@aws-sdk/client-sso-oidc 3.894.0 → 3.895.0

package/README.md

@@ -13,7 +13,7 @@ user’s access token upon successful authentication and authorization with IAM
 <b>API namespaces</b>
 </p>
 <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
-OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
 <p>
 <b>Considerations for using this guide</b>
 </p>

package/dist-cjs/index.js

@@ -22,6 +22,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   AccessDeniedException: () => AccessDeniedException,
+  AccessDeniedExceptionReason: () => AccessDeniedExceptionReason,
   AuthorizationPendingException: () => AuthorizationPendingException,
   CreateTokenCommand: () => CreateTokenCommand,
   CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog,
@@ -36,6 +37,7 @@ __export(index_exports, {
   InvalidGrantException: () => InvalidGrantException,
   InvalidRedirectUriException: () => InvalidRedirectUriException,
   InvalidRequestException: () => InvalidRequestException,
+  InvalidRequestExceptionReason: () => InvalidRequestExceptionReason,
   InvalidRequestRegionException: () => InvalidRequestRegionException,
   InvalidScopeException: () => InvalidScopeException,
   RegisterClientCommand: () => RegisterClientCommand,
@@ -220,6 +222,9 @@ var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smit
 };
 
 // src/models/models_0.ts
+var AccessDeniedExceptionReason = {
+  KMS_ACCESS_DENIED: "KMS_AccessDeniedException"
+};
 var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException {
   static {
     __name(this, "AccessDeniedException");
@@ -231,6 +236,11 @@ var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceE
    * @public
    */
   error;
+  /**
+   * <p>A string that uniquely identifies a reason for the error.</p>
+   * @public
+   */
+  reason;
   /**
    * <p>Human-readable text providing additional information, used to assist the client developer
    *       in understanding the error that occurred.</p>
@@ -248,6 +258,7 @@ var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceE
     });
     Object.setPrototypeOf(this, _AccessDeniedException.prototype);
     this.error = opts.error;
+    this.reason = opts.reason;
     this.error_description = opts.error_description;
   }
 };
@@ -408,6 +419,12 @@ var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceE
     this.error_description = opts.error_description;
   }
 };
+var InvalidRequestExceptionReason = {
+  KMS_DISABLED_KEY: "KMS_DisabledException",
+  KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException",
+  KMS_INVALID_STATE: "KMS_InvalidStateException",
+  KMS_KEY_NOT_FOUND: "KMS_NotFoundException"
+};
 var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException {
   static {
     __name(this, "InvalidRequestException");
@@ -420,6 +437,11 @@ var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServ
    * @public
    */
   error;
+  /**
+   * <p>A string that uniquely identifies a reason for the error.</p>
+   * @public
+   */
+  reason;
   /**
    * <p>Human-readable text providing additional information, used to assist the client developer
    *       in understanding the error that occurred.</p>
@@ -437,6 +459,7 @@ var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServ
     });
     Object.setPrototypeOf(this, _InvalidRequestException.prototype);
     this.error = opts.error;
+    this.reason = opts.reason;
     this.error_description = opts.error_description;
   }
 };
@@ -942,7 +965,8 @@ var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, co
   const data = parsedOutput.body;
   const doc = (0, import_smithy_client.take)(data, {
     error: import_smithy_client.expectString,
-    error_description: import_smithy_client.expectString
+    error_description: import_smithy_client.expectString,
+    reason: import_smithy_client.expectString
   });
   Object.assign(contents, doc);
   const exception = new AccessDeniedException({
@@ -1054,7 +1078,8 @@ var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput,
   const data = parsedOutput.body;
   const doc = (0, import_smithy_client.take)(data, {
     error: import_smithy_client.expectString,
-    error_description: import_smithy_client.expectString
+    error_description: import_smithy_client.expectString,
+    reason: import_smithy_client.expectString
   });
   Object.assign(contents, doc);
   const exception = new InvalidRequestException({
@@ -1225,12 +1250,14 @@ var SSOOIDC = class extends SSOOIDCClient {
   CreateTokenWithIAMCommand,
   RegisterClientCommand,
   StartDeviceAuthorizationCommand,
+  AccessDeniedExceptionReason,
   AccessDeniedException,
   AuthorizationPendingException,
   ExpiredTokenException,
   InternalServerException,
   InvalidClientException,
   InvalidGrantException,
+  InvalidRequestExceptionReason,
   InvalidRequestException,
   InvalidScopeException,
   SlowDownException,

package/dist-es/models/models_0.js

@@ -1,9 +1,13 @@
 import { SENSITIVE_STRING } from "@smithy/smithy-client";
 import { SSOOIDCServiceException as __BaseException } from "./SSOOIDCServiceException";
+export const AccessDeniedExceptionReason = {
+    KMS_ACCESS_DENIED: "KMS_AccessDeniedException",
+};
 export class AccessDeniedException extends __BaseException {
     name = "AccessDeniedException";
     $fault = "client";
     error;
+    reason;
     error_description;
     constructor(opts) {
         super({
@@ -13,6 +17,7 @@ export class AccessDeniedException extends __BaseException {
         });
         Object.setPrototypeOf(this, AccessDeniedException.prototype);
         this.error = opts.error;
+        this.reason = opts.reason;
         this.error_description = opts.error_description;
     }
 }
@@ -96,10 +101,17 @@ export class InvalidGrantException extends __BaseException {
         this.error_description = opts.error_description;
     }
 }
+export const InvalidRequestExceptionReason = {
+    KMS_DISABLED_KEY: "KMS_DisabledException",
+    KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException",
+    KMS_INVALID_STATE: "KMS_InvalidStateException",
+    KMS_KEY_NOT_FOUND: "KMS_NotFoundException",
+};
 export class InvalidRequestException extends __BaseException {
     name = "InvalidRequestException";
     $fault = "client";
     error;
+    reason;
     error_description;
     constructor(opts) {
         super({
@@ -109,6 +121,7 @@ export class InvalidRequestException extends __BaseException {
         });
         Object.setPrototypeOf(this, InvalidRequestException.prototype);
         this.error = opts.error;
+        this.reason = opts.reason;
         this.error_description = opts.error_description;
     }
 }

package/dist-es/protocols/Aws_restJson1.js

@@ -226,6 +226,7 @@ const de_AccessDeniedExceptionRes = async (parsedOutput, context) => {
     const doc = take(data, {
         error: __expectString,
         error_description: __expectString,
+        reason: __expectString,
     });
     Object.assign(contents, doc);
     const exception = new AccessDeniedException({
@@ -338,6 +339,7 @@ const de_InvalidRequestExceptionRes = async (parsedOutput, context) => {
     const doc = take(data, {
         error: __expectString,
         error_description: __expectString,
+        reason: __expectString,
     });
     Object.assign(contents, doc);
     const exception = new InvalidRequestException({

package/dist-types/SSOOIDC.d.ts

@@ -38,7 +38,7 @@ export interface SSOOIDC {
  *             <b>API namespaces</b>
  *          </p>
  *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
- *       OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
  *          <p>
  *             <b>Considerations for using this guide</b>
  *          </p>

package/dist-types/SSOOIDCClient.d.ts

@@ -180,7 +180,7 @@ export interface SSOOIDCClientResolvedConfig extends SSOOIDCClientResolvedConfig
  *             <b>API namespaces</b>
  *          </p>
  *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
- *       OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
  *          <p>
  *             <b>Considerations for using this guide</b>
  *          </p>

package/dist-types/commands/CreateTokenWithIAMCommand.d.ts

@@ -27,10 +27,14 @@ declare const CreateTokenWithIAMCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates and returns access and refresh tokens for clients and applications that are
- *       authenticated using IAM entities. The access token can be used to fetch short-lived
- *       credentials for the assigned Amazon Web Services accounts or to access application APIs using
- *         <code>bearer</code> authentication.</p>
+ * <p>Creates and returns access and refresh tokens for authorized client applications that are
+ *       authenticated using any IAM entity, such as a service
+ *       role or user. These tokens might contain defined scopes that specify permissions such as <code>read:profile</code> or <code>write:data</code>. Through downscoping, you can use the scopes parameter to request tokens with reduced permissions compared to the original client application's permissions or, if applicable, the refresh token's scopes. The access token can be used to fetch short-lived credentials for the assigned
+ *       Amazon Web Services accounts or to access application APIs using <code>bearer</code> authentication.</p>
+ *          <note>
+ *             <p>This API is used with Signature Version 4. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html">Amazon Web Services Signature
+ *           Version 4 for API Requests</a>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/RegisterClientCommand.d.ts

@@ -91,6 +91,10 @@ declare const RegisterClientCommand_base: {
  * @throws {@link InvalidScopeException} (client fault)
  *  <p>Indicates that the scope provided in the request is invalid.</p>
  *
+ * @throws {@link SlowDownException} (client fault)
+ *  <p>Indicates that the client is making the request too frequently and is more than the
+ *       service can handle. </p>
+ *
  * @throws {@link UnsupportedGrantTypeException} (client fault)
  *  <p>Indicates that the grant type in the request is not supported by the service.</p>
  *

package/dist-types/index.d.ts

@@ -6,7 +6,7 @@
  *             <b>API namespaces</b>
  *          </p>
  *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
- *       OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
  *          <p>
  *             <b>Considerations for using this guide</b>
  *          </p>

package/dist-types/models/models_0.d.ts

@@ -1,5 +1,16 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { SSOOIDCServiceException as __BaseException } from "./SSOOIDCServiceException";
+/**
+ * @public
+ * @enum
+ */
+export declare const AccessDeniedExceptionReason: {
+    readonly KMS_ACCESS_DENIED: "KMS_AccessDeniedException";
+};
+/**
+ * @public
+ */
+export type AccessDeniedExceptionReason = (typeof AccessDeniedExceptionReason)[keyof typeof AccessDeniedExceptionReason];
 /**
  * <p>You do not have sufficient access to perform this action.</p>
  * @public
@@ -12,6 +23,11 @@ export declare class AccessDeniedException extends __BaseException {
      * @public
      */
     error?: string | undefined;
+    /**
+     * <p>A string that uniquely identifies a reason for the error.</p>
+     * @public
+     */
+    reason?: AccessDeniedExceptionReason | undefined;
     /**
      * <p>Human-readable text providing additional information, used to assist the client developer
      *       in understanding the error that occurred.</p>
@@ -49,15 +65,16 @@ export declare class AuthorizationPendingException extends __BaseException {
     constructor(opts: __ExceptionOptionType<AuthorizationPendingException, __BaseException>);
 }
 /**
- * <p>This structure contains Amazon Web Services-specific parameter extensions for the token endpoint
- *       responses and includes the identity context.</p>
+ * <p>This structure contains Amazon Web Services-specific parameter extensions and the <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html">identity context</a>.</p>
  * @public
  */
 export interface AwsAdditionalDetails {
     /**
-     * <p>STS context assertion that carries a user identifier to the Amazon Web Services service that it calls
-     *       and can be used to obtain an identity-enhanced IAM role session. This value corresponds to
-     *       the <code>sts:identity_context</code> claim in the ID token.</p>
+     * <p>The trusted context assertion is signed and encrypted by STS. It provides access to
+     *         <code>sts:identity_context</code> claim in the <code>idToken</code> without JWT
+     *       parsing</p>
+     *          <p>Identity context comprises information that Amazon Web Services services use to make authorization
+     *       decisions when they receive requests.</p>
      * @public
      */
     identityContext?: string | undefined;
@@ -112,9 +129,7 @@ export interface CreateTokenRequest {
      */
     refreshToken?: string | undefined;
     /**
-     * <p>The list of scopes for which authorization is requested. The access token that is issued
-     *       is limited to the scopes that are granted. If this value is not specified, IAM Identity Center authorizes
-     *       all scopes that are configured for the client during the call to <a>RegisterClient</a>.</p>
+     * <p>The list of scopes for which authorization is requested. This parameter has no effect; the access token will always include all scopes configured during client registration.</p>
      * @public
      */
     scope?: string[] | undefined;
@@ -270,6 +285,20 @@ export declare class InvalidGrantException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InvalidGrantException, __BaseException>);
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const InvalidRequestExceptionReason: {
+    readonly KMS_DISABLED_KEY: "KMS_DisabledException";
+    readonly KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException";
+    readonly KMS_INVALID_STATE: "KMS_InvalidStateException";
+    readonly KMS_KEY_NOT_FOUND: "KMS_NotFoundException";
+};
+/**
+ * @public
+ */
+export type InvalidRequestExceptionReason = (typeof InvalidRequestExceptionReason)[keyof typeof InvalidRequestExceptionReason];
 /**
  * <p>Indicates that something is wrong with the input to the request. For example, a required
  *       parameter might be missing or out of range.</p>
@@ -284,6 +313,11 @@ export declare class InvalidRequestException extends __BaseException {
      * @public
      */
     error?: string | undefined;
+    /**
+     * <p>A string that uniquely identifies a reason for the error.</p>
+     * @public
+     */
+    reason?: InvalidRequestExceptionReason | undefined;
     /**
      * <p>Human-readable text providing additional information, used to assist the client developer
      *       in understanding the error that occurred.</p>
@@ -541,10 +575,8 @@ export interface CreateTokenWithIAMResponse {
      */
     scope?: string[] | undefined;
     /**
-     * <p>A structure containing information from the <code>idToken</code>. Only the
-     *         <code>identityContext</code> is in it, which is a value extracted from the
-     *         <code>idToken</code>. This provides direct access to identity information without requiring
-     *       JWT parsing.</p>
+     * <p>A structure containing information from IAM Identity Center managed user and group
+     *       information.</p>
      * @public
      */
     awsAdditionalDetails?: AwsAdditionalDetails | undefined;

package/dist-types/ts3.4/models/models_0.d.ts

@@ -1,9 +1,15 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { SSOOIDCServiceException as __BaseException } from "./SSOOIDCServiceException";
+export declare const AccessDeniedExceptionReason: {
+  readonly KMS_ACCESS_DENIED: "KMS_AccessDeniedException";
+};
+export type AccessDeniedExceptionReason =
+  (typeof AccessDeniedExceptionReason)[keyof typeof AccessDeniedExceptionReason];
 export declare class AccessDeniedException extends __BaseException {
   readonly name: "AccessDeniedException";
   readonly $fault: "client";
   error?: string | undefined;
+  reason?: AccessDeniedExceptionReason | undefined;
   error_description?: string | undefined;
   constructor(
     opts: __ExceptionOptionType<AccessDeniedException, __BaseException>
@@ -75,10 +81,19 @@ export declare class InvalidGrantException extends __BaseException {
     opts: __ExceptionOptionType<InvalidGrantException, __BaseException>
   );
 }
+export declare const InvalidRequestExceptionReason: {
+  readonly KMS_DISABLED_KEY: "KMS_DisabledException";
+  readonly KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException";
+  readonly KMS_INVALID_STATE: "KMS_InvalidStateException";
+  readonly KMS_KEY_NOT_FOUND: "KMS_NotFoundException";
+};
+export type InvalidRequestExceptionReason =
+  (typeof InvalidRequestExceptionReason)[keyof typeof InvalidRequestExceptionReason];
 export declare class InvalidRequestException extends __BaseException {
   readonly name: "InvalidRequestException";
   readonly $fault: "client";
   error?: string | undefined;
+  reason?: InvalidRequestExceptionReason | undefined;
   error_description?: string | undefined;
   constructor(
     opts: __ExceptionOptionType<InvalidRequestException, __BaseException>

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sso-oidc",
   "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native",
-  "version": "3.894.0",
+  "version": "3.895.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sso-oidc",
@@ -21,16 +21,16 @@
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
     "@aws-sdk/core": "3.894.0",
-    "@aws-sdk/credential-provider-node": "3.894.0",
+    "@aws-sdk/credential-provider-node": "3.895.0",
     "@aws-sdk/middleware-host-header": "3.893.0",
     "@aws-sdk/middleware-logger": "3.893.0",
     "@aws-sdk/middleware-recursion-detection": "3.893.0",
-    "@aws-sdk/middleware-user-agent": "3.894.0",
+    "@aws-sdk/middleware-user-agent": "3.895.0",
     "@aws-sdk/region-config-resolver": "3.893.0",
     "@aws-sdk/types": "3.893.0",
-    "@aws-sdk/util-endpoints": "3.893.0",
+    "@aws-sdk/util-endpoints": "3.895.0",
     "@aws-sdk/util-user-agent-browser": "3.893.0",
-    "@aws-sdk/util-user-agent-node": "3.894.0",
+    "@aws-sdk/util-user-agent-node": "3.895.0",
     "@smithy/config-resolver": "^4.2.2",
     "@smithy/core": "^3.11.1",
     "@smithy/fetch-http-handler": "^5.2.1",