aws-sdk-verifiedpermissions 1.17.0 → 1.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b52c7f0f2d0fc36365fa7d6a442e98d0b4d8b0871756f162828120591adbb81
-  data.tar.gz: 25bf1e568d51a4c6a0b6fbf9ac69601709e5b7f144361fd65de49aeb3c50a8e9
+  metadata.gz: 41ef019fc552dd6626faca87c604b2cd2cd0b13692e009f58e9de726acef3ef3
+  data.tar.gz: 76e66a78cfd4c1b5b5b74a38bddbaa1e2a189135e8f1946d903b3667fcb8fdf5
 SHA512:
-  metadata.gz: 77b942c30fe485927fb5aa5de494fc1778a841541e4ae65cc20f373cbb41543f3788ee20cbc2a86b9efd666a0a99ad6121abdb93a04ccc8f6167dd2b5f6d2032
-  data.tar.gz: e231e37a9348a4156382538ea5bc284ad6a37cc8892f61cdf89d67c11cdfd74ca6a835d3140b73db4863aeb8733107ae502c9a3b7716158b8c06ce6e5d02601d
+  metadata.gz: acaaa4a7d0b3f7e070f2c4698ca8a01d05eed0e24895a31986988b91e774c92dee3699be18d1b05715c57e9ccc5ae61c26affe541dc511885116b714105cfae7
+  data.tar.gz: 45e7982d0a52044b48edfd68082997fab982e3b5a236ac9aed1aaf4e0b84c86935fc32e5cf809ebec0403e4c0e559a59cb06eaba5919a6c0571cc4fa80b5f300

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.19.0 (2024-04-05)
+------------------
+
+* Feature - Adding BatchIsAuthorizedWithToken API which supports multiple authorization requests against a PolicyStore given a bearer token.
+
+1.18.0 (2024-04-04)
+------------------
+
+* Feature - Adds GroupConfiguration field to Identity Source API's
+
 1.17.0 (2024-03-06)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.17.0
+1.19.0

data/lib/aws-sdk-verifiedpermissions/client.rb

@@ -518,6 +518,152 @@ module Aws::VerifiedPermissions
       req.send_request(options)
     end
 
+    # Makes a series of decisions about multiple authorization requests for
+    # one token. The principal in this request comes from an external
+    # identity source in the form of an identity or access token, formatted
+    # as a [JSON web token (JWT)][1]. The information in the parameters can
+    # also define additional context that Verified Permissions can include
+    # in the evaluations.
+    #
+    # The request is evaluated against all policies in the specified policy
+    # store that match the entities that you provide in the entities
+    # declaration and in the token. The result of the decisions is a series
+    # of `Allow` or `Deny` responses, along with the IDs of the policies
+    # that produced each decision.
+    #
+    # The `entities` of a `BatchIsAuthorizedWithToken` API request can
+    # contain up to 100 resources and up to 99 user groups. The `requests`
+    # of a `BatchIsAuthorizedWithToken` API request can contain up to 30
+    # requests.
+    #
+    # <note markdown="1"> The `BatchIsAuthorizedWithToken` operation doesn't have its own IAM
+    # permission. To authorize this operation for Amazon Web Services
+    # principals, include the permission
+    # `verifiedpermissions:IsAuthorizedWithToken` in their IAM policies.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://wikipedia.org/wiki/JSON_Web_Token
+    #
+    # @option params [required, String] :policy_store_id
+    #   Specifies the ID of the policy store. Policies in this policy store
+    #   will be used to make an authorization decision for the input.
+    #
+    # @option params [String] :identity_token
+    #   Specifies an identity (ID) token for the principal that you want to
+    #   authorize in each request. This token is provided to you by the
+    #   identity provider (IdP) associated with the specified identity source.
+    #   You must specify either an `accessToken`, an `identityToken`, or both.
+    #
+    #   Must be an ID token. Verified Permissions returns an error if the
+    #   `token_use` claim in the submitted token isn't `id`.
+    #
+    # @option params [String] :access_token
+    #   Specifies an access token for the principal that you want to authorize
+    #   in each request. This token is provided to you by the identity
+    #   provider (IdP) associated with the specified identity source. You must
+    #   specify either an `accessToken`, an `identityToken`, or both.
+    #
+    #   Must be an access token. Verified Permissions returns an error if the
+    #   `token_use` claim in the submitted token isn't `access`.
+    #
+    # @option params [Types::EntitiesDefinition] :entities
+    #   Specifies the list of resources and their associated attributes that
+    #   Verified Permissions can examine when evaluating the policies.
+    #
+    #   You can't include principals in this parameter, only resource and
+    #   action entities. This parameter can't include any entities of a type
+    #   that matches the user or group entity types that you defined in your
+    #   identity source.
+    #
+    #    * The `BatchIsAuthorizedWithToken` operation takes principal
+    #     attributes from <b> <i>only</i> </b> the `identityToken` or
+    #     `accessToken` passed to the operation.
+    #
+    #   * For action entities, you can include only their `Identifier` and
+    #     `EntityType`.
+    #
+    # @option params [required, Array<Types::BatchIsAuthorizedWithTokenInputItem>] :requests
+    #   An array of up to 30 requests that you want Verified Permissions to
+    #   evaluate.
+    #
+    # @return [Types::BatchIsAuthorizedWithTokenOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchIsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
+    #   * {Types::BatchIsAuthorizedWithTokenOutput#results #results} => Array&lt;Types::BatchIsAuthorizedWithTokenOutputItem&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_is_authorized_with_token({
+    #     policy_store_id: "PolicyStoreId", # required
+    #     identity_token: "Token",
+    #     access_token: "Token",
+    #     entities: {
+    #       entity_list: [
+    #         {
+    #           identifier: { # required
+    #             entity_type: "EntityType", # required
+    #             entity_id: "EntityId", # required
+    #           },
+    #           attributes: {
+    #             "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
+    #           },
+    #           parents: [
+    #             {
+    #               entity_type: "EntityType", # required
+    #               entity_id: "EntityId", # required
+    #             },
+    #           ],
+    #         },
+    #       ],
+    #     },
+    #     requests: [ # required
+    #       {
+    #         action: {
+    #           action_type: "ActionType", # required
+    #           action_id: "ActionId", # required
+    #         },
+    #         resource: {
+    #           entity_type: "EntityType", # required
+    #           entity_id: "EntityId", # required
+    #         },
+    #         context: {
+    #           context_map: {
+    #             "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
+    #           },
+    #         },
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.principal.entity_type #=> String
+    #   resp.principal.entity_id #=> String
+    #   resp.results #=> Array
+    #   resp.results[0].request.action.action_type #=> String
+    #   resp.results[0].request.action.action_id #=> String
+    #   resp.results[0].request.resource.entity_type #=> String
+    #   resp.results[0].request.resource.entity_id #=> String
+    #   resp.results[0].request.context.context_map #=> Hash
+    #   resp.results[0].request.context.context_map["String"] #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
+    #   resp.results[0].decision #=> String, one of "ALLOW", "DENY"
+    #   resp.results[0].determining_policies #=> Array
+    #   resp.results[0].determining_policies[0].policy_id #=> String
+    #   resp.results[0].errors #=> Array
+    #   resp.results[0].errors[0].error_description #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedWithToken AWS API Documentation
+    #
+    # @overload batch_is_authorized_with_token(params = {})
+    # @param [Hash] params ({})
+    def batch_is_authorized_with_token(params = {}, options = {})
+      req = build_request(:batch_is_authorized_with_token, params)
+      req.send_request(options)
+    end
+
     # Creates a reference to an Amazon Cognito user pool as an external
     # identity provider (IdP).
     #
@@ -627,6 +773,9 @@ module Aws::VerifiedPermissions
     #       cognito_user_pool_configuration: {
     #         user_pool_arn: "UserPoolArn", # required
     #         client_ids: ["ClientId"],
+    #         group_configuration: {
+    #           group_entity_type: "GroupEntityType", # required
+    #         },
     #       },
     #     },
     #     principal_entity_type: "PrincipalEntityType",
@@ -1117,6 +1266,7 @@ module Aws::VerifiedPermissions
     #   resp.configuration.cognito_user_pool_configuration.client_ids #=> Array
     #   resp.configuration.cognito_user_pool_configuration.client_ids[0] #=> String
     #   resp.configuration.cognito_user_pool_configuration.issuer #=> String
+    #   resp.configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource AWS API Documentation
     #
@@ -1417,14 +1567,6 @@ module Aws::VerifiedPermissions
     # `Allow` or `Deny`, along with a list of the policies that resulted in
     # the decision.
     #
-    # If you specify the `identityToken` parameter, then this operation
-    # derives the principal from that token. You must not also include that
-    # principal in the `entities` parameter or the operation fails and
-    # reports a conflict between the two entity sources.
-    #
-    #  If you provide only an `accessToken`, then you can include the entity
-    # as part of the `entities` parameter to provide additional attributes.
-    #
     # At this time, Verified Permissions accepts tokens from only Amazon
     # Cognito.
     #
@@ -1478,8 +1620,10 @@ module Aws::VerifiedPermissions
     #   Specifies the list of resources and their associated attributes that
     #   Verified Permissions can examine when evaluating the policies.
     #
-    #   <note markdown="1"> You can include only resource and action entities in this parameter;
-    #   you can't include principals.
+    #   You can't include principals in this parameter, only resource and
+    #   action entities. This parameter can't include any entities of a type
+    #   that matches the user or group entity types that you defined in your
+    #   identity source.
     #
     #    * The `IsAuthorizedWithToken` operation takes principal attributes
     #     from <b> <i>only</i> </b> the `identityToken` or `accessToken`
@@ -1488,13 +1632,12 @@ module Aws::VerifiedPermissions
     #   * For action entities, you can include only their `Identifier` and
     #     `EntityType`.
     #
-    #    </note>
-    #
     # @return [Types::IsAuthorizedWithTokenOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::IsAuthorizedWithTokenOutput#decision #decision} => String
     #   * {Types::IsAuthorizedWithTokenOutput#determining_policies #determining_policies} => Array&lt;Types::DeterminingPolicyItem&gt;
     #   * {Types::IsAuthorizedWithTokenOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
+    #   * {Types::IsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
     #
     # @example Request syntax with placeholder values
     #
@@ -1543,6 +1686,8 @@ module Aws::VerifiedPermissions
     #   resp.determining_policies[0].policy_id #=> String
     #   resp.errors #=> Array
     #   resp.errors[0].error_description #=> String
+    #   resp.principal.entity_type #=> String
+    #   resp.principal.entity_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithToken AWS API Documentation
     #
@@ -1623,6 +1768,7 @@ module Aws::VerifiedPermissions
     #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.client_ids #=> Array
     #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.client_ids[0] #=> String
     #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.issuer #=> String
+    #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources AWS API Documentation
     #
@@ -1952,6 +2098,9 @@ module Aws::VerifiedPermissions
     #       cognito_user_pool_configuration: {
     #         user_pool_arn: "UserPoolArn", # required
     #         client_ids: ["ClientId"],
+    #         group_configuration: {
+    #           group_entity_type: "GroupEntityType", # required
+    #         },
     #       },
     #     },
     #     principal_entity_type: "PrincipalEntityType",
@@ -2245,7 +2394,7 @@ module Aws::VerifiedPermissions
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-verifiedpermissions'
-      context[:gem_version] = '1.17.0'
+      context[:gem_version] = '1.19.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-verifiedpermissions/client_api.rb

@@ -24,10 +24,19 @@ module Aws::VerifiedPermissions
     BatchIsAuthorizedOutput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedOutput')
     BatchIsAuthorizedOutputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedOutputItem')
     BatchIsAuthorizedOutputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedOutputList')
+    BatchIsAuthorizedWithTokenInput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedWithTokenInput')
+    BatchIsAuthorizedWithTokenInputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedWithTokenInputItem')
+    BatchIsAuthorizedWithTokenInputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedWithTokenInputList')
+    BatchIsAuthorizedWithTokenOutput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedWithTokenOutput')
+    BatchIsAuthorizedWithTokenOutputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedWithTokenOutputItem')
+    BatchIsAuthorizedWithTokenOutputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedWithTokenOutputList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
     ClientId = Shapes::StringShape.new(name: 'ClientId')
     ClientIds = Shapes::ListShape.new(name: 'ClientIds')
+    CognitoGroupConfiguration = Shapes::StructureShape.new(name: 'CognitoGroupConfiguration')
+    CognitoGroupConfigurationDetail = Shapes::StructureShape.new(name: 'CognitoGroupConfigurationDetail')
+    CognitoGroupConfigurationItem = Shapes::StructureShape.new(name: 'CognitoGroupConfigurationItem')
     CognitoUserPoolConfiguration = Shapes::StructureShape.new(name: 'CognitoUserPoolConfiguration')
     CognitoUserPoolConfigurationDetail = Shapes::StructureShape.new(name: 'CognitoUserPoolConfigurationDetail')
     CognitoUserPoolConfigurationItem = Shapes::StructureShape.new(name: 'CognitoUserPoolConfigurationItem')
@@ -77,6 +86,7 @@ module Aws::VerifiedPermissions
     GetPolicyTemplateOutput = Shapes::StructureShape.new(name: 'GetPolicyTemplateOutput')
     GetSchemaInput = Shapes::StructureShape.new(name: 'GetSchemaInput')
     GetSchemaOutput = Shapes::StructureShape.new(name: 'GetSchemaOutput')
+    GroupEntityType = Shapes::StringShape.new(name: 'GroupEntityType')
     IdempotencyToken = Shapes::StringShape.new(name: 'IdempotencyToken')
     IdentitySourceDetails = Shapes::StructureShape.new(name: 'IdentitySourceDetails')
     IdentitySourceFilter = Shapes::StructureShape.new(name: 'IdentitySourceFilter')
@@ -149,6 +159,7 @@ module Aws::VerifiedPermissions
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     TimestampFormat = Shapes::TimestampShape.new(name: 'TimestampFormat', timestampFormat: "iso8601")
     Token = Shapes::StringShape.new(name: 'Token')
+    UpdateCognitoGroupConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoGroupConfiguration')
     UpdateCognitoUserPoolConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoUserPoolConfiguration')
     UpdateConfiguration = Shapes::UnionShape.new(name: 'UpdateConfiguration')
     UpdateIdentitySourceInput = Shapes::StructureShape.new(name: 'UpdateIdentitySourceInput')
@@ -215,20 +226,58 @@ module Aws::VerifiedPermissions
 
     BatchIsAuthorizedOutputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutputItem)
 
+    BatchIsAuthorizedWithTokenInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
+    BatchIsAuthorizedWithTokenInput.add_member(:identity_token, Shapes::ShapeRef.new(shape: Token, location_name: "identityToken"))
+    BatchIsAuthorizedWithTokenInput.add_member(:access_token, Shapes::ShapeRef.new(shape: Token, location_name: "accessToken"))
+    BatchIsAuthorizedWithTokenInput.add_member(:entities, Shapes::ShapeRef.new(shape: EntitiesDefinition, location_name: "entities"))
+    BatchIsAuthorizedWithTokenInput.add_member(:requests, Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenInputList, required: true, location_name: "requests"))
+    BatchIsAuthorizedWithTokenInput.struct_class = Types::BatchIsAuthorizedWithTokenInput
+
+    BatchIsAuthorizedWithTokenInputItem.add_member(:action, Shapes::ShapeRef.new(shape: ActionIdentifier, location_name: "action"))
+    BatchIsAuthorizedWithTokenInputItem.add_member(:resource, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "resource"))
+    BatchIsAuthorizedWithTokenInputItem.add_member(:context, Shapes::ShapeRef.new(shape: ContextDefinition, location_name: "context"))
+    BatchIsAuthorizedWithTokenInputItem.struct_class = Types::BatchIsAuthorizedWithTokenInputItem
+
+    BatchIsAuthorizedWithTokenInputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenInputItem)
+
+    BatchIsAuthorizedWithTokenOutput.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
+    BatchIsAuthorizedWithTokenOutput.add_member(:results, Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenOutputList, required: true, location_name: "results"))
+    BatchIsAuthorizedWithTokenOutput.struct_class = Types::BatchIsAuthorizedWithTokenOutput
+
+    BatchIsAuthorizedWithTokenOutputItem.add_member(:request, Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenInputItem, required: true, location_name: "request"))
+    BatchIsAuthorizedWithTokenOutputItem.add_member(:decision, Shapes::ShapeRef.new(shape: Decision, required: true, location_name: "decision"))
+    BatchIsAuthorizedWithTokenOutputItem.add_member(:determining_policies, Shapes::ShapeRef.new(shape: DeterminingPolicyList, required: true, location_name: "determiningPolicies"))
+    BatchIsAuthorizedWithTokenOutputItem.add_member(:errors, Shapes::ShapeRef.new(shape: EvaluationErrorList, required: true, location_name: "errors"))
+    BatchIsAuthorizedWithTokenOutputItem.struct_class = Types::BatchIsAuthorizedWithTokenOutputItem
+
+    BatchIsAuthorizedWithTokenOutputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenOutputItem)
+
     ClientIds.member = Shapes::ShapeRef.new(shape: ClientId)
 
+    CognitoGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    CognitoGroupConfiguration.struct_class = Types::CognitoGroupConfiguration
+
+    CognitoGroupConfigurationDetail.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, location_name: "groupEntityType"))
+    CognitoGroupConfigurationDetail.struct_class = Types::CognitoGroupConfigurationDetail
+
+    CognitoGroupConfigurationItem.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, location_name: "groupEntityType"))
+    CognitoGroupConfigurationItem.struct_class = Types::CognitoGroupConfigurationItem
+
     CognitoUserPoolConfiguration.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
     CognitoUserPoolConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    CognitoUserPoolConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: CognitoGroupConfiguration, location_name: "groupConfiguration"))
     CognitoUserPoolConfiguration.struct_class = Types::CognitoUserPoolConfiguration
 
     CognitoUserPoolConfigurationDetail.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
     CognitoUserPoolConfigurationDetail.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, required: true, location_name: "clientIds"))
     CognitoUserPoolConfigurationDetail.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    CognitoUserPoolConfigurationDetail.add_member(:group_configuration, Shapes::ShapeRef.new(shape: CognitoGroupConfigurationDetail, location_name: "groupConfiguration"))
     CognitoUserPoolConfigurationDetail.struct_class = Types::CognitoUserPoolConfigurationDetail
 
     CognitoUserPoolConfigurationItem.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
     CognitoUserPoolConfigurationItem.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, required: true, location_name: "clientIds"))
     CognitoUserPoolConfigurationItem.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    CognitoUserPoolConfigurationItem.add_member(:group_configuration, Shapes::ShapeRef.new(shape: CognitoGroupConfigurationItem, location_name: "groupConfiguration"))
     CognitoUserPoolConfigurationItem.struct_class = Types::CognitoUserPoolConfigurationItem
 
     Configuration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
@@ -488,6 +537,7 @@ module Aws::VerifiedPermissions
     IsAuthorizedWithTokenOutput.add_member(:decision, Shapes::ShapeRef.new(shape: Decision, required: true, location_name: "decision"))
     IsAuthorizedWithTokenOutput.add_member(:determining_policies, Shapes::ShapeRef.new(shape: DeterminingPolicyList, required: true, location_name: "determiningPolicies"))
     IsAuthorizedWithTokenOutput.add_member(:errors, Shapes::ShapeRef.new(shape: EvaluationErrorList, required: true, location_name: "errors"))
+    IsAuthorizedWithTokenOutput.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
     IsAuthorizedWithTokenOutput.struct_class = Types::IsAuthorizedWithTokenOutput
 
     ListIdentitySourcesInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -661,8 +711,12 @@ module Aws::VerifiedPermissions
     ThrottlingException.add_member(:quota_code, Shapes::ShapeRef.new(shape: String, location_name: "quotaCode"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
+    UpdateCognitoGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    UpdateCognitoGroupConfiguration.struct_class = Types::UpdateCognitoGroupConfiguration
+
     UpdateCognitoUserPoolConfiguration.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
     UpdateCognitoUserPoolConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    UpdateCognitoUserPoolConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: UpdateCognitoGroupConfiguration, location_name: "groupConfiguration"))
     UpdateCognitoUserPoolConfiguration.struct_class = Types::UpdateCognitoUserPoolConfiguration
 
     UpdateConfiguration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: UpdateCognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
@@ -775,6 +829,19 @@ module Aws::VerifiedPermissions
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
       end)
 
+      api.add_operation(:batch_is_authorized_with_token, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "BatchIsAuthorizedWithToken"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenInput)
+        o.output = Shapes::ShapeRef.new(shape: BatchIsAuthorizedWithTokenOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
       api.add_operation(:create_identity_source, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateIdentitySource"
         o.http_method = "POST"

data/lib/aws-sdk-verifiedpermissions/endpoints.rb

@@ -26,6 +26,20 @@ module Aws::VerifiedPermissions
       end
     end
 
+    class BatchIsAuthorizedWithToken
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::VerifiedPermissions::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class CreateIdentitySource
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-verifiedpermissions/plugins/endpoints.rb

@@ -60,6 +60,8 @@ module Aws::VerifiedPermissions
           case context.operation_name
           when :batch_is_authorized
             Aws::VerifiedPermissions::Endpoints::BatchIsAuthorized.build(context)
+          when :batch_is_authorized_with_token
+            Aws::VerifiedPermissions::Endpoints::BatchIsAuthorizedWithToken.build(context)
           when :create_identity_source
             Aws::VerifiedPermissions::Endpoints::CreateIdentitySource.build(context)
           when :create_policy

data/lib/aws-sdk-verifiedpermissions/types.rb

@@ -201,13 +201,13 @@ module Aws::VerifiedPermissions
     #   @return [Types::EntityIdentifier]
     #
     # @!attribute [rw] action
-    #   Specifies the requested action to be authorized. For example, is the
-    #   principal authorized to perform this action on the resource?
+    #   Specifies the requested action to be authorized. For example,
+    #   `PhotoFlash::ReadPhoto`.
     #   @return [Types::ActionIdentifier]
     #
     # @!attribute [rw] resource
-    #   Specifies the resource for which the authorization decision is to be
-    #   made.
+    #   Specifies the resource that you want an authorization decision for.
+    #   For example, `PhotoFlash::Photo`.
     #   @return [Types::EntityIdentifier]
     #
     # @!attribute [rw] context
@@ -262,9 +262,9 @@ module Aws::VerifiedPermissions
     #   @return [Array<Types::DeterminingPolicyItem>]
     #
     # @!attribute [rw] errors
-    #   Errors that occurred while making an authorization decision, for
-    #   example, a policy references an Entity or entity Attribute that does
-    #   not exist in the slice.
+    #   Errors that occurred while making an authorization decision. For
+    #   example, a policy might reference an entity or attribute that
+    #   doesn't exist in the request.
     #   @return [Array<Types::EvaluationErrorItem>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedOutputItem AWS API Documentation
@@ -278,6 +278,224 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # @!attribute [rw] policy_store_id
+    #   Specifies the ID of the policy store. Policies in this policy store
+    #   will be used to make an authorization decision for the input.
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_token
+    #   Specifies an identity (ID) token for the principal that you want to
+    #   authorize in each request. This token is provided to you by the
+    #   identity provider (IdP) associated with the specified identity
+    #   source. You must specify either an `accessToken`, an
+    #   `identityToken`, or both.
+    #
+    #   Must be an ID token. Verified Permissions returns an error if the
+    #   `token_use` claim in the submitted token isn't `id`.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_token
+    #   Specifies an access token for the principal that you want to
+    #   authorize in each request. This token is provided to you by the
+    #   identity provider (IdP) associated with the specified identity
+    #   source. You must specify either an `accessToken`, an
+    #   `identityToken`, or both.
+    #
+    #   Must be an access token. Verified Permissions returns an error if
+    #   the `token_use` claim in the submitted token isn't `access`.
+    #   @return [String]
+    #
+    # @!attribute [rw] entities
+    #   Specifies the list of resources and their associated attributes that
+    #   Verified Permissions can examine when evaluating the policies.
+    #
+    #   You can't include principals in this parameter, only resource and
+    #   action entities. This parameter can't include any entities of a
+    #   type that matches the user or group entity types that you defined in
+    #   your identity source.
+    #
+    #    * The `BatchIsAuthorizedWithToken` operation takes principal
+    #     attributes from <b> <i>only</i> </b> the `identityToken` or
+    #     `accessToken` passed to the operation.
+    #
+    #   * For action entities, you can include only their `Identifier` and
+    #     `EntityType`.
+    #   @return [Types::EntitiesDefinition]
+    #
+    # @!attribute [rw] requests
+    #   An array of up to 30 requests that you want Verified Permissions to
+    #   evaluate.
+    #   @return [Array<Types::BatchIsAuthorizedWithTokenInputItem>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedWithTokenInput AWS API Documentation
+    #
+    class BatchIsAuthorizedWithTokenInput < Struct.new(
+      :policy_store_id,
+      :identity_token,
+      :access_token,
+      :entities,
+      :requests)
+      SENSITIVE = [:identity_token, :access_token]
+      include Aws::Structure
+    end
+
+    # An authorization request that you include in a
+    # `BatchIsAuthorizedWithToken` API request.
+    #
+    # @!attribute [rw] action
+    #   Specifies the requested action to be authorized. For example,
+    #   `PhotoFlash::ReadPhoto`.
+    #   @return [Types::ActionIdentifier]
+    #
+    # @!attribute [rw] resource
+    #   Specifies the resource that you want an authorization decision for.
+    #   For example, `PhotoFlash::Photo`.
+    #   @return [Types::EntityIdentifier]
+    #
+    # @!attribute [rw] context
+    #   Specifies additional context that can be used to make more granular
+    #   authorization decisions.
+    #   @return [Types::ContextDefinition]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedWithTokenInputItem AWS API Documentation
+    #
+    class BatchIsAuthorizedWithTokenInputItem < Struct.new(
+      :action,
+      :resource,
+      :context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] principal
+    #   The identifier of the principal in the ID or access token.
+    #   @return [Types::EntityIdentifier]
+    #
+    # @!attribute [rw] results
+    #   A series of `Allow` or `Deny` decisions for each request, and the
+    #   policies that produced them.
+    #   @return [Array<Types::BatchIsAuthorizedWithTokenOutputItem>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedWithTokenOutput AWS API Documentation
+    #
+    class BatchIsAuthorizedWithTokenOutput < Struct.new(
+      :principal,
+      :results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The decision, based on policy evaluation, from an individual
+    # authorization request in a `BatchIsAuthorizedWithToken` API request.
+    #
+    # @!attribute [rw] request
+    #   The authorization request that initiated the decision.
+    #   @return [Types::BatchIsAuthorizedWithTokenInputItem]
+    #
+    # @!attribute [rw] decision
+    #   An authorization decision that indicates if the authorization
+    #   request should be allowed or denied.
+    #   @return [String]
+    #
+    # @!attribute [rw] determining_policies
+    #   The list of determining policies used to make the authorization
+    #   decision. For example, if there are two matching policies, where one
+    #   is a forbid and the other is a permit, then the forbid policy will
+    #   be the determining policy. In the case of multiple matching permit
+    #   policies then there would be multiple determining policies. In the
+    #   case that no policies match, and hence the response is DENY, there
+    #   would be no determining policies.
+    #   @return [Array<Types::DeterminingPolicyItem>]
+    #
+    # @!attribute [rw] errors
+    #   Errors that occurred while making an authorization decision. For
+    #   example, a policy might reference an entity or attribute that
+    #   doesn't exist in the request.
+    #   @return [Array<Types::EvaluationErrorItem>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedWithTokenOutputItem AWS API Documentation
+    #
+    class BatchIsAuthorizedWithTokenOutputItem < Struct.new(
+      :request,
+      :decision,
+      :determining_policies,
+      :errors)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A list of user groups and entities from an Amazon Cognito user pool
+    # identity source.
+    #
+    # This data type is part of a [CognitoUserPoolConfiguration][1]
+    # structure and is a request parameter in [CreateIdentitySource][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfiguration.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoGroupConfiguration AWS API Documentation
+    #
+    class CognitoGroupConfiguration < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
+    # A list of user groups and entities from an Amazon Cognito user pool
+    # identity source.
+    #
+    # This data type is part of an [CognitoUserPoolConfigurationDetail][1]
+    # structure and is a response parameter to [GetIdentitySource][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationItem.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoGroupConfigurationDetail AWS API Documentation
+    #
+    class CognitoGroupConfigurationDetail < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
+    # A list of user groups and entities from an Amazon Cognito user pool
+    # identity source.
+    #
+    # This data type is part of an [CognitoUserPoolConfigurationItem][1]
+    # structure and is a response parameter to [ListIdentitySources][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationDetail.html
+    # [2]: http://forums.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoGroupConfigurationItem AWS API Documentation
+    #
+    class CognitoGroupConfigurationItem < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
     # The configuration for an identity source that represents a connection
     # to an Amazon Cognito user pool used as an identity provider for
     # Verified Permissions.
@@ -313,11 +531,17 @@ module Aws::VerifiedPermissions
     #   Example: `"ClientIds": ["&ExampleCogClientId;"]`
     #   @return [Array<String>]
     #
+    # @!attribute [rw] group_configuration
+    #   The configuration of the user groups from an Amazon Cognito user
+    #   pool identity source.
+    #   @return [Types::CognitoGroupConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoUserPoolConfiguration AWS API Documentation
     #
     class CognitoUserPoolConfiguration < Struct.new(
       :user_pool_arn,
-      :client_ids)
+      :client_ids,
+      :group_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -365,12 +589,18 @@ module Aws::VerifiedPermissions
     #   "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"`
     #   @return [String]
     #
+    # @!attribute [rw] group_configuration
+    #   The configuration of the user groups from an Amazon Cognito user
+    #   pool identity source.
+    #   @return [Types::CognitoGroupConfigurationDetail]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoUserPoolConfigurationDetail AWS API Documentation
     #
     class CognitoUserPoolConfigurationDetail < Struct.new(
       :user_pool_arn,
       :client_ids,
-      :issuer)
+      :issuer,
+      :group_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -418,12 +648,18 @@ module Aws::VerifiedPermissions
     #   "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"`
     #   @return [String]
     #
+    # @!attribute [rw] group_configuration
+    #   The configuration of the user groups from an Amazon Cognito user
+    #   pool identity source.
+    #   @return [Types::CognitoGroupConfigurationItem]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoUserPoolConfigurationItem AWS API Documentation
     #
     class CognitoUserPoolConfigurationItem < Struct.new(
       :user_pool_arn,
       :client_ids,
-      :issuer)
+      :issuer,
+      :group_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -455,7 +691,8 @@ module Aws::VerifiedPermissions
     #
     #   Example:
     #   `"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"]\}\}`
+    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    #   \{"groupEntityType": "MyCorp::Group"\}\}\}`
     #
     #
     #
@@ -494,7 +731,8 @@ module Aws::VerifiedPermissions
     #
     #   Example:
     #   `"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"]\}\}`
+    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    #   \{"groupEntityType": "MyCorp::Group"\}\}\}`
     #
     #
     #
@@ -533,7 +771,8 @@ module Aws::VerifiedPermissions
     #
     #   Example:
     #   `"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"]\}\}`
+    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    #   \{"groupEntityType": "MyCorp::Group"\}\}\}`
     #
     #
     #
@@ -1852,8 +2091,10 @@ module Aws::VerifiedPermissions
     #   Specifies the list of resources and their associated attributes that
     #   Verified Permissions can examine when evaluating the policies.
     #
-    #   <note markdown="1"> You can include only resource and action entities in this parameter;
-    #   you can't include principals.
+    #   You can't include principals in this parameter, only resource and
+    #   action entities. This parameter can't include any entities of a
+    #   type that matches the user or group entity types that you defined in
+    #   your identity source.
     #
     #    * The `IsAuthorizedWithToken` operation takes principal attributes
     #     from <b> <i>only</i> </b> the `identityToken` or `accessToken`
@@ -1861,8 +2102,6 @@ module Aws::VerifiedPermissions
     #
     #   * For action entities, you can include only their `Identifier` and
     #     `EntityType`.
-    #
-    #    </note>
     #   @return [Types::EntitiesDefinition]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithTokenInput AWS API Documentation
@@ -1900,12 +2139,17 @@ module Aws::VerifiedPermissions
     #   not exist in the slice.
     #   @return [Array<Types::EvaluationErrorItem>]
     #
+    # @!attribute [rw] principal
+    #   The identifier of the principal in the ID or access token.
+    #   @return [Types::EntityIdentifier]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithTokenOutput AWS API Documentation
     #
     class IsAuthorizedWithTokenOutput < Struct.new(
       :decision,
       :determining_policies,
-      :errors)
+      :errors,
+      :principal)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2823,6 +3067,22 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # A list of user groups and entities from an Amazon Cognito user pool
+    # identity source.
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateCognitoGroupConfiguration AWS API Documentation
+    #
+    class UpdateCognitoGroupConfiguration < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
     # Contains configuration details of a Amazon Cognito user pool for use
     # with an identity source.
     #
@@ -2840,11 +3100,17 @@ module Aws::VerifiedPermissions
     #   Amazon Cognito user pool.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] group_configuration
+    #   The configuration of the user groups from an Amazon Cognito user
+    #   pool identity source.
+    #   @return [Types::UpdateCognitoGroupConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateCognitoUserPoolConfiguration AWS API Documentation
     #
     class UpdateCognitoUserPoolConfiguration < Struct.new(
       :user_pool_arn,
-      :client_ids)
+      :client_ids,
+      :group_configuration)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-verifiedpermissions.rb

@@ -53,6 +53,6 @@ require_relative 'aws-sdk-verifiedpermissions/customizations'
 # @!group service
 module Aws::VerifiedPermissions
 
-  GEM_VERSION = '1.17.0'
+  GEM_VERSION = '1.19.0'
 
 end

data/sig/client.rbs

@@ -119,6 +119,51 @@ module Aws
                                ) -> _BatchIsAuthorizedResponseSuccess
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _BatchIsAuthorizedResponseSuccess
 
+      interface _BatchIsAuthorizedWithTokenResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::BatchIsAuthorizedWithTokenOutput]
+        def principal: () -> Types::EntityIdentifier
+        def results: () -> ::Array[Types::BatchIsAuthorizedWithTokenOutputItem]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#batch_is_authorized_with_token-instance_method
+      def batch_is_authorized_with_token: (
+                                            policy_store_id: ::String,
+                                            ?identity_token: ::String,
+                                            ?access_token: ::String,
+                                            ?entities: {
+                                              entity_list: Array[
+                                                {
+                                                  identifier: {
+                                                    entity_type: ::String,
+                                                    entity_id: ::String
+                                                  },
+                                                  attributes: Hash[::String, untyped]?,
+                                                  parents: Array[
+                                                    {
+                                                      entity_type: ::String,
+                                                      entity_id: ::String
+                                                    },
+                                                  ]?
+                                                },
+                                              ]?
+                                            },
+                                            requests: Array[
+                                              {
+                                                action: {
+                                                  action_type: ::String,
+                                                  action_id: ::String
+                                                }?,
+                                                resource: {
+                                                  entity_type: ::String,
+                                                  entity_id: ::String
+                                                }?,
+                                                context: {
+                                                  context_map: Hash[::String, untyped]?
+                                                }?
+                                              },
+                                            ]
+                                          ) -> _BatchIsAuthorizedWithTokenResponseSuccess
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _BatchIsAuthorizedWithTokenResponseSuccess
+
       interface _CreateIdentitySourceResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::CreateIdentitySourceOutput]
         def created_date: () -> ::Time
@@ -133,7 +178,10 @@ module Aws
                                     configuration: {
                                       cognito_user_pool_configuration: {
                                         user_pool_arn: ::String,
-                                        client_ids: Array[::String]?
+                                        client_ids: Array[::String]?,
+                                        group_configuration: {
+                                          group_entity_type: ::String
+                                        }?
                                       }?
                                     },
                                     ?principal_entity_type: ::String
@@ -375,6 +423,7 @@ module Aws
         def decision: () -> ("ALLOW" | "DENY")
         def determining_policies: () -> ::Array[Types::DeterminingPolicyItem]
         def errors: () -> ::Array[Types::EvaluationErrorItem]
+        def principal: () -> Types::EntityIdentifier
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#is_authorized_with_token-instance_method
       def is_authorized_with_token: (
@@ -516,7 +565,10 @@ module Aws
                                     update_configuration: {
                                       cognito_user_pool_configuration: {
                                         user_pool_arn: ::String,
-                                        client_ids: Array[::String]?
+                                        client_ids: Array[::String]?,
+                                        group_configuration: {
+                                          group_entity_type: ::String
+                                        }?
                                       }?
                                     },
                                     ?principal_entity_type: ::String

data/sig/types.rbs

@@ -73,9 +73,55 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class BatchIsAuthorizedWithTokenInput
+      attr_accessor policy_store_id: ::String
+      attr_accessor identity_token: ::String
+      attr_accessor access_token: ::String
+      attr_accessor entities: Types::EntitiesDefinition
+      attr_accessor requests: ::Array[Types::BatchIsAuthorizedWithTokenInputItem]
+      SENSITIVE: [:identity_token, :access_token]
+    end
+
+    class BatchIsAuthorizedWithTokenInputItem
+      attr_accessor action: Types::ActionIdentifier
+      attr_accessor resource: Types::EntityIdentifier
+      attr_accessor context: Types::ContextDefinition
+      SENSITIVE: []
+    end
+
+    class BatchIsAuthorizedWithTokenOutput
+      attr_accessor principal: Types::EntityIdentifier
+      attr_accessor results: ::Array[Types::BatchIsAuthorizedWithTokenOutputItem]
+      SENSITIVE: []
+    end
+
+    class BatchIsAuthorizedWithTokenOutputItem
+      attr_accessor request: Types::BatchIsAuthorizedWithTokenInputItem
+      attr_accessor decision: ("ALLOW" | "DENY")
+      attr_accessor determining_policies: ::Array[Types::DeterminingPolicyItem]
+      attr_accessor errors: ::Array[Types::EvaluationErrorItem]
+      SENSITIVE: []
+    end
+
+    class CognitoGroupConfiguration
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
+    class CognitoGroupConfigurationDetail
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
+    class CognitoGroupConfigurationItem
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
     class CognitoUserPoolConfiguration
       attr_accessor user_pool_arn: ::String
       attr_accessor client_ids: ::Array[::String]
+      attr_accessor group_configuration: Types::CognitoGroupConfiguration
       SENSITIVE: []
     end
 
@@ -83,6 +129,7 @@ module Aws::VerifiedPermissions
       attr_accessor user_pool_arn: ::String
       attr_accessor client_ids: ::Array[::String]
       attr_accessor issuer: ::String
+      attr_accessor group_configuration: Types::CognitoGroupConfigurationDetail
       SENSITIVE: []
     end
 
@@ -90,6 +137,7 @@ module Aws::VerifiedPermissions
       attr_accessor user_pool_arn: ::String
       attr_accessor client_ids: ::Array[::String]
       attr_accessor issuer: ::String
+      attr_accessor group_configuration: Types::CognitoGroupConfigurationItem
       SENSITIVE: []
     end
 
@@ -440,6 +488,7 @@ module Aws::VerifiedPermissions
       attr_accessor decision: ("ALLOW" | "DENY")
       attr_accessor determining_policies: ::Array[Types::DeterminingPolicyItem]
       attr_accessor errors: ::Array[Types::EvaluationErrorItem]
+      attr_accessor principal: Types::EntityIdentifier
       SENSITIVE: []
     end
 
@@ -668,9 +717,15 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class UpdateCognitoGroupConfiguration
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
     class UpdateCognitoUserPoolConfiguration
       attr_accessor user_pool_arn: ::String
       attr_accessor client_ids: ::Array[::String]
+      attr_accessor group_configuration: Types::UpdateCognitoGroupConfiguration
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-verifiedpermissions
 version: !ruby/object:Gem::Version
-  version: 1.17.0
+  version: 1.19.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-06 00:00:00.000000000 Z
+date: 2024-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core