@aws-sdk/client-sts 3.30.0 → 3.34.0

package/dist/es/commands/AssumeRoleWithWebIdentityCommand.js

@@ -3,173 +3,13 @@ import { AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse } f
 import { deserializeAws_queryAssumeRoleWithWebIdentityCommand, serializeAws_queryAssumeRoleWithWebIdentityCommand, } from "../protocols/Aws_query";
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
-/**
- * <p>Returns a set of temporary security credentials for users who have been authenticated in
- *          a mobile or web application with a web identity provider. Example providers include Amazon Cognito,
- *          Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity
- *          provider.</p>
- *          <note>
- *             <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the
- *                <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely
- *             identify a user. You can also supply the user with a consistent identity throughout the
- *             lifetime of an application.</p>
- *             <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in
- *                <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the
- *                <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p>
- *          </note>
- *          <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services
- *          security credentials. Therefore, you can distribute an application (for example, on mobile
- *          devices) that requests temporary security credentials without including long-term Amazon Web Services
- *          credentials in the application. You also don't need to deploy server-based proxy services
- *          that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by
- *          using a token from the web identity provider. For a comparison of
- *             <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce
- *          temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
- *          <p>The temporary security credentials returned by this API consist of an access key ID, a
- *          secret access key, and a security token. Applications can use these temporary security
- *          credentials to sign calls to Amazon Web Services service API operations.</p>
- *          <p>
- *             <b>Session Duration</b>
- *          </p>
- *          <p>By default, the temporary security credentials created by
- *             <code>AssumeRoleWithWebIdentity</code> last for one hour. However, you can use the
- *          optional <code>DurationSeconds</code> parameter to specify the duration of your session.
- *          You can provide a value from 900 seconds (15 minutes) up to the maximum session duration
- *          setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how
- *          to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
- *             Maximum Session Duration Setting for a Role</a> in the
- *             <i>IAM User Guide</i>. The maximum session duration limit applies when
- *          you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
- *          commands. However the limit does not apply when you use those operations to create a
- *          console URL. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM Roles</a> in the
- *             <i>IAM User Guide</i>. </p>
- *          <p>
- *             <b>Permissions</b>
- *          </p>
- *          <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can
- *          be used to make API calls to any Amazon Web Services service with the following exception: you cannot
- *          call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
- *          operations.</p>
- *          <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
- *          this operation. You can pass a single JSON policy document to use as an inline session
- *          policy. You can also specify up to 10 managed policies to use as managed session policies.
- *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
- *          characters. Passing policies to this operation returns new
- *          temporary credentials. The resulting session's permissions are the intersection of the
- *          role's identity-based policy and the session policies. You can use the role's temporary
- *          credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
- *          the role. You cannot use session policies to grant more permissions than those allowed
- *          by the identity-based policy of the role that is being assumed. For more information, see
- *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
- *             Policies</a> in the <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Tags</b>
- *          </p>
- *          <p>(Optional) You can configure your IdP to pass attributes into your web identity token as
- *          session tags. Each session tag consists of a key name and an associated value. For more
- *          information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
- *             <i>IAM User Guide</i>.</p>
- *          <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
- *          characters and the values can’t exceed 256 characters. For these and additional limits, see
- *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length">IAM
- *             and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>
- *
- *          <note>
- *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
- *             packed binary format that has a separate limit. Your request can fail for this limit
- *             even if your plaintext meets the other requirements. The <code>PackedPolicySize</code>
- *             response element indicates by percentage how close the policies and tags for your
- *             request are to the upper size limit.
- *             </p>
- *          </note>
- *          <p>You can pass a session tag with the same key as a tag that is
- *          attached to the role. When you do, the session tag overrides the role tag with the same
- *          key.</p>
- *          <p>An administrator must grant you the permissions necessary to pass session tags. The
- *          administrator can also create granular permissions to allow you to pass only specific
- *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
- *             for Attribute-Based Access Control</a> in the
- *          <i>IAM User Guide</i>.</p>
- *          <p>You can set the session tags as transitive. Transitive tags persist during role
- *          chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
- *             with Session Tags</a> in the <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Identities</b>
- *          </p>
- *          <p>Before your application can call <code>AssumeRoleWithWebIdentity</code>, you must have
- *          an identity token from a supported identity provider and create a role that the application
- *          can assume. The role that your application assumes must trust the identity provider that is
- *          associated with the identity token. In other words, the identity provider must be specified
- *          in the role's trust policy. </p>
- *          <important>
- *             <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your
- *             CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of
- *             the provided web identity token. We recommend that you avoid using any personally
- *             identifiable information (PII) in this field. For example, you could instead use a GUID
- *             or a pairwise identifier, as <a href="http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">suggested
- *                in the OIDC specification</a>.</p>
- *          </important>
- *          <p>For more information about how to use web identity federation and the
- *             <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html">Using Web Identity Federation API Operations for Mobile Apps</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a>. </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/"> Web Identity Federation Playground</a>. Walk through the process of
- *                authenticating through Login with Amazon, Facebook, or Google, getting temporary
- *                security credentials, and then using those credentials to make a request to Amazon Web Services.
- *             </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits
- *                contain sample apps that show how to invoke the identity providers. The toolkits then
- *                show how to use the information from these providers to get and use temporary
- *                security credentials. </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications">Web Identity
- *                   Federation with Mobile Applications</a>. This article discusses web identity
- *                federation and shows an example of how to use web identity federation to get access
- *                to content in Amazon S3. </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, AssumeRoleWithWebIdentityCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * const client = new STSClient(config);
- * const command = new AssumeRoleWithWebIdentityCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link AssumeRoleWithWebIdentityCommandInput} for command's `input` shape.
- * @see {@link AssumeRoleWithWebIdentityCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
- *
- */
-var AssumeRoleWithWebIdentityCommand = /** @class */ (function (_super) {
+var AssumeRoleWithWebIdentityCommand = (function (_super) {
     __extends(AssumeRoleWithWebIdentityCommand, _super);
-    // Start section: command_properties
-    // End section: command_properties
     function AssumeRoleWithWebIdentityCommand(input) {
-        var _this = 
-        // Start section: command_constructor
-        _super.call(this) || this;
+        var _this = _super.call(this) || this;
         _this.input = input;
         return _this;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     AssumeRoleWithWebIdentityCommand.prototype.resolveMiddleware = function (clientStack, configuration, options) {
         this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
         var stack = clientStack.concat(this.middlewareStack);

package/dist/es/commands/AssumeRoleWithWebIdentityCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"AssumeRoleWithWebIdentityCommand.js","sourceRoot":"","sources":["../../../commands/AssumeRoleWithWebIdentityCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,gCAAgC,EAAE,iCAAiC,EAAE,MAAM,oBAAoB,CAAC;AACzG,OAAO,EACL,oDAAoD,EACpD,kDAAkD,GACnD,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuJG;AACH;IAAsD,oDAIrD;IACC,oCAAoC;IACpC,kCAAkC;IAElC,0CAAqB,KAA4C;QAAjE;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAuC;;QAG/D,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,4DAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,kCAAkC,CAAC;QACvD,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,gCAAgC,CAAC,kBAAkB;YAC5E,wBAAwB,EAAE,iCAAiC,CAAC,kBAAkB;SAC/E,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,oDAAS,GAAjB,UAAkB,KAA4C,EAAE,OAAuB;QACrF,OAAO,kDAAkD,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC5E,CAAC;IAEO,sDAAW,GAAnB,UACE,MAAsB,EACtB,OAAuB;QAEvB,OAAO,oDAAoD,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/E,CAAC;IAIH,uCAAC;AAAD,CAAC,AAzDD,CAAsD,QAAQ,GAyD7D"}
+{"version":3,"file":"AssumeRoleWithWebIdentityCommand.js","sourceRoot":"","sources":["../../../commands/AssumeRoleWithWebIdentityCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,gCAAgC,EAAE,iCAAiC,EAAE,MAAM,oBAAoB,CAAC;AACzG,OAAO,EACL,oDAAoD,EACpD,kDAAkD,GACnD,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAsK7D;IAAsD,oDAIrD;IAIC,0CAAqB,KAA4C;QAAjE,YAEE,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAuC;;IAIjE,CAAC;IAKD,4DAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,kCAAkC,CAAC;QACvD,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,gCAAgC,CAAC,kBAAkB;YAC5E,wBAAwB,EAAE,iCAAiC,CAAC,kBAAkB;SAC/E,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,oDAAS,GAAjB,UAAkB,KAA4C,EAAE,OAAuB;QACrF,OAAO,kDAAkD,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC5E,CAAC;IAEO,sDAAW,GAAnB,UACE,MAAsB,EACtB,OAAuB;QAEvB,OAAO,oDAAoD,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/E,CAAC;IAIH,uCAAC;AAAD,CAAC,AAzDD,CAAsD,QAAQ,GAyD7D"}

package/dist/es/commands/DecodeAuthorizationMessageCommand.js

@@ -4,73 +4,13 @@ import { deserializeAws_queryDecodeAuthorizationMessageCommand, serializeAws_que
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
 import { Command as $Command } from "@aws-sdk/smithy-client";
-/**
- * <p>Decodes additional information about the authorization status of a request from an
- *          encoded message returned in response to an Amazon Web Services request.</p>
- *          <p>For example, if a user is not authorized to perform an operation that he or she has
- *          requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an
- *          HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
- *          provide details about this authorization failure. </p>
- *          <note>
- *             <p>Only certain Amazon Web Services operations return an encoded authorization message. The
- *             documentation for an individual operation indicates whether that operation returns an
- *             encoded message in addition to returning an HTTP code.</p>
- *          </note>
- *          <p>The message is encoded because the details of the authorization status can constitute
- *          privileged information that the user who requested the operation should not see. To decode
- *          an authorization status message, a user must be granted permissions via an IAM policy to
- *          request the <code>DecodeAuthorizationMessage</code>
- *             (<code>sts:DecodeAuthorizationMessage</code>) action. </p>
- *          <p>The decoded message includes the following type of information:</p>
- *          <ul>
- *             <li>
- *                <p>Whether the request was denied due to an explicit deny or due to the absence of an
- *                explicit allow. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow">Determining Whether a Request is Allowed or Denied</a> in the
- *                   <i>IAM User Guide</i>. </p>
- *             </li>
- *             <li>
- *                <p>The principal who made the request.</p>
- *             </li>
- *             <li>
- *                <p>The requested action.</p>
- *             </li>
- *             <li>
- *                <p>The requested resource.</p>
- *             </li>
- *             <li>
- *                <p>The values of condition keys in the context of the user's request.</p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, DecodeAuthorizationMessageCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, DecodeAuthorizationMessageCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * const client = new STSClient(config);
- * const command = new DecodeAuthorizationMessageCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
- * @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
- *
- */
-var DecodeAuthorizationMessageCommand = /** @class */ (function (_super) {
+var DecodeAuthorizationMessageCommand = (function (_super) {
     __extends(DecodeAuthorizationMessageCommand, _super);
-    // Start section: command_properties
-    // End section: command_properties
     function DecodeAuthorizationMessageCommand(input) {
-        var _this = 
-        // Start section: command_constructor
-        _super.call(this) || this;
+        var _this = _super.call(this) || this;
         _this.input = input;
         return _this;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     DecodeAuthorizationMessageCommand.prototype.resolveMiddleware = function (clientStack, configuration, options) {
         this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
         this.middlewareStack.use(getAwsAuthPlugin(configuration));

package/dist/es/commands/DecodeAuthorizationMessageCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"DecodeAuthorizationMessageCommand.js","sourceRoot":"","sources":["../../../commands/DecodeAuthorizationMessageCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,iCAAiC,EAAE,kCAAkC,EAAE,MAAM,oBAAoB,CAAC;AAC3G,OAAO,EACL,qDAAqD,EACrD,mDAAmD,GACpD,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH;IAAuD,qDAItD;IACC,oCAAoC;IACpC,kCAAkC;IAElC,2CAAqB,KAA6C;QAAlE;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAwC;;QAGhE,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,6DAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,mCAAmC,CAAC;QACxD,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,iCAAiC,CAAC,kBAAkB;YAC7E,wBAAwB,EAAE,kCAAkC,CAAC,kBAAkB;SAChF,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,qDAAS,GAAjB,UAAkB,KAA6C,EAAE,OAAuB;QACtF,OAAO,mDAAmD,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC7E,CAAC;IAEO,uDAAW,GAAnB,UACE,MAAsB,EACtB,OAAuB;QAEvB,OAAO,qDAAqD,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChF,CAAC;IAIH,wCAAC;AAAD,CAAC,AA1DD,CAAuD,QAAQ,GA0D9D"}
+{"version":3,"file":"DecodeAuthorizationMessageCommand.js","sourceRoot":"","sources":["../../../commands/DecodeAuthorizationMessageCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,iCAAiC,EAAE,kCAAkC,EAAE,MAAM,oBAAoB,CAAC;AAC3G,OAAO,EACL,qDAAqD,EACrD,mDAAmD,GACpD,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAkE7D;IAAuD,qDAItD;IAIC,2CAAqB,KAA6C;QAAlE,YAEE,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAwC;;IAIlE,CAAC;IAKD,6DAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,mCAAmC,CAAC;QACxD,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,iCAAiC,CAAC,kBAAkB;YAC7E,wBAAwB,EAAE,kCAAkC,CAAC,kBAAkB;SAChF,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,qDAAS,GAAjB,UAAkB,KAA6C,EAAE,OAAuB;QACtF,OAAO,mDAAmD,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC7E,CAAC;IAEO,uDAAW,GAAnB,UACE,MAAsB,EACtB,OAAuB;QAEvB,OAAO,qDAAqD,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChF,CAAC;IAIH,wCAAC;AAAD,CAAC,AA1DD,CAAuD,QAAQ,GA0D9D"}

package/dist/es/commands/GetAccessKeyInfoCommand.js

@@ -4,55 +4,13 @@ import { deserializeAws_queryGetAccessKeyInfoCommand, serializeAws_queryGetAcces
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
 import { Command as $Command } from "@aws-sdk/smithy-client";
-/**
- * <p>Returns the account identifier for the specified access key ID.</p>
- *         <p>Access keys consist of two parts: an access key ID (for example,
- *                 <code>AKIAIOSFODNN7EXAMPLE</code>) and a secret access key (for example,
- *                 <code>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</code>). For more information about
- *             access keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html">Managing Access Keys for IAM
- *                 Users</a> in the <i>IAM User Guide</i>.</p>
- *         <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services
- *             account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are
- *             long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs
- *             beginning with <code>ASIA</code> are temporary credentials that are created using STS
- *             operations. If the account in the response belongs to you, you can sign in as the root
- *             user and review your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials report</a> to learn which IAM user owns the keys. To learn who
- *             requested the temporary credentials for an <code>ASIA</code> access key, view the STS
- *             events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the
- *                 <i>IAM User Guide</i>.</p>
- *         <p>This operation does not indicate the state of the access key. The key might be active,
- *             inactive, or deleted. Active keys might not have permissions to perform an operation.
- *             Providing a deleted access key might return an error that the key doesn't exist.</p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, GetAccessKeyInfoCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, GetAccessKeyInfoCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * const client = new STSClient(config);
- * const command = new GetAccessKeyInfoCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GetAccessKeyInfoCommandInput} for command's `input` shape.
- * @see {@link GetAccessKeyInfoCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
- *
- */
-var GetAccessKeyInfoCommand = /** @class */ (function (_super) {
+var GetAccessKeyInfoCommand = (function (_super) {
     __extends(GetAccessKeyInfoCommand, _super);
-    // Start section: command_properties
-    // End section: command_properties
     function GetAccessKeyInfoCommand(input) {
-        var _this = 
-        // Start section: command_constructor
-        _super.call(this) || this;
+        var _this = _super.call(this) || this;
         _this.input = input;
         return _this;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     GetAccessKeyInfoCommand.prototype.resolveMiddleware = function (clientStack, configuration, options) {
         this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
         this.middlewareStack.use(getAwsAuthPlugin(configuration));

package/dist/es/commands/GetAccessKeyInfoCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"GetAccessKeyInfoCommand.js","sourceRoot":"","sources":["../../../commands/GetAccessKeyInfoCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EACL,2CAA2C,EAC3C,yCAAyC,GAC1C,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH;IAA6C,2CAI5C;IACC,oCAAoC;IACpC,kCAAkC;IAElC,iCAAqB,KAAmC;QAAxD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAA8B;;QAGtD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,mDAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,yBAAyB,CAAC;QAC9C,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,uBAAuB,CAAC,kBAAkB;YACnE,wBAAwB,EAAE,wBAAwB,CAAC,kBAAkB;SACtE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,2CAAS,GAAjB,UAAkB,KAAmC,EAAE,OAAuB;QAC5E,OAAO,yCAAyC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAEO,6CAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,2CAA2C,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAIH,8BAAC;AAAD,CAAC,AAvDD,CAA6C,QAAQ,GAuDpD"}
+{"version":3,"file":"GetAccessKeyInfoCommand.js","sourceRoot":"","sources":["../../../commands/GetAccessKeyInfoCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EACL,2CAA2C,EAC3C,yCAAyC,GAC1C,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAgD7D;IAA6C,2CAI5C;IAIC,iCAAqB,KAAmC;QAAxD,YAEE,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAA8B;;IAIxD,CAAC;IAKD,mDAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,yBAAyB,CAAC;QAC9C,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,uBAAuB,CAAC,kBAAkB;YACnE,wBAAwB,EAAE,wBAAwB,CAAC,kBAAkB;SACtE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,2CAAS,GAAjB,UAAkB,KAAmC,EAAE,OAAuB;QAC5E,OAAO,yCAAyC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAEO,6CAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,2CAA2C,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAIH,8BAAC;AAAD,CAAC,AAvDD,CAA6C,QAAQ,GAuDpD"}

package/dist/es/commands/GetCallerIdentityCommand.js

@@ -4,47 +4,13 @@ import { deserializeAws_queryGetCallerIdentityCommand, serializeAws_queryGetCall
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
 import { Command as $Command } from "@aws-sdk/smithy-client";
-/**
- * <p>Returns details about the IAM user or role whose credentials are used to call the
- *             operation.</p>
- *         <note>
- *             <p>No permissions are required to perform this operation. If an administrator adds a
- *                 policy to your IAM user or role that explicitly denies access to the
- *                     <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
- *                 Permissions are not required because the same information is returned when an IAM
- *                 user or role is denied access. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
- *                     <i>IAM User Guide</i>.</p>
- *         </note>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, GetCallerIdentityCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * const client = new STSClient(config);
- * const command = new GetCallerIdentityCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GetCallerIdentityCommandInput} for command's `input` shape.
- * @see {@link GetCallerIdentityCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
- *
- */
-var GetCallerIdentityCommand = /** @class */ (function (_super) {
+var GetCallerIdentityCommand = (function (_super) {
     __extends(GetCallerIdentityCommand, _super);
-    // Start section: command_properties
-    // End section: command_properties
     function GetCallerIdentityCommand(input) {
-        var _this = 
-        // Start section: command_constructor
-        _super.call(this) || this;
+        var _this = _super.call(this) || this;
         _this.input = input;
         return _this;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     GetCallerIdentityCommand.prototype.resolveMiddleware = function (clientStack, configuration, options) {
         this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
         this.middlewareStack.use(getAwsAuthPlugin(configuration));

package/dist/es/commands/GetCallerIdentityCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"GetCallerIdentityCommand.js","sourceRoot":"","sources":["../../../commands/GetCallerIdentityCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,wBAAwB,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AACzF,OAAO,EACL,4CAA4C,EAC5C,0CAA0C,GAC3C,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH;IAA8C,4CAI7C;IACC,oCAAoC;IACpC,kCAAkC;IAElC,kCAAqB,KAAoC;QAAzD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAA+B;;QAGvD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,oDAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,0BAA0B,CAAC;QAC/C,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,wBAAwB,CAAC,kBAAkB;YACpE,wBAAwB,EAAE,yBAAyB,CAAC,kBAAkB;SACvE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,4CAAS,GAAjB,UAAkB,KAAoC,EAAE,OAAuB;QAC7E,OAAO,0CAA0C,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IAEO,8CAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,4CAA4C,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAIH,+BAAC;AAAD,CAAC,AAvDD,CAA8C,QAAQ,GAuDrD"}
+{"version":3,"file":"GetCallerIdentityCommand.js","sourceRoot":"","sources":["../../../commands/GetCallerIdentityCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,wBAAwB,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AACzF,OAAO,EACL,4CAA4C,EAC5C,0CAA0C,GAC3C,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAwC7D;IAA8C,4CAI7C;IAIC,kCAAqB,KAAoC;QAAzD,YAEE,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAA+B;;IAIzD,CAAC;IAKD,oDAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,0BAA0B,CAAC;QAC/C,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,wBAAwB,CAAC,kBAAkB;YACpE,wBAAwB,EAAE,yBAAyB,CAAC,kBAAkB;SACvE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,4CAAS,GAAjB,UAAkB,KAAoC,EAAE,OAAuB;QAC7E,OAAO,0CAA0C,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IAEO,8CAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,4CAA4C,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAIH,+BAAC;AAAD,CAAC,AAvDD,CAA8C,QAAQ,GAuDrD"}

package/dist/es/commands/GetFederationTokenCommand.js

@@ -4,176 +4,13 @@ import { deserializeAws_queryGetFederationTokenCommand, serializeAws_queryGetFed
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
 import { Command as $Command } from "@aws-sdk/smithy-client";
-/**
- * <p>Returns a set of temporary security credentials (consisting of an access key ID, a
- *          secret access key, and a security token) for a federated user. A typical use is in a proxy
- *          application that gets temporary security credentials on behalf of distributed applications
- *          inside a corporate network. You must call the <code>GetFederationToken</code> operation
- *          using the long-term security credentials of an IAM user. As a result, this call is
- *          appropriate in contexts where those credentials can be safely stored, usually in a
- *          server-based application. For a comparison of <code>GetFederationToken</code> with the
- *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
- *          <note>
- *             <p>You can create a mobile-based or browser-based app that can authenticate users using
- *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
- *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
- *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
- *                <i>IAM User Guide</i>.</p>
- *          </note>
- *          <p>You can also call <code>GetFederationToken</code> using the security credentials of an
- *          Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create
- *          an IAM user for the purpose of the proxy application. Then attach a policy to the IAM
- *          user that limits federated users to only the actions and resources that they need to
- *          access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM Best Practices</a> in the
- *             <i>IAM User Guide</i>. </p>
- *          <p>
- *             <b>Session duration</b>
- *          </p>
- *          <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
- *          minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *          43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account
- *          root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
- *          <p>
- *             <b>Permissions</b>
- *          </p>
- *          <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any
- *          Amazon Web Services service except the following:</p>
- *          <ul>
- *             <li>
- *                <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p>
- *             </li>
- *             <li>
- *                <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p>
- *             </li>
- *          </ul>
- *          <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
- *          this operation. You can pass a single JSON policy document to use as an inline session
- *          policy. You can also specify up to 10 managed policies to use as managed session policies.
- *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
- *          characters.</p>
- *          <p>Though the session policy parameters are optional, if you do not pass a policy, then the
- *          resulting federated user session has no permissions. When you pass session policies, the
- *          session permissions are the intersection of the IAM user policies and the session
- *          policies that you pass. This gives you a way to further restrict the permissions for a
- *          federated user. You cannot use session policies to grant more permissions than those that
- *          are defined in the permissions policy of the IAM user. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
- *             Policies</a> in the <i>IAM User Guide</i>. For information about
- *          using <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
- *          <p>You can use the credentials to access a resource that has a resource-based policy. If
- *          that policy specifically references the federated user session in the
- *             <code>Principal</code> element of the policy, the session has the permissions allowed by
- *          the policy. These permissions are granted in addition to the permissions granted by the
- *          session policies.</p>
- *          <p>
- *             <b>Tags</b>
- *          </p>
- *          <p>(Optional) You can pass tag key-value pairs to your session. These are called session
- *          tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
- *             <i>IAM User Guide</i>.</p>
- *         <note>
- *             <p>You can create a mobile-based or browser-based app that can authenticate users
- *                 using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
- *                 Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
- *                     <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
- *                     <i>IAM User Guide</i>.</p>
- *         </note>
- *         <p>You can also call <code>GetFederationToken</code> using the security credentials of an
- *             Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you
- *             create an IAM user for the purpose of the proxy application. Then attach a policy to
- *             the IAM user that limits federated users to only the actions and resources that they
- *             need to access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM Best Practices</a> in the
- *                 <i>IAM User Guide</i>. </p>
- *         <p>
- *             <b>Session duration</b>
- *          </p>
- *         <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
- *             minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *             43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services
- *             account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
- *         <p>
- *             <b>Permissions</b>
- *         </p>
- *         <p>You can use the temporary credentials created by <code>GetFederationToken</code> in
- *             any Amazon Web Services service except the following:</p>
- *         <ul>
- *             <li>
- *                 <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API.
- *                 </p>
- *             </li>
- *             <li>
- *                 <p>You cannot call any STS operations except
- *                     <code>GetCallerIdentity</code>.</p>
- *             </li>
- *          </ul>
- *         <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
- *             this operation. You can pass a single JSON policy document to use as an inline session
- *             policy. You can also specify up to 10 managed policies to use as managed session
- *             policies. The plain text that you use for both inline and managed session policies can't
- *             exceed 2,048 characters.</p>
- *         <p>Though the session policy parameters are optional, if you do not pass a policy, then
- *             the resulting federated user session has no permissions. When you pass session policies,
- *             the session permissions are the intersection of the IAM user policies and the session
- *             policies that you pass. This gives you a way to further restrict the permissions for a
- *             federated user. You cannot use session policies to grant more permissions than those
- *             that are defined in the permissions policy of the IAM user. For more information, see
- *                 <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a>
- *             in the <i>IAM User Guide</i>. For information about using
- *                 <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
- *         <p>You can use the credentials to access a resource that has a resource-based policy. If
- *             that policy specifically references the federated user session in the
- *                 <code>Principal</code> element of the policy, the session has the permissions
- *             allowed by the policy. These permissions are granted in addition to the permissions
- *             granted by the session policies.</p>
- *         <p>
- *             <b>Tags</b>
- *          </p>
- *         <p>(Optional) You can pass tag key-value pairs to your session. These are called session
- *             tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *         <p>An administrator must grant you the permissions necessary to pass session tags. The
- *             administrator can also create granular permissions to allow you to pass only specific
- *             session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using
- *                 Tags for Attribute-Based Access Control</a> in the
- *                 <i>IAM User Guide</i>.</p>
- *         <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
- *             cannot have separate <code>Department</code> and <code>department</code> tag keys.
- *             Assume that the user that you are federating has the
- *                 <code>Department</code>=<code>Marketing</code> tag and you pass the
- *                 <code>department</code>=<code>engineering</code> session tag.
- *                 <code>Department</code> and <code>department</code> are not saved as separate tags,
- *             and the session tag passed in the request takes precedence over the user tag.</p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, GetFederationTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, GetFederationTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * const client = new STSClient(config);
- * const command = new GetFederationTokenCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GetFederationTokenCommandInput} for command's `input` shape.
- * @see {@link GetFederationTokenCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
- *
- */
-var GetFederationTokenCommand = /** @class */ (function (_super) {
+var GetFederationTokenCommand = (function (_super) {
     __extends(GetFederationTokenCommand, _super);
-    // Start section: command_properties
-    // End section: command_properties
     function GetFederationTokenCommand(input) {
-        var _this = 
-        // Start section: command_constructor
-        _super.call(this) || this;
+        var _this = _super.call(this) || this;
         _this.input = input;
         return _this;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     GetFederationTokenCommand.prototype.resolveMiddleware = function (clientStack, configuration, options) {
         this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
         this.middlewareStack.use(getAwsAuthPlugin(configuration));

package/dist/es/commands/GetFederationTokenCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"GetFederationTokenCommand.js","sourceRoot":"","sources":["../../../commands/GetFederationTokenCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAC3F,OAAO,EACL,6CAA6C,EAC7C,2CAA2C,GAC5C,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0JG;AACH;IAA+C,6CAI9C;IACC,oCAAoC;IACpC,kCAAkC;IAElC,mCAAqB,KAAqC;QAA1D;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAgC;;QAGxD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,qDAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,2BAA2B,CAAC;QAChD,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,yBAAyB,CAAC,kBAAkB;YACrE,wBAAwB,EAAE,0BAA0B,CAAC,kBAAkB;SACxE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,6CAAS,GAAjB,UAAkB,KAAqC,EAAE,OAAuB;QAC9E,OAAO,2CAA2C,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAEO,+CAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,6CAA6C,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;IAIH,gCAAC;AAAD,CAAC,AAvDD,CAA+C,QAAQ,GAuDtD"}
+{"version":3,"file":"GetFederationTokenCommand.js","sourceRoot":"","sources":["../../../commands/GetFederationTokenCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAC3F,OAAO,EACL,6CAA6C,EAC7C,2CAA2C,GAC5C,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAyK7D;IAA+C,6CAI9C;IAIC,mCAAqB,KAAqC;QAA1D,YAEE,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAgC;;IAI1D,CAAC;IAKD,qDAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC;QAE1D,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,2BAA2B,CAAC;QAChD,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,yBAAyB,CAAC,kBAAkB;YACrE,wBAAwB,EAAE,0BAA0B,CAAC,kBAAkB;SACxE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,6CAAS,GAAjB,UAAkB,KAAqC,EAAE,OAAuB;QAC9E,OAAO,2CAA2C,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAEO,+CAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,6CAA6C,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;IAIH,gCAAC;AAAD,CAAC,AAvDD,CAA+C,QAAQ,GAuDtD"}