@aws-sdk/client-verifiedpermissions 3.734.0 → 3.739.0

package/dist-cjs/index.js

@@ -739,6 +739,8 @@ var ContextDefinition;
   ContextDefinition2.visit = /* @__PURE__ */ __name((value, visitor) => {
     if (value.contextMap !== void 0)
       return visitor.contextMap(value.contextMap);
+    if (value.cedarJson !== void 0)
+      return visitor.cedarJson(value.cedarJson);
     return visitor._(value.$unknown[0], value.$unknown[1]);
   }, "visit");
 })(ContextDefinition || (ContextDefinition = {}));
@@ -747,6 +749,8 @@ var EntitiesDefinition;
   EntitiesDefinition2.visit = /* @__PURE__ */ __name((value, visitor) => {
     if (value.entityList !== void 0)
       return visitor.entityList(value.entityList);
+    if (value.cedarJson !== void 0)
+      return visitor.cedarJson(value.cedarJson);
     return visitor._(value.$unknown[0], value.$unknown[1]);
   }, "visit");
 })(EntitiesDefinition || (EntitiesDefinition = {}));
@@ -1261,6 +1265,8 @@ var AttributeValueFilterSensitiveLog = /* @__PURE__ */ __name((obj) => {
 var ContextDefinitionFilterSensitiveLog = /* @__PURE__ */ __name((obj) => {
   if (obj.contextMap !== void 0)
     return { contextMap: import_smithy_client.SENSITIVE_STRING };
+  if (obj.cedarJson !== void 0)
+    return { cedarJson: import_smithy_client.SENSITIVE_STRING };
   if (obj.$unknown !== void 0)
     return { [obj.$unknown[0]]: "UNKNOWN" };
 }, "ContextDefinitionFilterSensitiveLog");
@@ -1301,6 +1307,8 @@ var BatchIsAuthorizedWithTokenOutputItemFilterSensitiveLog = /* @__PURE__ */ __n
 var EntitiesDefinitionFilterSensitiveLog = /* @__PURE__ */ __name((obj) => {
   if (obj.entityList !== void 0)
     return { entityList: obj.entityList.map((item) => EntityItemFilterSensitiveLog(item)) };
+  if (obj.cedarJson !== void 0)
+    return { cedarJson: import_smithy_client.SENSITIVE_STRING };
   if (obj.$unknown !== void 0)
     return { [obj.$unknown[0]]: "UNKNOWN" };
 }, "EntitiesDefinitionFilterSensitiveLog");
@@ -2021,6 +2029,7 @@ var se_BatchIsAuthorizedWithTokenInputList = /* @__PURE__ */ __name((input, cont
 }, "se_BatchIsAuthorizedWithTokenInputList");
 var se_ContextDefinition = /* @__PURE__ */ __name((input, context) => {
   return ContextDefinition.visit(input, {
+    cedarJson: (value) => ({ cedarJson: value }),
     contextMap: (value) => ({ contextMap: se_ContextMap(value, context) }),
     _: (name, value) => ({ name: value })
   });
@@ -2066,6 +2075,7 @@ var se_CreatePolicyTemplateInput = /* @__PURE__ */ __name((input, context) => {
 }, "se_CreatePolicyTemplateInput");
 var se_EntitiesDefinition = /* @__PURE__ */ __name((input, context) => {
   return EntitiesDefinition.visit(input, {
+    cedarJson: (value) => ({ cedarJson: value }),
     entityList: (value) => ({ entityList: se_EntityList(value, context) }),
     _: (name, value) => ({ name: value })
   });
@@ -2236,6 +2246,9 @@ var de_BatchIsAuthorizedWithTokenOutputList = /* @__PURE__ */ __name((output, co
   return retVal;
 }, "de_BatchIsAuthorizedWithTokenOutputList");
 var de_ContextDefinition = /* @__PURE__ */ __name((output, context) => {
+  if ((0, import_smithy_client.expectString)(output.cedarJson) !== void 0) {
+    return { cedarJson: (0, import_smithy_client.expectString)(output.cedarJson) };
+  }
   if (output.contextMap != null) {
     return {
       contextMap: de_ContextMap(output.contextMap, context)

package/dist-es/models/models_0.js

@@ -301,6 +301,8 @@ export var ContextDefinition;
     ContextDefinition.visit = (value, visitor) => {
         if (value.contextMap !== undefined)
             return visitor.contextMap(value.contextMap);
+        if (value.cedarJson !== undefined)
+            return visitor.cedarJson(value.cedarJson);
         return visitor._(value.$unknown[0], value.$unknown[1]);
     };
 })(ContextDefinition || (ContextDefinition = {}));
@@ -309,6 +311,8 @@ export var EntitiesDefinition;
     EntitiesDefinition.visit = (value, visitor) => {
         if (value.entityList !== undefined)
             return visitor.entityList(value.entityList);
+        if (value.cedarJson !== undefined)
+            return visitor.cedarJson(value.cedarJson);
         return visitor._(value.$unknown[0], value.$unknown[1]);
     };
 })(EntitiesDefinition || (EntitiesDefinition = {}));
@@ -814,6 +818,8 @@ export const AttributeValueFilterSensitiveLog = (obj) => {
 export const ContextDefinitionFilterSensitiveLog = (obj) => {
     if (obj.contextMap !== undefined)
         return { contextMap: SENSITIVE_STRING };
+    if (obj.cedarJson !== undefined)
+        return { cedarJson: SENSITIVE_STRING };
     if (obj.$unknown !== undefined)
         return { [obj.$unknown[0]]: "UNKNOWN" };
 };
@@ -851,6 +857,8 @@ export const BatchIsAuthorizedWithTokenOutputItemFilterSensitiveLog = (obj) => (
 export const EntitiesDefinitionFilterSensitiveLog = (obj) => {
     if (obj.entityList !== undefined)
         return { entityList: obj.entityList.map((item) => EntityItemFilterSensitiveLog(item)) };
+    if (obj.cedarJson !== undefined)
+        return { cedarJson: SENSITIVE_STRING };
     if (obj.$unknown !== undefined)
         return { [obj.$unknown[0]]: "UNKNOWN" };
 };

package/dist-es/protocols/Aws_json1_0.js

@@ -677,6 +677,7 @@ const se_BatchIsAuthorizedWithTokenInputList = (input, context) => {
 };
 const se_ContextDefinition = (input, context) => {
     return ContextDefinition.visit(input, {
+        cedarJson: (value) => ({ cedarJson: value }),
         contextMap: (value) => ({ contextMap: se_ContextMap(value, context) }),
         _: (name, value) => ({ name: value }),
     });
@@ -722,6 +723,7 @@ const se_CreatePolicyTemplateInput = (input, context) => {
 };
 const se_EntitiesDefinition = (input, context) => {
     return EntitiesDefinition.visit(input, {
+        cedarJson: (value) => ({ cedarJson: value }),
         entityList: (value) => ({ entityList: se_EntityList(value, context) }),
         _: (name, value) => ({ name: value }),
     });
@@ -902,6 +904,9 @@ const de_BatchIsAuthorizedWithTokenOutputList = (output, context) => {
     return retVal;
 };
 const de_ContextDefinition = (output, context) => {
+    if (__expectString(output.cedarJson) !== undefined) {
+        return { cedarJson: __expectString(output.cedarJson) };
+    }
     if (output.contextMap != null) {
         return {
             contextMap: de_ContextMap(output.contextMap, context),

package/dist-types/commands/BatchIsAuthorizedCommand.d.ts

@@ -100,6 +100,7 @@ declare const BatchIsAuthorizedCommand_base: {
  *         ],
  *       },
  *     ],
+ *     cedarJson: "STRING_VALUE",
  *   },
  *   requests: [ // BatchIsAuthorizedInputList // required
  *     { // BatchIsAuthorizedInputItem
@@ -113,6 +114,7 @@ declare const BatchIsAuthorizedCommand_base: {
  *         contextMap: { // ContextMap
  *           "<keys>": "<AttributeValue>",
  *         },
+ *         cedarJson: "STRING_VALUE",
  *       },
  *     },
  *   ],
@@ -168,6 +170,7 @@ declare const BatchIsAuthorizedCommand_base: {
  * //               decimal: "STRING_VALUE",
  * //             },
  * //           },
+ * //           cedarJson: "STRING_VALUE",
  * //         },
  * //       },
  * //       decision: "ALLOW" || "DENY", // required

package/dist-types/commands/BatchIsAuthorizedWithTokenCommand.d.ts

@@ -100,6 +100,7 @@ declare const BatchIsAuthorizedWithTokenCommand_base: {
  *         ],
  *       },
  *     ],
+ *     cedarJson: "STRING_VALUE",
  *   },
  *   requests: [ // BatchIsAuthorizedWithTokenInputList // required
  *     { // BatchIsAuthorizedWithTokenInputItem
@@ -112,6 +113,7 @@ declare const BatchIsAuthorizedWithTokenCommand_base: {
  *         contextMap: { // ContextMap
  *           "<keys>": "<AttributeValue>",
  *         },
+ *         cedarJson: "STRING_VALUE",
  *       },
  *     },
  *   ],
@@ -164,6 +166,7 @@ declare const BatchIsAuthorizedWithTokenCommand_base: {
  * //               decimal: "STRING_VALUE",
  * //             },
  * //           },
+ * //           cedarJson: "STRING_VALUE",
  * //         },
  * //       },
  * //       decision: "ALLOW" || "DENY", // required

package/dist-types/commands/IsAuthorizedCommand.d.ts

@@ -86,6 +86,7 @@ declare const IsAuthorizedCommand_base: {
  *         decimal: "STRING_VALUE",
  *       },
  *     },
+ *     cedarJson: "STRING_VALUE",
  *   },
  *   entities: { // EntitiesDefinition Union: only one key present
  *     entityList: [ // EntityList
@@ -99,6 +100,7 @@ declare const IsAuthorizedCommand_base: {
  *         ],
  *       },
  *     ],
+ *     cedarJson: "STRING_VALUE",
  *   },
  * };
  * const command = new IsAuthorizedCommand(input);

package/dist-types/commands/IsAuthorizedWithTokenCommand.d.ts

@@ -92,6 +92,7 @@ declare const IsAuthorizedWithTokenCommand_base: {
  *         decimal: "STRING_VALUE",
  *       },
  *     },
+ *     cedarJson: "STRING_VALUE",
  *   },
  *   entities: { // EntitiesDefinition Union: only one key present
  *     entityList: [ // EntityList
@@ -105,6 +106,7 @@ declare const IsAuthorizedWithTokenCommand_base: {
  *         ],
  *       },
  *     ],
+ *     cedarJson: "STRING_VALUE",
  *   },
  * };
  * const command = new IsAuthorizedWithTokenCommand(input);

package/dist-types/models/models_0.d.ts

@@ -62,12 +62,14 @@ export interface EntityIdentifier {
     entityId: string | undefined;
 }
 /**
- * <p>Information about a policy that you include in a <code>BatchGetPolicy</code> API request.</p>
+ * <p>Information about a policy that you include in a <code>BatchGetPolicy</code> API
+ *             request.</p>
  * @public
  */
 export interface BatchGetPolicyInputItem {
     /**
-     * <p>The identifier of the policy store where the policy you want information about is stored.</p>
+     * <p>The identifier of the policy store where the policy you want information about is
+     *             stored.</p>
      * @public
      */
     policyStoreId: string | undefined;
@@ -100,7 +102,8 @@ export declare const BatchGetPolicyErrorCode: {
  */
 export type BatchGetPolicyErrorCode = (typeof BatchGetPolicyErrorCode)[keyof typeof BatchGetPolicyErrorCode];
 /**
- * <p>Contains the information about an error resulting from a <code>BatchGetPolicy</code> API call.</p>
+ * <p>Contains the information about an error resulting from a <code>BatchGetPolicy</code>
+ *             API call.</p>
  * @public
  */
 export interface BatchGetPolicyErrorItem {
@@ -145,7 +148,8 @@ export interface StaticPolicyDefinitionDetail {
     statement: string | undefined;
 }
 /**
- * <p>Contains information about a policy that was created by instantiating a policy template. </p>
+ * <p>Contains information about a policy that was created by instantiating a policy
+ *             template. </p>
  * @public
  */
 export interface TemplateLinkedPolicyDefinitionDetail {
@@ -226,12 +230,14 @@ export declare const PolicyType: {
  */
 export type PolicyType = (typeof PolicyType)[keyof typeof PolicyType];
 /**
- * <p>Contains information about a policy returned from a <code>BatchGetPolicy</code> API request.</p>
+ * <p>Contains information about a policy returned from a <code>BatchGetPolicy</code> API
+ *             request.</p>
  * @public
  */
 export interface BatchGetPolicyOutputItem {
     /**
-     * <p>The identifier of the policy store where the policy you want information about is stored.</p>
+     * <p>The identifier of the policy store where the policy you want information about is
+     *             stored.</p>
      * @public
      */
     policyStoreId: string | undefined;
@@ -537,7 +543,7 @@ export interface CognitoGroupConfiguration {
  * <p>The type of entity that a policy store maps to groups from an Amazon Cognito user
  *             pool identity source.</p>
  *          <p>This data type is part of an <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationItem.html">CognitoUserPoolConfigurationDetail</a> structure and is a response parameter to
- *             <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
+ *                 <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
  * @public
  */
 export interface CognitoGroupConfigurationDetail {
@@ -552,7 +558,7 @@ export interface CognitoGroupConfigurationDetail {
  * <p>The type of entity that a policy store maps to groups from an Amazon Cognito user
  *             pool identity source.</p>
  *          <p>This data type is part of an <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationDetail.html">CognitoUserPoolConfigurationItem</a> structure and is a response parameter to
- *             <a href="http://forums.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
+ *                 <a href="http://forums.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
  * @public
  */
 export interface CognitoGroupConfigurationItem {
@@ -569,7 +575,8 @@ export interface CognitoGroupConfigurationItem {
  *          <p>This data type part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html">Configuration</a> structure that is
  *             used as a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html">CreateIdentitySource</a>.</p>
  *          <p>Example:<code>"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
- *             ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType": "MyCorp::Group"\}\}</code>
+ *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType":
+ *                 "MyCorp::Group"\}\}</code>
  *          </p>
  * @public
  */
@@ -601,10 +608,11 @@ export interface CognitoUserPoolConfiguration {
 /**
  * <p>The configuration for an identity source that represents a connection to an Amazon Cognito user pool used
  *             as an identity provider for Verified Permissions.</p>
- *          <p>This data type is used as a field that is part of an <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationDetail</a> structure that is
- *             part of the response to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
+ *          <p>This data type is used as a field that is part of an <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationDetail</a>
+ *             structure that is part of the response to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
  *          <p>Example:<code>"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
- *             ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType": "MyCorp::Group"\}\}</code>
+ *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType":
+ *                 "MyCorp::Group"\}\}</code>
  *          </p>
  * @public
  */
@@ -613,7 +621,7 @@ export interface CognitoUserPoolConfigurationDetail {
      * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the Amazon Cognito user pool that contains the identities to be
      *             authorized.</p>
      *          <p>Example: <code>"userPoolArn":
-     *             "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"</code>
+     *                 "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"</code>
      *          </p>
      * @public
      */
@@ -627,10 +635,10 @@ export interface CognitoUserPoolConfigurationDetail {
      */
     clientIds: string[] | undefined;
     /**
-     * <p>The OpenID Connect (OIDC) <code>issuer</code> ID of the Amazon Cognito user pool that contains the identities to be
-     *             authorized.</p>
+     * <p>The OpenID Connect (OIDC) <code>issuer</code> ID of the Amazon Cognito user pool that contains
+     *             the identities to be authorized.</p>
      *          <p>Example: <code>"issuer":
-     *             "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"</code>
+     *                 "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"</code>
      *          </p>
      * @public
      */
@@ -645,10 +653,11 @@ export interface CognitoUserPoolConfigurationDetail {
 /**
  * <p>The configuration for an identity source that represents a connection to an Amazon Cognito user pool used
  *             as an identity provider for Verified Permissions.</p>
- *          <p>This data type is used as a field that is part of the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html">ConfigurationItem</a> structure that is
- *             part of the response to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
+ *          <p>This data type is used as a field that is part of the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html">ConfigurationItem</a> structure
+ *             that is part of the response to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
  *          <p>Example:<code>"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
- *             ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType": "MyCorp::Group"\}\}</code>
+ *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType":
+ *                 "MyCorp::Group"\}\}</code>
  *          </p>
  * @public
  */
@@ -657,7 +666,7 @@ export interface CognitoUserPoolConfigurationItem {
      * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the Amazon Cognito user pool that contains the identities to be
      *             authorized.</p>
      *          <p>Example: <code>"userPoolArn":
-     *             "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"</code>
+     *                 "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"</code>
      *          </p>
      * @public
      */
@@ -671,10 +680,10 @@ export interface CognitoUserPoolConfigurationItem {
      */
     clientIds: string[] | undefined;
     /**
-     * <p>The OpenID Connect (OIDC) <code>issuer</code> ID of the Amazon Cognito user pool that contains the identities to be
-     *             authorized.</p>
+     * <p>The OpenID Connect (OIDC) <code>issuer</code> ID of the Amazon Cognito user pool that contains
+     *             the identities to be authorized.</p>
      *          <p>Example: <code>"issuer":
-     *             "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"</code>
+     *                 "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"</code>
      *          </p>
      * @public
      */
@@ -807,8 +816,8 @@ export declare namespace OpenIdConnectTokenSelection {
  *          identity source, that Verified Permissions can use to generate entities from authenticated identities. It
  *          specifies the issuer URL, token type that you want to use, and policy store entity
  *          details.</p>
- *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html">Configuration</a> structure, which is a
- *             parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html">CreateIdentitySource</a>.</p>
+ *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html">Configuration</a> structure, which
+ *             is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html">CreateIdentitySource</a>.</p>
  * @public
  */
 export interface OpenIdConnectConfiguration {
@@ -858,7 +867,8 @@ export declare namespace Configuration {
      *             and one or more application client IDs.</p>
      *          <p>Example:
      *                 <code>"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-     *                     ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType": "MyCorp::Group"\}\}\}</code>
+     *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType":
+     *                 "MyCorp::Group"\}\}\}</code>
      *          </p>
      * @public
      */
@@ -941,9 +951,9 @@ export interface OpenIdConnectAccessTokenConfigurationDetail {
     audiences?: string[] | undefined;
 }
 /**
- * <p>The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID)
- *             token claims. Contains the claim that you want to identify as the principal in an
- *             authorization request, and the values of the  <code>aud</code> claim, or audiences, that
+ * <p>The configuration of an OpenID Connect (OIDC) identity source for handling identity
+ *             (ID) token claims. Contains the claim that you want to identify as the principal in an
+ *             authorization request, and the values of the <code>aud</code> claim, or audiences, that
  *             you want to accept.</p>
  *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html">OpenIdConnectTokenSelectionDetail</a> structure, which is a parameter of <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
  * @public
@@ -1017,8 +1027,8 @@ export declare namespace OpenIdConnectTokenSelectionDetail {
  *          identity source, that Verified Permissions can use to generate entities from authenticated identities. It
  *          specifies the issuer URL, token type that you want to use, and policy store entity
  *          details.</p>
- *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationDetail</a> structure,
- *             which is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
+ *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationDetail</a>
+ *             structure, which is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>.</p>
  * @public
  */
 export interface OpenIdConnectConfigurationDetail {
@@ -1065,11 +1075,12 @@ export declare namespace ConfigurationDetail {
     /**
      * <p>Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of
      *             authenticated identities as entities. It specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of a Amazon Cognito user pool,
-     *             the policy store entity that you want to assign to user groups,
-     *             and one or more application client IDs.</p>
+     *             the policy store entity that you want to assign to user groups, and one or more
+     *             application client IDs.</p>
      *          <p>Example:
-     *             <code>"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-     *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType": "MyCorp::Group"\}\}\}</code>
+     *                 <code>"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
+     *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType":
+     *                 "MyCorp::Group"\}\}\}</code>
      *          </p>
      * @public
      */
@@ -1152,9 +1163,9 @@ export interface OpenIdConnectAccessTokenConfigurationItem {
     audiences?: string[] | undefined;
 }
 /**
- * <p>The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID)
- *             token claims. Contains the claim that you want to identify as the principal in an
- *             authorization request, and the values of the  <code>aud</code> claim, or audiences, that
+ * <p>The configuration of an OpenID Connect (OIDC) identity source for handling identity
+ *             (ID) token claims. Contains the claim that you want to identify as the principal in an
+ *             authorization request, and the values of the <code>aud</code> claim, or audiences, that
  *             you want to accept.</p>
  *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html">OpenIdConnectTokenSelectionItem</a> structure, which is a parameter of <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
  * @public
@@ -1228,8 +1239,8 @@ export declare namespace OpenIdConnectTokenSelectionItem {
  *          identity source, that Verified Permissions can use to generate entities from authenticated identities. It
  *          specifies the issuer URL, token type that you want to use, and policy store entity
  *          details.</p>
- *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationItem</a> structure,
- *             which is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
+ *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationItem</a>
+ *             structure, which is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html">ListIdentitySources</a>.</p>
  * @public
  */
 export interface OpenIdConnectConfigurationItem {
@@ -1276,11 +1287,12 @@ export declare namespace ConfigurationItem {
     /**
      * <p>Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of
      *             authenticated identities as entities. It specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of a Amazon Cognito user pool,
-     *             the policy store entity that you want to assign to user groups,
-     *             and one or more application client IDs.</p>
+     *             the policy store entity that you want to assign to user groups, and one or more
+     *             application client IDs.</p>
      *          <p>Example:
-     *             <code>"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-     *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType": "MyCorp::Group"\}\}\}</code>
+     *                 <code>"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
+     *                 ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": \{"groupEntityType":
+     *                 "MyCorp::Group"\}\}\}</code>
      *          </p>
      * @public
      */
@@ -1975,8 +1987,8 @@ export declare const OpenIdIssuer: {
 export type OpenIdIssuer = (typeof OpenIdIssuer)[keyof typeof OpenIdIssuer];
 /**
  * <p>A structure that contains configuration of the identity source.</p>
- *          <p>This data type was a response parameter for the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a>
- *             operation. Replaced by <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationDetail</a>.</p>
+ *          <p>This data type was a response parameter for the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html">GetIdentitySource</a> operation.
+ *             Replaced by <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html">ConfigurationDetail</a>.</p>
  *
  * @deprecated This shape has been replaced by ConfigurationDetail
  * @public
@@ -2443,8 +2455,7 @@ export interface ListIdentitySourcesOutput {
     identitySources: IdentitySourceItem[] | undefined;
 }
 /**
- * <p>The user group entities from an Amazon Cognito user pool identity
- *             source.</p>
+ * <p>The user group entities from an Amazon Cognito user pool identity source.</p>
  * @public
  */
 export interface UpdateCognitoGroupConfiguration {
@@ -2599,8 +2610,8 @@ export declare namespace UpdateOpenIdConnectTokenSelection {
  *          identity source, that Verified Permissions can use to generate entities from authenticated identities. It
  *          specifies the issuer URL, token type that you want to use, and policy store entity
  *          details.</p>
- *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateConfiguration.html">UpdateConfiguration</a> structure,
- *             which is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html">UpdateIdentitySource</a>.</p>
+ *          <p>This data type is part of a <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateConfiguration.html">UpdateConfiguration</a>
+ *             structure, which is a parameter to <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html">UpdateIdentitySource</a>.</p>
  * @public
  */
 export interface UpdateOpenIdConnectConfiguration {
@@ -2634,8 +2645,7 @@ export interface UpdateOpenIdConnectConfiguration {
     tokenSelection: UpdateOpenIdConnectTokenSelection | undefined;
 }
 /**
- * <p>Contains an update to replace the configuration in an existing
- *             identity source.</p>
+ * <p>Contains an update to replace the configuration in an existing identity source.</p>
  * @public
  */
 export type UpdateConfiguration = UpdateConfiguration.CognitoUserPoolConfigurationMember | UpdateConfiguration.OpenIdConnectConfigurationMember | UpdateConfiguration.$UnknownMember;
@@ -3468,8 +3478,8 @@ export type SchemaDefinition = SchemaDefinition.CedarJsonMember | SchemaDefiniti
 export declare namespace SchemaDefinition {
     /**
      * <p>A JSON string representation of the schema supported by applications that use this
-     *             policy store. To delete the schema, run <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PutSchema.html">PutSchema</a> with <code>\{\}</code> for this parameter.
-     *             For more information, see <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html">Policy store schema</a> in the
+     *             policy store. To delete the schema, run <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PutSchema.html">PutSchema</a> with <code>\{\}</code> for
+     *             this parameter. For more information, see <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html">Policy store schema</a> in the
      *                 <i>Amazon Verified Permissions User Guide</i>.</p>
      * @public
      */
@@ -3699,7 +3709,8 @@ export declare namespace AttributeValue {
         $unknown?: never;
     }
     /**
-     * <p>An attribute value of <a href="https://docs.cedarpolicy.com/policies/syntax-datatypes.html#datatype-ipaddr">ipaddr</a> type.</p>
+     * <p>An attribute value of <a href="https://docs.cedarpolicy.com/policies/syntax-datatypes.html#datatype-ipaddr">ipaddr</a>
+     *             type.</p>
      *          <p>Example: <code>\{"ip": "192.168.1.100"\}</code>
      *          </p>
      * @public
@@ -3765,12 +3776,16 @@ export declare namespace AttributeValue {
  *                 <code>unless</code> clauses in a policy.</p>
  *          <p>This data type is used as a request parameter for the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html">IsAuthorized</a>, <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html">BatchIsAuthorized</a>, and <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html">IsAuthorizedWithToken</a>
  *             operations.</p>
+ *          <p>If you're passing context as part of the request, exactly one instance of
+ *             <code>context</code> must be passed. If you don't want to pass context, omit the
+ *                 <code>context</code> parameter from your request rather than sending <code>context
+ *                 \{\}</code>.</p>
  *          <p>Example:
  *                 <code>"context":\{"contextMap":\{"&lt;KeyName1&gt;":\{"boolean":true\},"&lt;KeyName2&gt;":\{"long":1234\}\}\}</code>
  *          </p>
  * @public
  */
-export type ContextDefinition = ContextDefinition.ContextMapMember | ContextDefinition.$UnknownMember;
+export type ContextDefinition = ContextDefinition.CedarJsonMember | ContextDefinition.ContextMapMember | ContextDefinition.$UnknownMember;
 /**
  * @public
  */
@@ -3786,6 +3801,20 @@ export declare namespace ContextDefinition {
      */
     interface ContextMapMember {
         contextMap: Record<string, AttributeValue>;
+        cedarJson?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>A Cedar JSON string representation of the context needed to successfully evaluate an authorization
+     *             request.</p>
+     *          <p>Example:
+     *             <code>\{"cedarJson":"\{\"&lt;KeyName1&gt;\": true, \"&lt;KeyName2&gt;\": 1234\}" \}</code>
+     *          </p>
+     * @public
+     */
+    interface CedarJsonMember {
+        contextMap?: never;
+        cedarJson: string;
         $unknown?: never;
     }
     /**
@@ -3793,10 +3822,12 @@ export declare namespace ContextDefinition {
      */
     interface $UnknownMember {
         contextMap?: never;
+        cedarJson?: never;
         $unknown: [string, any];
     }
     interface Visitor<T> {
         contextMap: (value: Record<string, AttributeValue>) => T;
+        cedarJson: (value: string) => T;
         _: (name: string, value: any) => T;
     }
     const visit: <T>(value: ContextDefinition, visitor: Visitor<T>) => T;
@@ -3874,13 +3905,13 @@ export interface BatchIsAuthorizedInputItem {
 export interface BatchIsAuthorizedWithTokenInputItem {
     /**
      * <p>Specifies the requested action to be authorized. For example,
-     *             <code>PhotoFlash::ReadPhoto</code>.</p>
+     *                 <code>PhotoFlash::ReadPhoto</code>.</p>
      * @public
      */
     action?: ActionIdentifier | undefined;
     /**
      * <p>Specifies the resource that you want an authorization decision for. For example,
-     *             <code>PhotoFlash::Photo</code>.</p>
+     *                 <code>PhotoFlash::Photo</code>.</p>
      * @public
      */
     resource?: EntityIdentifier | undefined;
@@ -3926,8 +3957,8 @@ export interface BatchIsAuthorizedOutputItem {
     errors: EvaluationErrorItem[] | undefined;
 }
 /**
- * <p>The decision, based on policy evaluation, from an individual authorization request in a
- *             <code>BatchIsAuthorizedWithToken</code> API request.</p>
+ * <p>The decision, based on policy evaluation, from an individual authorization request in
+ *             a <code>BatchIsAuthorizedWithToken</code> API request.</p>
  * @public
  */
 export interface BatchIsAuthorizedWithTokenOutputItem {
@@ -3937,23 +3968,24 @@ export interface BatchIsAuthorizedWithTokenOutputItem {
      */
     request: BatchIsAuthorizedWithTokenInputItem | undefined;
     /**
-     * <p>An authorization decision that indicates if the authorization request should be allowed
-     *             or denied.</p>
+     * <p>An authorization decision that indicates if the authorization request should be
+     *             allowed or denied.</p>
      * @public
      */
     decision: Decision | undefined;
     /**
      * <p>The list of determining policies used to make the authorization decision. For example,
-     *             if there are two matching policies, where one is a forbid and the other is a permit, then
-     *             the forbid policy will be the determining policy. In the case of multiple matching permit
-     *             policies then there would be multiple determining policies. In the case that no policies
-     *             match, and hence the response is DENY, there would be no determining policies.</p>
+     *             if there are two matching policies, where one is a forbid and the other is a permit,
+     *             then the forbid policy will be the determining policy. In the case of multiple matching
+     *             permit policies then there would be multiple determining policies. In the case that no
+     *             policies match, and hence the response is DENY, there would be no determining
+     *             policies.</p>
      * @public
      */
     determiningPolicies: DeterminingPolicyItem[] | undefined;
     /**
-     * <p>Errors that occurred while making an authorization decision. For example, a policy might
-     *             reference an entity or attribute that doesn't exist in the request.</p>
+     * <p>Errors that occurred while making an authorization decision. For example, a policy
+     *             might reference an entity or attribute that doesn't exist in the request.</p>
      * @public
      */
     errors: EvaluationErrorItem[] | undefined;
@@ -3966,7 +3998,7 @@ export interface BatchIsAuthorizedWithTokenOutputItem {
  *             and <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html">IsAuthorizedWithToken</a> operations.</p>
  * @public
  */
-export type EntitiesDefinition = EntitiesDefinition.EntityListMember | EntitiesDefinition.$UnknownMember;
+export type EntitiesDefinition = EntitiesDefinition.CedarJsonMember | EntitiesDefinition.EntityListMember | EntitiesDefinition.$UnknownMember;
 /**
  * @public
  */
@@ -3975,10 +4007,28 @@ export declare namespace EntitiesDefinition {
      * <p>An array of entities that are needed to successfully evaluate an authorization
      *             request. Each entity in this array must include an identifier for the entity, the
      *             attributes of the entity, and a list of any parent entities.</p>
+     *          <note>
+     *             <p>If you include multiple entities with the same <code>identifier</code>, only the
+     *                 last one is processed in the request.</p>
+     *          </note>
      * @public
      */
     interface EntityListMember {
         entityList: EntityItem[];
+        cedarJson?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>A Cedar JSON string representation of the entities needed to successfully evaluate an authorization
+     *             request.</p>
+     *          <p>Example:
+     *             <code>\{"cedarJson": "[\{\"uid\":\{\"type\":\"Photo\",\"id\":\"VacationPhoto94.jpg\"\},\"attrs\":\{\"accessLevel\":\"public\"\},\"parents\":[]\}]"\}</code>
+     *          </p>
+     * @public
+     */
+    interface CedarJsonMember {
+        entityList?: never;
+        cedarJson: string;
         $unknown?: never;
     }
     /**
@@ -3986,10 +4036,12 @@ export declare namespace EntitiesDefinition {
      */
     interface $UnknownMember {
         entityList?: never;
+        cedarJson?: never;
         $unknown: [string, any];
     }
     interface Visitor<T> {
         entityList: (value: EntityItem[]) => T;
+        cedarJson: (value: string) => T;
         _: (name: string, value: any) => T;
     }
     const visit: <T>(value: EntitiesDefinition, visitor: Visitor<T>) => T;

package/dist-types/ts3.4/models/models_0.d.ts

@@ -1091,19 +1091,28 @@ export declare namespace AttributeValue {
   const visit: <T>(value: AttributeValue, visitor: Visitor<T>) => T;
 }
 export type ContextDefinition =
+  | ContextDefinition.CedarJsonMember
   | ContextDefinition.ContextMapMember
   | ContextDefinition.$UnknownMember;
 export declare namespace ContextDefinition {
   interface ContextMapMember {
     contextMap: Record<string, AttributeValue>;
+    cedarJson?: never;
+    $unknown?: never;
+  }
+  interface CedarJsonMember {
+    contextMap?: never;
+    cedarJson: string;
     $unknown?: never;
   }
   interface $UnknownMember {
     contextMap?: never;
+    cedarJson?: never;
     $unknown: [string, any];
   }
   interface Visitor<T> {
     contextMap: (value: Record<string, AttributeValue>) => T;
+    cedarJson: (value: string) => T;
     _: (name: string, value: any) => T;
   }
   const visit: <T>(value: ContextDefinition, visitor: Visitor<T>) => T;
@@ -1137,19 +1146,28 @@ export interface BatchIsAuthorizedWithTokenOutputItem {
   errors: EvaluationErrorItem[] | undefined;
 }
 export type EntitiesDefinition =
+  | EntitiesDefinition.CedarJsonMember
   | EntitiesDefinition.EntityListMember
   | EntitiesDefinition.$UnknownMember;
 export declare namespace EntitiesDefinition {
   interface EntityListMember {
     entityList: EntityItem[];
+    cedarJson?: never;
+    $unknown?: never;
+  }
+  interface CedarJsonMember {
+    entityList?: never;
+    cedarJson: string;
     $unknown?: never;
   }
   interface $UnknownMember {
     entityList?: never;
+    cedarJson?: never;
     $unknown: [string, any];
   }
   interface Visitor<T> {
     entityList: (value: EntityItem[]) => T;
+    cedarJson: (value: string) => T;
     _: (name: string, value: any) => T;
   }
   const visit: <T>(value: EntitiesDefinition, visitor: Visitor<T>) => T;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-verifiedpermissions",
   "description": "AWS SDK for JavaScript Verifiedpermissions Client for Node.js, Browser and React Native",
-  "version": "3.734.0",
+  "version": "3.739.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-verifiedpermissions",
@@ -21,7 +21,7 @@
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
     "@aws-sdk/core": "3.734.0",
-    "@aws-sdk/credential-provider-node": "3.734.0",
+    "@aws-sdk/credential-provider-node": "3.738.0",
     "@aws-sdk/middleware-host-header": "3.734.0",
     "@aws-sdk/middleware-logger": "3.734.0",
     "@aws-sdk/middleware-recursion-detection": "3.734.0",