@aws-sdk/client-signin 3.1081.0 → 3.1083.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -0
- package/dist-cjs/index.js +194 -81
- package/dist-es/Signin.js +6 -0
- package/dist-es/commandBuilder.js +3 -0
- package/dist-es/commands/CreateOAuth2TokenWithIAMCommand.js +4 -0
- package/dist-es/commands/DeleteConsoleAuthorizationConfigurationCommand.js +2 -2
- package/dist-es/commands/DeleteResourcePermissionStatementCommand.js +2 -2
- package/dist-es/commands/GetConsoleAuthorizationConfigurationCommand.js +2 -2
- package/dist-es/commands/GetResourcePolicyCommand.js +2 -2
- package/dist-es/commands/IntrospectOAuth2TokenWithIAMCommand.js +4 -0
- package/dist-es/commands/ListResourcePermissionStatementsCommand.js +2 -2
- package/dist-es/commands/PutConsoleAuthorizationConfigurationCommand.js +2 -2
- package/dist-es/commands/PutResourcePermissionStatementCommand.js +2 -2
- package/dist-es/commands/RevokeOAuth2TokenWithIAMCommand.js +4 -0
- package/dist-es/commands/index.js +3 -0
- package/dist-es/endpoint/bdd.js +80 -70
- package/dist-es/endpoint/endpointResolver.js +1 -1
- package/dist-es/schemas/schemas_0.js +78 -2
- package/dist-types/Signin.d.ts +21 -0
- package/dist-types/SigninClient.d.ts +5 -2
- package/dist-types/commandBuilder.d.ts +4 -0
- package/dist-types/commands/CreateOAuth2TokenWithIAMCommand.d.ts +114 -0
- package/dist-types/commands/IntrospectOAuth2TokenWithIAMCommand.d.ts +134 -0
- package/dist-types/commands/RevokeOAuth2TokenWithIAMCommand.d.ts +114 -0
- package/dist-types/commands/index.d.ts +3 -0
- package/dist-types/endpoint/EndpointParameters.d.ts +1 -0
- package/dist-types/models/models_0.d.ts +175 -3
- package/dist-types/schemas/schemas_0.d.ts +9 -0
- package/dist-types/ts3.4/Signin.d.ts +51 -0
- package/dist-types/ts3.4/SigninClient.d.ts +20 -2
- package/dist-types/ts3.4/commandBuilder.d.ts +1 -0
- package/dist-types/ts3.4/commands/CreateOAuth2TokenWithIAMCommand.d.ts +44 -0
- package/dist-types/ts3.4/commands/IntrospectOAuth2TokenWithIAMCommand.d.ts +44 -0
- package/dist-types/ts3.4/commands/RevokeOAuth2TokenWithIAMCommand.d.ts +44 -0
- package/dist-types/ts3.4/commands/index.d.ts +3 -0
- package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts +1 -0
- package/dist-types/ts3.4/models/models_0.d.ts +33 -0
- package/dist-types/ts3.4/schemas/schemas_0.d.ts +9 -0
- package/package.json +9 -9
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
|
|
2
|
+
import type { IntrospectOAuth2TokenWithIAMRequest, IntrospectOAuth2TokenWithIAMResponse } from "../models/models_0";
|
|
3
|
+
/**
|
|
4
|
+
* @public
|
|
5
|
+
*/
|
|
6
|
+
export type { __MetadataBearer };
|
|
7
|
+
/**
|
|
8
|
+
* @public
|
|
9
|
+
*
|
|
10
|
+
* The input for {@link IntrospectOAuth2TokenWithIAMCommand}.
|
|
11
|
+
*/
|
|
12
|
+
export interface IntrospectOAuth2TokenWithIAMCommandInput extends IntrospectOAuth2TokenWithIAMRequest {
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* @public
|
|
16
|
+
*
|
|
17
|
+
* The output of {@link IntrospectOAuth2TokenWithIAMCommand}.
|
|
18
|
+
*/
|
|
19
|
+
export interface IntrospectOAuth2TokenWithIAMCommandOutput extends IntrospectOAuth2TokenWithIAMResponse, __MetadataBearer {
|
|
20
|
+
}
|
|
21
|
+
declare const IntrospectOAuth2TokenWithIAMCommand_base: {
|
|
22
|
+
new (input: IntrospectOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<IntrospectOAuth2TokenWithIAMCommandInput, IntrospectOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
|
|
23
|
+
new (input: IntrospectOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<IntrospectOAuth2TokenWithIAMCommandInput, IntrospectOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
|
|
24
|
+
getEndpointParameterInstructions(): import("@smithy/types").EndpointParameterInstructions;
|
|
25
|
+
};
|
|
26
|
+
/**
|
|
27
|
+
* Grants permission to inspect the metadata and state of an OAuth 2.0
|
|
28
|
+
* access token or refresh token
|
|
29
|
+
*
|
|
30
|
+
* Implements RFC 7662 OAuth 2.0 Token Introspection over a SigV4-authenticated
|
|
31
|
+
* endpoint. Inspects the metadata of an access_token or refresh_token issued
|
|
32
|
+
* by AWS Sign-In and returns the claims associated with it.
|
|
33
|
+
*
|
|
34
|
+
* Inactive token semantics (RFC 7662 §2.2): when the supplied token is
|
|
35
|
+
* unknown, expired, revoked, malformed, or owned by a different account,
|
|
36
|
+
* the response body is exactly \{ "active": false \} with all other claims
|
|
37
|
+
* omitted.
|
|
38
|
+
* @example
|
|
39
|
+
* Use a bare-bones client and the command you need to make an API call.
|
|
40
|
+
* ```javascript
|
|
41
|
+
* import { SigninClient, IntrospectOAuth2TokenWithIAMCommand } from "@aws-sdk/client-signin"; // ES Modules import
|
|
42
|
+
* // const { SigninClient, IntrospectOAuth2TokenWithIAMCommand } = require("@aws-sdk/client-signin"); // CommonJS import
|
|
43
|
+
* // import type { SigninClientConfig } from "@aws-sdk/client-signin";
|
|
44
|
+
* const config = {}; // type is SigninClientConfig
|
|
45
|
+
* const client = new SigninClient(config);
|
|
46
|
+
* const input = { // IntrospectOAuth2TokenWithIAMRequest
|
|
47
|
+
* token: "STRING_VALUE", // required
|
|
48
|
+
* tokenTypeHint: "STRING_VALUE",
|
|
49
|
+
* };
|
|
50
|
+
* const command = new IntrospectOAuth2TokenWithIAMCommand(input);
|
|
51
|
+
* const response = await client.send(command);
|
|
52
|
+
* // { // IntrospectOAuth2TokenWithIAMResponse
|
|
53
|
+
* // active: true || false, // required
|
|
54
|
+
* // clientId: "STRING_VALUE",
|
|
55
|
+
* // userId: "STRING_VALUE",
|
|
56
|
+
* // tokenType: "STRING_VALUE",
|
|
57
|
+
* // exp: Number("long"),
|
|
58
|
+
* // iat: Number("long"),
|
|
59
|
+
* // nbf: Number("long"),
|
|
60
|
+
* // sub: "STRING_VALUE",
|
|
61
|
+
* // aud: "STRING_VALUE",
|
|
62
|
+
* // iss: "STRING_VALUE",
|
|
63
|
+
* // jti: "STRING_VALUE",
|
|
64
|
+
* // accountId: "STRING_VALUE",
|
|
65
|
+
* // signinSession: "STRING_VALUE",
|
|
66
|
+
* // resource: "STRING_VALUE",
|
|
67
|
+
* // };
|
|
68
|
+
*
|
|
69
|
+
* ```
|
|
70
|
+
*
|
|
71
|
+
* @param IntrospectOAuth2TokenWithIAMCommandInput - {@link IntrospectOAuth2TokenWithIAMCommandInput}
|
|
72
|
+
* @returns {@link IntrospectOAuth2TokenWithIAMCommandOutput}
|
|
73
|
+
* @see {@link IntrospectOAuth2TokenWithIAMCommandInput} for command's `input` shape.
|
|
74
|
+
* @see {@link IntrospectOAuth2TokenWithIAMCommandOutput} for command's `response` shape.
|
|
75
|
+
* @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
|
|
76
|
+
*
|
|
77
|
+
* @throws {@link AccessDeniedException} (client fault)
|
|
78
|
+
* Error thrown for access denied scenarios with flexible HTTP status mapping
|
|
79
|
+
*
|
|
80
|
+
* Runtime HTTP Status Code Mapping:
|
|
81
|
+
* - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
|
|
82
|
+
* - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
|
|
83
|
+
*
|
|
84
|
+
* The specific HTTP status code is determined at runtime based on the error enum value.
|
|
85
|
+
* Consumers should use the error field to determine the specific access denial reason.
|
|
86
|
+
*
|
|
87
|
+
* @throws {@link InternalServerException} (server fault)
|
|
88
|
+
* Error thrown when an internal server error occurs
|
|
89
|
+
*
|
|
90
|
+
* HTTP Status Code: 500 Internal Server Error
|
|
91
|
+
*
|
|
92
|
+
* Used for unexpected server-side errors that prevent request processing.
|
|
93
|
+
*
|
|
94
|
+
* @throws {@link TooManyRequestsError} (client fault)
|
|
95
|
+
* Error thrown when rate limit is exceeded
|
|
96
|
+
*
|
|
97
|
+
* HTTP Status Code: 429 Too Many Requests
|
|
98
|
+
*
|
|
99
|
+
* Possible OAuth2ErrorCode values:
|
|
100
|
+
* - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
|
|
101
|
+
*
|
|
102
|
+
* Possible causes:
|
|
103
|
+
* - Too many token requests from the same client
|
|
104
|
+
* - Rate limiting based on client_id or IP address
|
|
105
|
+
* - Abuse prevention mechanisms triggered
|
|
106
|
+
* - Service protection against excessive token generation
|
|
107
|
+
*
|
|
108
|
+
* @throws {@link ValidationException} (client fault)
|
|
109
|
+
* Error thrown when request validation fails
|
|
110
|
+
*
|
|
111
|
+
* HTTP Status Code: 400 Bad Request
|
|
112
|
+
*
|
|
113
|
+
* Used for request validation errors such as malformed parameters,
|
|
114
|
+
* missing required fields, or invalid parameter values.
|
|
115
|
+
*
|
|
116
|
+
* @throws {@link SigninServiceException}
|
|
117
|
+
* <p>Base exception class for all service exceptions from Signin service.</p>
|
|
118
|
+
*
|
|
119
|
+
*
|
|
120
|
+
* @public
|
|
121
|
+
*/
|
|
122
|
+
export declare class IntrospectOAuth2TokenWithIAMCommand extends IntrospectOAuth2TokenWithIAMCommand_base {
|
|
123
|
+
/** @internal type navigation helper, not in runtime. */
|
|
124
|
+
protected static __types: {
|
|
125
|
+
api: {
|
|
126
|
+
input: IntrospectOAuth2TokenWithIAMRequest;
|
|
127
|
+
output: IntrospectOAuth2TokenWithIAMResponse;
|
|
128
|
+
};
|
|
129
|
+
sdk: {
|
|
130
|
+
input: IntrospectOAuth2TokenWithIAMCommandInput;
|
|
131
|
+
output: IntrospectOAuth2TokenWithIAMCommandOutput;
|
|
132
|
+
};
|
|
133
|
+
};
|
|
134
|
+
}
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
|
|
2
|
+
import type { RevokeOAuth2TokenWithIAMRequest, RevokeOAuth2TokenWithIAMResponse } from "../models/models_0";
|
|
3
|
+
/**
|
|
4
|
+
* @public
|
|
5
|
+
*/
|
|
6
|
+
export type { __MetadataBearer };
|
|
7
|
+
/**
|
|
8
|
+
* @public
|
|
9
|
+
*
|
|
10
|
+
* The input for {@link RevokeOAuth2TokenWithIAMCommand}.
|
|
11
|
+
*/
|
|
12
|
+
export interface RevokeOAuth2TokenWithIAMCommandInput extends RevokeOAuth2TokenWithIAMRequest {
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* @public
|
|
16
|
+
*
|
|
17
|
+
* The output of {@link RevokeOAuth2TokenWithIAMCommand}.
|
|
18
|
+
*/
|
|
19
|
+
export interface RevokeOAuth2TokenWithIAMCommandOutput extends RevokeOAuth2TokenWithIAMResponse, __MetadataBearer {
|
|
20
|
+
}
|
|
21
|
+
declare const RevokeOAuth2TokenWithIAMCommand_base: {
|
|
22
|
+
new (input: RevokeOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<RevokeOAuth2TokenWithIAMCommandInput, RevokeOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
|
|
23
|
+
new (input: RevokeOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<RevokeOAuth2TokenWithIAMCommandInput, RevokeOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
|
|
24
|
+
getEndpointParameterInstructions(): import("@smithy/types").EndpointParameterInstructions;
|
|
25
|
+
};
|
|
26
|
+
/**
|
|
27
|
+
* Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens
|
|
28
|
+
*
|
|
29
|
+
* Revokes a refresh_token issued by AWS Sign-In, invalidating the entire token
|
|
30
|
+
* chain so that the refresh_token can no longer be used to mint new access_tokens.
|
|
31
|
+
*
|
|
32
|
+
* Idempotency: revoking an already-revoked, expired, or otherwise invalid token
|
|
33
|
+
* still returns 200 OK with an empty body. Only the refresh_token type is accepted.
|
|
34
|
+
* @example
|
|
35
|
+
* Use a bare-bones client and the command you need to make an API call.
|
|
36
|
+
* ```javascript
|
|
37
|
+
* import { SigninClient, RevokeOAuth2TokenWithIAMCommand } from "@aws-sdk/client-signin"; // ES Modules import
|
|
38
|
+
* // const { SigninClient, RevokeOAuth2TokenWithIAMCommand } = require("@aws-sdk/client-signin"); // CommonJS import
|
|
39
|
+
* // import type { SigninClientConfig } from "@aws-sdk/client-signin";
|
|
40
|
+
* const config = {}; // type is SigninClientConfig
|
|
41
|
+
* const client = new SigninClient(config);
|
|
42
|
+
* const input = { // RevokeOAuth2TokenWithIAMRequest
|
|
43
|
+
* token: "STRING_VALUE", // required
|
|
44
|
+
* };
|
|
45
|
+
* const command = new RevokeOAuth2TokenWithIAMCommand(input);
|
|
46
|
+
* const response = await client.send(command);
|
|
47
|
+
* // {};
|
|
48
|
+
*
|
|
49
|
+
* ```
|
|
50
|
+
*
|
|
51
|
+
* @param RevokeOAuth2TokenWithIAMCommandInput - {@link RevokeOAuth2TokenWithIAMCommandInput}
|
|
52
|
+
* @returns {@link RevokeOAuth2TokenWithIAMCommandOutput}
|
|
53
|
+
* @see {@link RevokeOAuth2TokenWithIAMCommandInput} for command's `input` shape.
|
|
54
|
+
* @see {@link RevokeOAuth2TokenWithIAMCommandOutput} for command's `response` shape.
|
|
55
|
+
* @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
|
|
56
|
+
*
|
|
57
|
+
* @throws {@link AccessDeniedException} (client fault)
|
|
58
|
+
* Error thrown for access denied scenarios with flexible HTTP status mapping
|
|
59
|
+
*
|
|
60
|
+
* Runtime HTTP Status Code Mapping:
|
|
61
|
+
* - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
|
|
62
|
+
* - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
|
|
63
|
+
*
|
|
64
|
+
* The specific HTTP status code is determined at runtime based on the error enum value.
|
|
65
|
+
* Consumers should use the error field to determine the specific access denial reason.
|
|
66
|
+
*
|
|
67
|
+
* @throws {@link InternalServerException} (server fault)
|
|
68
|
+
* Error thrown when an internal server error occurs
|
|
69
|
+
*
|
|
70
|
+
* HTTP Status Code: 500 Internal Server Error
|
|
71
|
+
*
|
|
72
|
+
* Used for unexpected server-side errors that prevent request processing.
|
|
73
|
+
*
|
|
74
|
+
* @throws {@link TooManyRequestsError} (client fault)
|
|
75
|
+
* Error thrown when rate limit is exceeded
|
|
76
|
+
*
|
|
77
|
+
* HTTP Status Code: 429 Too Many Requests
|
|
78
|
+
*
|
|
79
|
+
* Possible OAuth2ErrorCode values:
|
|
80
|
+
* - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
|
|
81
|
+
*
|
|
82
|
+
* Possible causes:
|
|
83
|
+
* - Too many token requests from the same client
|
|
84
|
+
* - Rate limiting based on client_id or IP address
|
|
85
|
+
* - Abuse prevention mechanisms triggered
|
|
86
|
+
* - Service protection against excessive token generation
|
|
87
|
+
*
|
|
88
|
+
* @throws {@link ValidationException} (client fault)
|
|
89
|
+
* Error thrown when request validation fails
|
|
90
|
+
*
|
|
91
|
+
* HTTP Status Code: 400 Bad Request
|
|
92
|
+
*
|
|
93
|
+
* Used for request validation errors such as malformed parameters,
|
|
94
|
+
* missing required fields, or invalid parameter values.
|
|
95
|
+
*
|
|
96
|
+
* @throws {@link SigninServiceException}
|
|
97
|
+
* <p>Base exception class for all service exceptions from Signin service.</p>
|
|
98
|
+
*
|
|
99
|
+
*
|
|
100
|
+
* @public
|
|
101
|
+
*/
|
|
102
|
+
export declare class RevokeOAuth2TokenWithIAMCommand extends RevokeOAuth2TokenWithIAMCommand_base {
|
|
103
|
+
/** @internal type navigation helper, not in runtime. */
|
|
104
|
+
protected static __types: {
|
|
105
|
+
api: {
|
|
106
|
+
input: RevokeOAuth2TokenWithIAMRequest;
|
|
107
|
+
output: {};
|
|
108
|
+
};
|
|
109
|
+
sdk: {
|
|
110
|
+
input: RevokeOAuth2TokenWithIAMCommandInput;
|
|
111
|
+
output: RevokeOAuth2TokenWithIAMCommandOutput;
|
|
112
|
+
};
|
|
113
|
+
};
|
|
114
|
+
}
|
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
export * from "./CreateOAuth2TokenCommand";
|
|
2
|
+
export * from "./CreateOAuth2TokenWithIAMCommand";
|
|
2
3
|
export * from "./DeleteConsoleAuthorizationConfigurationCommand";
|
|
3
4
|
export * from "./DeleteResourcePermissionStatementCommand";
|
|
4
5
|
export * from "./GetConsoleAuthorizationConfigurationCommand";
|
|
5
6
|
export * from "./GetResourcePolicyCommand";
|
|
7
|
+
export * from "./IntrospectOAuth2TokenWithIAMCommand";
|
|
6
8
|
export * from "./ListResourcePermissionStatementsCommand";
|
|
7
9
|
export * from "./PutConsoleAuthorizationConfigurationCommand";
|
|
8
10
|
export * from "./PutResourcePermissionStatementCommand";
|
|
11
|
+
export * from "./RevokeOAuth2TokenWithIAMCommand";
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* AWS credentials structure containing temporary access credentials
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
* Scoping down will be based on CLI policy (CLI team needs to create it).
|
|
6
|
-
* Similar to cloud shell implementation.
|
|
4
|
+
* Scoped, temporary AWS credentials with a 15-minute duration.
|
|
7
5
|
* @public
|
|
8
6
|
*/
|
|
9
7
|
export interface AccessToken {
|
|
@@ -140,6 +138,46 @@ export interface CreateOAuth2TokenResponse {
|
|
|
140
138
|
*/
|
|
141
139
|
tokenOutput: CreateOAuth2TokenResponseBody | undefined;
|
|
142
140
|
}
|
|
141
|
+
/**
|
|
142
|
+
* Input structure for CreateOAuth2TokenWithIAM operation
|
|
143
|
+
* @public
|
|
144
|
+
*/
|
|
145
|
+
export interface CreateOAuth2TokenWithIAMRequest {
|
|
146
|
+
/**
|
|
147
|
+
* OAuth 2.0 grant type. Must be "client_credentials".
|
|
148
|
+
* @public
|
|
149
|
+
*/
|
|
150
|
+
grantType: string | undefined;
|
|
151
|
+
/**
|
|
152
|
+
* The OAuth resource for which the access token is requested.
|
|
153
|
+
* Example: "aws-mcp.amazonaws.com".
|
|
154
|
+
* @public
|
|
155
|
+
*/
|
|
156
|
+
resource: string | undefined;
|
|
157
|
+
}
|
|
158
|
+
/**
|
|
159
|
+
* Output structure for CreateOAuth2TokenWithIAM operation
|
|
160
|
+
*
|
|
161
|
+
* Contains the JWT access token, token type, and expiration per RFC 6749 §5.1.
|
|
162
|
+
* @public
|
|
163
|
+
*/
|
|
164
|
+
export interface CreateOAuth2TokenWithIAMResponse {
|
|
165
|
+
/**
|
|
166
|
+
* JWT access token containing principal identity, resource scope, and session metadata
|
|
167
|
+
* @public
|
|
168
|
+
*/
|
|
169
|
+
accessToken: string | undefined;
|
|
170
|
+
/**
|
|
171
|
+
* Always "Bearer" per OAuth 2.1 specification
|
|
172
|
+
* @public
|
|
173
|
+
*/
|
|
174
|
+
tokenType: string | undefined;
|
|
175
|
+
/**
|
|
176
|
+
* Token lifetime in seconds. Value is the minimum of session validity and 1 hour.
|
|
177
|
+
* @public
|
|
178
|
+
*/
|
|
179
|
+
expiresIn: number | undefined;
|
|
180
|
+
}
|
|
143
181
|
/**
|
|
144
182
|
* Input for DeleteConsoleAuthorizationConfiguration operation
|
|
145
183
|
* @public
|
|
@@ -290,6 +328,117 @@ export interface GetResourcePolicyOutput {
|
|
|
290
328
|
*/
|
|
291
329
|
signinResourceBasedPolicy: SigninResourceBasedPolicy | undefined;
|
|
292
330
|
}
|
|
331
|
+
/**
|
|
332
|
+
* Input structure for IntrospectOAuth2TokenWithIAM operation
|
|
333
|
+
*
|
|
334
|
+
* RFC 7662 §2.1 introspection request. Contains the token to inspect and an
|
|
335
|
+
* optional hint about the token's type.
|
|
336
|
+
* @public
|
|
337
|
+
*/
|
|
338
|
+
export interface IntrospectOAuth2TokenWithIAMRequest {
|
|
339
|
+
/**
|
|
340
|
+
* The string value of the token to introspect.
|
|
341
|
+
* May be either an access_token or a refresh_token issued by AWS Sign-In.
|
|
342
|
+
* @public
|
|
343
|
+
*/
|
|
344
|
+
token: string | undefined;
|
|
345
|
+
/**
|
|
346
|
+
* Optional hint about the type of the token submitted for introspection.
|
|
347
|
+
* The server uses this hint to optimize lookup, but still falls back to
|
|
348
|
+
* the other token type on miss. Allowed values: access_token, refresh_token.
|
|
349
|
+
* @public
|
|
350
|
+
*/
|
|
351
|
+
tokenTypeHint?: string | undefined;
|
|
352
|
+
}
|
|
353
|
+
/**
|
|
354
|
+
* Output structure for IntrospectOAuth2TokenWithIAM operation
|
|
355
|
+
*
|
|
356
|
+
* RFC 7662 §2.2 introspection response. Only `active` is required; all other
|
|
357
|
+
* claims are omitted when the token is inactive.
|
|
358
|
+
* @public
|
|
359
|
+
*/
|
|
360
|
+
export interface IntrospectOAuth2TokenWithIAMResponse {
|
|
361
|
+
/**
|
|
362
|
+
* Indicates whether the token is currently active. `true` only when the
|
|
363
|
+
* token is valid, has not expired, has not been revoked, and belongs to
|
|
364
|
+
* the caller's account.
|
|
365
|
+
* @public
|
|
366
|
+
*/
|
|
367
|
+
active: boolean | undefined;
|
|
368
|
+
/**
|
|
369
|
+
* Client identifier for the OAuth 2.0 client that requested the token.
|
|
370
|
+
* @public
|
|
371
|
+
*/
|
|
372
|
+
clientId?: string | undefined;
|
|
373
|
+
/**
|
|
374
|
+
* User identifier matching sts:GetCallerIdentity's `UserId` field for the
|
|
375
|
+
* token's subject principal (e.g. "AIDAEXAMPLE" for an IAM user, or
|
|
376
|
+
* "AROAEXAMPLE:session-name" for an assumed role).
|
|
377
|
+
* @public
|
|
378
|
+
*/
|
|
379
|
+
userId?: string | undefined;
|
|
380
|
+
/**
|
|
381
|
+
* Indicates which kind of token was introspected.
|
|
382
|
+
* One of "access_token" or "refresh_token".
|
|
383
|
+
* @public
|
|
384
|
+
*/
|
|
385
|
+
tokenType?: string | undefined;
|
|
386
|
+
/**
|
|
387
|
+
* Token expiration time as a NumericDate (Unix epoch seconds).
|
|
388
|
+
* @public
|
|
389
|
+
*/
|
|
390
|
+
exp?: number | undefined;
|
|
391
|
+
/**
|
|
392
|
+
* Token issuance time as a NumericDate (Unix epoch seconds).
|
|
393
|
+
* @public
|
|
394
|
+
*/
|
|
395
|
+
iat?: number | undefined;
|
|
396
|
+
/**
|
|
397
|
+
* Token "not before" time as a NumericDate (Unix epoch seconds).
|
|
398
|
+
* @public
|
|
399
|
+
*/
|
|
400
|
+
nbf?: number | undefined;
|
|
401
|
+
/**
|
|
402
|
+
* Subject of the token: the IAM principal ARN. For assumed-role sessions,
|
|
403
|
+
* this is the session ARN (matches sts:GetCallerIdentity's `Arn` field),
|
|
404
|
+
* e.g. arn:aws:sts::123456789012:assumed-role/MyRole/session-name.
|
|
405
|
+
* @public
|
|
406
|
+
*/
|
|
407
|
+
sub?: string | undefined;
|
|
408
|
+
/**
|
|
409
|
+
* Audience of the token: the OAuth resource the token is scoped to
|
|
410
|
+
* (for example, "aws-mcp.amazonaws.com"). Omitted for refresh tokens.
|
|
411
|
+
* @public
|
|
412
|
+
*/
|
|
413
|
+
aud?: string | undefined;
|
|
414
|
+
/**
|
|
415
|
+
* Issuer of the token. Always "signin.amazonaws.com" for AWS Sign-In.
|
|
416
|
+
* @public
|
|
417
|
+
*/
|
|
418
|
+
iss?: string | undefined;
|
|
419
|
+
/**
|
|
420
|
+
* Unique identifier for the token.
|
|
421
|
+
* @public
|
|
422
|
+
*/
|
|
423
|
+
jti?: string | undefined;
|
|
424
|
+
/**
|
|
425
|
+
* 12-digit AWS account ID of the token's subject principal.
|
|
426
|
+
* @public
|
|
427
|
+
*/
|
|
428
|
+
accountId?: string | undefined;
|
|
429
|
+
/**
|
|
430
|
+
* AWS Sign-In session ARN bound to the token, of the form
|
|
431
|
+
* arn:aws:signin:\{region\}:\{account\}:session/\{uuid\}.
|
|
432
|
+
* @public
|
|
433
|
+
*/
|
|
434
|
+
signinSession?: string | undefined;
|
|
435
|
+
/**
|
|
436
|
+
* The OAuth resource the token is scoped to during Human OAuth flow.
|
|
437
|
+
* Only present for refresh token introspection.
|
|
438
|
+
* @public
|
|
439
|
+
*/
|
|
440
|
+
resource?: string | undefined;
|
|
441
|
+
}
|
|
293
442
|
/**
|
|
294
443
|
* Input for ListResourcePermissionStatements operation
|
|
295
444
|
* @public
|
|
@@ -428,3 +577,26 @@ export interface PutResourcePermissionStatementOutput {
|
|
|
428
577
|
*/
|
|
429
578
|
statementId: string | undefined;
|
|
430
579
|
}
|
|
580
|
+
/**
|
|
581
|
+
* Input structure for RevokeOAuth2TokenWithIAM operation
|
|
582
|
+
*
|
|
583
|
+
* RFC 7009 §2.1 revocation request. Contains the refresh_token to revoke.
|
|
584
|
+
* @public
|
|
585
|
+
*/
|
|
586
|
+
export interface RevokeOAuth2TokenWithIAMRequest {
|
|
587
|
+
/**
|
|
588
|
+
* The refresh_token to revoke. Must be a refresh_token issued by AWS
|
|
589
|
+
* Sign-In (prefix "ASOR"); access_tokens are not accepted for revocation.
|
|
590
|
+
* @public
|
|
591
|
+
*/
|
|
592
|
+
token: string | undefined;
|
|
593
|
+
}
|
|
594
|
+
/**
|
|
595
|
+
* Output structure for RevokeOAuth2TokenWithIAM operation
|
|
596
|
+
*
|
|
597
|
+
* RFC 7009 §2.2 revocation response. The endpoint returns 200 OK with an
|
|
598
|
+
* empty body on success; there are no response fields.
|
|
599
|
+
* @public
|
|
600
|
+
*/
|
|
601
|
+
export interface RevokeOAuth2TokenWithIAMResponse {
|
|
602
|
+
}
|
|
@@ -19,6 +19,8 @@ export declare var CreateOAuth2TokenRequest$: StaticStructureSchema;
|
|
|
19
19
|
export declare var CreateOAuth2TokenRequestBody$: StaticStructureSchema;
|
|
20
20
|
export declare var CreateOAuth2TokenResponse$: StaticStructureSchema;
|
|
21
21
|
export declare var CreateOAuth2TokenResponseBody$: StaticStructureSchema;
|
|
22
|
+
export declare var CreateOAuth2TokenWithIAMRequest$: StaticStructureSchema;
|
|
23
|
+
export declare var CreateOAuth2TokenWithIAMResponse$: StaticStructureSchema;
|
|
22
24
|
export declare var DeleteConsoleAuthorizationConfigurationInput$: StaticStructureSchema;
|
|
23
25
|
export declare var DeleteConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
|
|
24
26
|
export declare var DeleteResourcePermissionStatementInput$: StaticStructureSchema;
|
|
@@ -27,6 +29,8 @@ export declare var GetConsoleAuthorizationConfigurationInput$: StaticStructureSc
|
|
|
27
29
|
export declare var GetConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
|
|
28
30
|
export declare var GetResourcePolicyInput$: StaticStructureSchema;
|
|
29
31
|
export declare var GetResourcePolicyOutput$: StaticStructureSchema;
|
|
32
|
+
export declare var IntrospectOAuth2TokenWithIAMRequest$: StaticStructureSchema;
|
|
33
|
+
export declare var IntrospectOAuth2TokenWithIAMResponse$: StaticStructureSchema;
|
|
30
34
|
export declare var ListResourcePermissionStatementsInput$: StaticStructureSchema;
|
|
31
35
|
export declare var ListResourcePermissionStatementsOutput$: StaticStructureSchema;
|
|
32
36
|
export declare var PermissionStatementSummary$: StaticStructureSchema;
|
|
@@ -35,12 +39,17 @@ export declare var PutConsoleAuthorizationConfigurationInput$: StaticStructureSc
|
|
|
35
39
|
export declare var PutConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
|
|
36
40
|
export declare var PutResourcePermissionStatementInput$: StaticStructureSchema;
|
|
37
41
|
export declare var PutResourcePermissionStatementOutput$: StaticStructureSchema;
|
|
42
|
+
export declare var RevokeOAuth2TokenWithIAMRequest$: StaticStructureSchema;
|
|
43
|
+
export declare var RevokeOAuth2TokenWithIAMResponse$: StaticStructureSchema;
|
|
38
44
|
export declare var SigninResourceBasedPolicy$: StaticStructureSchema;
|
|
39
45
|
export declare var CreateOAuth2Token$: StaticOperationSchema;
|
|
46
|
+
export declare var CreateOAuth2TokenWithIAM$: StaticOperationSchema;
|
|
40
47
|
export declare var DeleteConsoleAuthorizationConfiguration$: StaticOperationSchema;
|
|
41
48
|
export declare var DeleteResourcePermissionStatement$: StaticOperationSchema;
|
|
42
49
|
export declare var GetConsoleAuthorizationConfiguration$: StaticOperationSchema;
|
|
43
50
|
export declare var GetResourcePolicy$: StaticOperationSchema;
|
|
51
|
+
export declare var IntrospectOAuth2TokenWithIAM$: StaticOperationSchema;
|
|
44
52
|
export declare var ListResourcePermissionStatements$: StaticOperationSchema;
|
|
45
53
|
export declare var PutConsoleAuthorizationConfiguration$: StaticOperationSchema;
|
|
46
54
|
export declare var PutResourcePermissionStatement$: StaticOperationSchema;
|
|
55
|
+
export declare var RevokeOAuth2TokenWithIAM$: StaticOperationSchema;
|
|
@@ -7,6 +7,10 @@ import {
|
|
|
7
7
|
CreateOAuth2TokenCommandInput,
|
|
8
8
|
CreateOAuth2TokenCommandOutput,
|
|
9
9
|
} from "./commands/CreateOAuth2TokenCommand";
|
|
10
|
+
import {
|
|
11
|
+
CreateOAuth2TokenWithIAMCommandInput,
|
|
12
|
+
CreateOAuth2TokenWithIAMCommandOutput,
|
|
13
|
+
} from "./commands/CreateOAuth2TokenWithIAMCommand";
|
|
10
14
|
import {
|
|
11
15
|
DeleteConsoleAuthorizationConfigurationCommandInput,
|
|
12
16
|
DeleteConsoleAuthorizationConfigurationCommandOutput,
|
|
@@ -23,6 +27,10 @@ import {
|
|
|
23
27
|
GetResourcePolicyCommandInput,
|
|
24
28
|
GetResourcePolicyCommandOutput,
|
|
25
29
|
} from "./commands/GetResourcePolicyCommand";
|
|
30
|
+
import {
|
|
31
|
+
IntrospectOAuth2TokenWithIAMCommandInput,
|
|
32
|
+
IntrospectOAuth2TokenWithIAMCommandOutput,
|
|
33
|
+
} from "./commands/IntrospectOAuth2TokenWithIAMCommand";
|
|
26
34
|
import {
|
|
27
35
|
ListResourcePermissionStatementsCommandInput,
|
|
28
36
|
ListResourcePermissionStatementsCommandOutput,
|
|
@@ -35,6 +43,10 @@ import {
|
|
|
35
43
|
PutResourcePermissionStatementCommandInput,
|
|
36
44
|
PutResourcePermissionStatementCommandOutput,
|
|
37
45
|
} from "./commands/PutResourcePermissionStatementCommand";
|
|
46
|
+
import {
|
|
47
|
+
RevokeOAuth2TokenWithIAMCommandInput,
|
|
48
|
+
RevokeOAuth2TokenWithIAMCommandOutput,
|
|
49
|
+
} from "./commands/RevokeOAuth2TokenWithIAMCommand";
|
|
38
50
|
import { SigninClient } from "./SigninClient";
|
|
39
51
|
export interface Signin {
|
|
40
52
|
createOAuth2Token(
|
|
@@ -50,6 +62,19 @@ export interface Signin {
|
|
|
50
62
|
options: __HttpHandlerOptions,
|
|
51
63
|
cb: (err: any, data?: CreateOAuth2TokenCommandOutput) => void
|
|
52
64
|
): void;
|
|
65
|
+
createOAuth2TokenWithIAM(
|
|
66
|
+
args: CreateOAuth2TokenWithIAMCommandInput,
|
|
67
|
+
options?: __HttpHandlerOptions
|
|
68
|
+
): Promise<CreateOAuth2TokenWithIAMCommandOutput>;
|
|
69
|
+
createOAuth2TokenWithIAM(
|
|
70
|
+
args: CreateOAuth2TokenWithIAMCommandInput,
|
|
71
|
+
cb: (err: any, data?: CreateOAuth2TokenWithIAMCommandOutput) => void
|
|
72
|
+
): void;
|
|
73
|
+
createOAuth2TokenWithIAM(
|
|
74
|
+
args: CreateOAuth2TokenWithIAMCommandInput,
|
|
75
|
+
options: __HttpHandlerOptions,
|
|
76
|
+
cb: (err: any, data?: CreateOAuth2TokenWithIAMCommandOutput) => void
|
|
77
|
+
): void;
|
|
53
78
|
deleteConsoleAuthorizationConfiguration(): Promise<DeleteConsoleAuthorizationConfigurationCommandOutput>;
|
|
54
79
|
deleteConsoleAuthorizationConfiguration(
|
|
55
80
|
args: DeleteConsoleAuthorizationConfigurationCommandInput,
|
|
@@ -123,6 +148,19 @@ export interface Signin {
|
|
|
123
148
|
options: __HttpHandlerOptions,
|
|
124
149
|
cb: (err: any, data?: GetResourcePolicyCommandOutput) => void
|
|
125
150
|
): void;
|
|
151
|
+
introspectOAuth2TokenWithIAM(
|
|
152
|
+
args: IntrospectOAuth2TokenWithIAMCommandInput,
|
|
153
|
+
options?: __HttpHandlerOptions
|
|
154
|
+
): Promise<IntrospectOAuth2TokenWithIAMCommandOutput>;
|
|
155
|
+
introspectOAuth2TokenWithIAM(
|
|
156
|
+
args: IntrospectOAuth2TokenWithIAMCommandInput,
|
|
157
|
+
cb: (err: any, data?: IntrospectOAuth2TokenWithIAMCommandOutput) => void
|
|
158
|
+
): void;
|
|
159
|
+
introspectOAuth2TokenWithIAM(
|
|
160
|
+
args: IntrospectOAuth2TokenWithIAMCommandInput,
|
|
161
|
+
options: __HttpHandlerOptions,
|
|
162
|
+
cb: (err: any, data?: IntrospectOAuth2TokenWithIAMCommandOutput) => void
|
|
163
|
+
): void;
|
|
126
164
|
listResourcePermissionStatements(): Promise<ListResourcePermissionStatementsCommandOutput>;
|
|
127
165
|
listResourcePermissionStatements(
|
|
128
166
|
args: ListResourcePermissionStatementsCommandInput,
|
|
@@ -171,6 +209,19 @@ export interface Signin {
|
|
|
171
209
|
options: __HttpHandlerOptions,
|
|
172
210
|
cb: (err: any, data?: PutResourcePermissionStatementCommandOutput) => void
|
|
173
211
|
): void;
|
|
212
|
+
revokeOAuth2TokenWithIAM(
|
|
213
|
+
args: RevokeOAuth2TokenWithIAMCommandInput,
|
|
214
|
+
options?: __HttpHandlerOptions
|
|
215
|
+
): Promise<RevokeOAuth2TokenWithIAMCommandOutput>;
|
|
216
|
+
revokeOAuth2TokenWithIAM(
|
|
217
|
+
args: RevokeOAuth2TokenWithIAMCommandInput,
|
|
218
|
+
cb: (err: any, data?: RevokeOAuth2TokenWithIAMCommandOutput) => void
|
|
219
|
+
): void;
|
|
220
|
+
revokeOAuth2TokenWithIAM(
|
|
221
|
+
args: RevokeOAuth2TokenWithIAMCommandInput,
|
|
222
|
+
options: __HttpHandlerOptions,
|
|
223
|
+
cb: (err: any, data?: RevokeOAuth2TokenWithIAMCommandOutput) => void
|
|
224
|
+
): void;
|
|
174
225
|
paginateListResourcePermissionStatements(
|
|
175
226
|
args?: ListResourcePermissionStatementsCommandInput,
|
|
176
227
|
paginationConfig?: Pick<
|
|
@@ -40,6 +40,10 @@ import {
|
|
|
40
40
|
CreateOAuth2TokenCommandInput,
|
|
41
41
|
CreateOAuth2TokenCommandOutput,
|
|
42
42
|
} from "./commands/CreateOAuth2TokenCommand";
|
|
43
|
+
import {
|
|
44
|
+
CreateOAuth2TokenWithIAMCommandInput,
|
|
45
|
+
CreateOAuth2TokenWithIAMCommandOutput,
|
|
46
|
+
} from "./commands/CreateOAuth2TokenWithIAMCommand";
|
|
43
47
|
import {
|
|
44
48
|
DeleteConsoleAuthorizationConfigurationCommandInput,
|
|
45
49
|
DeleteConsoleAuthorizationConfigurationCommandOutput,
|
|
@@ -56,6 +60,10 @@ import {
|
|
|
56
60
|
GetResourcePolicyCommandInput,
|
|
57
61
|
GetResourcePolicyCommandOutput,
|
|
58
62
|
} from "./commands/GetResourcePolicyCommand";
|
|
63
|
+
import {
|
|
64
|
+
IntrospectOAuth2TokenWithIAMCommandInput,
|
|
65
|
+
IntrospectOAuth2TokenWithIAMCommandOutput,
|
|
66
|
+
} from "./commands/IntrospectOAuth2TokenWithIAMCommand";
|
|
59
67
|
import {
|
|
60
68
|
ListResourcePermissionStatementsCommandInput,
|
|
61
69
|
ListResourcePermissionStatementsCommandOutput,
|
|
@@ -68,6 +76,10 @@ import {
|
|
|
68
76
|
PutResourcePermissionStatementCommandInput,
|
|
69
77
|
PutResourcePermissionStatementCommandOutput,
|
|
70
78
|
} from "./commands/PutResourcePermissionStatementCommand";
|
|
79
|
+
import {
|
|
80
|
+
RevokeOAuth2TokenWithIAMCommandInput,
|
|
81
|
+
RevokeOAuth2TokenWithIAMCommandOutput,
|
|
82
|
+
} from "./commands/RevokeOAuth2TokenWithIAMCommand";
|
|
71
83
|
import {
|
|
72
84
|
ClientInputEndpointParameters,
|
|
73
85
|
ClientResolvedEndpointParameters,
|
|
@@ -77,22 +89,28 @@ import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
|
|
|
77
89
|
export { __Client };
|
|
78
90
|
export type ServiceInputTypes =
|
|
79
91
|
| CreateOAuth2TokenCommandInput
|
|
92
|
+
| CreateOAuth2TokenWithIAMCommandInput
|
|
80
93
|
| DeleteConsoleAuthorizationConfigurationCommandInput
|
|
81
94
|
| DeleteResourcePermissionStatementCommandInput
|
|
82
95
|
| GetConsoleAuthorizationConfigurationCommandInput
|
|
83
96
|
| GetResourcePolicyCommandInput
|
|
97
|
+
| IntrospectOAuth2TokenWithIAMCommandInput
|
|
84
98
|
| ListResourcePermissionStatementsCommandInput
|
|
85
99
|
| PutConsoleAuthorizationConfigurationCommandInput
|
|
86
|
-
| PutResourcePermissionStatementCommandInput
|
|
100
|
+
| PutResourcePermissionStatementCommandInput
|
|
101
|
+
| RevokeOAuth2TokenWithIAMCommandInput;
|
|
87
102
|
export type ServiceOutputTypes =
|
|
88
103
|
| CreateOAuth2TokenCommandOutput
|
|
104
|
+
| CreateOAuth2TokenWithIAMCommandOutput
|
|
89
105
|
| DeleteConsoleAuthorizationConfigurationCommandOutput
|
|
90
106
|
| DeleteResourcePermissionStatementCommandOutput
|
|
91
107
|
| GetConsoleAuthorizationConfigurationCommandOutput
|
|
92
108
|
| GetResourcePolicyCommandOutput
|
|
109
|
+
| IntrospectOAuth2TokenWithIAMCommandOutput
|
|
93
110
|
| ListResourcePermissionStatementsCommandOutput
|
|
94
111
|
| PutConsoleAuthorizationConfigurationCommandOutput
|
|
95
|
-
| PutResourcePermissionStatementCommandOutput
|
|
112
|
+
| PutResourcePermissionStatementCommandOutput
|
|
113
|
+
| RevokeOAuth2TokenWithIAMCommandOutput;
|
|
96
114
|
export interface ClientDefaults
|
|
97
115
|
extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
|
|
98
116
|
requestHandler?: __HttpHandlerUserInput;
|
|
@@ -39,6 +39,7 @@ export declare const command: <
|
|
|
39
39
|
};
|
|
40
40
|
export declare const _ep0: EndpointParameterInstructions;
|
|
41
41
|
export declare const _ep1: EndpointParameterInstructions;
|
|
42
|
+
export declare const _ep2: EndpointParameterInstructions;
|
|
42
43
|
export declare const _mw0: (
|
|
43
44
|
Command: any,
|
|
44
45
|
cs: any,
|