RubyGems - aws-sdk-verifiedpermissions - Versions diffs - 1.23.0 → 1.24.0 - Mend

aws-sdk-verifiedpermissions 1.23.0 → 1.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-verifiedpermissions/client.rb +83 -36
data/lib/aws-sdk-verifiedpermissions/client_api.rb +138 -0
data/lib/aws-sdk-verifiedpermissions/types.rb +828 -28
data/lib/aws-sdk-verifiedpermissions.rb +1 -1
data/sig/client.rbs +36 -0
data/sig/types.rbs +173 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c5f4c00b98f6913e06959231c209202b8cabcc7fa2d1d4fe58ff98ff3c8ef45
-  data.tar.gz: 1fc4d59e1d9a64b1c449b266c6ae63fbf3bde1ae36d9b697dc1a1a78a34ad7a7
+  metadata.gz: b69f49e6604e5f5f826ecb8bda1e4db678f60d49fceadf6242ccb202404fc234
+  data.tar.gz: 23c5db13414cb84864b76f651a1c9e2401fb2214950fddb543adc537a26cd479
 SHA512:
-  metadata.gz: 6d8e29388fecd0a0d9d08679444c9502c88e8ad57a52883c75fc53d5e963bb08cf492b85c6cb42da205ea2f3c8ad5d25b87230c6c9c53ebcd8c5d6631d07a518
-  data.tar.gz: 726cbf8ce3143b6c608e08e7d161338b1715a9a095b39af7c928e816b46cf93160a7b03105ad2c68a758a1ed43a13195e4747a85dd7a5bdd2165f1e47ccaa420
+  metadata.gz: a7da4f6ab18c7c2688c3f9bd479fd74a6852c3deb39b44452572b73c5e67ce37b8899aff5a674d88c59cb238883a3eb35302717e5c70002ae3ec9b8dffba35e8
+  data.tar.gz: 4ece0fc584cd4ee08d316e31a8ecf6e6c1dc6255676f96dcf8a27539471cd9cc08045026efb29cd3e20586bd096a4338ddd94e4a1c34253e76a5ac1b86320287

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.24.0 (2024-06-07)
+------------------
+* Feature - This release adds OpenIdConnect (OIDC) configuration support for IdentitySources, allowing for external IDPs to be used in authorization requests.
 1.23.0 (2024-06-05)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.23.0
1	+ 1.24.0

data/lib/aws-sdk-verifiedpermissions/client.rb CHANGED Viewed

@@ -689,37 +689,34 @@ module Aws::VerifiedPermissions
       req.send_request(options)
     end
-    # Creates a reference to an Amazon Cognito user pool as an external
-    # identity provider (IdP).
+    # Adds an identity source to a policy store–an Amazon Cognito user pool
+    # or OpenID Connect (OIDC) identity provider (IdP).
     #
     # After you create an identity source, you can use the identities
     # provided by the IdP as proxies for the principal in authorization
-    # queries that use the [IsAuthorizedWithToken][1] operation. These
-    # identities take the form of tokens that contain claims about the user,
-    # such as IDs, attributes and group memberships. Amazon Cognito provides
-    # both identity tokens and access tokens, and Verified Permissions can
-    # use either or both. Any combination of identity and access tokens
-    # results in the same Cedar principal. Verified Permissions
-    # automatically translates the information about the identities into the
-    # standard Cedar attributes that can be evaluated by your policies.
-    # Because the Amazon Cognito identity and access tokens can contain
-    # different information, the tokens you choose to use determine which
-    # principal attributes are available to access when evaluating Cedar
-    # policies.
-    #
-    # If you delete a Amazon Cognito user pool or user, tokens from that
-    # deleted pool or that deleted user continue to be usable until they
-    # expire.
+    # queries that use the [IsAuthorizedWithToken][1] or
+    # [BatchIsAuthorizedWithToken][2] API operations. These identities take
+    # the form of tokens that contain claims about the user, such as IDs,
+    # attributes and group memberships. Identity sources provide identity
+    # (ID) tokens and access tokens. Verified Permissions derives
+    # information about your user and session from token claims. Access
+    # tokens provide action `context` to your policies, and ID tokens
+    # provide principal `Attributes`.
+    #
+    # Tokens from an identity source user continue to be usable until they
+    # expire. Token revocation and resource deletion have no effect on the
+    # validity of a token in your policy store
     #
     # <note markdown="1"> To reference a user from this identity source in your Cedar policies,
-    # use the following syntax.
+    # refer to the following syntax examples.
     #
-    #  *IdentityType::"&lt;CognitoUserPoolIdentifier&gt;\|&lt;CognitoClientId&gt;*
+    #  * Amazon Cognito user pool: `Namespace::[Entity type]::[User pool
+    #   ID]|[user principal attribute]`, for example
+    #   `MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111`.
     #
-    #  Where `IdentityType` is the string that you provide to the
-    # `PrincipalEntityType` parameter for this operation. The
-    # `CognitoUserPoolId` and `CognitoClientId` are defined by the Amazon
-    # Cognito user pool.
+    # * OpenID Connect (OIDC) provider: `Namespace::[Entity
+    #   type]::[principalIdClaim]|[user principal attribute]`, for example
+    #   `MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222`.
     #
     #  </note>
     #
@@ -734,6 +731,7 @@ module Aws::VerifiedPermissions
     #
     #
     # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorizedWithToken.html
     #
     # @option params [String] :client_token
     #   Specifies a unique, case-sensitive ID that you provide to ensure the
@@ -771,13 +769,6 @@ module Aws::VerifiedPermissions
     #   Specifies the details required to communicate with the identity
     #   provider (IdP) associated with this identity source.
     #
-    #   <note markdown="1"> At this time, the only valid member of this structure is a Amazon
-    #   Cognito user pool configuration.
-    #
-    #    You must specify a `UserPoolArn`, and optionally, a `ClientId`.
-    #
-    #    </note>
-    #
     # @option params [String] :principal_entity_type
     #   Specifies the namespace and data type of the principals generated for
     #   identities authenticated by the new identity source.
@@ -802,6 +793,24 @@ module Aws::VerifiedPermissions
     #           group_entity_type: "GroupEntityType", # required
     #         },
     #       },
+    #       open_id_connect_configuration: {
+    #         issuer: "Issuer", # required
+    #         entity_id_prefix: "EntityIdPrefix",
+    #         group_configuration: {
+    #           group_claim: "Claim", # required
+    #           group_entity_type: "GroupEntityType", # required
+    #         },
+    #         token_selection: { # required
+    #           access_token_only: {
+    #             principal_id_claim: "Claim",
+    #             audiences: ["Audience"],
+    #           },
+    #           identity_token_only: {
+    #             principal_id_claim: "Claim",
+    #             client_ids: ["ClientId"],
+    #           },
+    #         },
+    #       },
     #     },
     #     principal_entity_type: "PrincipalEntityType",
     #   })
@@ -1298,6 +1307,16 @@ module Aws::VerifiedPermissions
     #   resp.configuration.cognito_user_pool_configuration.client_ids[0] #=> String
     #   resp.configuration.cognito_user_pool_configuration.issuer #=> String
     #   resp.configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
+    #   resp.configuration.open_id_connect_configuration.issuer #=> String
+    #   resp.configuration.open_id_connect_configuration.entity_id_prefix #=> String
+    #   resp.configuration.open_id_connect_configuration.group_configuration.group_claim #=> String
+    #   resp.configuration.open_id_connect_configuration.group_configuration.group_entity_type #=> String
+    #   resp.configuration.open_id_connect_configuration.token_selection.access_token_only.principal_id_claim #=> String
+    #   resp.configuration.open_id_connect_configuration.token_selection.access_token_only.audiences #=> Array
+    #   resp.configuration.open_id_connect_configuration.token_selection.access_token_only.audiences[0] #=> String
+    #   resp.configuration.open_id_connect_configuration.token_selection.identity_token_only.principal_id_claim #=> String
+    #   resp.configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids #=> Array
+    #   resp.configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource AWS API Documentation
     #
@@ -1610,9 +1629,9 @@ module Aws::VerifiedPermissions
     # Verified Permissions validates each token that is specified in a
     # request by checking its expiration date and its signature.
     #
-    # If you delete a Amazon Cognito user pool or user, tokens from that
-    # deleted pool or that deleted user continue to be usable until they
-    # expire.
+    # Tokens from an identity source user continue to be usable until they
+    # expire. Token revocation and resource deletion have no effect on the
+    # validity of a token in your policy store
     #
     #
     #
@@ -1806,6 +1825,16 @@ module Aws::VerifiedPermissions
     #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.client_ids[0] #=> String
     #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.issuer #=> String
     #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.issuer #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.entity_id_prefix #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.group_configuration.group_claim #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.group_configuration.group_entity_type #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.access_token_only.principal_id_claim #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.access_token_only.audiences #=> Array
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.access_token_only.audiences[0] #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.identity_token_only.principal_id_claim #=> String
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids #=> Array
+    #   resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources AWS API Documentation
     #
@@ -2090,7 +2119,7 @@ module Aws::VerifiedPermissions
     end
     # Updates the specified identity source to use a new identity provider
-    # (IdP) source, or to change the mapping of identities from the IdP to a
+    # (IdP), or to change the mapping of identities from the IdP to a
     # different principal entity type.
     #
     # <note markdown="1"> Verified Permissions is <i> <a
@@ -2143,6 +2172,24 @@ module Aws::VerifiedPermissions
     #           group_entity_type: "GroupEntityType", # required
     #         },
     #       },
+    #       open_id_connect_configuration: {
+    #         issuer: "Issuer", # required
+    #         entity_id_prefix: "EntityIdPrefix",
+    #         group_configuration: {
+    #           group_claim: "Claim", # required
+    #           group_entity_type: "GroupEntityType", # required
+    #         },
+    #         token_selection: { # required
+    #           access_token_only: {
+    #             principal_id_claim: "Claim",
+    #             audiences: ["Audience"],
+    #           },
+    #           identity_token_only: {
+    #             principal_id_claim: "Claim",
+    #             client_ids: ["ClientId"],
+    #           },
+    #         },
+    #       },
     #     },
     #     principal_entity_type: "PrincipalEntityType",
     #   })
@@ -2441,7 +2488,7 @@ module Aws::VerifiedPermissions
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-verifiedpermissions'
-      context[:gem_version] = '1.23.0'
+      context[:gem_version] = '1.24.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-verifiedpermissions/client_api.rb CHANGED Viewed

@@ -19,6 +19,8 @@ module Aws::VerifiedPermissions
     ActionIdentifierList = Shapes::ListShape.new(name: 'ActionIdentifierList')
     ActionType = Shapes::StringShape.new(name: 'ActionType')
     AttributeValue = Shapes::UnionShape.new(name: 'AttributeValue')
+    Audience = Shapes::StringShape.new(name: 'Audience')
+    Audiences = Shapes::ListShape.new(name: 'Audiences')
     BatchIsAuthorizedInput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInput')
     BatchIsAuthorizedInputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInputItem')
     BatchIsAuthorizedInputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedInputList')
@@ -33,6 +35,7 @@ module Aws::VerifiedPermissions
     BatchIsAuthorizedWithTokenOutputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedWithTokenOutputList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
+    Claim = Shapes::StringShape.new(name: 'Claim')
     ClientId = Shapes::StringShape.new(name: 'ClientId')
     ClientIds = Shapes::ListShape.new(name: 'ClientIds')
     CognitoGroupConfiguration = Shapes::StructureShape.new(name: 'CognitoGroupConfiguration')
@@ -70,6 +73,7 @@ module Aws::VerifiedPermissions
     EntitiesDefinition = Shapes::UnionShape.new(name: 'EntitiesDefinition')
     EntityAttributes = Shapes::MapShape.new(name: 'EntityAttributes')
     EntityId = Shapes::StringShape.new(name: 'EntityId')
+    EntityIdPrefix = Shapes::StringShape.new(name: 'EntityIdPrefix')
     EntityIdentifier = Shapes::StructureShape.new(name: 'EntityIdentifier')
     EntityItem = Shapes::StructureShape.new(name: 'EntityItem')
     EntityList = Shapes::ListShape.new(name: 'EntityList')
@@ -116,6 +120,21 @@ module Aws::VerifiedPermissions
     Namespace = Shapes::StringShape.new(name: 'Namespace')
     NamespaceList = Shapes::ListShape.new(name: 'NamespaceList')
     NextToken = Shapes::StringShape.new(name: 'NextToken')
+    OpenIdConnectAccessTokenConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectAccessTokenConfiguration')
+    OpenIdConnectAccessTokenConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectAccessTokenConfigurationDetail')
+    OpenIdConnectAccessTokenConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectAccessTokenConfigurationItem')
+    OpenIdConnectConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectConfiguration')
+    OpenIdConnectConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectConfigurationDetail')
+    OpenIdConnectConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectConfigurationItem')
+    OpenIdConnectGroupConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectGroupConfiguration')
+    OpenIdConnectGroupConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectGroupConfigurationDetail')
+    OpenIdConnectGroupConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectGroupConfigurationItem')
+    OpenIdConnectIdentityTokenConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectIdentityTokenConfiguration')
+    OpenIdConnectIdentityTokenConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectIdentityTokenConfigurationDetail')
+    OpenIdConnectIdentityTokenConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectIdentityTokenConfigurationItem')
+    OpenIdConnectTokenSelection = Shapes::UnionShape.new(name: 'OpenIdConnectTokenSelection')
+    OpenIdConnectTokenSelectionDetail = Shapes::UnionShape.new(name: 'OpenIdConnectTokenSelectionDetail')
+    OpenIdConnectTokenSelectionItem = Shapes::UnionShape.new(name: 'OpenIdConnectTokenSelectionItem')
     OpenIdIssuer = Shapes::StringShape.new(name: 'OpenIdIssuer')
     ParentList = Shapes::ListShape.new(name: 'ParentList')
     PolicyDefinition = Shapes::UnionShape.new(name: 'PolicyDefinition')
@@ -166,6 +185,11 @@ module Aws::VerifiedPermissions
     UpdateConfiguration = Shapes::UnionShape.new(name: 'UpdateConfiguration')
     UpdateIdentitySourceInput = Shapes::StructureShape.new(name: 'UpdateIdentitySourceInput')
     UpdateIdentitySourceOutput = Shapes::StructureShape.new(name: 'UpdateIdentitySourceOutput')
+    UpdateOpenIdConnectAccessTokenConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectAccessTokenConfiguration')
+    UpdateOpenIdConnectConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectConfiguration')
+    UpdateOpenIdConnectGroupConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectGroupConfiguration')
+    UpdateOpenIdConnectIdentityTokenConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectIdentityTokenConfiguration')
+    UpdateOpenIdConnectTokenSelection = Shapes::UnionShape.new(name: 'UpdateOpenIdConnectTokenSelection')
     UpdatePolicyDefinition = Shapes::UnionShape.new(name: 'UpdatePolicyDefinition')
     UpdatePolicyInput = Shapes::StructureShape.new(name: 'UpdatePolicyInput')
     UpdatePolicyOutput = Shapes::StructureShape.new(name: 'UpdatePolicyOutput')
@@ -206,6 +230,8 @@ module Aws::VerifiedPermissions
     AttributeValue.add_member_subclass(:unknown, Types::AttributeValue::Unknown)
     AttributeValue.struct_class = Types::AttributeValue
+    Audiences.member = Shapes::ShapeRef.new(shape: Audience)
     BatchIsAuthorizedInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     BatchIsAuthorizedInput.add_member(:entities, Shapes::ShapeRef.new(shape: EntitiesDefinition, location_name: "entities"))
     BatchIsAuthorizedInput.add_member(:requests, Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputList, required: true, location_name: "requests"))
@@ -285,20 +311,26 @@ module Aws::VerifiedPermissions
     CognitoUserPoolConfigurationItem.struct_class = Types::CognitoUserPoolConfigurationItem
     Configuration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
+    Configuration.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectConfiguration, location_name: "openIdConnectConfiguration"))
     Configuration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     Configuration.add_member_subclass(:cognito_user_pool_configuration, Types::Configuration::CognitoUserPoolConfiguration)
+    Configuration.add_member_subclass(:open_id_connect_configuration, Types::Configuration::OpenIdConnectConfiguration)
     Configuration.add_member_subclass(:unknown, Types::Configuration::Unknown)
     Configuration.struct_class = Types::Configuration
     ConfigurationDetail.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfigurationDetail, location_name: "cognitoUserPoolConfiguration"))
+    ConfigurationDetail.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectConfigurationDetail, location_name: "openIdConnectConfiguration"))
     ConfigurationDetail.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     ConfigurationDetail.add_member_subclass(:cognito_user_pool_configuration, Types::ConfigurationDetail::CognitoUserPoolConfiguration)
+    ConfigurationDetail.add_member_subclass(:open_id_connect_configuration, Types::ConfigurationDetail::OpenIdConnectConfiguration)
     ConfigurationDetail.add_member_subclass(:unknown, Types::ConfigurationDetail::Unknown)
     ConfigurationDetail.struct_class = Types::ConfigurationDetail
     ConfigurationItem.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfigurationItem, location_name: "cognitoUserPoolConfiguration"))
+    ConfigurationItem.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectConfigurationItem, location_name: "openIdConnectConfiguration"))
     ConfigurationItem.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     ConfigurationItem.add_member_subclass(:cognito_user_pool_configuration, Types::ConfigurationItem::CognitoUserPoolConfiguration)
+    ConfigurationItem.add_member_subclass(:open_id_connect_configuration, Types::ConfigurationItem::OpenIdConnectConfiguration)
     ConfigurationItem.add_member_subclass(:unknown, Types::ConfigurationItem::Unknown)
     ConfigurationItem.struct_class = Types::ConfigurationItem
@@ -587,6 +619,84 @@ module Aws::VerifiedPermissions
     NamespaceList.member = Shapes::ShapeRef.new(shape: Namespace)
+    OpenIdConnectAccessTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    OpenIdConnectAccessTokenConfiguration.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
+    OpenIdConnectAccessTokenConfiguration.struct_class = Types::OpenIdConnectAccessTokenConfiguration
+    OpenIdConnectAccessTokenConfigurationDetail.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    OpenIdConnectAccessTokenConfigurationDetail.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
+    OpenIdConnectAccessTokenConfigurationDetail.struct_class = Types::OpenIdConnectAccessTokenConfigurationDetail
+    OpenIdConnectAccessTokenConfigurationItem.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    OpenIdConnectAccessTokenConfigurationItem.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
+    OpenIdConnectAccessTokenConfigurationItem.struct_class = Types::OpenIdConnectAccessTokenConfigurationItem
+    OpenIdConnectConfiguration.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    OpenIdConnectConfiguration.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
+    OpenIdConnectConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectGroupConfiguration, location_name: "groupConfiguration"))
+    OpenIdConnectConfiguration.add_member(:token_selection, Shapes::ShapeRef.new(shape: OpenIdConnectTokenSelection, required: true, location_name: "tokenSelection"))
+    OpenIdConnectConfiguration.struct_class = Types::OpenIdConnectConfiguration
+    OpenIdConnectConfigurationDetail.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    OpenIdConnectConfigurationDetail.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
+    OpenIdConnectConfigurationDetail.add_member(:group_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectGroupConfigurationDetail, location_name: "groupConfiguration"))
+    OpenIdConnectConfigurationDetail.add_member(:token_selection, Shapes::ShapeRef.new(shape: OpenIdConnectTokenSelectionDetail, required: true, location_name: "tokenSelection"))
+    OpenIdConnectConfigurationDetail.struct_class = Types::OpenIdConnectConfigurationDetail
+    OpenIdConnectConfigurationItem.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    OpenIdConnectConfigurationItem.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
+    OpenIdConnectConfigurationItem.add_member(:group_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectGroupConfigurationItem, location_name: "groupConfiguration"))
+    OpenIdConnectConfigurationItem.add_member(:token_selection, Shapes::ShapeRef.new(shape: OpenIdConnectTokenSelectionItem, required: true, location_name: "tokenSelection"))
+    OpenIdConnectConfigurationItem.struct_class = Types::OpenIdConnectConfigurationItem
+    OpenIdConnectGroupConfiguration.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
+    OpenIdConnectGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    OpenIdConnectGroupConfiguration.struct_class = Types::OpenIdConnectGroupConfiguration
+    OpenIdConnectGroupConfigurationDetail.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
+    OpenIdConnectGroupConfigurationDetail.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    OpenIdConnectGroupConfigurationDetail.struct_class = Types::OpenIdConnectGroupConfigurationDetail
+    OpenIdConnectGroupConfigurationItem.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
+    OpenIdConnectGroupConfigurationItem.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    OpenIdConnectGroupConfigurationItem.struct_class = Types::OpenIdConnectGroupConfigurationItem
+    OpenIdConnectIdentityTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    OpenIdConnectIdentityTokenConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    OpenIdConnectIdentityTokenConfiguration.struct_class = Types::OpenIdConnectIdentityTokenConfiguration
+    OpenIdConnectIdentityTokenConfigurationDetail.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    OpenIdConnectIdentityTokenConfigurationDetail.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    OpenIdConnectIdentityTokenConfigurationDetail.struct_class = Types::OpenIdConnectIdentityTokenConfigurationDetail
+    OpenIdConnectIdentityTokenConfigurationItem.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    OpenIdConnectIdentityTokenConfigurationItem.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    OpenIdConnectIdentityTokenConfigurationItem.struct_class = Types::OpenIdConnectIdentityTokenConfigurationItem
+    OpenIdConnectTokenSelection.add_member(:access_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectAccessTokenConfiguration, location_name: "accessTokenOnly"))
+    OpenIdConnectTokenSelection.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectIdentityTokenConfiguration, location_name: "identityTokenOnly"))
+    OpenIdConnectTokenSelection.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    OpenIdConnectTokenSelection.add_member_subclass(:access_token_only, Types::OpenIdConnectTokenSelection::AccessTokenOnly)
+    OpenIdConnectTokenSelection.add_member_subclass(:identity_token_only, Types::OpenIdConnectTokenSelection::IdentityTokenOnly)
+    OpenIdConnectTokenSelection.add_member_subclass(:unknown, Types::OpenIdConnectTokenSelection::Unknown)
+    OpenIdConnectTokenSelection.struct_class = Types::OpenIdConnectTokenSelection
+    OpenIdConnectTokenSelectionDetail.add_member(:access_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectAccessTokenConfigurationDetail, location_name: "accessTokenOnly"))
+    OpenIdConnectTokenSelectionDetail.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectIdentityTokenConfigurationDetail, location_name: "identityTokenOnly"))
+    OpenIdConnectTokenSelectionDetail.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    OpenIdConnectTokenSelectionDetail.add_member_subclass(:access_token_only, Types::OpenIdConnectTokenSelectionDetail::AccessTokenOnly)
+    OpenIdConnectTokenSelectionDetail.add_member_subclass(:identity_token_only, Types::OpenIdConnectTokenSelectionDetail::IdentityTokenOnly)
+    OpenIdConnectTokenSelectionDetail.add_member_subclass(:unknown, Types::OpenIdConnectTokenSelectionDetail::Unknown)
+    OpenIdConnectTokenSelectionDetail.struct_class = Types::OpenIdConnectTokenSelectionDetail
+    OpenIdConnectTokenSelectionItem.add_member(:access_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectAccessTokenConfigurationItem, location_name: "accessTokenOnly"))
+    OpenIdConnectTokenSelectionItem.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectIdentityTokenConfigurationItem, location_name: "identityTokenOnly"))
+    OpenIdConnectTokenSelectionItem.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    OpenIdConnectTokenSelectionItem.add_member_subclass(:access_token_only, Types::OpenIdConnectTokenSelectionItem::AccessTokenOnly)
+    OpenIdConnectTokenSelectionItem.add_member_subclass(:identity_token_only, Types::OpenIdConnectTokenSelectionItem::IdentityTokenOnly)
+    OpenIdConnectTokenSelectionItem.add_member_subclass(:unknown, Types::OpenIdConnectTokenSelectionItem::Unknown)
+    OpenIdConnectTokenSelectionItem.struct_class = Types::OpenIdConnectTokenSelectionItem
     ParentList.member = Shapes::ShapeRef.new(shape: EntityIdentifier)
     PolicyDefinition.add_member(:static, Shapes::ShapeRef.new(shape: StaticPolicyDefinition, location_name: "static"))
@@ -730,8 +840,10 @@ module Aws::VerifiedPermissions
     UpdateCognitoUserPoolConfiguration.struct_class = Types::UpdateCognitoUserPoolConfiguration
     UpdateConfiguration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: UpdateCognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
+    UpdateConfiguration.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectConfiguration, location_name: "openIdConnectConfiguration"))
     UpdateConfiguration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     UpdateConfiguration.add_member_subclass(:cognito_user_pool_configuration, Types::UpdateConfiguration::CognitoUserPoolConfiguration)
+    UpdateConfiguration.add_member_subclass(:open_id_connect_configuration, Types::UpdateConfiguration::OpenIdConnectConfiguration)
     UpdateConfiguration.add_member_subclass(:unknown, Types::UpdateConfiguration::Unknown)
     UpdateConfiguration.struct_class = Types::UpdateConfiguration
@@ -747,6 +859,32 @@ module Aws::VerifiedPermissions
     UpdateIdentitySourceOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     UpdateIdentitySourceOutput.struct_class = Types::UpdateIdentitySourceOutput
+    UpdateOpenIdConnectAccessTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    UpdateOpenIdConnectAccessTokenConfiguration.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
+    UpdateOpenIdConnectAccessTokenConfiguration.struct_class = Types::UpdateOpenIdConnectAccessTokenConfiguration
+    UpdateOpenIdConnectConfiguration.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    UpdateOpenIdConnectConfiguration.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
+    UpdateOpenIdConnectConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectGroupConfiguration, location_name: "groupConfiguration"))
+    UpdateOpenIdConnectConfiguration.add_member(:token_selection, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectTokenSelection, required: true, location_name: "tokenSelection"))
+    UpdateOpenIdConnectConfiguration.struct_class = Types::UpdateOpenIdConnectConfiguration
+    UpdateOpenIdConnectGroupConfiguration.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
+    UpdateOpenIdConnectGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    UpdateOpenIdConnectGroupConfiguration.struct_class = Types::UpdateOpenIdConnectGroupConfiguration
+    UpdateOpenIdConnectIdentityTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
+    UpdateOpenIdConnectIdentityTokenConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    UpdateOpenIdConnectIdentityTokenConfiguration.struct_class = Types::UpdateOpenIdConnectIdentityTokenConfiguration
+    UpdateOpenIdConnectTokenSelection.add_member(:access_token_only, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectAccessTokenConfiguration, location_name: "accessTokenOnly"))
+    UpdateOpenIdConnectTokenSelection.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectIdentityTokenConfiguration, location_name: "identityTokenOnly"))
+    UpdateOpenIdConnectTokenSelection.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    UpdateOpenIdConnectTokenSelection.add_member_subclass(:access_token_only, Types::UpdateOpenIdConnectTokenSelection::AccessTokenOnly)
+    UpdateOpenIdConnectTokenSelection.add_member_subclass(:identity_token_only, Types::UpdateOpenIdConnectTokenSelection::IdentityTokenOnly)
+    UpdateOpenIdConnectTokenSelection.add_member_subclass(:unknown, Types::UpdateOpenIdConnectTokenSelection::Unknown)
+    UpdateOpenIdConnectTokenSelection.struct_class = Types::UpdateOpenIdConnectTokenSelection
     UpdatePolicyDefinition.add_member(:static, Shapes::ShapeRef.new(shape: UpdateStaticPolicyDefinition, location_name: "static"))
     UpdatePolicyDefinition.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     UpdatePolicyDefinition.add_member_subclass(:static, Types::UpdatePolicyDefinition::Static)