@aws-sdk/client-sts 3.933.0 → 3.935.0

package/dist-es/schemas/schemas_0.js

@@ -46,15 +46,20 @@ const _GFTRe = "GetFederationTokenResponse";
 const _GST = "GetSessionToken";
 const _GSTR = "GetSessionTokenRequest";
 const _GSTRe = "GetSessionTokenResponse";
+const _GWIT = "GetWebIdentityToken";
+const _GWITR = "GetWebIdentityTokenRequest";
+const _GWITRe = "GetWebIdentityTokenResponse";
 const _I = "Issuer";
 const _IAME = "InvalidAuthorizationMessageException";
 const _IDPCEE = "IDPCommunicationErrorException";
 const _IDPRCE = "IDPRejectedClaimException";
 const _IITE = "InvalidIdentityTokenException";
+const _JWTPSEE = "JWTPayloadSizeExceededException";
 const _K = "Key";
 const _MPDE = "MalformedPolicyDocumentException";
 const _N = "Name";
 const _NQ = "NameQualifier";
+const _OWIFDE = "OutboundWebIdentityFederationDisabledException";
 const _P = "Policy";
 const _PA = "PolicyArns";
 const _PAr = "PrincipalArn";
@@ -71,9 +76,11 @@ const _RA = "RoleArn";
 const _RDE = "RegionDisabledException";
 const _RSN = "RoleSessionName";
 const _S = "Subject";
+const _SA = "SigningAlgorithm";
 const _SAK = "SecretAccessKey";
 const _SAMLA = "SAMLAssertion";
 const _SAMLAT = "SAMLAssertionType";
+const _SDEE = "SessionDurationEscalationException";
 const _SFWIT = "SubjectFromWebIdentityToken";
 const _SI = "SourceIdentity";
 const _SN = "SerialNumber";
@@ -101,14 +108,16 @@ const _pDLT = "policyDescriptorListType";
 const _s = "smithy.ts.sdk.synthetic.com.amazonaws.sts";
 const _tITT = "tradeInTokenType";
 const _tLT = "tagListType";
+const _wITT = "webIdentityTokenType";
 const n0 = "com.amazonaws.sts";
 import { TypeRegistry } from "@smithy/core/schema";
-import { ExpiredTokenException as __ExpiredTokenException, ExpiredTradeInTokenException as __ExpiredTradeInTokenException, IDPCommunicationErrorException as __IDPCommunicationErrorException, IDPRejectedClaimException as __IDPRejectedClaimException, InvalidAuthorizationMessageException as __InvalidAuthorizationMessageException, InvalidIdentityTokenException as __InvalidIdentityTokenException, MalformedPolicyDocumentException as __MalformedPolicyDocumentException, PackedPolicyTooLargeException as __PackedPolicyTooLargeException, RegionDisabledException as __RegionDisabledException, } from "../models/index";
+import { ExpiredTokenException as __ExpiredTokenException, ExpiredTradeInTokenException as __ExpiredTradeInTokenException, IDPCommunicationErrorException as __IDPCommunicationErrorException, IDPRejectedClaimException as __IDPRejectedClaimException, InvalidAuthorizationMessageException as __InvalidAuthorizationMessageException, InvalidIdentityTokenException as __InvalidIdentityTokenException, JWTPayloadSizeExceededException as __JWTPayloadSizeExceededException, MalformedPolicyDocumentException as __MalformedPolicyDocumentException, OutboundWebIdentityFederationDisabledException as __OutboundWebIdentityFederationDisabledException, PackedPolicyTooLargeException as __PackedPolicyTooLargeException, RegionDisabledException as __RegionDisabledException, SessionDurationEscalationException as __SessionDurationEscalationException, } from "../models/errors";
 import { STSServiceException as __STSServiceException } from "../models/STSServiceException";
 export var accessKeySecretType = [0, n0, _aKST, 8, 0];
 export var clientTokenType = [0, n0, _cTT, 8, 0];
 export var SAMLAssertionType = [0, n0, _SAMLAT, 8, 0];
 export var tradeInTokenType = [0, n0, _tITT, 8, 0];
+export var webIdentityTokenType = [0, n0, _wITT, 8, 0];
 export var AssumedRoleUser = [3, n0, _ARU, 0, [_ARI, _A], [0, 0]];
 export var AssumeRoleRequest = [
     3,
@@ -242,6 +251,22 @@ export var GetFederationTokenResponse = [
 ];
 export var GetSessionTokenRequest = [3, n0, _GSTR, 0, [_DS, _SN, _TC], [1, 0, 0]];
 export var GetSessionTokenResponse = [3, n0, _GSTRe, 0, [_C], [[() => Credentials, 0]]];
+export var GetWebIdentityTokenRequest = [
+    3,
+    n0,
+    _GWITR,
+    0,
+    [_Au, _DS, _SA, _T],
+    [64 | 0, 1, 0, () => tagListType],
+];
+export var GetWebIdentityTokenResponse = [
+    3,
+    n0,
+    _GWITRe,
+    0,
+    [_WIT, _E],
+    [[() => webIdentityTokenType, 0], 4],
+];
 export var IDPCommunicationErrorException = [
     -3,
     n0,
@@ -294,6 +319,19 @@ export var InvalidIdentityTokenException = [
     [0],
 ];
 TypeRegistry.for(n0).registerError(InvalidIdentityTokenException, __InvalidIdentityTokenException);
+export var JWTPayloadSizeExceededException = [
+    -3,
+    n0,
+    _JWTPSEE,
+    {
+        [_e]: _c,
+        [_hE]: 400,
+        [_aQE]: [`JWTPayloadSizeExceededException`, 400],
+    },
+    [_m],
+    [0],
+];
+TypeRegistry.for(n0).registerError(JWTPayloadSizeExceededException, __JWTPayloadSizeExceededException);
 export var MalformedPolicyDocumentException = [
     -3,
     n0,
@@ -307,6 +345,19 @@ export var MalformedPolicyDocumentException = [
     [0],
 ];
 TypeRegistry.for(n0).registerError(MalformedPolicyDocumentException, __MalformedPolicyDocumentException);
+export var OutboundWebIdentityFederationDisabledException = [
+    -3,
+    n0,
+    _OWIFDE,
+    {
+        [_e]: _c,
+        [_hE]: 403,
+        [_aQE]: [`OutboundWebIdentityFederationDisabledException`, 403],
+    },
+    [_m],
+    [0],
+];
+TypeRegistry.for(n0).registerError(OutboundWebIdentityFederationDisabledException, __OutboundWebIdentityFederationDisabledException);
 export var PackedPolicyTooLargeException = [
     -3,
     n0,
@@ -335,6 +386,19 @@ export var RegionDisabledException = [
     [0],
 ];
 TypeRegistry.for(n0).registerError(RegionDisabledException, __RegionDisabledException);
+export var SessionDurationEscalationException = [
+    -3,
+    n0,
+    _SDEE,
+    {
+        [_e]: _c,
+        [_hE]: 403,
+        [_aQE]: [`SessionDurationEscalationException`, 403],
+    },
+    [_m],
+    [0],
+];
+TypeRegistry.for(n0).registerError(SessionDurationEscalationException, __SessionDurationEscalationException);
 export var Tag = [3, n0, _Ta, 0, [_K, _V], [0, 0]];
 export var STSServiceException = [-3, _s, "STSServiceException", 0, [], []];
 TypeRegistry.for(_s).registerError(STSServiceException, __STSServiceException);
@@ -342,6 +406,7 @@ export var policyDescriptorListType = [1, n0, _pDLT, 0, () => PolicyDescriptorTy
 export var ProvidedContextsListType = [1, n0, _PCLT, 0, () => ProvidedContext];
 export var tagKeyListType = 64 | 0;
 export var tagListType = [1, n0, _tLT, 0, () => Tag];
+export var webIdentityTokenAudienceListType = 64 | 0;
 export var AssumeRole = [9, n0, _AR, 0, () => AssumeRoleRequest, () => AssumeRoleResponse];
 export var AssumeRoleWithSAML = [
     9,
@@ -408,3 +473,11 @@ export var GetSessionToken = [
     () => GetSessionTokenRequest,
     () => GetSessionTokenResponse,
 ];
+export var GetWebIdentityToken = [
+    9,
+    n0,
+    _GWIT,
+    0,
+    () => GetWebIdentityTokenRequest,
+    () => GetWebIdentityTokenResponse,
+];

package/dist-types/STS.d.ts

@@ -9,6 +9,7 @@ import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from ".
 import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
+import { GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput } from "./commands/GetWebIdentityTokenCommand";
 import { STSClient } from "./STSClient";
 export interface STS {
     /**
@@ -73,6 +74,12 @@ export interface STS {
     getSessionToken(args: GetSessionTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetSessionTokenCommandOutput>;
     getSessionToken(args: GetSessionTokenCommandInput, cb: (err: any, data?: GetSessionTokenCommandOutput) => void): void;
     getSessionToken(args: GetSessionTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetSessionTokenCommandOutput) => void): void;
+    /**
+     * @see {@link GetWebIdentityTokenCommand}
+     */
+    getWebIdentityToken(args: GetWebIdentityTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetWebIdentityTokenCommandOutput>;
+    getWebIdentityToken(args: GetWebIdentityTokenCommandInput, cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void): void;
+    getWebIdentityToken(args: GetWebIdentityTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void): void;
 }
 /**
  * <fullname>Security Token Service</fullname>

package/dist-types/STSClient.d.ts

@@ -17,17 +17,18 @@ import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from ".
 import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
+import { GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput } from "./commands/GetWebIdentityTokenCommand";
 import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
 import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
 export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetDelegatedAccessTokenCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
+export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetDelegatedAccessTokenCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput | GetWebIdentityTokenCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetDelegatedAccessTokenCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
+export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetDelegatedAccessTokenCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput | GetWebIdentityTokenCommandOutput;
 /**
  * @public
  */

package/dist-types/commands/AssumeRoleCommand.d.ts

@@ -200,9 +200,8 @@ declare const AssumeRoleCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -242,9 +242,8 @@ declare const AssumeRoleWithSAMLCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -233,9 +233,8 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/AssumeRootCommand.d.ts

@@ -88,9 +88,8 @@ declare const AssumeRootCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/GetDelegatedAccessTokenCommand.d.ts

@@ -27,7 +27,10 @@ declare const GetDelegatedAccessTokenCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>This API is currently unavailable for general use.</p>
+ * <p>Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions
+ *          associated with the assumed principal. This operation allows you to obtain credentials for
+ *          a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services
+ *          resources.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -61,14 +64,25 @@ declare const GetDelegatedAccessTokenCommand_base: {
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  * @throws {@link ExpiredTradeInTokenException} (client fault)
- *  <p></p>
+ *  <p>The trade-in token provided in the request has expired and can no longer be exchanged
+ *             for credentials. Request a new token and retry the operation.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -182,9 +182,8 @@ declare const GetFederationTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -121,9 +121,8 @@ declare const GetSessionTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/GetWebIdentityTokenCommand.d.ts

@@ -0,0 +1,98 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GetWebIdentityTokenRequest, GetWebIdentityTokenResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetWebIdentityTokenCommand}.
+ */
+export interface GetWebIdentityTokenCommandInput extends GetWebIdentityTokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetWebIdentityTokenCommand}.
+ */
+export interface GetWebIdentityTokenCommandOutput extends GetWebIdentityTokenResponse, __MetadataBearer {
+}
+declare const GetWebIdentityTokenCommand_base: {
+    new (input: GetWebIdentityTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (input: GetWebIdentityTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web Services identity.
+ *          The returned JWT can be used to authenticate with external services that support OIDC discovery.
+ *          The token is signed by Amazon Web Services STS and can be publicly verified using the verification keys published at the issuer's JWKS endpoint.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetWebIdentityTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetWebIdentityTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * // import type { STSClientConfig } from "@aws-sdk/client-sts";
+ * const config = {}; // type is STSClientConfig
+ * const client = new STSClient(config);
+ * const input = { // GetWebIdentityTokenRequest
+ *   Audience: [ // webIdentityTokenAudienceListType // required
+ *     "STRING_VALUE",
+ *   ],
+ *   DurationSeconds: Number("int"),
+ *   SigningAlgorithm: "STRING_VALUE", // required
+ *   Tags: [ // tagListType
+ *     { // Tag
+ *       Key: "STRING_VALUE", // required
+ *       Value: "STRING_VALUE", // required
+ *     },
+ *   ],
+ * };
+ * const command = new GetWebIdentityTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetWebIdentityTokenResponse
+ * //   WebIdentityToken: "STRING_VALUE",
+ * //   Expiration: new Date("TIMESTAMP"),
+ * // };
+ *
+ * ```
+ *
+ * @param GetWebIdentityTokenCommandInput - {@link GetWebIdentityTokenCommandInput}
+ * @returns {@link GetWebIdentityTokenCommandOutput}
+ * @see {@link GetWebIdentityTokenCommandInput} for command's `input` shape.
+ * @see {@link GetWebIdentityTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link JWTPayloadSizeExceededException} (client fault)
+ *  <p>The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the <code>GetWebIdentityToken</code> API call to reduce the token payload size.</p>
+ *
+ * @throws {@link OutboundWebIdentityFederationDisabledException} (client fault)
+ *  <p>The outbound web identity federation feature is not enabled for this account. To use
+ *             this feature, you must first enable it through the Amazon Web Services Management Console or API.</p>
+ *
+ * @throws {@link SessionDurationEscalationException} (client fault)
+ *  <p>The requested token duration would extend the session beyond its original expiration time.
+ *             You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ *
+ * @public
+ */
+export declare class GetWebIdentityTokenCommand extends GetWebIdentityTokenCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GetWebIdentityTokenRequest;
+            output: GetWebIdentityTokenResponse;
+        };
+        sdk: {
+            input: GetWebIdentityTokenCommandInput;
+            output: GetWebIdentityTokenCommandOutput;
+        };
+    };
+}

package/dist-types/commands/index.d.ts

@@ -8,3 +8,4 @@ export * from "./GetCallerIdentityCommand";
 export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";
+export * from "./GetWebIdentityTokenCommand";

package/dist-types/index.d.ts

@@ -12,6 +12,7 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export type { RuntimeExtension } from "./runtimeExtensions";
 export type { STSExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
-export * from "./models";
+export * from "./models/errors";
+export type * from "./models/models_0";
 export * from "./defaultRoleAssumers";
 export { STSServiceException } from "./models/STSServiceException";

package/dist-types/models/errors.d.ts

@@ -0,0 +1,172 @@
+import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
+import { STSServiceException as __BaseException } from "./STSServiceException";
+/**
+ * <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ * @public
+ */
+export declare class ExpiredTokenException extends __BaseException {
+    readonly name: "ExpiredTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>);
+}
+/**
+ * <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ * @public
+ */
+export declare class MalformedPolicyDocumentException extends __BaseException {
+    readonly name: "MalformedPolicyDocumentException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
+}
+/**
+ * <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ * @public
+ */
+export declare class PackedPolicyTooLargeException extends __BaseException {
+    readonly name: "PackedPolicyTooLargeException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>);
+}
+/**
+ * <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
+ * @public
+ */
+export declare class RegionDisabledException extends __BaseException {
+    readonly name: "RegionDisabledException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<RegionDisabledException, __BaseException>);
+}
+/**
+ * <p>The identity provider (IdP) reported that authentication failed. This might be because
+ *             the claim is invalid.</p>
+ *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
+ *             can also mean that the claim has expired or has been explicitly revoked. </p>
+ * @public
+ */
+export declare class IDPRejectedClaimException extends __BaseException {
+    readonly name: "IDPRejectedClaimException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>);
+}
+/**
+ * <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
+ *             identity token from the identity provider and then retry the request.</p>
+ * @public
+ */
+export declare class InvalidIdentityTokenException extends __BaseException {
+    readonly name: "InvalidIdentityTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>);
+}
+/**
+ * <p>The request could not be fulfilled because the identity provider (IDP) that was asked
+ *             to verify the incoming identity token could not be reached. This is often a transient
+ *             error caused by network conditions. Retry the request a limited number of times so that
+ *             you don't exceed the request rate. If the error persists, the identity provider might be
+ *             down or not responding.</p>
+ * @public
+ */
+export declare class IDPCommunicationErrorException extends __BaseException {
+    readonly name: "IDPCommunicationErrorException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>);
+}
+/**
+ * <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
+ *             was invalid. This can happen if the token contains invalid characters, such as line
+ *             breaks, or if the message has expired.</p>
+ * @public
+ */
+export declare class InvalidAuthorizationMessageException extends __BaseException {
+    readonly name: "InvalidAuthorizationMessageException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidAuthorizationMessageException, __BaseException>);
+}
+/**
+ * <p>The trade-in token provided in the request has expired and can no longer be exchanged
+ *             for credentials. Request a new token and retry the operation.</p>
+ * @public
+ */
+export declare class ExpiredTradeInTokenException extends __BaseException {
+    readonly name: "ExpiredTradeInTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
+}
+/**
+ * <p>The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the <code>GetWebIdentityToken</code> API call to reduce the token payload size.</p>
+ * @public
+ */
+export declare class JWTPayloadSizeExceededException extends __BaseException {
+    readonly name: "JWTPayloadSizeExceededException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<JWTPayloadSizeExceededException, __BaseException>);
+}
+/**
+ * <p>The outbound web identity federation feature is not enabled for this account. To use
+ *             this feature, you must first enable it through the Amazon Web Services Management Console or API.</p>
+ * @public
+ */
+export declare class OutboundWebIdentityFederationDisabledException extends __BaseException {
+    readonly name: "OutboundWebIdentityFederationDisabledException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<OutboundWebIdentityFederationDisabledException, __BaseException>);
+}
+/**
+ * <p>The requested token duration would extend the session beyond its original expiration time.
+ *             You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.</p>
+ * @public
+ */
+export declare class SessionDurationEscalationException extends __BaseException {
+    readonly name: "SessionDurationEscalationException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<SessionDurationEscalationException, __BaseException>);
+}