module Aws::Signin
|
|
|
820
932
|
req.send_request(options)
|
|
821
933
|
end
|
|
822
934
|
|
|
935
|
+
# Grants permission to revoke an OAuth 2.0 refresh token and its
|
|
936
|
+
# associated refresh tokens
|
|
937
|
+
#
|
|
938
|
+
# Revokes a refresh\_token issued by AWS Sign-In, invalidating the
|
|
939
|
+
# entire token chain so that the refresh\_token can no longer be used to
|
|
940
|
+
# mint new access\_tokens.
|
|
941
|
+
#
|
|
942
|
+
# Idempotency: revoking an already-revoked, expired, or otherwise
|
|
943
|
+
# invalid token still returns 200 OK with an empty body. Only the
|
|
944
|
+
# refresh\_token type is accepted.
|
|
945
|
+
#
|
|
946
|
+
# @option params [required, String] :token
|
|
947
|
+
# The refresh\_token to revoke. Must be a refresh\_token issued by AWS
|
|
948
|
+
# Sign-In (prefix "ASOR"); access\_tokens are not accepted for
|
|
949
|
+
# revocation.
|
|
950
|
+
#
|
|
951
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
952
|
+
#
|
|
953
|
+
# @example Request syntax with placeholder values
|
|
954
|
+
#
|
|
955
|
+
# resp = client.revoke_o_auth_2_token_with_iam({
|
|
956
|
+
# token: "RevocationToken", # required
|
|
957
|
+
# })
|
|
958
|
+
#
|
|
959
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAM AWS API Documentation
|
|
960
|
+
#
|
|
961
|
+
# @overload revoke_o_auth_2_token_with_iam(params = {})
|
|
962
|
+
# @param [Hash] params ({})
|
|
963
|
+
def revoke_o_auth_2_token_with_iam(params = {}, options = {})
|
|
964
|
+
req = build_request(:revoke_o_auth_2_token_with_iam, params)
|
|
965
|
+
req.send_request(options)
|
|
966
|
+
end
|
|
967
|
+
|
|
823
968
|
# @!endgroup
|
|
824
969
|
|
|
825
970
|
# @param params ({})
|
|
@@ -838,7 +983,7 @@ module Aws::Signin
|
|
|
838
983
|
tracer: tracer
|
|
839
984
|
)
|
|
840
985
|
context[:gem_name] = 'aws-sdk-core'
|
|
841
|
-
context[:gem_version] = '3.
|
|
986
|
+
context[:gem_version] = '3.253.0'
|
|
842
987
|
Seahorse::Client::Request.new(handlers, context)
|
|
843
988
|
end
|
|
844
989
|
|
|
@@ -16,8 +16,11 @@ module Aws::Signin
|
|
|
16
16
|
|
|
17
17
|
AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
|
|
18
18
|
AccessToken = Shapes::StructureShape.new(name: 'AccessToken')
|
|
19
|
+
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
|
19
20
|
AuthorizationCode = Shapes::StringShape.new(name: 'AuthorizationCode')
|
|
21
|
+
BearerTokenType = Shapes::StringShape.new(name: 'BearerTokenType')
|
|
20
22
|
Boolean = Shapes::BooleanShape.new(name: 'Boolean')
|
|
23
|
+
ClientCredentialsGrantType = Shapes::StringShape.new(name: 'ClientCredentialsGrantType')
|
|
21
24
|
ClientId = Shapes::StringShape.new(name: 'ClientId')
|
|
22
25
|
ClientToken = Shapes::StringShape.new(name: 'ClientToken')
|
|
23
26
|
CodeVerifier = Shapes::StringShape.new(name: 'CodeVerifier')
|
|
@@ -31,6 +34,9 @@ module Aws::Signin
|
|
|
31
34
|
CreateOAuth2TokenRequestBody = Shapes::StructureShape.new(name: 'CreateOAuth2TokenRequestBody')
|
|
32
35
|
CreateOAuth2TokenResponse = Shapes::StructureShape.new(name: 'CreateOAuth2TokenResponse')
|
|
33
36
|
CreateOAuth2TokenResponseBody = Shapes::StructureShape.new(name: 'CreateOAuth2TokenResponseBody')
|
|
37
|
+
CreateOAuth2TokenWithIAMRequest = Shapes::StructureShape.new(name: 'CreateOAuth2TokenWithIAMRequest')
|
|
38
|
+
CreateOAuth2TokenWithIAMRequestResourceString = Shapes::StringShape.new(name: 'CreateOAuth2TokenWithIAMRequestResourceString')
|
|
39
|
+
CreateOAuth2TokenWithIAMResponse = Shapes::StructureShape.new(name: 'CreateOAuth2TokenWithIAMResponse')
|
|
34
40
|
DeleteConsoleAuthorizationConfigurationInput = Shapes::StructureShape.new(name: 'DeleteConsoleAuthorizationConfigurationInput')
|
|
35
41
|
DeleteConsoleAuthorizationConfigurationOutput = Shapes::StructureShape.new(name: 'DeleteConsoleAuthorizationConfigurationOutput')
|
|
36
42
|
DeleteResourcePermissionStatementInput = Shapes::StructureShape.new(name: 'DeleteResourcePermissionStatementInput')
|
|
@@ -44,10 +50,16 @@ module Aws::Signin
|
|
|
44
50
|
GrantType = Shapes::StringShape.new(name: 'GrantType')
|
|
45
51
|
IdToken = Shapes::StringShape.new(name: 'IdToken')
|
|
46
52
|
InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
|
|
53
|
+
IntrospectOAuth2TokenWithIAMRequest = Shapes::StructureShape.new(name: 'IntrospectOAuth2TokenWithIAMRequest')
|
|
54
|
+
IntrospectOAuth2TokenWithIAMResponse = Shapes::StructureShape.new(name: 'IntrospectOAuth2TokenWithIAMResponse')
|
|
55
|
+
IntrospectedTokenType = Shapes::StringShape.new(name: 'IntrospectedTokenType')
|
|
56
|
+
IntrospectionToken = Shapes::StringShape.new(name: 'IntrospectionToken')
|
|
47
57
|
ListResourcePermissionStatementsInput = Shapes::StructureShape.new(name: 'ListResourcePermissionStatementsInput')
|
|
48
58
|
ListResourcePermissionStatementsOutput = Shapes::StructureShape.new(name: 'ListResourcePermissionStatementsOutput')
|
|
59
|
+
Long = Shapes::IntegerShape.new(name: 'Long')
|
|
49
60
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
|
50
61
|
OAuth2ErrorCode = Shapes::StringShape.new(name: 'OAuth2ErrorCode')
|
|
62
|
+
OAuthAccessToken = Shapes::StringShape.new(name: 'OAuthAccessToken')
|
|
51
63
|
PermissionStatementSummaries = Shapes::ListShape.new(name: 'PermissionStatementSummaries')
|
|
52
64
|
PermissionStatementSummary = Shapes::StructureShape.new(name: 'PermissionStatementSummary')
|
|
53
65
|
PolicyActions = Shapes::ListShape.new(name: 'PolicyActions')
|
|
@@ -62,6 +74,9 @@ module Aws::Signin
|
|
|
62
74
|
RefreshToken = Shapes::StringShape.new(name: 'RefreshToken')
|
|
63
75
|
RequestedRegion = Shapes::StringShape.new(name: 'RequestedRegion')
|
|
64
76
|
ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
|
|
77
|
+
RevocationToken = Shapes::StringShape.new(name: 'RevocationToken')
|
|
78
|
+
RevokeOAuth2TokenWithIAMRequest = Shapes::StructureShape.new(name: 'RevokeOAuth2TokenWithIAMRequest')
|
|
79
|
+
RevokeOAuth2TokenWithIAMResponse = Shapes::StructureShape.new(name: 'RevokeOAuth2TokenWithIAMResponse')
|
|
65
80
|
ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
|
|
66
81
|
SigninResourceBasedPolicy = Shapes::StructureShape.new(name: 'SigninResourceBasedPolicy')
|
|
67
82
|
SourceIp = Shapes::StringShape.new(name: 'SourceIp')
|
|
@@ -70,7 +85,9 @@ module Aws::Signin
|
|
|
70
85
|
StatementId = Shapes::StringShape.new(name: 'StatementId')
|
|
71
86
|
String = Shapes::StringShape.new(name: 'String')
|
|
72
87
|
TargetId = Shapes::StringShape.new(name: 'TargetId')
|
|
88
|
+
TokenExpiresIn = Shapes::IntegerShape.new(name: 'TokenExpiresIn')
|
|
73
89
|
TokenType = Shapes::StringShape.new(name: 'TokenType')
|
|
90
|
+
TokenTypeHint = Shapes::StringShape.new(name: 'TokenTypeHint')
|
|
74
91
|
TooManyRequestsError = Shapes::StructureShape.new(name: 'TooManyRequestsError')
|
|
75
92
|
ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
|
|
76
93
|
VpcSourceIp = Shapes::StringShape.new(name: 'VpcSourceIp')
|
|
@@ -121,6 +138,15 @@ module Aws::Signin
|
|
|
121
138
|
CreateOAuth2TokenResponseBody.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken"))
|
|
122
139
|
CreateOAuth2TokenResponseBody.struct_class = Types::CreateOAuth2TokenResponseBody
|
|
123
140
|
|
|
141
|
+
CreateOAuth2TokenWithIAMRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: ClientCredentialsGrantType, required: true, location_name: "grant_type"))
|
|
142
|
+
CreateOAuth2TokenWithIAMRequest.add_member(:resource, Shapes::ShapeRef.new(shape: CreateOAuth2TokenWithIAMRequestResourceString, required: true, location_name: "resource"))
|
|
143
|
+
CreateOAuth2TokenWithIAMRequest.struct_class = Types::CreateOAuth2TokenWithIAMRequest
|
|
144
|
+
|
|
145
|
+
CreateOAuth2TokenWithIAMResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: OAuthAccessToken, required: true, location_name: "access_token"))
|
|
146
|
+
CreateOAuth2TokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: BearerTokenType, required: true, location_name: "token_type"))
|
|
147
|
+
CreateOAuth2TokenWithIAMResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: TokenExpiresIn, required: true, location_name: "expires_in"))
|
|
148
|
+
CreateOAuth2TokenWithIAMResponse.struct_class = Types::CreateOAuth2TokenWithIAMResponse
|
|
149
|
+
|
|
124
150
|
DeleteConsoleAuthorizationConfigurationInput.add_member(:target_id, Shapes::ShapeRef.new(shape: TargetId, location_name: "targetId"))
|
|
125
151
|
DeleteConsoleAuthorizationConfigurationInput.struct_class = Types::DeleteConsoleAuthorizationConfigurationInput
|
|
126
152
|
|
|
@@ -152,6 +178,26 @@ module Aws::Signin
|
|
|
152
178
|
InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
|
153
179
|
InternalServerException.struct_class = Types::InternalServerException
|
|
154
180
|
|
|
181
|
+
IntrospectOAuth2TokenWithIAMRequest.add_member(:token, Shapes::ShapeRef.new(shape: IntrospectionToken, required: true, location_name: "token"))
|
|
182
|
+
IntrospectOAuth2TokenWithIAMRequest.add_member(:token_type_hint, Shapes::ShapeRef.new(shape: TokenTypeHint, location_name: "token_type_hint"))
|
|
183
|
+
IntrospectOAuth2TokenWithIAMRequest.struct_class = Types::IntrospectOAuth2TokenWithIAMRequest
|
|
184
|
+
|
|
185
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:active, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "active"))
|
|
186
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:client_id, Shapes::ShapeRef.new(shape: String, location_name: "client_id"))
|
|
187
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:user_id, Shapes::ShapeRef.new(shape: String, location_name: "user_id"))
|
|
188
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: IntrospectedTokenType, location_name: "token_type"))
|
|
189
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:exp, Shapes::ShapeRef.new(shape: Long, location_name: "exp"))
|
|
190
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:iat, Shapes::ShapeRef.new(shape: Long, location_name: "iat"))
|
|
191
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:nbf, Shapes::ShapeRef.new(shape: Long, location_name: "nbf"))
|
|
192
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:sub, Shapes::ShapeRef.new(shape: String, location_name: "sub"))
|
|
193
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:aud, Shapes::ShapeRef.new(shape: String, location_name: "aud"))
|
|
194
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:iss, Shapes::ShapeRef.new(shape: String, location_name: "iss"))
|
|
195
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:jti, Shapes::ShapeRef.new(shape: String, location_name: "jti"))
|
|
196
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "account_id"))
|
|
197
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:signin_session, Shapes::ShapeRef.new(shape: String, location_name: "signin_session"))
|
|
198
|
+
IntrospectOAuth2TokenWithIAMResponse.add_member(:resource, Shapes::ShapeRef.new(shape: String, location_name: "resource"))
|
|
199
|
+
IntrospectOAuth2TokenWithIAMResponse.struct_class = Types::IntrospectOAuth2TokenWithIAMResponse
|
|
200
|
+
|
|
155
201
|
ListResourcePermissionStatementsInput.add_member(:max_results, Shapes::ShapeRef.new(shape: ConsolePermissionMaxResults, location_name: "maxResults"))
|
|
156
202
|
ListResourcePermissionStatementsInput.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
|
|
157
203
|
ListResourcePermissionStatementsInput.struct_class = Types::ListResourcePermissionStatementsInput
|
|
@@ -205,6 +251,11 @@ module Aws::Signin
|
|
|
205
251
|
ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
|
206
252
|
ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
|
|
207
253
|
|
|
254
|
+
RevokeOAuth2TokenWithIAMRequest.add_member(:token, Shapes::ShapeRef.new(shape: RevocationToken, required: true, location_name: "token"))
|
|
255
|
+
RevokeOAuth2TokenWithIAMRequest.struct_class = Types::RevokeOAuth2TokenWithIAMRequest
|
|
256
|
+
|
|
257
|
+
RevokeOAuth2TokenWithIAMResponse.struct_class = Types::RevokeOAuth2TokenWithIAMResponse
|
|
258
|
+
|
|
208
259
|
ServiceQuotaExceededException.add_member(:error, Shapes::ShapeRef.new(shape: OAuth2ErrorCode, required: true, location_name: "error"))
|
|
209
260
|
ServiceQuotaExceededException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
|
210
261
|
ServiceQuotaExceededException.struct_class = Types::ServiceQuotaExceededException
|
|
@@ -254,6 +305,18 @@ module Aws::Signin
|
|
|
254
305
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
255
306
|
end)
|
|
256
307
|
|
|
308
|
+
api.add_operation(:create_o_auth_2_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
|
|
309
|
+
o.name = "CreateOAuth2TokenWithIAM"
|
|
310
|
+
o.http_method = "POST"
|
|
311
|
+
o.http_request_uri = "/v1/token?x-amz-client-auth-method=iam"
|
|
312
|
+
o.input = Shapes::ShapeRef.new(shape: CreateOAuth2TokenWithIAMRequest)
|
|
313
|
+
o.output = Shapes::ShapeRef.new(shape: CreateOAuth2TokenWithIAMResponse)
|
|
314
|
+
o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsError)
|
|
315
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
316
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
317
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
318
|
+
end)
|
|
319
|
+
|
|
257
320
|
api.add_operation(:delete_console_authorization_configuration, Seahorse::Model::Operation.new.tap do |o|
|
|
258
321
|
o.name = "DeleteConsoleAuthorizationConfiguration"
|
|
259
322
|
o.http_method = "POST"
|
|
@@ -305,6 +368,18 @@ module Aws::Signin
|
|
|
305
368
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
306
369
|
end)
|
|
307
370
|
|
|
371
|
+
api.add_operation(:introspect_o_auth_2_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
|
|
372
|
+
o.name = "IntrospectOAuth2TokenWithIAM"
|
|
373
|
+
o.http_method = "POST"
|
|
374
|
+
o.http_request_uri = "/v1/introspect?x-amz-client-auth-method=iam"
|
|
375
|
+
o.input = Shapes::ShapeRef.new(shape: IntrospectOAuth2TokenWithIAMRequest)
|
|
376
|
+
o.output = Shapes::ShapeRef.new(shape: IntrospectOAuth2TokenWithIAMResponse)
|
|
377
|
+
o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsError)
|
|
378
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
379
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
380
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
381
|
+
end)
|
|
382
|
+
|
|
308
383
|
api.add_operation(:list_resource_permission_statements, Seahorse::Model::Operation.new.tap do |o|
|
|
309
384
|
o.name = "ListResourcePermissionStatements"
|
|
310
385
|
o.http_method = "POST"
|
|
@@ -351,6 +426,18 @@ module Aws::Signin
|
|
|
351
426
|
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
352
427
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
353
428
|
end)
|
|
429
|
+
|
|
430
|
+
api.add_operation(:revoke_o_auth_2_token_with_iam, Seahorse::Model::Operation.new.tap do |o|
|
|
431
|
+
o.name = "RevokeOAuth2TokenWithIAM"
|
|
432
|
+
o.http_method = "POST"
|
|
433
|
+
o.http_request_uri = "/v1/revoke?x-amz-client-auth-method=iam"
|
|
434
|
+
o.input = Shapes::ShapeRef.new(shape: RevokeOAuth2TokenWithIAMRequest)
|
|
435
|
+
o.output = Shapes::ShapeRef.new(shape: RevokeOAuth2TokenWithIAMResponse)
|
|
436
|
+
o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsError)
|
|
437
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
438
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
439
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
440
|
+
end)
|
|
354
441
|
end
|
|
355
442
|
|
|
356
443
|
end
|
|
@@ -35,12 +35,18 @@ module Aws::Signin
|
|
|
35
35
|
#
|
|
36
36
|
# @return [boolean]
|
|
37
37
|
#
|
|
38
|
+
# @!attribute is_o_auth_endpoint
|
|
39
|
+
# Indicates if the operation targets the OAuth token endpoint
|
|
40
|
+
#
|
|
41
|
+
# @return [boolean]
|
|
42
|
+
#
|
|
38
43
|
EndpointParameters = Struct.new(
|
|
39
44
|
:use_dual_stack,
|
|
40
45
|
:use_fips,
|
|
41
46
|
:endpoint,
|
|
42
47
|
:region,
|
|
43
48
|
:is_control_plane,
|
|
49
|
+
:is_o_auth_endpoint,
|
|
44
50
|
) do
|
|
45
51
|
include Aws::Structure
|
|
46
52
|
|
|
@@ -52,6 +58,7 @@ module Aws::Signin
|
|
|
52
58
|
'Endpoint' => :endpoint,
|
|
53
59
|
'Region' => :region,
|
|
54
60
|
'IsControlPlane' => :is_control_plane,
|
|
61
|
+
'IsOAuthEndpoint' => :is_o_auth_endpoint,
|
|
55
62
|
}.freeze
|
|
56
63
|
end
|
|
57
64
|
|
|
@@ -63,6 +70,7 @@ module Aws::Signin
|
|
|
63
70
|
self[:endpoint] = options[:endpoint]
|
|
64
71
|
self[:region] = options[:region]
|
|
65
72
|
self[:is_control_plane] = options[:is_control_plane]
|
|
73
|
+
self[:is_o_auth_endpoint] = options[:is_o_auth_endpoint]
|
|
66
74
|
end
|
|
67
75
|
|
|
68
76
|
def self.create(config, options={})
|
|
@@ -19,6 +19,12 @@ module Aws::Signin
|
|
|
19
19
|
end
|
|
20
20
|
return Aws::Endpoints::Endpoint.new(url: "https://signin.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "signin", "signingRegion" => "#{parameters.region}"}]})
|
|
21
21
|
end
|
|
22
|
+
if Aws::Endpoints::Matchers.set?(parameters.is_o_auth_endpoint) && Aws::Endpoints::Matchers.boolean_equals?(parameters.is_o_auth_endpoint, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
|
|
23
|
+
raise ArgumentError, "FIPS endpoints are not supported for OAuth operations. Disable FIPS or use a non-OAuth operation."
|
|
24
|
+
end
|
|
25
|
+
if Aws::Endpoints::Matchers.set?(parameters.is_o_auth_endpoint) && Aws::Endpoints::Matchers.boolean_equals?(parameters.is_o_auth_endpoint, true) && Aws::Endpoints::Matchers.set?(parameters.region) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
|
|
26
|
+
return Aws::Endpoints::Endpoint.new(url: "https://#{parameters.region}.oauth.signin.aws", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "signin", "signingRegion" => "#{parameters.region}"}]})
|
|
27
|
+
end
|
|
22
28
|
if Aws::Endpoints::Matchers.set?(parameters.region) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, false) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
|
|
23
29
|
return Aws::Endpoints::Endpoint.new(url: "https://#{parameters.region}.signin.aws.amazon.com", headers: {}, properties: {})
|
|
24
30
|
end
|
|
@@ -12,6 +12,15 @@ module Aws::Signin
|
|
|
12
12
|
# @api private
|
|
13
13
|
module Endpoints
|
|
14
14
|
|
|
15
|
+
class CreateOAuth2TokenWithIAM
|
|
16
|
+
def self.build(context)
|
|
17
|
+
Aws::Signin::EndpointParameters.create(
|
|
18
|
+
context.config,
|
|
19
|
+
is_o_auth_endpoint: true,
|
|
20
|
+
)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
15
24
|
class DeleteConsoleAuthorizationConfiguration
|
|
16
25
|
def self.build(context)
|
|
17
26
|
Aws::Signin::EndpointParameters.create(
|
|
@@ -48,6 +57,15 @@ module Aws::Signin
|
|
|
48
57
|
end
|
|
49
58
|
end
|
|
50
59
|
|
|
60
|
+
class IntrospectOAuth2TokenWithIAM
|
|
61
|
+
def self.build(context)
|
|
62
|
+
Aws::Signin::EndpointParameters.create(
|
|
63
|
+
context.config,
|
|
64
|
+
is_o_auth_endpoint: true,
|
|
65
|
+
)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
51
69
|
class ListResourcePermissionStatements
|
|
52
70
|
def self.build(context)
|
|
53
71
|
Aws::Signin::EndpointParameters.create(
|
|
@@ -75,9 +93,20 @@ module Aws::Signin
|
|
|
75
93
|
end
|
|
76
94
|
end
|
|
77
95
|
|
|
96
|
+
class RevokeOAuth2TokenWithIAM
|
|
97
|
+
def self.build(context)
|
|
98
|
+
Aws::Signin::EndpointParameters.create(
|
|
99
|
+
context.config,
|
|
100
|
+
is_o_auth_endpoint: true,
|
|
101
|
+
)
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
78
105
|
|
|
79
106
|
def self.parameters_for_operation(context)
|
|
80
107
|
case context.operation_name
|
|
108
|
+
when :create_o_auth_2_token_with_iam
|
|
109
|
+
CreateOAuth2TokenWithIAM.build(context)
|
|
81
110
|
when :delete_console_authorization_configuration
|
|
82
111
|
DeleteConsoleAuthorizationConfiguration.build(context)
|
|
83
112
|
when :delete_resource_permission_statement
|
|
@@ -86,12 +115,16 @@ module Aws::Signin
|
|
|
86
115
|
GetConsoleAuthorizationConfiguration.build(context)
|
|
87
116
|
when :get_resource_policy
|
|
88
117
|
GetResourcePolicy.build(context)
|
|
118
|
+
when :introspect_o_auth_2_token_with_iam
|
|
119
|
+
IntrospectOAuth2TokenWithIAM.build(context)
|
|
89
120
|
when :list_resource_permission_statements
|
|
90
121
|
ListResourcePermissionStatements.build(context)
|
|
91
122
|
when :put_console_authorization_configuration
|
|
92
123
|
PutConsoleAuthorizationConfiguration.build(context)
|
|
93
124
|
when :put_resource_permission_statement
|
|
94
125
|
PutResourcePermissionStatement.build(context)
|
|
126
|
+
when :revoke_o_auth_2_token_with_iam
|
|
127
|
+
RevokeOAuth2TokenWithIAM.build(context)
|
|
95
128
|
else
|
|
96
129
|
Aws::Signin::EndpointParameters.create(context.config)
|
|
97
130
|
end
|
data/lib/aws-sdk-signin/types.rb
CHANGED
|
@@ -45,9 +45,7 @@ module Aws::Signin
|
|
|
45
45
|
|
|
46
46
|
# AWS credentials structure containing temporary access credentials
|
|
47
47
|
#
|
|
48
|
-
#
|
|
49
|
-
# be based on CLI policy (CLI team needs to create it). Similar to cloud
|
|
50
|
-
# shell implementation.
|
|
48
|
+
# Scoped, temporary AWS credentials with a 15-minute duration.
|
|
51
49
|
#
|
|
52
50
|
# @!attribute [rw] access_key_id
|
|
53
51
|
# AWS access key ID for temporary credentials
|
|
@@ -232,6 +230,55 @@ module Aws::Signin
|
|
|
232
230
|
include Aws::Structure
|
|
233
231
|
end
|
|
234
232
|
|
|
233
|
+
# Input structure for CreateOAuth2TokenWithIAM operation
|
|
234
|
+
#
|
|
235
|
+
# @!attribute [rw] grant_type
|
|
236
|
+
# OAuth 2.0 grant type. Must be "client\_credentials".
|
|
237
|
+
# @return [String]
|
|
238
|
+
#
|
|
239
|
+
# @!attribute [rw] resource
|
|
240
|
+
# The OAuth resource for which the access token is requested. Example:
|
|
241
|
+
# "aws-mcp.amazonaws.com".
|
|
242
|
+
# @return [String]
|
|
243
|
+
#
|
|
244
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAMRequest AWS API Documentation
|
|
245
|
+
#
|
|
246
|
+
class CreateOAuth2TokenWithIAMRequest < Struct.new(
|
|
247
|
+
:grant_type,
|
|
248
|
+
:resource)
|
|
249
|
+
SENSITIVE = []
|
|
250
|
+
include Aws::Structure
|
|
251
|
+
end
|
|
252
|
+
|
|
253
|
+
# Output structure for CreateOAuth2TokenWithIAM operation
|
|
254
|
+
#
|
|
255
|
+
# Contains the JWT access token, token type, and expiration per RFC 6749
|
|
256
|
+
# §5.1.
|
|
257
|
+
#
|
|
258
|
+
# @!attribute [rw] access_token
|
|
259
|
+
# JWT access token containing principal identity, resource scope, and
|
|
260
|
+
# session metadata
|
|
261
|
+
# @return [String]
|
|
262
|
+
#
|
|
263
|
+
# @!attribute [rw] token_type
|
|
264
|
+
# Always "Bearer" per OAuth 2.1 specification
|
|
265
|
+
# @return [String]
|
|
266
|
+
#
|
|
267
|
+
# @!attribute [rw] expires_in
|
|
268
|
+
# Token lifetime in seconds. Value is the minimum of session validity
|
|
269
|
+
# and 1 hour.
|
|
270
|
+
# @return [Integer]
|
|
271
|
+
#
|
|
272
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAMResponse AWS API Documentation
|
|
273
|
+
#
|
|
274
|
+
class CreateOAuth2TokenWithIAMResponse < Struct.new(
|
|
275
|
+
:access_token,
|
|
276
|
+
:token_type,
|
|
277
|
+
:expires_in)
|
|
278
|
+
SENSITIVE = [:access_token]
|
|
279
|
+
include Aws::Structure
|
|
280
|
+
end
|
|
281
|
+
|
|
235
282
|
# Input for DeleteConsoleAuthorizationConfiguration operation
|
|
236
283
|
#
|
|
237
284
|
# @!attribute [rw] target_id
|
|
@@ -384,6 +431,125 @@ module Aws::Signin
|
|
|
384
431
|
include Aws::Structure
|
|
385
432
|
end
|
|
386
433
|
|
|
434
|
+
# Input structure for IntrospectOAuth2TokenWithIAM operation
|
|
435
|
+
#
|
|
436
|
+
# RFC 7662 §2.1 introspection request. Contains the token to inspect and
|
|
437
|
+
# an optional hint about the token's type.
|
|
438
|
+
#
|
|
439
|
+
# @!attribute [rw] token
|
|
440
|
+
# The string value of the token to introspect. May be either an
|
|
441
|
+
# access\_token or a refresh\_token issued by AWS Sign-In.
|
|
442
|
+
# @return [String]
|
|
443
|
+
#
|
|
444
|
+
# @!attribute [rw] token_type_hint
|
|
445
|
+
# Optional hint about the type of the token submitted for
|
|
446
|
+
# introspection. The server uses this hint to optimize lookup, but
|
|
447
|
+
# still falls back to the other token type on miss. Allowed values:
|
|
448
|
+
# access\_token, refresh\_token.
|
|
449
|
+
# @return [String]
|
|
450
|
+
#
|
|
451
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAMRequest AWS API Documentation
|
|
452
|
+
#
|
|
453
|
+
class IntrospectOAuth2TokenWithIAMRequest < Struct.new(
|
|
454
|
+
:token,
|
|
455
|
+
:token_type_hint)
|
|
456
|
+
SENSITIVE = [:token]
|
|
457
|
+
include Aws::Structure
|
|
458
|
+
end
|
|
459
|
+
|
|
460
|
+
# Output structure for IntrospectOAuth2TokenWithIAM operation
|
|
461
|
+
#
|
|
462
|
+
# RFC 7662 §2.2 introspection response. Only `active` is required; all
|
|
463
|
+
# other claims are omitted when the token is inactive.
|
|
464
|
+
#
|
|
465
|
+
# @!attribute [rw] active
|
|
466
|
+
# Indicates whether the token is currently active. `true` only when
|
|
467
|
+
# the token is valid, has not expired, has not been revoked, and
|
|
468
|
+
# belongs to the caller's account.
|
|
469
|
+
# @return [Boolean]
|
|
470
|
+
#
|
|
471
|
+
# @!attribute [rw] client_id
|
|
472
|
+
# Client identifier for the OAuth 2.0 client that requested the token.
|
|
473
|
+
# @return [String]
|
|
474
|
+
#
|
|
475
|
+
# @!attribute [rw] user_id
|
|
476
|
+
# User identifier matching sts:GetCallerIdentity's `UserId` field for
|
|
477
|
+
# the token's subject principal (e.g. "AIDAEXAMPLE" for an IAM user,
|
|
478
|
+
# or "AROAEXAMPLE:session-name" for an assumed role).
|
|
479
|
+
# @return [String]
|
|
480
|
+
#
|
|
481
|
+
# @!attribute [rw] token_type
|
|
482
|
+
# Indicates which kind of token was introspected. One of
|
|
483
|
+
# "access\_token" or "refresh\_token".
|
|
484
|
+
# @return [String]
|
|
485
|
+
#
|
|
486
|
+
# @!attribute [rw] exp
|
|
487
|
+
# Token expiration time as a NumericDate (Unix epoch seconds).
|
|
488
|
+
# @return [Integer]
|
|
489
|
+
#
|
|
490
|
+
# @!attribute [rw] iat
|
|
491
|
+
# Token issuance time as a NumericDate (Unix epoch seconds).
|
|
492
|
+
# @return [Integer]
|
|
493
|
+
#
|
|
494
|
+
# @!attribute [rw] nbf
|
|
495
|
+
# Token "not before" time as a NumericDate (Unix epoch seconds).
|
|
496
|
+
# @return [Integer]
|
|
497
|
+
#
|
|
498
|
+
# @!attribute [rw] sub
|
|
499
|
+
# Subject of the token: the IAM principal ARN. For assumed-role
|
|
500
|
+
# sessions, this is the session ARN (matches sts:GetCallerIdentity's
|
|
501
|
+
# `Arn` field), e.g.
|
|
502
|
+
# arn:aws:sts::123456789012:assumed-role/MyRole/session-name.
|
|
503
|
+
# @return [String]
|
|
504
|
+
#
|
|
505
|
+
# @!attribute [rw] aud
|
|
506
|
+
# Audience of the token: the OAuth resource the token is scoped to
|
|
507
|
+
# (for example, "aws-mcp.amazonaws.com"). Omitted for refresh tokens.
|
|
508
|
+
# @return [String]
|
|
509
|
+
#
|
|
510
|
+
# @!attribute [rw] iss
|
|
511
|
+
# Issuer of the token. Always "signin.amazonaws.com" for AWS Sign-In.
|
|
512
|
+
# @return [String]
|
|
513
|
+
#
|
|
514
|
+
# @!attribute [rw] jti
|
|
515
|
+
# Unique identifier for the token.
|
|
516
|
+
# @return [String]
|
|
517
|
+
#
|
|
518
|
+
# @!attribute [rw] account_id
|
|
519
|
+
# 12-digit AWS account ID of the token's subject principal.
|
|
520
|
+
# @return [String]
|
|
521
|
+
#
|
|
522
|
+
# @!attribute [rw] signin_session
|
|
523
|
+
# AWS Sign-In session ARN bound to the token, of the form
|
|
524
|
+
# arn:aws:signin:\{region}:\{account}:session/\{uuid}.
|
|
525
|
+
# @return [String]
|
|
526
|
+
#
|
|
527
|
+
# @!attribute [rw] resource
|
|
528
|
+
# The OAuth resource the token is scoped to during Human OAuth flow.
|
|
529
|
+
# Only present for refresh token introspection.
|
|
530
|
+
# @return [String]
|
|
531
|
+
#
|
|
532
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAMResponse AWS API Documentation
|
|
533
|
+
#
|
|
534
|
+
class IntrospectOAuth2TokenWithIAMResponse < Struct.new(
|
|
535
|
+
:active,
|
|
536
|
+
:client_id,
|
|
537
|
+
:user_id,
|
|
538
|
+
:token_type,
|
|
539
|
+
:exp,
|
|
540
|
+
:iat,
|
|
541
|
+
:nbf,
|
|
542
|
+
:sub,
|
|
543
|
+
:aud,
|
|
544
|
+
:iss,
|
|
545
|
+
:jti,
|
|
546
|
+
:account_id,
|
|
547
|
+
:signin_session,
|
|
548
|
+
:resource)
|
|
549
|
+
SENSITIVE = []
|
|
550
|
+
include Aws::Structure
|
|
551
|
+
end
|
|
552
|
+
|
|
387
553
|
# Input for ListResourcePermissionStatements operation
|
|
388
554
|
#
|
|
389
555
|
# @!attribute [rw] max_results
|
|
@@ -605,6 +771,34 @@ module Aws::Signin
|
|
|
605
771
|
include Aws::Structure
|
|
606
772
|
end
|
|
607
773
|
|
|
774
|
+
# Input structure for RevokeOAuth2TokenWithIAM operation
|
|
775
|
+
#
|
|
776
|
+
# RFC 7009 §2.1 revocation request. Contains the refresh\_token to
|
|
777
|
+
# revoke.
|
|
778
|
+
#
|
|
779
|
+
# @!attribute [rw] token
|
|
780
|
+
# The refresh\_token to revoke. Must be a refresh\_token issued by AWS
|
|
781
|
+
# Sign-In (prefix "ASOR"); access\_tokens are not accepted for
|
|
782
|
+
# revocation.
|
|
783
|
+
# @return [String]
|
|
784
|
+
#
|
|
785
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAMRequest AWS API Documentation
|
|
786
|
+
#
|
|
787
|
+
class RevokeOAuth2TokenWithIAMRequest < Struct.new(
|
|
788
|
+
:token)
|
|
789
|
+
SENSITIVE = [:token]
|
|
790
|
+
include Aws::Structure
|
|
791
|
+
end
|
|
792
|
+
|
|
793
|
+
# Output structure for RevokeOAuth2TokenWithIAM operation
|
|
794
|
+
#
|
|
795
|
+
# RFC 7009 §2.2 revocation response. The endpoint returns 200 OK with an
|
|
796
|
+
# empty body on success; there are no response fields.
|
|
797
|
+
#
|
|
798
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAMResponse AWS API Documentation
|
|
799
|
+
#
|
|
800
|
+
class RevokeOAuth2TokenWithIAMResponse < Aws::EmptyStructure; end
|
|
801
|
+
|
|
608
802
|
# Error thrown when service quota is exceeded
|
|
609
803
|
#
|
|
610
804
|
# HTTP Status Code: 402 Payment Required (used as quota exceeded
|
data/lib/aws-sdk-signin.rb
CHANGED
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-ssooidc.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
data/lib/aws-sdk-sts.rb
CHANGED