@aws-sdk/client-sso-oidc 3.451.0 → 3.454.0

package/README.md

@@ -6,14 +6,12 @@
 
 AWS SDK for JavaScript SSOOIDC Client for Node.js, Browser and React Native.
 
-<p>AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI
+<p>IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI
 or a native application) to register with IAM Identity Center. The service also enables the client to
 fetch the user’s access token upon successful authentication and authorization with
 IAM Identity Center.</p>
 <note>
-<p>Although AWS Single Sign-On was renamed, the <code>sso</code> and
-<code>identitystore</code> API namespaces will continue to retain their original name for
-backward compatibility purposes. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed">IAM Identity Center rename</a>.</p>
+<p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces.</p>
 </note>
 <p>
 <b>Considerations for Using This Guide</b>
@@ -22,23 +20,24 @@ backward compatibility purposes. For more information, see <a href="https://docs
 important information about how the IAM Identity Center OIDC service works.</p>
 <ul>
 <li>
-<p>The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0
-Device Authorization Grant standard (<a href="https://tools.ietf.org/html/rfc8628">https://tools.ietf.org/html/rfc8628</a>) that are necessary to enable single
-sign-on authentication with the AWS CLI. Support for other OIDC flows frequently needed
-for native applications, such as Authorization Code Flow (+ PKCE), will be addressed in
-future releases.</p>
+<p>The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device
+Authorization Grant standard (<a href="https://tools.ietf.org/html/rfc8628">https://tools.ietf.org/html/rfc8628</a>) that are necessary to enable single
+sign-on authentication with the CLI. </p>
 </li>
 <li>
-<p>The service emits only OIDC access tokens, such that obtaining a new token (For
-example, token refresh) requires explicit user re-authentication.</p>
+<p>With older versions of the CLI, the service only emits OIDC access tokens, so to
+obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that
+supports token refresh and doesn’t require re-authentication, update to the latest CLI
+version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh and
+configurable IAM Identity Center session durations. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html">Configure Amazon Web Services access portal session duration </a>. </p>
 </li>
 <li>
-<p>The access tokens provided by this service grant access to all AWS account
+<p>The access tokens provided by this service grant access to all Amazon Web Services account
 entitlements assigned to an IAM Identity Center user, not just a particular application.</p>
 </li>
 <li>
 <p>The documentation in this guide does not describe the mechanism to convert the access
-token into AWS Auth (“sigv4”) credentials for use with IAM-protected AWS service
+token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service
 endpoints. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html">GetRoleCredentials</a> in the <i>IAM Identity Center Portal API Reference
 Guide</i>.</p>
 </li>
@@ -248,6 +247,14 @@ CreateToken
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sso-oidc/classes/createtokencommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sso-oidc/interfaces/createtokencommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sso-oidc/interfaces/createtokencommandoutput.html)
 
+</details>
+<details>
+<summary>
+CreateTokenWithIAM
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sso-oidc/classes/createtokenwithiamcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sso-oidc/interfaces/createtokenwithiamcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sso-oidc/interfaces/createtokenwithiamcommandoutput.html)
+
 </details>
 <details>
 <summary>

package/dist-cjs/SSOOIDC.js

@@ -3,11 +3,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SSOOIDC = void 0;
 const smithy_client_1 = require("@smithy/smithy-client");
 const CreateTokenCommand_1 = require("./commands/CreateTokenCommand");
+const CreateTokenWithIAMCommand_1 = require("./commands/CreateTokenWithIAMCommand");
 const RegisterClientCommand_1 = require("./commands/RegisterClientCommand");
 const StartDeviceAuthorizationCommand_1 = require("./commands/StartDeviceAuthorizationCommand");
 const SSOOIDCClient_1 = require("./SSOOIDCClient");
 const commands = {
     CreateTokenCommand: CreateTokenCommand_1.CreateTokenCommand,
+    CreateTokenWithIAMCommand: CreateTokenWithIAMCommand_1.CreateTokenWithIAMCommand,
     RegisterClientCommand: RegisterClientCommand_1.RegisterClientCommand,
     StartDeviceAuthorizationCommand: StartDeviceAuthorizationCommand_1.StartDeviceAuthorizationCommand,
 };

package/dist-cjs/SSOOIDCClient.js

@@ -4,6 +4,7 @@ exports.SSOOIDCClient = exports.__Client = void 0;
 const middleware_host_header_1 = require("@aws-sdk/middleware-host-header");
 const middleware_logger_1 = require("@aws-sdk/middleware-logger");
 const middleware_recursion_detection_1 = require("@aws-sdk/middleware-recursion-detection");
+const middleware_signing_1 = require("@aws-sdk/middleware-signing");
 const middleware_user_agent_1 = require("@aws-sdk/middleware-user-agent");
 const config_resolver_1 = require("@smithy/config-resolver");
 const middleware_content_length_1 = require("@smithy/middleware-content-length");
@@ -22,10 +23,11 @@ class SSOOIDCClient extends smithy_client_1.Client {
         const _config_3 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_2);
         const _config_4 = (0, middleware_retry_1.resolveRetryConfig)(_config_3);
         const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4);
-        const _config_6 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_5);
-        const _config_7 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_6, configuration?.extensions || []);
-        super(_config_7);
-        this.config = _config_7;
+        const _config_6 = (0, middleware_signing_1.resolveAwsAuthConfig)(_config_5);
+        const _config_7 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_6);
+        const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []);
+        super(_config_8);
+        this.config = _config_8;
         this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config));
         this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config));
         this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config));

package/dist-cjs/commands/CreateTokenCommand.js

@@ -6,6 +6,7 @@ const middleware_serde_1 = require("@smithy/middleware-serde");
 const smithy_client_1 = require("@smithy/smithy-client");
 Object.defineProperty(exports, "$Command", { enumerable: true, get: function () { return smithy_client_1.Command; } });
 const types_1 = require("@smithy/types");
+const models_0_1 = require("../models/models_0");
 const Aws_restJson1_1 = require("../protocols/Aws_restJson1");
 class CreateTokenCommand extends smithy_client_1.Command {
     static getEndpointParameterInstructions() {
@@ -31,8 +32,8 @@ class CreateTokenCommand extends smithy_client_1.Command {
             logger,
             clientName,
             commandName,
-            inputFilterSensitiveLog: (_) => _,
-            outputFilterSensitiveLog: (_) => _,
+            inputFilterSensitiveLog: models_0_1.CreateTokenRequestFilterSensitiveLog,
+            outputFilterSensitiveLog: models_0_1.CreateTokenResponseFilterSensitiveLog,
             [types_1.SMITHY_CONTEXT_KEY]: {
                 service: "AWSSSOOIDCService",
                 operation: "CreateToken",

package/dist-cjs/commands/CreateTokenWithIAMCommand.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CreateTokenWithIAMCommand = exports.$Command = void 0;
+const middleware_signing_1 = require("@aws-sdk/middleware-signing");
+const middleware_endpoint_1 = require("@smithy/middleware-endpoint");
+const middleware_serde_1 = require("@smithy/middleware-serde");
+const smithy_client_1 = require("@smithy/smithy-client");
+Object.defineProperty(exports, "$Command", { enumerable: true, get: function () { return smithy_client_1.Command; } });
+const types_1 = require("@smithy/types");
+const models_0_1 = require("../models/models_0");
+const Aws_restJson1_1 = require("../protocols/Aws_restJson1");
+class CreateTokenWithIAMCommand extends smithy_client_1.Command {
+    static getEndpointParameterInstructions() {
+        return {
+            UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
+            Endpoint: { type: "builtInParams", name: "endpoint" },
+            Region: { type: "builtInParams", name: "region" },
+            UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
+        };
+    }
+    constructor(input) {
+        super();
+        this.input = input;
+    }
+    resolveMiddleware(clientStack, configuration, options) {
+        this.middlewareStack.use((0, middleware_serde_1.getSerdePlugin)(configuration, this.serialize, this.deserialize));
+        this.middlewareStack.use((0, middleware_endpoint_1.getEndpointPlugin)(configuration, CreateTokenWithIAMCommand.getEndpointParameterInstructions()));
+        this.middlewareStack.use((0, middleware_signing_1.getAwsAuthPlugin)(configuration));
+        const stack = clientStack.concat(this.middlewareStack);
+        const { logger } = configuration;
+        const clientName = "SSOOIDCClient";
+        const commandName = "CreateTokenWithIAMCommand";
+        const handlerExecutionContext = {
+            logger,
+            clientName,
+            commandName,
+            inputFilterSensitiveLog: models_0_1.CreateTokenWithIAMRequestFilterSensitiveLog,
+            outputFilterSensitiveLog: models_0_1.CreateTokenWithIAMResponseFilterSensitiveLog,
+            [types_1.SMITHY_CONTEXT_KEY]: {
+                service: "AWSSSOOIDCService",
+                operation: "CreateTokenWithIAM",
+            },
+        };
+        const { requestHandler } = configuration;
+        return stack.resolve((request) => requestHandler.handle(request.request, options || {}), handlerExecutionContext);
+    }
+    serialize(input, context) {
+        return (0, Aws_restJson1_1.se_CreateTokenWithIAMCommand)(input, context);
+    }
+    deserialize(output, context) {
+        return (0, Aws_restJson1_1.de_CreateTokenWithIAMCommand)(output, context);
+    }
+}
+exports.CreateTokenWithIAMCommand = CreateTokenWithIAMCommand;

package/dist-cjs/commands/RegisterClientCommand.js

@@ -6,6 +6,7 @@ const middleware_serde_1 = require("@smithy/middleware-serde");
 const smithy_client_1 = require("@smithy/smithy-client");
 Object.defineProperty(exports, "$Command", { enumerable: true, get: function () { return smithy_client_1.Command; } });
 const types_1 = require("@smithy/types");
+const models_0_1 = require("../models/models_0");
 const Aws_restJson1_1 = require("../protocols/Aws_restJson1");
 class RegisterClientCommand extends smithy_client_1.Command {
     static getEndpointParameterInstructions() {
@@ -32,7 +33,7 @@ class RegisterClientCommand extends smithy_client_1.Command {
             clientName,
             commandName,
             inputFilterSensitiveLog: (_) => _,
-            outputFilterSensitiveLog: (_) => _,
+            outputFilterSensitiveLog: models_0_1.RegisterClientResponseFilterSensitiveLog,
             [types_1.SMITHY_CONTEXT_KEY]: {
                 service: "AWSSSOOIDCService",
                 operation: "RegisterClient",

package/dist-cjs/commands/StartDeviceAuthorizationCommand.js

@@ -6,6 +6,7 @@ const middleware_serde_1 = require("@smithy/middleware-serde");
 const smithy_client_1 = require("@smithy/smithy-client");
 Object.defineProperty(exports, "$Command", { enumerable: true, get: function () { return smithy_client_1.Command; } });
 const types_1 = require("@smithy/types");
+const models_0_1 = require("../models/models_0");
 const Aws_restJson1_1 = require("../protocols/Aws_restJson1");
 class StartDeviceAuthorizationCommand extends smithy_client_1.Command {
     static getEndpointParameterInstructions() {
@@ -31,7 +32,7 @@ class StartDeviceAuthorizationCommand extends smithy_client_1.Command {
             logger,
             clientName,
             commandName,
-            inputFilterSensitiveLog: (_) => _,
+            inputFilterSensitiveLog: models_0_1.StartDeviceAuthorizationRequestFilterSensitiveLog,
             outputFilterSensitiveLog: (_) => _,
             [types_1.SMITHY_CONTEXT_KEY]: {
                 service: "AWSSSOOIDCService",

package/dist-cjs/commands/index.js

@@ -2,5 +2,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./CreateTokenCommand"), exports);
+tslib_1.__exportStar(require("./CreateTokenWithIAMCommand"), exports);
 tslib_1.__exportStar(require("./RegisterClientCommand"), exports);
 tslib_1.__exportStar(require("./StartDeviceAuthorizationCommand"), exports);

package/dist-cjs/endpoint/EndpointParameters.js

@@ -6,7 +6,7 @@ const resolveClientEndpointParameters = (options) => {
         ...options,
         useDualstackEndpoint: options.useDualstackEndpoint ?? false,
         useFipsEndpoint: options.useFipsEndpoint ?? false,
-        defaultSigningName: "awsssooidc",
+        defaultSigningName: "sso-oauth",
     };
 };
 exports.resolveClientEndpointParameters = resolveClientEndpointParameters;

package/dist-cjs/models/models_0.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidClientMetadataException = exports.UnsupportedGrantTypeException = exports.UnauthorizedClientException = exports.SlowDownException = exports.InvalidScopeException = exports.InvalidRequestException = exports.InvalidGrantException = exports.InvalidClientException = exports.InternalServerException = exports.ExpiredTokenException = exports.AuthorizationPendingException = exports.AccessDeniedException = void 0;
+exports.StartDeviceAuthorizationRequestFilterSensitiveLog = exports.RegisterClientResponseFilterSensitiveLog = exports.CreateTokenWithIAMResponseFilterSensitiveLog = exports.CreateTokenWithIAMRequestFilterSensitiveLog = exports.CreateTokenResponseFilterSensitiveLog = exports.CreateTokenRequestFilterSensitiveLog = exports.InvalidClientMetadataException = exports.InvalidRequestRegionException = exports.UnsupportedGrantTypeException = exports.UnauthorizedClientException = exports.SlowDownException = exports.InvalidScopeException = exports.InvalidRequestException = exports.InvalidGrantException = exports.InvalidClientException = exports.InternalServerException = exports.ExpiredTokenException = exports.AuthorizationPendingException = exports.AccessDeniedException = void 0;
+const smithy_client_1 = require("@smithy/smithy-client");
 const SSOOIDCServiceException_1 = require("./SSOOIDCServiceException");
 class AccessDeniedException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
     constructor(opts) {
@@ -167,6 +168,23 @@ class UnsupportedGrantTypeException extends SSOOIDCServiceException_1.SSOOIDCSer
     }
 }
 exports.UnsupportedGrantTypeException = UnsupportedGrantTypeException;
+class InvalidRequestRegionException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
+    constructor(opts) {
+        super({
+            name: "InvalidRequestRegionException",
+            $fault: "client",
+            ...opts,
+        });
+        this.name = "InvalidRequestRegionException";
+        this.$fault = "client";
+        Object.setPrototypeOf(this, InvalidRequestRegionException.prototype);
+        this.error = opts.error;
+        this.error_description = opts.error_description;
+        this.endpoint = opts.endpoint;
+        this.region = opts.region;
+    }
+}
+exports.InvalidRequestRegionException = InvalidRequestRegionException;
 class InvalidClientMetadataException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
     constructor(opts) {
         super({
@@ -182,3 +200,40 @@ class InvalidClientMetadataException extends SSOOIDCServiceException_1.SSOOIDCSe
     }
 }
 exports.InvalidClientMetadataException = InvalidClientMetadataException;
+const CreateTokenRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.clientSecret && { clientSecret: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.refreshToken && { refreshToken: smithy_client_1.SENSITIVE_STRING }),
+});
+exports.CreateTokenRequestFilterSensitiveLog = CreateTokenRequestFilterSensitiveLog;
+const CreateTokenResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.accessToken && { accessToken: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.refreshToken && { refreshToken: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.idToken && { idToken: smithy_client_1.SENSITIVE_STRING }),
+});
+exports.CreateTokenResponseFilterSensitiveLog = CreateTokenResponseFilterSensitiveLog;
+const CreateTokenWithIAMRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.refreshToken && { refreshToken: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.assertion && { assertion: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.subjectToken && { subjectToken: smithy_client_1.SENSITIVE_STRING }),
+});
+exports.CreateTokenWithIAMRequestFilterSensitiveLog = CreateTokenWithIAMRequestFilterSensitiveLog;
+const CreateTokenWithIAMResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.accessToken && { accessToken: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.refreshToken && { refreshToken: smithy_client_1.SENSITIVE_STRING }),
+    ...(obj.idToken && { idToken: smithy_client_1.SENSITIVE_STRING }),
+});
+exports.CreateTokenWithIAMResponseFilterSensitiveLog = CreateTokenWithIAMResponseFilterSensitiveLog;
+const RegisterClientResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.clientSecret && { clientSecret: smithy_client_1.SENSITIVE_STRING }),
+});
+exports.RegisterClientResponseFilterSensitiveLog = RegisterClientResponseFilterSensitiveLog;
+const StartDeviceAuthorizationRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.clientSecret && { clientSecret: smithy_client_1.SENSITIVE_STRING }),
+});
+exports.StartDeviceAuthorizationRequestFilterSensitiveLog = StartDeviceAuthorizationRequestFilterSensitiveLog;

package/dist-cjs/protocols/Aws_restJson1.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.de_StartDeviceAuthorizationCommand = exports.de_RegisterClientCommand = exports.de_CreateTokenCommand = exports.se_StartDeviceAuthorizationCommand = exports.se_RegisterClientCommand = exports.se_CreateTokenCommand = void 0;
+exports.de_StartDeviceAuthorizationCommand = exports.de_RegisterClientCommand = exports.de_CreateTokenWithIAMCommand = exports.de_CreateTokenCommand = exports.se_StartDeviceAuthorizationCommand = exports.se_RegisterClientCommand = exports.se_CreateTokenWithIAMCommand = exports.se_CreateTokenCommand = void 0;
 const protocol_http_1 = require("@smithy/protocol-http");
 const smithy_client_1 = require("@smithy/smithy-client");
 const models_0_1 = require("../models/models_0");
@@ -33,6 +33,40 @@ const se_CreateTokenCommand = async (input, context) => {
     });
 };
 exports.se_CreateTokenCommand = se_CreateTokenCommand;
+const se_CreateTokenWithIAMCommand = async (input, context) => {
+    const { hostname, protocol = "https", port, path: basePath } = await context.endpoint();
+    const headers = {
+        "content-type": "application/json",
+    };
+    const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/token";
+    const query = (0, smithy_client_1.map)({
+        aws_iam: [, "t"],
+    });
+    let body;
+    body = JSON.stringify((0, smithy_client_1.take)(input, {
+        assertion: [],
+        clientId: [],
+        code: [],
+        grantType: [],
+        redirectUri: [],
+        refreshToken: [],
+        requestedTokenType: [],
+        scope: (_) => (0, smithy_client_1._json)(_),
+        subjectToken: [],
+        subjectTokenType: [],
+    }));
+    return new protocol_http_1.HttpRequest({
+        protocol,
+        hostname,
+        port,
+        method: "POST",
+        headers,
+        path: resolvedPath,
+        query,
+        body,
+    });
+};
+exports.se_CreateTokenWithIAMCommand = se_CreateTokenWithIAMCommand;
 const se_RegisterClientCommand = async (input, context) => {
     const { hostname, protocol = "https", port, path: basePath } = await context.endpoint();
     const headers = {
@@ -147,6 +181,79 @@ const de_CreateTokenCommandError = async (output, context) => {
             });
     }
 };
+const de_CreateTokenWithIAMCommand = async (output, context) => {
+    if (output.statusCode !== 200 && output.statusCode >= 300) {
+        return de_CreateTokenWithIAMCommandError(output, context);
+    }
+    const contents = (0, smithy_client_1.map)({
+        $metadata: deserializeMetadata(output),
+    });
+    const data = (0, smithy_client_1.expectNonNull)((0, smithy_client_1.expectObject)(await parseBody(output.body, context)), "body");
+    const doc = (0, smithy_client_1.take)(data, {
+        accessToken: smithy_client_1.expectString,
+        expiresIn: smithy_client_1.expectInt32,
+        idToken: smithy_client_1.expectString,
+        issuedTokenType: smithy_client_1.expectString,
+        refreshToken: smithy_client_1.expectString,
+        scope: smithy_client_1._json,
+        tokenType: smithy_client_1.expectString,
+    });
+    Object.assign(contents, doc);
+    return contents;
+};
+exports.de_CreateTokenWithIAMCommand = de_CreateTokenWithIAMCommand;
+const de_CreateTokenWithIAMCommandError = async (output, context) => {
+    const parsedOutput = {
+        ...output,
+        body: await parseErrorBody(output.body, context),
+    };
+    const errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
+    switch (errorCode) {
+        case "AccessDeniedException":
+        case "com.amazonaws.ssooidc#AccessDeniedException":
+            throw await de_AccessDeniedExceptionRes(parsedOutput, context);
+        case "AuthorizationPendingException":
+        case "com.amazonaws.ssooidc#AuthorizationPendingException":
+            throw await de_AuthorizationPendingExceptionRes(parsedOutput, context);
+        case "ExpiredTokenException":
+        case "com.amazonaws.ssooidc#ExpiredTokenException":
+            throw await de_ExpiredTokenExceptionRes(parsedOutput, context);
+        case "InternalServerException":
+        case "com.amazonaws.ssooidc#InternalServerException":
+            throw await de_InternalServerExceptionRes(parsedOutput, context);
+        case "InvalidClientException":
+        case "com.amazonaws.ssooidc#InvalidClientException":
+            throw await de_InvalidClientExceptionRes(parsedOutput, context);
+        case "InvalidGrantException":
+        case "com.amazonaws.ssooidc#InvalidGrantException":
+            throw await de_InvalidGrantExceptionRes(parsedOutput, context);
+        case "InvalidRequestException":
+        case "com.amazonaws.ssooidc#InvalidRequestException":
+            throw await de_InvalidRequestExceptionRes(parsedOutput, context);
+        case "InvalidRequestRegionException":
+        case "com.amazonaws.ssooidc#InvalidRequestRegionException":
+            throw await de_InvalidRequestRegionExceptionRes(parsedOutput, context);
+        case "InvalidScopeException":
+        case "com.amazonaws.ssooidc#InvalidScopeException":
+            throw await de_InvalidScopeExceptionRes(parsedOutput, context);
+        case "SlowDownException":
+        case "com.amazonaws.ssooidc#SlowDownException":
+            throw await de_SlowDownExceptionRes(parsedOutput, context);
+        case "UnauthorizedClientException":
+        case "com.amazonaws.ssooidc#UnauthorizedClientException":
+            throw await de_UnauthorizedClientExceptionRes(parsedOutput, context);
+        case "UnsupportedGrantTypeException":
+        case "com.amazonaws.ssooidc#UnsupportedGrantTypeException":
+            throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context);
+        default:
+            const parsedBody = parsedOutput.body;
+            return throwDefaultError({
+                output,
+                parsedBody,
+                errorCode,
+            });
+    }
+};
 const de_RegisterClientCommand = async (output, context) => {
     if (output.statusCode !== 200 && output.statusCode >= 300) {
         return de_RegisterClientCommandError(output, context);
@@ -359,6 +466,22 @@ const de_InvalidRequestExceptionRes = async (parsedOutput, context) => {
     });
     return (0, smithy_client_1.decorateServiceException)(exception, parsedOutput.body);
 };
+const de_InvalidRequestRegionExceptionRes = async (parsedOutput, context) => {
+    const contents = (0, smithy_client_1.map)({});
+    const data = parsedOutput.body;
+    const doc = (0, smithy_client_1.take)(data, {
+        endpoint: smithy_client_1.expectString,
+        error: smithy_client_1.expectString,
+        error_description: smithy_client_1.expectString,
+        region: smithy_client_1.expectString,
+    });
+    Object.assign(contents, doc);
+    const exception = new models_0_1.InvalidRequestRegionException({
+        $metadata: deserializeMetadata(parsedOutput),
+        ...contents,
+    });
+    return (0, smithy_client_1.decorateServiceException)(exception, parsedOutput.body);
+};
 const de_InvalidScopeExceptionRes = async (parsedOutput, context) => {
     const contents = (0, smithy_client_1.map)({});
     const data = parsedOutput.body;

package/dist-cjs/runtimeConfig.browser.js

@@ -23,6 +23,7 @@ const getRuntimeConfig = (config) => {
         runtime: "browser",
         defaultsMode,
         bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_browser_1.calculateBodyLength,
+        credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
         defaultUserAgentProvider: config?.defaultUserAgentProvider ??
             (0, util_user_agent_browser_1.defaultUserAgent)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
         maxAttempts: config?.maxAttempts ?? util_retry_1.DEFAULT_MAX_ATTEMPTS,

package/dist-cjs/runtimeConfig.js

@@ -3,7 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getRuntimeConfig = void 0;
 const tslib_1 = require("tslib");
 const package_json_1 = tslib_1.__importDefault(require("../package.json"));
+const client_sts_1 = require("@aws-sdk/client-sts");
 const core_1 = require("@aws-sdk/core");
+const credential_provider_node_1 = require("@aws-sdk/credential-provider-node");
 const util_user_agent_node_1 = require("@aws-sdk/util-user-agent-node");
 const config_resolver_1 = require("@smithy/config-resolver");
 const hash_node_1 = require("@smithy/hash-node");
@@ -28,6 +30,7 @@ const getRuntimeConfig = (config) => {
         runtime: "node",
         defaultsMode,
         bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength,
+        credentialDefaultProvider: config?.credentialDefaultProvider ?? (0, client_sts_1.decorateDefaultCredentialProvider)(credential_provider_node_1.defaultProvider),
         defaultUserAgentProvider: config?.defaultUserAgentProvider ??
             (0, util_user_agent_node_1.defaultUserAgent)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
         maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS),

package/dist-es/SSOOIDC.js

@@ -1,10 +1,12 @@
 import { createAggregatedClient } from "@smithy/smithy-client";
 import { CreateTokenCommand } from "./commands/CreateTokenCommand";
+import { CreateTokenWithIAMCommand, } from "./commands/CreateTokenWithIAMCommand";
 import { RegisterClientCommand, } from "./commands/RegisterClientCommand";
 import { StartDeviceAuthorizationCommand, } from "./commands/StartDeviceAuthorizationCommand";
 import { SSOOIDCClient } from "./SSOOIDCClient";
 const commands = {
     CreateTokenCommand,
+    CreateTokenWithIAMCommand,
     RegisterClientCommand,
     StartDeviceAuthorizationCommand,
 };

package/dist-es/SSOOIDCClient.js

@@ -1,6 +1,7 @@
 import { getHostHeaderPlugin, resolveHostHeaderConfig, } from "@aws-sdk/middleware-host-header";
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
+import { resolveAwsAuthConfig } from "@aws-sdk/middleware-signing";
 import { getUserAgentPlugin, resolveUserAgentConfig, } from "@aws-sdk/middleware-user-agent";
 import { resolveRegionConfig } from "@smithy/config-resolver";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
@@ -19,10 +20,11 @@ export class SSOOIDCClient extends __Client {
         const _config_3 = resolveEndpointConfig(_config_2);
         const _config_4 = resolveRetryConfig(_config_3);
         const _config_5 = resolveHostHeaderConfig(_config_4);
-        const _config_6 = resolveUserAgentConfig(_config_5);
-        const _config_7 = resolveRuntimeExtensions(_config_6, configuration?.extensions || []);
-        super(_config_7);
-        this.config = _config_7;
+        const _config_6 = resolveAwsAuthConfig(_config_5);
+        const _config_7 = resolveUserAgentConfig(_config_6);
+        const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
+        super(_config_8);
+        this.config = _config_8;
         this.middlewareStack.use(getRetryPlugin(this.config));
         this.middlewareStack.use(getContentLengthPlugin(this.config));
         this.middlewareStack.use(getHostHeaderPlugin(this.config));

package/dist-es/commands/CreateTokenCommand.js

@@ -2,6 +2,7 @@ import { getEndpointPlugin } from "@smithy/middleware-endpoint";
 import { getSerdePlugin } from "@smithy/middleware-serde";
 import { Command as $Command } from "@smithy/smithy-client";
 import { SMITHY_CONTEXT_KEY, } from "@smithy/types";
+import { CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog, } from "../models/models_0";
 import { de_CreateTokenCommand, se_CreateTokenCommand } from "../protocols/Aws_restJson1";
 export { $Command };
 export class CreateTokenCommand extends $Command {
@@ -28,8 +29,8 @@ export class CreateTokenCommand extends $Command {
             logger,
             clientName,
             commandName,
-            inputFilterSensitiveLog: (_) => _,
-            outputFilterSensitiveLog: (_) => _,
+            inputFilterSensitiveLog: CreateTokenRequestFilterSensitiveLog,
+            outputFilterSensitiveLog: CreateTokenResponseFilterSensitiveLog,
             [SMITHY_CONTEXT_KEY]: {
                 service: "AWSSSOOIDCService",
                 operation: "CreateToken",

package/dist-es/commands/CreateTokenWithIAMCommand.js

@@ -0,0 +1,50 @@
+import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { SMITHY_CONTEXT_KEY, } from "@smithy/types";
+import { CreateTokenWithIAMRequestFilterSensitiveLog, CreateTokenWithIAMResponseFilterSensitiveLog, } from "../models/models_0";
+import { de_CreateTokenWithIAMCommand, se_CreateTokenWithIAMCommand } from "../protocols/Aws_restJson1";
+export { $Command };
+export class CreateTokenWithIAMCommand extends $Command {
+    static getEndpointParameterInstructions() {
+        return {
+            UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
+            Endpoint: { type: "builtInParams", name: "endpoint" },
+            Region: { type: "builtInParams", name: "region" },
+            UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
+        };
+    }
+    constructor(input) {
+        super();
+        this.input = input;
+    }
+    resolveMiddleware(clientStack, configuration, options) {
+        this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+        this.middlewareStack.use(getEndpointPlugin(configuration, CreateTokenWithIAMCommand.getEndpointParameterInstructions()));
+        this.middlewareStack.use(getAwsAuthPlugin(configuration));
+        const stack = clientStack.concat(this.middlewareStack);
+        const { logger } = configuration;
+        const clientName = "SSOOIDCClient";
+        const commandName = "CreateTokenWithIAMCommand";
+        const handlerExecutionContext = {
+            logger,
+            clientName,
+            commandName,
+            inputFilterSensitiveLog: CreateTokenWithIAMRequestFilterSensitiveLog,
+            outputFilterSensitiveLog: CreateTokenWithIAMResponseFilterSensitiveLog,
+            [SMITHY_CONTEXT_KEY]: {
+                service: "AWSSSOOIDCService",
+                operation: "CreateTokenWithIAM",
+            },
+        };
+        const { requestHandler } = configuration;
+        return stack.resolve((request) => requestHandler.handle(request.request, options || {}), handlerExecutionContext);
+    }
+    serialize(input, context) {
+        return se_CreateTokenWithIAMCommand(input, context);
+    }
+    deserialize(output, context) {
+        return de_CreateTokenWithIAMCommand(output, context);
+    }
+}

package/dist-es/commands/RegisterClientCommand.js

@@ -2,6 +2,7 @@ import { getEndpointPlugin } from "@smithy/middleware-endpoint";
 import { getSerdePlugin } from "@smithy/middleware-serde";
 import { Command as $Command } from "@smithy/smithy-client";
 import { SMITHY_CONTEXT_KEY, } from "@smithy/types";
+import { RegisterClientResponseFilterSensitiveLog, } from "../models/models_0";
 import { de_RegisterClientCommand, se_RegisterClientCommand } from "../protocols/Aws_restJson1";
 export { $Command };
 export class RegisterClientCommand extends $Command {
@@ -29,7 +30,7 @@ export class RegisterClientCommand extends $Command {
             clientName,
             commandName,
             inputFilterSensitiveLog: (_) => _,
-            outputFilterSensitiveLog: (_) => _,
+            outputFilterSensitiveLog: RegisterClientResponseFilterSensitiveLog,
             [SMITHY_CONTEXT_KEY]: {
                 service: "AWSSSOOIDCService",
                 operation: "RegisterClient",

package/dist-es/commands/StartDeviceAuthorizationCommand.js

@@ -2,6 +2,7 @@ import { getEndpointPlugin } from "@smithy/middleware-endpoint";
 import { getSerdePlugin } from "@smithy/middleware-serde";
 import { Command as $Command } from "@smithy/smithy-client";
 import { SMITHY_CONTEXT_KEY, } from "@smithy/types";
+import { StartDeviceAuthorizationRequestFilterSensitiveLog, } from "../models/models_0";
 import { de_StartDeviceAuthorizationCommand, se_StartDeviceAuthorizationCommand } from "../protocols/Aws_restJson1";
 export { $Command };
 export class StartDeviceAuthorizationCommand extends $Command {
@@ -28,7 +29,7 @@ export class StartDeviceAuthorizationCommand extends $Command {
             logger,
             clientName,
             commandName,
-            inputFilterSensitiveLog: (_) => _,
+            inputFilterSensitiveLog: StartDeviceAuthorizationRequestFilterSensitiveLog,
             outputFilterSensitiveLog: (_) => _,
             [SMITHY_CONTEXT_KEY]: {
                 service: "AWSSSOOIDCService",

package/dist-es/commands/index.js

@@ -1,3 +1,4 @@
 export * from "./CreateTokenCommand";
+export * from "./CreateTokenWithIAMCommand";
 export * from "./RegisterClientCommand";
 export * from "./StartDeviceAuthorizationCommand";