@aws-sdk/client-signin 3.1082.0 → 3.1084.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/README.md +21 -0
  2. package/dist-cjs/index.js +194 -81
  3. package/dist-es/Signin.js +6 -0
  4. package/dist-es/commandBuilder.js +3 -0
  5. package/dist-es/commands/CreateOAuth2TokenWithIAMCommand.js +4 -0
  6. package/dist-es/commands/DeleteConsoleAuthorizationConfigurationCommand.js +2 -2
  7. package/dist-es/commands/DeleteResourcePermissionStatementCommand.js +2 -2
  8. package/dist-es/commands/GetConsoleAuthorizationConfigurationCommand.js +2 -2
  9. package/dist-es/commands/GetResourcePolicyCommand.js +2 -2
  10. package/dist-es/commands/IntrospectOAuth2TokenWithIAMCommand.js +4 -0
  11. package/dist-es/commands/ListResourcePermissionStatementsCommand.js +2 -2
  12. package/dist-es/commands/PutConsoleAuthorizationConfigurationCommand.js +2 -2
  13. package/dist-es/commands/PutResourcePermissionStatementCommand.js +2 -2
  14. package/dist-es/commands/RevokeOAuth2TokenWithIAMCommand.js +4 -0
  15. package/dist-es/commands/index.js +3 -0
  16. package/dist-es/endpoint/bdd.js +80 -70
  17. package/dist-es/endpoint/endpointResolver.js +1 -1
  18. package/dist-es/schemas/schemas_0.js +78 -2
  19. package/dist-types/Signin.d.ts +21 -0
  20. package/dist-types/SigninClient.d.ts +5 -2
  21. package/dist-types/commandBuilder.d.ts +4 -0
  22. package/dist-types/commands/CreateOAuth2TokenWithIAMCommand.d.ts +114 -0
  23. package/dist-types/commands/IntrospectOAuth2TokenWithIAMCommand.d.ts +134 -0
  24. package/dist-types/commands/RevokeOAuth2TokenWithIAMCommand.d.ts +114 -0
  25. package/dist-types/commands/index.d.ts +3 -0
  26. package/dist-types/endpoint/EndpointParameters.d.ts +1 -0
  27. package/dist-types/models/models_0.d.ts +175 -3
  28. package/dist-types/schemas/schemas_0.d.ts +9 -0
  29. package/dist-types/ts3.4/Signin.d.ts +51 -0
  30. package/dist-types/ts3.4/SigninClient.d.ts +20 -2
  31. package/dist-types/ts3.4/commandBuilder.d.ts +1 -0
  32. package/dist-types/ts3.4/commands/CreateOAuth2TokenWithIAMCommand.d.ts +44 -0
  33. package/dist-types/ts3.4/commands/IntrospectOAuth2TokenWithIAMCommand.d.ts +44 -0
  34. package/dist-types/ts3.4/commands/RevokeOAuth2TokenWithIAMCommand.d.ts +44 -0
  35. package/dist-types/ts3.4/commands/index.d.ts +3 -0
  36. package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts +1 -0
  37. package/dist-types/ts3.4/models/models_0.d.ts +33 -0
  38. package/dist-types/ts3.4/schemas/schemas_0.d.ts +9 -0
  39. package/package.json +3 -3
@@ -0,0 +1,134 @@
1
+ import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
2
+ import type { IntrospectOAuth2TokenWithIAMRequest, IntrospectOAuth2TokenWithIAMResponse } from "../models/models_0";
3
+ /**
4
+ * @public
5
+ */
6
+ export type { __MetadataBearer };
7
+ /**
8
+ * @public
9
+ *
10
+ * The input for {@link IntrospectOAuth2TokenWithIAMCommand}.
11
+ */
12
+ export interface IntrospectOAuth2TokenWithIAMCommandInput extends IntrospectOAuth2TokenWithIAMRequest {
13
+ }
14
+ /**
15
+ * @public
16
+ *
17
+ * The output of {@link IntrospectOAuth2TokenWithIAMCommand}.
18
+ */
19
+ export interface IntrospectOAuth2TokenWithIAMCommandOutput extends IntrospectOAuth2TokenWithIAMResponse, __MetadataBearer {
20
+ }
21
+ declare const IntrospectOAuth2TokenWithIAMCommand_base: {
22
+ new (input: IntrospectOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<IntrospectOAuth2TokenWithIAMCommandInput, IntrospectOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
23
+ new (input: IntrospectOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<IntrospectOAuth2TokenWithIAMCommandInput, IntrospectOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
24
+ getEndpointParameterInstructions(): import("@smithy/types").EndpointParameterInstructions;
25
+ };
26
+ /**
27
+ * Grants permission to inspect the metadata and state of an OAuth 2.0
28
+ * access token or refresh token
29
+ *
30
+ * Implements RFC 7662 OAuth 2.0 Token Introspection over a SigV4-authenticated
31
+ * endpoint. Inspects the metadata of an access_token or refresh_token issued
32
+ * by AWS Sign-In and returns the claims associated with it.
33
+ *
34
+ * Inactive token semantics (RFC 7662 §2.2): when the supplied token is
35
+ * unknown, expired, revoked, malformed, or owned by a different account,
36
+ * the response body is exactly \{ "active": false \} with all other claims
37
+ * omitted.
38
+ * @example
39
+ * Use a bare-bones client and the command you need to make an API call.
40
+ * ```javascript
41
+ * import { SigninClient, IntrospectOAuth2TokenWithIAMCommand } from "@aws-sdk/client-signin"; // ES Modules import
42
+ * // const { SigninClient, IntrospectOAuth2TokenWithIAMCommand } = require("@aws-sdk/client-signin"); // CommonJS import
43
+ * // import type { SigninClientConfig } from "@aws-sdk/client-signin";
44
+ * const config = {}; // type is SigninClientConfig
45
+ * const client = new SigninClient(config);
46
+ * const input = { // IntrospectOAuth2TokenWithIAMRequest
47
+ * token: "STRING_VALUE", // required
48
+ * tokenTypeHint: "STRING_VALUE",
49
+ * };
50
+ * const command = new IntrospectOAuth2TokenWithIAMCommand(input);
51
+ * const response = await client.send(command);
52
+ * // { // IntrospectOAuth2TokenWithIAMResponse
53
+ * // active: true || false, // required
54
+ * // clientId: "STRING_VALUE",
55
+ * // userId: "STRING_VALUE",
56
+ * // tokenType: "STRING_VALUE",
57
+ * // exp: Number("long"),
58
+ * // iat: Number("long"),
59
+ * // nbf: Number("long"),
60
+ * // sub: "STRING_VALUE",
61
+ * // aud: "STRING_VALUE",
62
+ * // iss: "STRING_VALUE",
63
+ * // jti: "STRING_VALUE",
64
+ * // accountId: "STRING_VALUE",
65
+ * // signinSession: "STRING_VALUE",
66
+ * // resource: "STRING_VALUE",
67
+ * // };
68
+ *
69
+ * ```
70
+ *
71
+ * @param IntrospectOAuth2TokenWithIAMCommandInput - {@link IntrospectOAuth2TokenWithIAMCommandInput}
72
+ * @returns {@link IntrospectOAuth2TokenWithIAMCommandOutput}
73
+ * @see {@link IntrospectOAuth2TokenWithIAMCommandInput} for command's `input` shape.
74
+ * @see {@link IntrospectOAuth2TokenWithIAMCommandOutput} for command's `response` shape.
75
+ * @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
76
+ *
77
+ * @throws {@link AccessDeniedException} (client fault)
78
+ * Error thrown for access denied scenarios with flexible HTTP status mapping
79
+ *
80
+ * Runtime HTTP Status Code Mapping:
81
+ * - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
82
+ * - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
83
+ *
84
+ * The specific HTTP status code is determined at runtime based on the error enum value.
85
+ * Consumers should use the error field to determine the specific access denial reason.
86
+ *
87
+ * @throws {@link InternalServerException} (server fault)
88
+ * Error thrown when an internal server error occurs
89
+ *
90
+ * HTTP Status Code: 500 Internal Server Error
91
+ *
92
+ * Used for unexpected server-side errors that prevent request processing.
93
+ *
94
+ * @throws {@link TooManyRequestsError} (client fault)
95
+ * Error thrown when rate limit is exceeded
96
+ *
97
+ * HTTP Status Code: 429 Too Many Requests
98
+ *
99
+ * Possible OAuth2ErrorCode values:
100
+ * - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
101
+ *
102
+ * Possible causes:
103
+ * - Too many token requests from the same client
104
+ * - Rate limiting based on client_id or IP address
105
+ * - Abuse prevention mechanisms triggered
106
+ * - Service protection against excessive token generation
107
+ *
108
+ * @throws {@link ValidationException} (client fault)
109
+ * Error thrown when request validation fails
110
+ *
111
+ * HTTP Status Code: 400 Bad Request
112
+ *
113
+ * Used for request validation errors such as malformed parameters,
114
+ * missing required fields, or invalid parameter values.
115
+ *
116
+ * @throws {@link SigninServiceException}
117
+ * <p>Base exception class for all service exceptions from Signin service.</p>
118
+ *
119
+ *
120
+ * @public
121
+ */
122
+ export declare class IntrospectOAuth2TokenWithIAMCommand extends IntrospectOAuth2TokenWithIAMCommand_base {
123
+ /** @internal type navigation helper, not in runtime. */
124
+ protected static __types: {
125
+ api: {
126
+ input: IntrospectOAuth2TokenWithIAMRequest;
127
+ output: IntrospectOAuth2TokenWithIAMResponse;
128
+ };
129
+ sdk: {
130
+ input: IntrospectOAuth2TokenWithIAMCommandInput;
131
+ output: IntrospectOAuth2TokenWithIAMCommandOutput;
132
+ };
133
+ };
134
+ }
@@ -0,0 +1,114 @@
1
+ import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
2
+ import type { RevokeOAuth2TokenWithIAMRequest, RevokeOAuth2TokenWithIAMResponse } from "../models/models_0";
3
+ /**
4
+ * @public
5
+ */
6
+ export type { __MetadataBearer };
7
+ /**
8
+ * @public
9
+ *
10
+ * The input for {@link RevokeOAuth2TokenWithIAMCommand}.
11
+ */
12
+ export interface RevokeOAuth2TokenWithIAMCommandInput extends RevokeOAuth2TokenWithIAMRequest {
13
+ }
14
+ /**
15
+ * @public
16
+ *
17
+ * The output of {@link RevokeOAuth2TokenWithIAMCommand}.
18
+ */
19
+ export interface RevokeOAuth2TokenWithIAMCommandOutput extends RevokeOAuth2TokenWithIAMResponse, __MetadataBearer {
20
+ }
21
+ declare const RevokeOAuth2TokenWithIAMCommand_base: {
22
+ new (input: RevokeOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<RevokeOAuth2TokenWithIAMCommandInput, RevokeOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
23
+ new (input: RevokeOAuth2TokenWithIAMCommandInput): import("@smithy/core/client").CommandImpl<RevokeOAuth2TokenWithIAMCommandInput, RevokeOAuth2TokenWithIAMCommandOutput, import("..").SigninClientResolvedConfig, import("..").ServiceInputTypes, import("..").ServiceOutputTypes>;
24
+ getEndpointParameterInstructions(): import("@smithy/types").EndpointParameterInstructions;
25
+ };
26
+ /**
27
+ * Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens
28
+ *
29
+ * Revokes a refresh_token issued by AWS Sign-In, invalidating the entire token
30
+ * chain so that the refresh_token can no longer be used to mint new access_tokens.
31
+ *
32
+ * Idempotency: revoking an already-revoked, expired, or otherwise invalid token
33
+ * still returns 200 OK with an empty body. Only the refresh_token type is accepted.
34
+ * @example
35
+ * Use a bare-bones client and the command you need to make an API call.
36
+ * ```javascript
37
+ * import { SigninClient, RevokeOAuth2TokenWithIAMCommand } from "@aws-sdk/client-signin"; // ES Modules import
38
+ * // const { SigninClient, RevokeOAuth2TokenWithIAMCommand } = require("@aws-sdk/client-signin"); // CommonJS import
39
+ * // import type { SigninClientConfig } from "@aws-sdk/client-signin";
40
+ * const config = {}; // type is SigninClientConfig
41
+ * const client = new SigninClient(config);
42
+ * const input = { // RevokeOAuth2TokenWithIAMRequest
43
+ * token: "STRING_VALUE", // required
44
+ * };
45
+ * const command = new RevokeOAuth2TokenWithIAMCommand(input);
46
+ * const response = await client.send(command);
47
+ * // {};
48
+ *
49
+ * ```
50
+ *
51
+ * @param RevokeOAuth2TokenWithIAMCommandInput - {@link RevokeOAuth2TokenWithIAMCommandInput}
52
+ * @returns {@link RevokeOAuth2TokenWithIAMCommandOutput}
53
+ * @see {@link RevokeOAuth2TokenWithIAMCommandInput} for command's `input` shape.
54
+ * @see {@link RevokeOAuth2TokenWithIAMCommandOutput} for command's `response` shape.
55
+ * @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
56
+ *
57
+ * @throws {@link AccessDeniedException} (client fault)
58
+ * Error thrown for access denied scenarios with flexible HTTP status mapping
59
+ *
60
+ * Runtime HTTP Status Code Mapping:
61
+ * - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
62
+ * - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
63
+ *
64
+ * The specific HTTP status code is determined at runtime based on the error enum value.
65
+ * Consumers should use the error field to determine the specific access denial reason.
66
+ *
67
+ * @throws {@link InternalServerException} (server fault)
68
+ * Error thrown when an internal server error occurs
69
+ *
70
+ * HTTP Status Code: 500 Internal Server Error
71
+ *
72
+ * Used for unexpected server-side errors that prevent request processing.
73
+ *
74
+ * @throws {@link TooManyRequestsError} (client fault)
75
+ * Error thrown when rate limit is exceeded
76
+ *
77
+ * HTTP Status Code: 429 Too Many Requests
78
+ *
79
+ * Possible OAuth2ErrorCode values:
80
+ * - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
81
+ *
82
+ * Possible causes:
83
+ * - Too many token requests from the same client
84
+ * - Rate limiting based on client_id or IP address
85
+ * - Abuse prevention mechanisms triggered
86
+ * - Service protection against excessive token generation
87
+ *
88
+ * @throws {@link ValidationException} (client fault)
89
+ * Error thrown when request validation fails
90
+ *
91
+ * HTTP Status Code: 400 Bad Request
92
+ *
93
+ * Used for request validation errors such as malformed parameters,
94
+ * missing required fields, or invalid parameter values.
95
+ *
96
+ * @throws {@link SigninServiceException}
97
+ * <p>Base exception class for all service exceptions from Signin service.</p>
98
+ *
99
+ *
100
+ * @public
101
+ */
102
+ export declare class RevokeOAuth2TokenWithIAMCommand extends RevokeOAuth2TokenWithIAMCommand_base {
103
+ /** @internal type navigation helper, not in runtime. */
104
+ protected static __types: {
105
+ api: {
106
+ input: RevokeOAuth2TokenWithIAMRequest;
107
+ output: {};
108
+ };
109
+ sdk: {
110
+ input: RevokeOAuth2TokenWithIAMCommandInput;
111
+ output: RevokeOAuth2TokenWithIAMCommandOutput;
112
+ };
113
+ };
114
+ }
@@ -1,8 +1,11 @@
1
1
  export * from "./CreateOAuth2TokenCommand";
2
+ export * from "./CreateOAuth2TokenWithIAMCommand";
2
3
  export * from "./DeleteConsoleAuthorizationConfigurationCommand";
3
4
  export * from "./DeleteResourcePermissionStatementCommand";
4
5
  export * from "./GetConsoleAuthorizationConfigurationCommand";
5
6
  export * from "./GetResourcePolicyCommand";
7
+ export * from "./IntrospectOAuth2TokenWithIAMCommand";
6
8
  export * from "./ListResourcePermissionStatementsCommand";
7
9
  export * from "./PutConsoleAuthorizationConfigurationCommand";
8
10
  export * from "./PutResourcePermissionStatementCommand";
11
+ export * from "./RevokeOAuth2TokenWithIAMCommand";
@@ -48,4 +48,5 @@ export interface EndpointParameters extends __EndpointParameters {
48
48
  Endpoint?: string | undefined;
49
49
  Region?: string | undefined;
50
50
  IsControlPlane?: boolean | undefined;
51
+ IsOAuthEndpoint?: boolean | undefined;
51
52
  }
@@ -1,9 +1,7 @@
1
1
  /**
2
2
  * AWS credentials structure containing temporary access credentials
3
3
  *
4
- * The scoped-down, 15 minute duration AWS credentials.
5
- * Scoping down will be based on CLI policy (CLI team needs to create it).
6
- * Similar to cloud shell implementation.
4
+ * Scoped, temporary AWS credentials with a 15-minute duration.
7
5
  * @public
8
6
  */
9
7
  export interface AccessToken {
@@ -140,6 +138,46 @@ export interface CreateOAuth2TokenResponse {
140
138
  */
141
139
  tokenOutput: CreateOAuth2TokenResponseBody | undefined;
142
140
  }
141
+ /**
142
+ * Input structure for CreateOAuth2TokenWithIAM operation
143
+ * @public
144
+ */
145
+ export interface CreateOAuth2TokenWithIAMRequest {
146
+ /**
147
+ * OAuth 2.0 grant type. Must be "client_credentials".
148
+ * @public
149
+ */
150
+ grantType: string | undefined;
151
+ /**
152
+ * The OAuth resource for which the access token is requested.
153
+ * Example: "aws-mcp.amazonaws.com".
154
+ * @public
155
+ */
156
+ resource: string | undefined;
157
+ }
158
+ /**
159
+ * Output structure for CreateOAuth2TokenWithIAM operation
160
+ *
161
+ * Contains the JWT access token, token type, and expiration per RFC 6749 §5.1.
162
+ * @public
163
+ */
164
+ export interface CreateOAuth2TokenWithIAMResponse {
165
+ /**
166
+ * JWT access token containing principal identity, resource scope, and session metadata
167
+ * @public
168
+ */
169
+ accessToken: string | undefined;
170
+ /**
171
+ * Always "Bearer" per OAuth 2.1 specification
172
+ * @public
173
+ */
174
+ tokenType: string | undefined;
175
+ /**
176
+ * Token lifetime in seconds. Value is the minimum of session validity and 1 hour.
177
+ * @public
178
+ */
179
+ expiresIn: number | undefined;
180
+ }
143
181
  /**
144
182
  * Input for DeleteConsoleAuthorizationConfiguration operation
145
183
  * @public
@@ -290,6 +328,117 @@ export interface GetResourcePolicyOutput {
290
328
  */
291
329
  signinResourceBasedPolicy: SigninResourceBasedPolicy | undefined;
292
330
  }
331
+ /**
332
+ * Input structure for IntrospectOAuth2TokenWithIAM operation
333
+ *
334
+ * RFC 7662 §2.1 introspection request. Contains the token to inspect and an
335
+ * optional hint about the token's type.
336
+ * @public
337
+ */
338
+ export interface IntrospectOAuth2TokenWithIAMRequest {
339
+ /**
340
+ * The string value of the token to introspect.
341
+ * May be either an access_token or a refresh_token issued by AWS Sign-In.
342
+ * @public
343
+ */
344
+ token: string | undefined;
345
+ /**
346
+ * Optional hint about the type of the token submitted for introspection.
347
+ * The server uses this hint to optimize lookup, but still falls back to
348
+ * the other token type on miss. Allowed values: access_token, refresh_token.
349
+ * @public
350
+ */
351
+ tokenTypeHint?: string | undefined;
352
+ }
353
+ /**
354
+ * Output structure for IntrospectOAuth2TokenWithIAM operation
355
+ *
356
+ * RFC 7662 §2.2 introspection response. Only `active` is required; all other
357
+ * claims are omitted when the token is inactive.
358
+ * @public
359
+ */
360
+ export interface IntrospectOAuth2TokenWithIAMResponse {
361
+ /**
362
+ * Indicates whether the token is currently active. `true` only when the
363
+ * token is valid, has not expired, has not been revoked, and belongs to
364
+ * the caller's account.
365
+ * @public
366
+ */
367
+ active: boolean | undefined;
368
+ /**
369
+ * Client identifier for the OAuth 2.0 client that requested the token.
370
+ * @public
371
+ */
372
+ clientId?: string | undefined;
373
+ /**
374
+ * User identifier matching sts:GetCallerIdentity's `UserId` field for the
375
+ * token's subject principal (e.g. "AIDAEXAMPLE" for an IAM user, or
376
+ * "AROAEXAMPLE:session-name" for an assumed role).
377
+ * @public
378
+ */
379
+ userId?: string | undefined;
380
+ /**
381
+ * Indicates which kind of token was introspected.
382
+ * One of "access_token" or "refresh_token".
383
+ * @public
384
+ */
385
+ tokenType?: string | undefined;
386
+ /**
387
+ * Token expiration time as a NumericDate (Unix epoch seconds).
388
+ * @public
389
+ */
390
+ exp?: number | undefined;
391
+ /**
392
+ * Token issuance time as a NumericDate (Unix epoch seconds).
393
+ * @public
394
+ */
395
+ iat?: number | undefined;
396
+ /**
397
+ * Token "not before" time as a NumericDate (Unix epoch seconds).
398
+ * @public
399
+ */
400
+ nbf?: number | undefined;
401
+ /**
402
+ * Subject of the token: the IAM principal ARN. For assumed-role sessions,
403
+ * this is the session ARN (matches sts:GetCallerIdentity's `Arn` field),
404
+ * e.g. arn:aws:sts::123456789012:assumed-role/MyRole/session-name.
405
+ * @public
406
+ */
407
+ sub?: string | undefined;
408
+ /**
409
+ * Audience of the token: the OAuth resource the token is scoped to
410
+ * (for example, "aws-mcp.amazonaws.com"). Omitted for refresh tokens.
411
+ * @public
412
+ */
413
+ aud?: string | undefined;
414
+ /**
415
+ * Issuer of the token. Always "signin.amazonaws.com" for AWS Sign-In.
416
+ * @public
417
+ */
418
+ iss?: string | undefined;
419
+ /**
420
+ * Unique identifier for the token.
421
+ * @public
422
+ */
423
+ jti?: string | undefined;
424
+ /**
425
+ * 12-digit AWS account ID of the token's subject principal.
426
+ * @public
427
+ */
428
+ accountId?: string | undefined;
429
+ /**
430
+ * AWS Sign-In session ARN bound to the token, of the form
431
+ * arn:aws:signin:\{region\}:\{account\}:session/\{uuid\}.
432
+ * @public
433
+ */
434
+ signinSession?: string | undefined;
435
+ /**
436
+ * The OAuth resource the token is scoped to during Human OAuth flow.
437
+ * Only present for refresh token introspection.
438
+ * @public
439
+ */
440
+ resource?: string | undefined;
441
+ }
293
442
  /**
294
443
  * Input for ListResourcePermissionStatements operation
295
444
  * @public
@@ -428,3 +577,26 @@ export interface PutResourcePermissionStatementOutput {
428
577
  */
429
578
  statementId: string | undefined;
430
579
  }
580
+ /**
581
+ * Input structure for RevokeOAuth2TokenWithIAM operation
582
+ *
583
+ * RFC 7009 §2.1 revocation request. Contains the refresh_token to revoke.
584
+ * @public
585
+ */
586
+ export interface RevokeOAuth2TokenWithIAMRequest {
587
+ /**
588
+ * The refresh_token to revoke. Must be a refresh_token issued by AWS
589
+ * Sign-In (prefix "ASOR"); access_tokens are not accepted for revocation.
590
+ * @public
591
+ */
592
+ token: string | undefined;
593
+ }
594
+ /**
595
+ * Output structure for RevokeOAuth2TokenWithIAM operation
596
+ *
597
+ * RFC 7009 §2.2 revocation response. The endpoint returns 200 OK with an
598
+ * empty body on success; there are no response fields.
599
+ * @public
600
+ */
601
+ export interface RevokeOAuth2TokenWithIAMResponse {
602
+ }
@@ -19,6 +19,8 @@ export declare var CreateOAuth2TokenRequest$: StaticStructureSchema;
19
19
  export declare var CreateOAuth2TokenRequestBody$: StaticStructureSchema;
20
20
  export declare var CreateOAuth2TokenResponse$: StaticStructureSchema;
21
21
  export declare var CreateOAuth2TokenResponseBody$: StaticStructureSchema;
22
+ export declare var CreateOAuth2TokenWithIAMRequest$: StaticStructureSchema;
23
+ export declare var CreateOAuth2TokenWithIAMResponse$: StaticStructureSchema;
22
24
  export declare var DeleteConsoleAuthorizationConfigurationInput$: StaticStructureSchema;
23
25
  export declare var DeleteConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
24
26
  export declare var DeleteResourcePermissionStatementInput$: StaticStructureSchema;
@@ -27,6 +29,8 @@ export declare var GetConsoleAuthorizationConfigurationInput$: StaticStructureSc
27
29
  export declare var GetConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
28
30
  export declare var GetResourcePolicyInput$: StaticStructureSchema;
29
31
  export declare var GetResourcePolicyOutput$: StaticStructureSchema;
32
+ export declare var IntrospectOAuth2TokenWithIAMRequest$: StaticStructureSchema;
33
+ export declare var IntrospectOAuth2TokenWithIAMResponse$: StaticStructureSchema;
30
34
  export declare var ListResourcePermissionStatementsInput$: StaticStructureSchema;
31
35
  export declare var ListResourcePermissionStatementsOutput$: StaticStructureSchema;
32
36
  export declare var PermissionStatementSummary$: StaticStructureSchema;
@@ -35,12 +39,17 @@ export declare var PutConsoleAuthorizationConfigurationInput$: StaticStructureSc
35
39
  export declare var PutConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
36
40
  export declare var PutResourcePermissionStatementInput$: StaticStructureSchema;
37
41
  export declare var PutResourcePermissionStatementOutput$: StaticStructureSchema;
42
+ export declare var RevokeOAuth2TokenWithIAMRequest$: StaticStructureSchema;
43
+ export declare var RevokeOAuth2TokenWithIAMResponse$: StaticStructureSchema;
38
44
  export declare var SigninResourceBasedPolicy$: StaticStructureSchema;
39
45
  export declare var CreateOAuth2Token$: StaticOperationSchema;
46
+ export declare var CreateOAuth2TokenWithIAM$: StaticOperationSchema;
40
47
  export declare var DeleteConsoleAuthorizationConfiguration$: StaticOperationSchema;
41
48
  export declare var DeleteResourcePermissionStatement$: StaticOperationSchema;
42
49
  export declare var GetConsoleAuthorizationConfiguration$: StaticOperationSchema;
43
50
  export declare var GetResourcePolicy$: StaticOperationSchema;
51
+ export declare var IntrospectOAuth2TokenWithIAM$: StaticOperationSchema;
44
52
  export declare var ListResourcePermissionStatements$: StaticOperationSchema;
45
53
  export declare var PutConsoleAuthorizationConfiguration$: StaticOperationSchema;
46
54
  export declare var PutResourcePermissionStatement$: StaticOperationSchema;
55
+ export declare var RevokeOAuth2TokenWithIAM$: StaticOperationSchema;
@@ -7,6 +7,10 @@ import {
7
7
  CreateOAuth2TokenCommandInput,
8
8
  CreateOAuth2TokenCommandOutput,
9
9
  } from "./commands/CreateOAuth2TokenCommand";
10
+ import {
11
+ CreateOAuth2TokenWithIAMCommandInput,
12
+ CreateOAuth2TokenWithIAMCommandOutput,
13
+ } from "./commands/CreateOAuth2TokenWithIAMCommand";
10
14
  import {
11
15
  DeleteConsoleAuthorizationConfigurationCommandInput,
12
16
  DeleteConsoleAuthorizationConfigurationCommandOutput,
@@ -23,6 +27,10 @@ import {
23
27
  GetResourcePolicyCommandInput,
24
28
  GetResourcePolicyCommandOutput,
25
29
  } from "./commands/GetResourcePolicyCommand";
30
+ import {
31
+ IntrospectOAuth2TokenWithIAMCommandInput,
32
+ IntrospectOAuth2TokenWithIAMCommandOutput,
33
+ } from "./commands/IntrospectOAuth2TokenWithIAMCommand";
26
34
  import {
27
35
  ListResourcePermissionStatementsCommandInput,
28
36
  ListResourcePermissionStatementsCommandOutput,
@@ -35,6 +43,10 @@ import {
35
43
  PutResourcePermissionStatementCommandInput,
36
44
  PutResourcePermissionStatementCommandOutput,
37
45
  } from "./commands/PutResourcePermissionStatementCommand";
46
+ import {
47
+ RevokeOAuth2TokenWithIAMCommandInput,
48
+ RevokeOAuth2TokenWithIAMCommandOutput,
49
+ } from "./commands/RevokeOAuth2TokenWithIAMCommand";
38
50
  import { SigninClient } from "./SigninClient";
39
51
  export interface Signin {
40
52
  createOAuth2Token(
@@ -50,6 +62,19 @@ export interface Signin {
50
62
  options: __HttpHandlerOptions,
51
63
  cb: (err: any, data?: CreateOAuth2TokenCommandOutput) => void
52
64
  ): void;
65
+ createOAuth2TokenWithIAM(
66
+ args: CreateOAuth2TokenWithIAMCommandInput,
67
+ options?: __HttpHandlerOptions
68
+ ): Promise<CreateOAuth2TokenWithIAMCommandOutput>;
69
+ createOAuth2TokenWithIAM(
70
+ args: CreateOAuth2TokenWithIAMCommandInput,
71
+ cb: (err: any, data?: CreateOAuth2TokenWithIAMCommandOutput) => void
72
+ ): void;
73
+ createOAuth2TokenWithIAM(
74
+ args: CreateOAuth2TokenWithIAMCommandInput,
75
+ options: __HttpHandlerOptions,
76
+ cb: (err: any, data?: CreateOAuth2TokenWithIAMCommandOutput) => void
77
+ ): void;
53
78
  deleteConsoleAuthorizationConfiguration(): Promise<DeleteConsoleAuthorizationConfigurationCommandOutput>;
54
79
  deleteConsoleAuthorizationConfiguration(
55
80
  args: DeleteConsoleAuthorizationConfigurationCommandInput,
@@ -123,6 +148,19 @@ export interface Signin {
123
148
  options: __HttpHandlerOptions,
124
149
  cb: (err: any, data?: GetResourcePolicyCommandOutput) => void
125
150
  ): void;
151
+ introspectOAuth2TokenWithIAM(
152
+ args: IntrospectOAuth2TokenWithIAMCommandInput,
153
+ options?: __HttpHandlerOptions
154
+ ): Promise<IntrospectOAuth2TokenWithIAMCommandOutput>;
155
+ introspectOAuth2TokenWithIAM(
156
+ args: IntrospectOAuth2TokenWithIAMCommandInput,
157
+ cb: (err: any, data?: IntrospectOAuth2TokenWithIAMCommandOutput) => void
158
+ ): void;
159
+ introspectOAuth2TokenWithIAM(
160
+ args: IntrospectOAuth2TokenWithIAMCommandInput,
161
+ options: __HttpHandlerOptions,
162
+ cb: (err: any, data?: IntrospectOAuth2TokenWithIAMCommandOutput) => void
163
+ ): void;
126
164
  listResourcePermissionStatements(): Promise<ListResourcePermissionStatementsCommandOutput>;
127
165
  listResourcePermissionStatements(
128
166
  args: ListResourcePermissionStatementsCommandInput,
@@ -171,6 +209,19 @@ export interface Signin {
171
209
  options: __HttpHandlerOptions,
172
210
  cb: (err: any, data?: PutResourcePermissionStatementCommandOutput) => void
173
211
  ): void;
212
+ revokeOAuth2TokenWithIAM(
213
+ args: RevokeOAuth2TokenWithIAMCommandInput,
214
+ options?: __HttpHandlerOptions
215
+ ): Promise<RevokeOAuth2TokenWithIAMCommandOutput>;
216
+ revokeOAuth2TokenWithIAM(
217
+ args: RevokeOAuth2TokenWithIAMCommandInput,
218
+ cb: (err: any, data?: RevokeOAuth2TokenWithIAMCommandOutput) => void
219
+ ): void;
220
+ revokeOAuth2TokenWithIAM(
221
+ args: RevokeOAuth2TokenWithIAMCommandInput,
222
+ options: __HttpHandlerOptions,
223
+ cb: (err: any, data?: RevokeOAuth2TokenWithIAMCommandOutput) => void
224
+ ): void;
174
225
  paginateListResourcePermissionStatements(
175
226
  args?: ListResourcePermissionStatementsCommandInput,
176
227
  paginationConfig?: Pick<
@@ -40,6 +40,10 @@ import {
40
40
  CreateOAuth2TokenCommandInput,
41
41
  CreateOAuth2TokenCommandOutput,
42
42
  } from "./commands/CreateOAuth2TokenCommand";
43
+ import {
44
+ CreateOAuth2TokenWithIAMCommandInput,
45
+ CreateOAuth2TokenWithIAMCommandOutput,
46
+ } from "./commands/CreateOAuth2TokenWithIAMCommand";
43
47
  import {
44
48
  DeleteConsoleAuthorizationConfigurationCommandInput,
45
49
  DeleteConsoleAuthorizationConfigurationCommandOutput,
@@ -56,6 +60,10 @@ import {
56
60
  GetResourcePolicyCommandInput,
57
61
  GetResourcePolicyCommandOutput,
58
62
  } from "./commands/GetResourcePolicyCommand";
63
+ import {
64
+ IntrospectOAuth2TokenWithIAMCommandInput,
65
+ IntrospectOAuth2TokenWithIAMCommandOutput,
66
+ } from "./commands/IntrospectOAuth2TokenWithIAMCommand";
59
67
  import {
60
68
  ListResourcePermissionStatementsCommandInput,
61
69
  ListResourcePermissionStatementsCommandOutput,
@@ -68,6 +76,10 @@ import {
68
76
  PutResourcePermissionStatementCommandInput,
69
77
  PutResourcePermissionStatementCommandOutput,
70
78
  } from "./commands/PutResourcePermissionStatementCommand";
79
+ import {
80
+ RevokeOAuth2TokenWithIAMCommandInput,
81
+ RevokeOAuth2TokenWithIAMCommandOutput,
82
+ } from "./commands/RevokeOAuth2TokenWithIAMCommand";
71
83
  import {
72
84
  ClientInputEndpointParameters,
73
85
  ClientResolvedEndpointParameters,
@@ -77,22 +89,28 @@ import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
77
89
  export { __Client };
78
90
  export type ServiceInputTypes =
79
91
  | CreateOAuth2TokenCommandInput
92
+ | CreateOAuth2TokenWithIAMCommandInput
80
93
  | DeleteConsoleAuthorizationConfigurationCommandInput
81
94
  | DeleteResourcePermissionStatementCommandInput
82
95
  | GetConsoleAuthorizationConfigurationCommandInput
83
96
  | GetResourcePolicyCommandInput
97
+ | IntrospectOAuth2TokenWithIAMCommandInput
84
98
  | ListResourcePermissionStatementsCommandInput
85
99
  | PutConsoleAuthorizationConfigurationCommandInput
86
- | PutResourcePermissionStatementCommandInput;
100
+ | PutResourcePermissionStatementCommandInput
101
+ | RevokeOAuth2TokenWithIAMCommandInput;
87
102
  export type ServiceOutputTypes =
88
103
  | CreateOAuth2TokenCommandOutput
104
+ | CreateOAuth2TokenWithIAMCommandOutput
89
105
  | DeleteConsoleAuthorizationConfigurationCommandOutput
90
106
  | DeleteResourcePermissionStatementCommandOutput
91
107
  | GetConsoleAuthorizationConfigurationCommandOutput
92
108
  | GetResourcePolicyCommandOutput
109
+ | IntrospectOAuth2TokenWithIAMCommandOutput
93
110
  | ListResourcePermissionStatementsCommandOutput
94
111
  | PutConsoleAuthorizationConfigurationCommandOutput
95
- | PutResourcePermissionStatementCommandOutput;
112
+ | PutResourcePermissionStatementCommandOutput
113
+ | RevokeOAuth2TokenWithIAMCommandOutput;
96
114
  export interface ClientDefaults
97
115
  extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
98
116
  requestHandler?: __HttpHandlerUserInput;
@@ -39,6 +39,7 @@ export declare const command: <
39
39
  };
40
40
  export declare const _ep0: EndpointParameterInstructions;
41
41
  export declare const _ep1: EndpointParameterInstructions;
42
+ export declare const _ep2: EndpointParameterInstructions;
42
43
  export declare const _mw0: (
43
44
  Command: any,
44
45
  cs: any,