@aws-sdk/client-sts 3.934.0 → 3.936.0

package/dist-types/models/models_0.d.ts

@@ -1,5 +1,3 @@
-import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { STSServiceException as __BaseException } from "./STSServiceException";
 /**
  * <p>The identifiers for the temporary security credentials that the operation
  *          returns.</p>
@@ -378,68 +376,6 @@ export interface AssumeRoleResponse {
      */
     SourceIdentity?: string | undefined;
 }
-/**
- * <p>The web identity token that was passed is expired or is not valid. Get a new identity
- *             token from the identity provider and then retry the request.</p>
- * @public
- */
-export declare class ExpiredTokenException extends __BaseException {
-    readonly name: "ExpiredTokenException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the policy document was malformed. The error message
- *             describes the specific error.</p>
- * @public
- */
-export declare class MalformedPolicyDocumentException extends __BaseException {
-    readonly name: "MalformedPolicyDocumentException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the total packed size of the session policies and
- *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
- *             document, session policy ARNs, and session tags into a packed binary format that has a
- *             separate limit. The error message indicates by percentage how close the policies and
- *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
- *                 Guide</i>.</p>
- * @public
- */
-export declare class PackedPolicyTooLargeException extends __BaseException {
-    readonly name: "PackedPolicyTooLargeException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>);
-}
-/**
- * <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
- * @public
- */
-export declare class RegionDisabledException extends __BaseException {
-    readonly name: "RegionDisabledException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<RegionDisabledException, __BaseException>);
-}
 /**
  * @public
  */
@@ -642,34 +578,6 @@ export interface AssumeRoleWithSAMLResponse {
      */
     SourceIdentity?: string | undefined;
 }
-/**
- * <p>The identity provider (IdP) reported that authentication failed. This might be because
- *             the claim is invalid.</p>
- *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
- *             can also mean that the claim has expired or has been explicitly revoked. </p>
- * @public
- */
-export declare class IDPRejectedClaimException extends __BaseException {
-    readonly name: "IDPRejectedClaimException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>);
-}
-/**
- * <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
- *             identity token from the identity provider and then retry the request.</p>
- * @public
- */
-export declare class InvalidIdentityTokenException extends __BaseException {
-    readonly name: "InvalidIdentityTokenException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>);
-}
 /**
  * @public
  */
@@ -880,22 +788,6 @@ export interface AssumeRoleWithWebIdentityResponse {
      */
     SourceIdentity?: string | undefined;
 }
-/**
- * <p>The request could not be fulfilled because the identity provider (IDP) that was asked
- *             to verify the incoming identity token could not be reached. This is often a transient
- *             error caused by network conditions. Retry the request a limited number of times so that
- *             you don't exceed the request rate. If the error persists, the identity provider might be
- *             down or not responding.</p>
- * @public
- */
-export declare class IDPCommunicationErrorException extends __BaseException {
-    readonly name: "IDPCommunicationErrorException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>);
-}
 /**
  * @public
  */
@@ -1000,20 +892,6 @@ export interface DecodeAuthorizationMessageResponse {
      */
     DecodedMessage?: string | undefined;
 }
-/**
- * <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
- *             was invalid. This can happen if the token contains invalid characters, such as line
- *             breaks, or if the message has expired.</p>
- * @public
- */
-export declare class InvalidAuthorizationMessageException extends __BaseException {
-    readonly name: "InvalidAuthorizationMessageException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidAuthorizationMessageException, __BaseException>);
-}
 /**
  * @public
  */
@@ -1067,24 +945,13 @@ export interface GetCallerIdentityResponse {
      */
     Arn?: string | undefined;
 }
-/**
- * <p></p>
- * @public
- */
-export declare class ExpiredTradeInTokenException extends __BaseException {
-    readonly name: "ExpiredTradeInTokenException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
-}
 /**
  * @public
  */
 export interface GetDelegatedAccessTokenRequest {
     /**
-     * <p></p>
+     * <p>The token to exchange for temporary Amazon Web Services credentials. This token must be valid and
+     *          unexpired at the time of the request.</p>
      * @public
      */
     TradeInToken: string | undefined;
@@ -1099,12 +966,16 @@ export interface GetDelegatedAccessTokenResponse {
      */
     Credentials?: Credentials | undefined;
     /**
-     * <p></p>
+     * <p>The percentage of the maximum policy size that is used by the session policy. The policy
+     *          size is calculated as the sum of all the session policies and permission boundaries
+     *          attached to the session. If the packed size exceeds 100%, the request fails.</p>
      * @public
      */
     PackedPolicySize?: number | undefined;
     /**
-     * <p></p>
+     * <p>The Amazon Resource Name (ARN) of the principal that was assumed when obtaining the
+     *          delegated access token. This ARN identifies the IAM entity whose permissions are granted
+     *          by the temporary credentials.</p>
      * @public
      */
     AssumedPrincipal?: string | undefined;
@@ -1332,3 +1203,56 @@ export interface GetSessionTokenResponse {
      */
     Credentials?: Credentials | undefined;
 }
+/**
+ * @public
+ */
+export interface GetWebIdentityTokenRequest {
+    /**
+     * <p>The intended recipient of the web identity token. This value populates the
+     *             <code>aud</code> claim in the JWT and should identify the service or application that
+     *          will validate and use the token. The external service should verify this claim to ensure the token was intended for their use.</p>
+     * @public
+     */
+    Audience: string[] | undefined;
+    /**
+     * <p>The duration, in seconds, for which the JSON Web Token (JWT) will remain valid.
+     *          The value can range from 60 seconds (1 minute) to 3600 seconds (1 hour). If not specified,
+     *          the default duration is 300 seconds (5 minutes). The token is designed to be short-lived and
+     *          should be used for proof of identity, then exchanged for credentials or short-lived tokens in the external service.</p>
+     * @public
+     */
+    DurationSeconds?: number | undefined;
+    /**
+     * <p>The cryptographic algorithm to use for signing the JSON Web Token (JWT). Valid values are
+     *          RS256 (RSA with SHA-256) and ES384 (ECDSA using P-384 curve with SHA-384). </p>
+     * @public
+     */
+    SigningAlgorithm: string | undefined;
+    /**
+     * <p>An optional list of tags to include in the JSON Web Token (JWT). These tags are added as custom
+     *          claims to the JWT and can be used by the downstream service for authorization decisions. </p>
+     * @public
+     */
+    Tags?: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface GetWebIdentityTokenResponse {
+    /**
+     * <p>A signed JSON Web Token (JWT) that represents the caller's Amazon Web Services identity. The token contains
+     *          standard JWT claims such as subject, audience, expiration time, and additional identity attributes
+     *          added by STS as custom claims. You can also add your own custom claims to the token by passing tags
+     *          as request parameters to the <code>GetWebIdentityToken</code> API. The token is signed using the specified signing
+     *          algorithm and can be verified using the verification keys available at the issuer's JWKS endpoint.</p>
+     * @public
+     */
+    WebIdentityToken?: string | undefined;
+    /**
+     * <p>The date and time when the web identity token expires, in UTC. The expiration is
+     *          determined by adding the <code>DurationSeconds</code> value to the time the token was
+     *          issued. After this time, the token should no longer be considered valid.</p>
+     * @public
+     */
+    Expiration?: Date | undefined;
+}

package/dist-types/schemas/schemas_0.d.ts

@@ -3,6 +3,7 @@ export declare var accessKeySecretType: StaticSimpleSchema;
 export declare var clientTokenType: StaticSimpleSchema;
 export declare var SAMLAssertionType: StaticSimpleSchema;
 export declare var tradeInTokenType: StaticSimpleSchema;
+export declare var webIdentityTokenType: StaticSimpleSchema;
 export declare var AssumedRoleUser: StaticStructureSchema;
 export declare var AssumeRoleRequest: StaticStructureSchema;
 export declare var AssumeRoleResponse: StaticStructureSchema;
@@ -28,21 +29,27 @@ export declare var GetFederationTokenRequest: StaticStructureSchema;
 export declare var GetFederationTokenResponse: StaticStructureSchema;
 export declare var GetSessionTokenRequest: StaticStructureSchema;
 export declare var GetSessionTokenResponse: StaticStructureSchema;
+export declare var GetWebIdentityTokenRequest: StaticStructureSchema;
+export declare var GetWebIdentityTokenResponse: StaticStructureSchema;
 export declare var IDPCommunicationErrorException: StaticErrorSchema;
 export declare var IDPRejectedClaimException: StaticErrorSchema;
 export declare var InvalidAuthorizationMessageException: StaticErrorSchema;
 export declare var InvalidIdentityTokenException: StaticErrorSchema;
+export declare var JWTPayloadSizeExceededException: StaticErrorSchema;
 export declare var MalformedPolicyDocumentException: StaticErrorSchema;
+export declare var OutboundWebIdentityFederationDisabledException: StaticErrorSchema;
 export declare var PackedPolicyTooLargeException: StaticErrorSchema;
 export declare var PolicyDescriptorType: StaticStructureSchema;
 export declare var ProvidedContext: StaticStructureSchema;
 export declare var RegionDisabledException: StaticErrorSchema;
+export declare var SessionDurationEscalationException: StaticErrorSchema;
 export declare var Tag: StaticStructureSchema;
 export declare var STSServiceException: StaticErrorSchema;
 export declare var policyDescriptorListType: StaticListSchema;
 export declare var ProvidedContextsListType: StaticListSchema;
 export declare var tagKeyListType: number;
 export declare var tagListType: StaticListSchema;
+export declare var webIdentityTokenAudienceListType: number;
 export declare var AssumeRole: StaticOperationSchema;
 export declare var AssumeRoleWithSAML: StaticOperationSchema;
 export declare var AssumeRoleWithWebIdentity: StaticOperationSchema;
@@ -53,3 +60,4 @@ export declare var GetCallerIdentity: StaticOperationSchema;
 export declare var GetDelegatedAccessToken: StaticOperationSchema;
 export declare var GetFederationToken: StaticOperationSchema;
 export declare var GetSessionToken: StaticOperationSchema;
+export declare var GetWebIdentityToken: StaticOperationSchema;

package/dist-types/ts3.4/STS.d.ts

@@ -39,6 +39,10 @@ import {
   GetSessionTokenCommandInput,
   GetSessionTokenCommandOutput,
 } from "./commands/GetSessionTokenCommand";
+import {
+  GetWebIdentityTokenCommandInput,
+  GetWebIdentityTokenCommandOutput,
+} from "./commands/GetWebIdentityTokenCommand";
 import { STSClient } from "./STSClient";
 export interface STS {
   assumeRole(
@@ -173,5 +177,18 @@ export interface STS {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: GetSessionTokenCommandOutput) => void
   ): void;
+  getWebIdentityToken(
+    args: GetWebIdentityTokenCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetWebIdentityTokenCommandOutput>;
+  getWebIdentityToken(
+    args: GetWebIdentityTokenCommandInput,
+    cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void
+  ): void;
+  getWebIdentityToken(
+    args: GetWebIdentityTokenCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void
+  ): void;
 }
 export declare class STS extends STSClient implements STS {}

package/dist-types/ts3.4/STSClient.d.ts

@@ -88,6 +88,10 @@ import {
   GetSessionTokenCommandInput,
   GetSessionTokenCommandOutput,
 } from "./commands/GetSessionTokenCommand";
+import {
+  GetWebIdentityTokenCommandInput,
+  GetWebIdentityTokenCommandOutput,
+} from "./commands/GetWebIdentityTokenCommand";
 import {
   ClientInputEndpointParameters,
   ClientResolvedEndpointParameters,
@@ -105,7 +109,8 @@ export type ServiceInputTypes =
   | GetCallerIdentityCommandInput
   | GetDelegatedAccessTokenCommandInput
   | GetFederationTokenCommandInput
-  | GetSessionTokenCommandInput;
+  | GetSessionTokenCommandInput
+  | GetWebIdentityTokenCommandInput;
 export type ServiceOutputTypes =
   | AssumeRoleCommandOutput
   | AssumeRoleWithSAMLCommandOutput
@@ -116,7 +121,8 @@ export type ServiceOutputTypes =
   | GetCallerIdentityCommandOutput
   | GetDelegatedAccessTokenCommandOutput
   | GetFederationTokenCommandOutput
-  | GetSessionTokenCommandOutput;
+  | GetSessionTokenCommandOutput
+  | GetWebIdentityTokenCommandOutput;
 export interface ClientDefaults
   extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
   requestHandler?: __HttpHandlerUserInput;

package/dist-types/ts3.4/commands/GetWebIdentityTokenCommand.d.ts

@@ -0,0 +1,51 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import {
+  GetWebIdentityTokenRequest,
+  GetWebIdentityTokenResponse,
+} from "../models/models_0";
+import {
+  ServiceInputTypes,
+  ServiceOutputTypes,
+  STSClientResolvedConfig,
+} from "../STSClient";
+export { __MetadataBearer };
+export { $Command };
+export interface GetWebIdentityTokenCommandInput
+  extends GetWebIdentityTokenRequest {}
+export interface GetWebIdentityTokenCommandOutput
+  extends GetWebIdentityTokenResponse,
+    __MetadataBearer {}
+declare const GetWebIdentityTokenCommand_base: {
+  new (
+    input: GetWebIdentityTokenCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetWebIdentityTokenCommandInput,
+    GetWebIdentityTokenCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    input: GetWebIdentityTokenCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetWebIdentityTokenCommandInput,
+    GetWebIdentityTokenCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class GetWebIdentityTokenCommand extends GetWebIdentityTokenCommand_base {
+  protected static __types: {
+    api: {
+      input: GetWebIdentityTokenRequest;
+      output: GetWebIdentityTokenResponse;
+    };
+    sdk: {
+      input: GetWebIdentityTokenCommandInput;
+      output: GetWebIdentityTokenCommandOutput;
+    };
+  };
+}

package/dist-types/ts3.4/commands/index.d.ts

@@ -8,3 +8,4 @@ export * from "./GetCallerIdentityCommand";
 export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";
+export * from "./GetWebIdentityTokenCommand";

package/dist-types/ts3.4/index.d.ts

@@ -4,6 +4,7 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export { RuntimeExtension } from "./runtimeExtensions";
 export { STSExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
-export * from "./models";
+export * from "./models/errors";
+export * from "./models/models_0";
 export * from "./defaultRoleAssumers";
 export { STSServiceException } from "./models/STSServiceException";

package/dist-types/ts3.4/models/errors.d.ts

@@ -0,0 +1,101 @@
+import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
+import { STSServiceException as __BaseException } from "./STSServiceException";
+export declare class ExpiredTokenException extends __BaseException {
+  readonly name: "ExpiredTokenException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>
+  );
+}
+export declare class MalformedPolicyDocumentException extends __BaseException {
+  readonly name: "MalformedPolicyDocumentException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<
+      MalformedPolicyDocumentException,
+      __BaseException
+    >
+  );
+}
+export declare class PackedPolicyTooLargeException extends __BaseException {
+  readonly name: "PackedPolicyTooLargeException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>
+  );
+}
+export declare class RegionDisabledException extends __BaseException {
+  readonly name: "RegionDisabledException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<RegionDisabledException, __BaseException>
+  );
+}
+export declare class IDPRejectedClaimException extends __BaseException {
+  readonly name: "IDPRejectedClaimException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>
+  );
+}
+export declare class InvalidIdentityTokenException extends __BaseException {
+  readonly name: "InvalidIdentityTokenException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>
+  );
+}
+export declare class IDPCommunicationErrorException extends __BaseException {
+  readonly name: "IDPCommunicationErrorException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>
+  );
+}
+export declare class InvalidAuthorizationMessageException extends __BaseException {
+  readonly name: "InvalidAuthorizationMessageException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<
+      InvalidAuthorizationMessageException,
+      __BaseException
+    >
+  );
+}
+export declare class ExpiredTradeInTokenException extends __BaseException {
+  readonly name: "ExpiredTradeInTokenException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>
+  );
+}
+export declare class JWTPayloadSizeExceededException extends __BaseException {
+  readonly name: "JWTPayloadSizeExceededException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<
+      JWTPayloadSizeExceededException,
+      __BaseException
+    >
+  );
+}
+export declare class OutboundWebIdentityFederationDisabledException extends __BaseException {
+  readonly name: "OutboundWebIdentityFederationDisabledException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<
+      OutboundWebIdentityFederationDisabledException,
+      __BaseException
+    >
+  );
+}
+export declare class SessionDurationEscalationException extends __BaseException {
+  readonly name: "SessionDurationEscalationException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<
+      SessionDurationEscalationException,
+      __BaseException
+    >
+  );
+}

package/dist-types/ts3.4/models/models_0.d.ts

@@ -1,5 +1,3 @@
-import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { STSServiceException as __BaseException } from "./STSServiceException";
 export interface AssumedRoleUser {
   AssumedRoleId: string | undefined;
   Arn: string | undefined;
@@ -41,37 +39,6 @@ export interface AssumeRoleResponse {
   PackedPolicySize?: number | undefined;
   SourceIdentity?: string | undefined;
 }
-export declare class ExpiredTokenException extends __BaseException {
-  readonly name: "ExpiredTokenException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>
-  );
-}
-export declare class MalformedPolicyDocumentException extends __BaseException {
-  readonly name: "MalformedPolicyDocumentException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<
-      MalformedPolicyDocumentException,
-      __BaseException
-    >
-  );
-}
-export declare class PackedPolicyTooLargeException extends __BaseException {
-  readonly name: "PackedPolicyTooLargeException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>
-  );
-}
-export declare class RegionDisabledException extends __BaseException {
-  readonly name: "RegionDisabledException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<RegionDisabledException, __BaseException>
-  );
-}
 export interface AssumeRoleWithSAMLRequest {
   RoleArn: string | undefined;
   PrincipalArn: string | undefined;
@@ -91,20 +58,6 @@ export interface AssumeRoleWithSAMLResponse {
   NameQualifier?: string | undefined;
   SourceIdentity?: string | undefined;
 }
-export declare class IDPRejectedClaimException extends __BaseException {
-  readonly name: "IDPRejectedClaimException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>
-  );
-}
-export declare class InvalidIdentityTokenException extends __BaseException {
-  readonly name: "InvalidIdentityTokenException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>
-  );
-}
 export interface AssumeRoleWithWebIdentityRequest {
   RoleArn: string | undefined;
   RoleSessionName: string | undefined;
@@ -123,13 +76,6 @@ export interface AssumeRoleWithWebIdentityResponse {
   Audience?: string | undefined;
   SourceIdentity?: string | undefined;
 }
-export declare class IDPCommunicationErrorException extends __BaseException {
-  readonly name: "IDPCommunicationErrorException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>
-  );
-}
 export interface AssumeRootRequest {
   TargetPrincipal: string | undefined;
   TaskPolicyArn: PolicyDescriptorType | undefined;
@@ -145,16 +91,6 @@ export interface DecodeAuthorizationMessageRequest {
 export interface DecodeAuthorizationMessageResponse {
   DecodedMessage?: string | undefined;
 }
-export declare class InvalidAuthorizationMessageException extends __BaseException {
-  readonly name: "InvalidAuthorizationMessageException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<
-      InvalidAuthorizationMessageException,
-      __BaseException
-    >
-  );
-}
 export interface GetAccessKeyInfoRequest {
   AccessKeyId: string | undefined;
 }
@@ -167,13 +103,6 @@ export interface GetCallerIdentityResponse {
   Account?: string | undefined;
   Arn?: string | undefined;
 }
-export declare class ExpiredTradeInTokenException extends __BaseException {
-  readonly name: "ExpiredTradeInTokenException";
-  readonly $fault: "client";
-  constructor(
-    opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>
-  );
-}
 export interface GetDelegatedAccessTokenRequest {
   TradeInToken: string | undefined;
 }
@@ -206,3 +135,13 @@ export interface GetSessionTokenRequest {
 export interface GetSessionTokenResponse {
   Credentials?: Credentials | undefined;
 }
+export interface GetWebIdentityTokenRequest {
+  Audience: string[] | undefined;
+  DurationSeconds?: number | undefined;
+  SigningAlgorithm: string | undefined;
+  Tags?: Tag[] | undefined;
+}
+export interface GetWebIdentityTokenResponse {
+  WebIdentityToken?: string | undefined;
+  Expiration?: Date | undefined;
+}