npm - @aws-sdk/client-verifiedpermissions - Versions diffs - 3.592.0 → 3.596.0 - Mend

@aws-sdk/client-verifiedpermissions 3.592.0 → 3.596.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist-cjs/index.js +239 -6
package/dist-es/models/models_0.js +191 -3
package/dist-types/commands/CreateIdentitySourceCommand.d.ts +47 -20
package/dist-types/commands/GetIdentitySourceCommand.d.ts +20 -0
package/dist-types/commands/IsAuthorizedWithTokenCommand.d.ts +2 -1
package/dist-types/commands/ListIdentitySourcesCommand.d.ts +20 -0
package/dist-types/commands/UpdateIdentitySourceCommand.d.ts +23 -1
package/dist-types/models/models_0.d.ts +779 -25
package/dist-types/ts3.4/models/models_0.d.ts +294 -0
package/package.json +4 -4

package/dist-types/commands/CreateIdentitySourceCommand.d.ts CHANGED Viewed

@@ -27,31 +27,36 @@ declare const CreateIdentitySourceCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates a reference to an Amazon Cognito user pool as an external identity provider (IdP).
+ * <p>Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect
+ *             (OIDC) identity provider (IdP).
  *             </p>
  *          <p>After you create an identity source, you can use the identities provided by the IdP as proxies
- *             for the principal in authorization queries that use the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html">IsAuthorizedWithToken</a>
- *             operation. These identities take the form of tokens that contain claims about the user,
- *             such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and
- *             access tokens, and Verified Permissions can use either or both. Any combination of identity and access
- *             tokens results in the same Cedar principal. Verified Permissions automatically translates the
- *             information about the identities into the standard Cedar attributes that can be
- *             evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain
- *             different information, the tokens you choose to use determine which principal attributes
- *             are available to access when evaluating Cedar policies.</p>
+ *             for the principal in authorization queries that use the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html">IsAuthorizedWithToken</a> or
+ *                 <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorizedWithToken.html">BatchIsAuthorizedWithToken</a> API operations. These identities take the form
+ *             of tokens that contain claims about the user, such as IDs, attributes and group
+ *             memberships. Identity sources provide identity (ID) tokens and access tokens. Verified Permissions
+ *             derives information about your user and session from token claims. Access tokens provide
+ *             action <code>context</code> to your policies, and ID tokens provide principal
+ *             <code>Attributes</code>.</p>
  *          <important>
- *             <p>If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.</p>
+ *             <p>Tokens from an identity source user continue to be usable until they expire.
+ *     Token revocation and resource deletion have no effect on the validity of a token in your policy store</p>
  *          </important>
  *          <note>
- *             <p>To reference a user from this identity source in your Cedar policies, use the following
- *                 syntax.</p>
- *             <p>
- *                <i>IdentityType::"&lt;CognitoUserPoolIdentifier&gt;|&lt;CognitoClientId&gt;</i>
- *             </p>
- *             <p>Where <code>IdentityType</code> is the string that you provide to the
- *                     <code>PrincipalEntityType</code> parameter for this operation. The
- *                     <code>CognitoUserPoolId</code> and <code>CognitoClientId</code> are defined by
- *                 the Amazon Cognito user pool.</p>
+ *             <p>To reference a user from this identity source in your Cedar policies, refer to the
+ *                 following syntax examples.</p>
+ *             <ul>
+ *                <li>
+ *                   <p>Amazon Cognito user pool: <code>Namespace::[Entity type]::[User pool ID]|[user
+ *                             principal attribute]</code>, for example
+ *                             <code>MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111</code>.</p>
+ *                </li>
+ *                <li>
+ *                   <p>OpenID Connect (OIDC) provider: <code>Namespace::[Entity
+ *                             type]::[principalIdClaim]|[user principal attribute]</code>, for example
+ *                             <code>MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222</code>.</p>
+ *                </li>
+ *             </ul>
  *          </note>
  *          <note>
  *             <p>Verified Permissions is <i>
@@ -78,6 +83,28 @@ declare const CreateIdentitySourceCommand_base: {
  *         groupEntityType: "STRING_VALUE", // required
  *       },
  *     },
+ *     openIdConnectConfiguration: { // OpenIdConnectConfiguration
+ *       issuer: "STRING_VALUE", // required
+ *       entityIdPrefix: "STRING_VALUE",
+ *       groupConfiguration: { // OpenIdConnectGroupConfiguration
+ *         groupClaim: "STRING_VALUE", // required
+ *         groupEntityType: "STRING_VALUE", // required
+ *       },
+ *       tokenSelection: { // OpenIdConnectTokenSelection Union: only one key present
+ *         accessTokenOnly: { // OpenIdConnectAccessTokenConfiguration
+ *           principalIdClaim: "STRING_VALUE",
+ *           audiences: [ // Audiences
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *         identityTokenOnly: { // OpenIdConnectIdentityTokenConfiguration
+ *           principalIdClaim: "STRING_VALUE",
+ *           clientIds: [
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *       },
+ *     },
  *   },
  *   principalEntityType: "STRING_VALUE",
  * };

package/dist-types/commands/GetIdentitySourceCommand.d.ts CHANGED Viewed

@@ -65,6 +65,26 @@ declare const GetIdentitySourceCommand_base: {
  * //         groupEntityType: "STRING_VALUE",
  * //       },
  * //     },
+ * //     openIdConnectConfiguration: { // OpenIdConnectConfigurationDetail
+ * //       issuer: "STRING_VALUE", // required
+ * //       entityIdPrefix: "STRING_VALUE",
+ * //       groupConfiguration: { // OpenIdConnectGroupConfigurationDetail
+ * //         groupClaim: "STRING_VALUE", // required
+ * //         groupEntityType: "STRING_VALUE", // required
+ * //       },
+ * //       tokenSelection: { // OpenIdConnectTokenSelectionDetail Union: only one key present
+ * //         accessTokenOnly: { // OpenIdConnectAccessTokenConfigurationDetail
+ * //           principalIdClaim: "STRING_VALUE",
+ * //           audiences: [ // Audiences
+ * //             "STRING_VALUE",
+ * //           ],
+ * //         },
+ * //         identityTokenOnly: { // OpenIdConnectIdentityTokenConfigurationDetail
+ * //           principalIdClaim: "STRING_VALUE",
+ * //           clientIds: "<ClientIds>",
+ * //         },
+ * //       },
+ * //     },
  * //   },
  * // };
  *

package/dist-types/commands/IsAuthorizedWithTokenCommand.d.ts CHANGED Viewed

@@ -39,7 +39,8 @@ declare const IsAuthorizedWithTokenCommand_base: {
  *          <p>Verified Permissions validates each token that is specified in a request by checking its expiration
  *             date and its signature.</p>
  *          <important>
- *             <p>If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.</p>
+ *             <p>Tokens from an identity source user continue to be usable until they expire.
+ *     Token revocation and resource deletion have no effect on the validity of a token in your policy store</p>
  *          </important>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/ListIdentitySourcesCommand.d.ts CHANGED Viewed

@@ -74,6 +74,26 @@ declare const ListIdentitySourcesCommand_base: {
  * //             groupEntityType: "STRING_VALUE",
  * //           },
  * //         },
+ * //         openIdConnectConfiguration: { // OpenIdConnectConfigurationItem
+ * //           issuer: "STRING_VALUE", // required
+ * //           entityIdPrefix: "STRING_VALUE",
+ * //           groupConfiguration: { // OpenIdConnectGroupConfigurationItem
+ * //             groupClaim: "STRING_VALUE", // required
+ * //             groupEntityType: "STRING_VALUE", // required
+ * //           },
+ * //           tokenSelection: { // OpenIdConnectTokenSelectionItem Union: only one key present
+ * //             accessTokenOnly: { // OpenIdConnectAccessTokenConfigurationItem
+ * //               principalIdClaim: "STRING_VALUE",
+ * //               audiences: [ // Audiences
+ * //                 "STRING_VALUE",
+ * //               ],
+ * //             },
+ * //             identityTokenOnly: { // OpenIdConnectIdentityTokenConfigurationItem
+ * //               principalIdClaim: "STRING_VALUE",
+ * //               clientIds: "<ClientIds>",
+ * //             },
+ * //           },
+ * //         },
  * //       },
  * //     },
  * //   ],

package/dist-types/commands/UpdateIdentitySourceCommand.d.ts CHANGED Viewed

@@ -27,7 +27,7 @@ declare const UpdateIdentitySourceCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Updates the specified identity source to use a new identity provider (IdP) source, or to change
+ * <p>Updates the specified identity source to use a new identity provider (IdP), or to change
  *             the mapping of identities from the IdP to a different principal entity type.</p>
  *          <note>
  *             <p>Verified Permissions is <i>
@@ -54,6 +54,28 @@ declare const UpdateIdentitySourceCommand_base: {
  *         groupEntityType: "STRING_VALUE", // required
  *       },
  *     },
+ *     openIdConnectConfiguration: { // UpdateOpenIdConnectConfiguration
+ *       issuer: "STRING_VALUE", // required
+ *       entityIdPrefix: "STRING_VALUE",
+ *       groupConfiguration: { // UpdateOpenIdConnectGroupConfiguration
+ *         groupClaim: "STRING_VALUE", // required
+ *         groupEntityType: "STRING_VALUE", // required
+ *       },
+ *       tokenSelection: { // UpdateOpenIdConnectTokenSelection Union: only one key present
+ *         accessTokenOnly: { // UpdateOpenIdConnectAccessTokenConfiguration
+ *           principalIdClaim: "STRING_VALUE",
+ *           audiences: [ // Audiences
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *         identityTokenOnly: { // UpdateOpenIdConnectIdentityTokenConfiguration
+ *           principalIdClaim: "STRING_VALUE",
+ *           clientIds: [
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *       },
+ *     },
  *   },
  *   principalEntityType: "STRING_VALUE",
  * };