@cdk8s/awscdk-resolver 0.0.409 → 0.0.411

package/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/models/errors.js

@@ -0,0 +1,85 @@
+import { STSServiceException as __BaseException } from "./STSServiceException";
+export class ExpiredTokenException extends __BaseException {
+    name = "ExpiredTokenException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "ExpiredTokenException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, ExpiredTokenException.prototype);
+    }
+}
+export class MalformedPolicyDocumentException extends __BaseException {
+    name = "MalformedPolicyDocumentException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "MalformedPolicyDocumentException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, MalformedPolicyDocumentException.prototype);
+    }
+}
+export class PackedPolicyTooLargeException extends __BaseException {
+    name = "PackedPolicyTooLargeException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "PackedPolicyTooLargeException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, PackedPolicyTooLargeException.prototype);
+    }
+}
+export class RegionDisabledException extends __BaseException {
+    name = "RegionDisabledException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "RegionDisabledException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, RegionDisabledException.prototype);
+    }
+}
+export class IDPRejectedClaimException extends __BaseException {
+    name = "IDPRejectedClaimException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "IDPRejectedClaimException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, IDPRejectedClaimException.prototype);
+    }
+}
+export class InvalidIdentityTokenException extends __BaseException {
+    name = "InvalidIdentityTokenException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "InvalidIdentityTokenException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, InvalidIdentityTokenException.prototype);
+    }
+}
+export class IDPCommunicationErrorException extends __BaseException {
+    name = "IDPCommunicationErrorException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "IDPCommunicationErrorException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, IDPCommunicationErrorException.prototype);
+    }
+}

package/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/models/models_0.js

@@ -1,85 +1 @@
-import { STSServiceException as __BaseException } from "./STSServiceException";
-export class ExpiredTokenException extends __BaseException {
-    name = "ExpiredTokenException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "ExpiredTokenException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, ExpiredTokenException.prototype);
-    }
-}
-export class MalformedPolicyDocumentException extends __BaseException {
-    name = "MalformedPolicyDocumentException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "MalformedPolicyDocumentException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, MalformedPolicyDocumentException.prototype);
-    }
-}
-export class PackedPolicyTooLargeException extends __BaseException {
-    name = "PackedPolicyTooLargeException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "PackedPolicyTooLargeException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, PackedPolicyTooLargeException.prototype);
-    }
-}
-export class RegionDisabledException extends __BaseException {
-    name = "RegionDisabledException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "RegionDisabledException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, RegionDisabledException.prototype);
-    }
-}
-export class IDPRejectedClaimException extends __BaseException {
-    name = "IDPRejectedClaimException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "IDPRejectedClaimException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, IDPRejectedClaimException.prototype);
-    }
-}
-export class InvalidIdentityTokenException extends __BaseException {
-    name = "InvalidIdentityTokenException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "InvalidIdentityTokenException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, InvalidIdentityTokenException.prototype);
-    }
-}
-export class IDPCommunicationErrorException extends __BaseException {
-    name = "IDPCommunicationErrorException";
-    $fault = "client";
-    constructor(opts) {
-        super({
-            name: "IDPCommunicationErrorException",
-            $fault: "client",
-            ...opts,
-        });
-        Object.setPrototypeOf(this, IDPCommunicationErrorException.prototype);
-    }
-}
+export {};

package/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/schemas/schemas_0.js

@@ -58,7 +58,7 @@ const _s = "smithy.ts.sdk.synthetic.com.amazonaws.sts";
 const _tLT = "tagListType";
 const n0 = "com.amazonaws.sts";
 import { TypeRegistry } from "@smithy/core/schema";
-import { ExpiredTokenException as __ExpiredTokenException, IDPCommunicationErrorException as __IDPCommunicationErrorException, IDPRejectedClaimException as __IDPRejectedClaimException, InvalidIdentityTokenException as __InvalidIdentityTokenException, MalformedPolicyDocumentException as __MalformedPolicyDocumentException, PackedPolicyTooLargeException as __PackedPolicyTooLargeException, RegionDisabledException as __RegionDisabledException, } from "../models/index";
+import { ExpiredTokenException as __ExpiredTokenException, IDPCommunicationErrorException as __IDPCommunicationErrorException, IDPRejectedClaimException as __IDPRejectedClaimException, InvalidIdentityTokenException as __InvalidIdentityTokenException, MalformedPolicyDocumentException as __MalformedPolicyDocumentException, PackedPolicyTooLargeException as __PackedPolicyTooLargeException, RegionDisabledException as __RegionDisabledException, } from "../models/errors";
 import { STSServiceException as __STSServiceException } from "../models/STSServiceException";
 export var accessKeySecretType = [0, n0, _aKST, 8, 0];
 export var clientTokenType = [0, n0, _cTT, 8, 0];

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/Signin.d.ts

@@ -0,0 +1,18 @@
+import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
+import { CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput } from "./commands/CreateOAuth2TokenCommand";
+import { SigninClient } from "./SigninClient";
+export interface Signin {
+    /**
+     * @see {@link CreateOAuth2TokenCommand}
+     */
+    createOAuth2Token(args: CreateOAuth2TokenCommandInput, options?: __HttpHandlerOptions): Promise<CreateOAuth2TokenCommandOutput>;
+    createOAuth2Token(args: CreateOAuth2TokenCommandInput, cb: (err: any, data?: CreateOAuth2TokenCommandOutput) => void): void;
+    createOAuth2Token(args: CreateOAuth2TokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateOAuth2TokenCommandOutput) => void): void;
+}
+/**
+ * AWS Sign-In manages authentication for AWS services. This service provides
+ * secure authentication flows for accessing AWS resources from the console and developer tools.
+ * @public
+ */
+export declare class Signin extends SigninClient implements Signin {
+}

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/SigninClient.d.ts

@@ -0,0 +1,198 @@
+import { HostHeaderInputConfig, HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
+import { UserAgentInputConfig, UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
+import { RegionInputConfig, RegionResolvedConfig } from "@smithy/config-resolver";
+import { EndpointInputConfig, EndpointResolvedConfig } from "@smithy/middleware-endpoint";
+import { RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
+import { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
+import { Client as __Client, DefaultsMode as __DefaultsMode, SmithyConfiguration as __SmithyConfiguration, SmithyResolvedConfiguration as __SmithyResolvedConfiguration } from "@smithy/smithy-client";
+import { AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, ClientProtocol, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, HttpRequest, HttpResponse, Logger as __Logger, Provider as __Provider, Provider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
+import { HttpAuthSchemeInputConfig, HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
+import { CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput } from "./commands/CreateOAuth2TokenCommand";
+import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
+import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
+export { __Client };
+/**
+ * @public
+ */
+export type ServiceInputTypes = CreateOAuth2TokenCommandInput;
+/**
+ * @public
+ */
+export type ServiceOutputTypes = CreateOAuth2TokenCommandOutput;
+/**
+ * @public
+ */
+export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
+    /**
+     * The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
+     */
+    requestHandler?: __HttpHandlerUserInput;
+    /**
+     * A constructor for a class implementing the {@link @smithy/types#ChecksumConstructor} interface
+     * that computes the SHA-256 HMAC or checksum of a string or binary buffer.
+     * @internal
+     */
+    sha256?: __ChecksumConstructor | __HashConstructor;
+    /**
+     * The function that will be used to convert strings into HTTP endpoints.
+     * @internal
+     */
+    urlParser?: __UrlParser;
+    /**
+     * A function that can calculate the length of a request body.
+     * @internal
+     */
+    bodyLengthChecker?: __BodyLengthCalculator;
+    /**
+     * A function that converts a stream into an array of bytes.
+     * @internal
+     */
+    streamCollector?: __StreamCollector;
+    /**
+     * The function that will be used to convert a base64-encoded string to a byte array.
+     * @internal
+     */
+    base64Decoder?: __Decoder;
+    /**
+     * The function that will be used to convert binary data to a base64-encoded string.
+     * @internal
+     */
+    base64Encoder?: __Encoder;
+    /**
+     * The function that will be used to convert a UTF8-encoded string to a byte array.
+     * @internal
+     */
+    utf8Decoder?: __Decoder;
+    /**
+     * The function that will be used to convert binary data to a UTF-8 encoded string.
+     * @internal
+     */
+    utf8Encoder?: __Encoder;
+    /**
+     * The runtime environment.
+     * @internal
+     */
+    runtime?: string;
+    /**
+     * Disable dynamically changing the endpoint of the client based on the hostPrefix
+     * trait of an operation.
+     */
+    disableHostPrefix?: boolean;
+    /**
+     * Unique service identifier.
+     * @internal
+     */
+    serviceId?: string;
+    /**
+     * Enables IPv6/IPv4 dualstack endpoint.
+     */
+    useDualstackEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * Enables FIPS compatible endpoints.
+     */
+    useFipsEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * The AWS region to which this client will send requests
+     */
+    region?: string | __Provider<string>;
+    /**
+     * Setting a client profile is similar to setting a value for the
+     * AWS_PROFILE environment variable. Setting a profile on a client
+     * in code only affects the single client instance, unlike AWS_PROFILE.
+     *
+     * When set, and only for environments where an AWS configuration
+     * file exists, fields configurable by this file will be retrieved
+     * from the specified profile within that file.
+     * Conflicting code configuration and environment variables will
+     * still have higher priority.
+     *
+     * For client credential resolution that involves checking the AWS
+     * configuration file, the client's profile (this value) will be
+     * used unless a different profile is set in the credential
+     * provider options.
+     *
+     */
+    profile?: string;
+    /**
+     * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+     * @internal
+     */
+    defaultUserAgentProvider?: Provider<__UserAgent>;
+    /**
+     * Default credentials provider; Not available in browser runtime.
+     * @deprecated
+     * @internal
+     */
+    credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
+    /**
+     * Value for how many times a request will be made at most in case of retry.
+     */
+    maxAttempts?: number | __Provider<number>;
+    /**
+     * Specifies which retry algorithm to use.
+     * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-smithy-util-retry/Enum/RETRY_MODES/
+     *
+     */
+    retryMode?: string | __Provider<string>;
+    /**
+     * Optional logger for logging debug/info/warn/error.
+     */
+    logger?: __Logger;
+    /**
+     * Optional extensions
+     */
+    extensions?: RuntimeExtension[];
+    /**
+     * The protocol controlling the message type (e.g. HTTP) and format (e.g. JSON)
+     * may be overridden. A default will always be set by the client.
+     * Available options depend on the service's supported protocols and will not be validated by
+     * the client.
+     * @alpha
+     *
+     */
+    protocol?: ClientProtocol<HttpRequest, HttpResponse>;
+    /**
+     * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
+     */
+    defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
+}
+/**
+ * @public
+ */
+export type SigninClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & HttpAuthSchemeInputConfig & ClientInputEndpointParameters;
+/**
+ * @public
+ *
+ *  The configuration interface of SigninClient class constructor that set the region, credentials and other options.
+ */
+export interface SigninClientConfig extends SigninClientConfigType {
+}
+/**
+ * @public
+ */
+export type SigninClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters;
+/**
+ * @public
+ *
+ *  The resolved configuration interface of SigninClient class. This is resolved and normalized from the {@link SigninClientConfig | constructor configuration interface}.
+ */
+export interface SigninClientResolvedConfig extends SigninClientResolvedConfigType {
+}
+/**
+ * AWS Sign-In manages authentication for AWS services. This service provides
+ * secure authentication flows for accessing AWS resources from the console and developer tools.
+ * @public
+ */
+export declare class SigninClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, SigninClientResolvedConfig> {
+    /**
+     * The resolved configuration of SigninClient class. This is resolved and normalized from the {@link SigninClientConfig | constructor configuration interface}.
+     */
+    readonly config: SigninClientResolvedConfig;
+    constructor(...[configuration]: __CheckOptionalClientConfig<SigninClientConfig>);
+    /**
+     * Destroy underlying resources, like sockets. It's usually not necessary to do this.
+     * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed.
+     * Otherwise, sockets might stay open for quite a long time before the server terminates them.
+     */
+    destroy(): void;
+}

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,29 @@
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+import { SigninHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+    httpAuthSchemes(): HttpAuthScheme[];
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: SigninHttpAuthSchemeProvider): void;
+    httpAuthSchemeProvider(): SigninHttpAuthSchemeProvider;
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+    httpAuthSchemes: HttpAuthScheme[];
+    httpAuthSchemeProvider: SigninHttpAuthSchemeProvider;
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+/**
+ * @internal
+ */
+export declare const getHttpAuthExtensionConfiguration: (runtimeConfig: HttpAuthRuntimeConfig) => HttpAuthExtensionConfiguration;
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthRuntimeConfig: (config: HttpAuthExtensionConfiguration) => HttpAuthRuntimeConfig;

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/auth/httpAuthSchemeProvider.d.ts

@@ -0,0 +1,75 @@
+import { AwsSdkSigV4AuthInputConfig, AwsSdkSigV4AuthResolvedConfig, AwsSdkSigV4PreviouslyResolved } from "@aws-sdk/core";
+import { HandlerExecutionContext, HttpAuthScheme, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider, Provider } from "@smithy/types";
+import { SigninClientResolvedConfig } from "../SigninClient";
+/**
+ * @internal
+ */
+export interface SigninHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+    region?: string;
+}
+/**
+ * @internal
+ */
+export interface SigninHttpAuthSchemeParametersProvider extends HttpAuthSchemeParametersProvider<SigninClientResolvedConfig, HandlerExecutionContext, SigninHttpAuthSchemeParameters, object> {
+}
+/**
+ * @internal
+ */
+export declare const defaultSigninHttpAuthSchemeParametersProvider: (config: SigninClientResolvedConfig, context: HandlerExecutionContext, input: object) => Promise<SigninHttpAuthSchemeParameters>;
+/**
+ * @internal
+ */
+export interface SigninHttpAuthSchemeProvider extends HttpAuthSchemeProvider<SigninHttpAuthSchemeParameters> {
+}
+/**
+ * @internal
+ */
+export declare const defaultSigninHttpAuthSchemeProvider: SigninHttpAuthSchemeProvider;
+/**
+ * @public
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+    /**
+     * A comma-separated list of case-sensitive auth scheme names.
+     * An auth scheme name is a fully qualified auth scheme ID with the namespace prefix trimmed.
+     * For example, the auth scheme with ID aws.auth#sigv4 is named sigv4.
+     * @public
+     */
+    authSchemePreference?: string[] | Provider<string[]>;
+    /**
+     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    httpAuthSchemes?: HttpAuthScheme[];
+    /**
+     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    httpAuthSchemeProvider?: SigninHttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+    /**
+     * A comma-separated list of case-sensitive auth scheme names.
+     * An auth scheme name is a fully qualified auth scheme ID with the namespace prefix trimmed.
+     * For example, the auth scheme with ID aws.auth#sigv4 is named sigv4.
+     * @public
+     */
+    readonly authSchemePreference: Provider<string[]>;
+    /**
+     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    readonly httpAuthSchemes: HttpAuthScheme[];
+    /**
+     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    readonly httpAuthSchemeProvider: SigninHttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthSchemeConfig: <T>(config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved) => T & HttpAuthSchemeResolvedConfig;

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/commands/CreateOAuth2TokenCommand.d.ts

@@ -0,0 +1,157 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { CreateOAuth2TokenRequest, CreateOAuth2TokenResponse } from "../models/models_0";
+import { SigninClientResolvedConfig } from "../SigninClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateOAuth2TokenCommand}.
+ */
+export interface CreateOAuth2TokenCommandInput extends CreateOAuth2TokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateOAuth2TokenCommand}.
+ */
+export interface CreateOAuth2TokenCommandOutput extends CreateOAuth2TokenResponse, __MetadataBearer {
+}
+declare const CreateOAuth2TokenCommand_base: {
+    new (input: CreateOAuth2TokenCommandInput): import("@smithy/smithy-client").CommandImpl<CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput, SigninClientResolvedConfig, CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput>;
+    new (input: CreateOAuth2TokenCommandInput): import("@smithy/smithy-client").CommandImpl<CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput, SigninClientResolvedConfig, CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * CreateOAuth2Token API
+ *
+ * Path: /v1/token
+ * Request Method: POST
+ * Content-Type: application/json or application/x-www-form-urlencoded
+ *
+ * This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:
+ * 1. Authorization code redemption (grant_type=authorization_code) - NOT idempotent
+ * 2. Token refresh (grant_type=refresh_token) - Idempotent within token validity window
+ *
+ * The operation behavior is determined by the grant_type parameter in the request body:
+ *
+ * **Authorization Code Flow (NOT Idempotent):**
+ * - JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
+ * - Returns access_token, token_type, expires_in, refresh_token, and id_token
+ * - Each authorization code can only be used ONCE for security (prevents replay attacks)
+ *
+ * **Token Refresh Flow (Idempotent):**
+ * - JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
+ * - Returns access_token, token_type, expires_in, and refresh_token (no id_token)
+ * - Multiple calls with same refresh_token return consistent results within validity window
+ *
+ * Authentication and authorization:
+ * - Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
+ * - CLI clients (public): authn/authz skipped based on client_id & grant_type
+ *
+ * Note: This operation cannot be marked as @idempotent because it handles both idempotent
+ * (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { SigninClient, CreateOAuth2TokenCommand } from "@aws-sdk/client-signin"; // ES Modules import
+ * // const { SigninClient, CreateOAuth2TokenCommand } = require("@aws-sdk/client-signin"); // CommonJS import
+ * // import type { SigninClientConfig } from "@aws-sdk/client-signin";
+ * const config = {}; // type is SigninClientConfig
+ * const client = new SigninClient(config);
+ * const input = { // CreateOAuth2TokenRequest
+ *   tokenInput: { // CreateOAuth2TokenRequestBody
+ *     clientId: "STRING_VALUE", // required
+ *     grantType: "STRING_VALUE", // required
+ *     code: "STRING_VALUE",
+ *     redirectUri: "STRING_VALUE",
+ *     codeVerifier: "STRING_VALUE",
+ *     refreshToken: "STRING_VALUE",
+ *   },
+ * };
+ * const command = new CreateOAuth2TokenCommand(input);
+ * const response = await client.send(command);
+ * // { // CreateOAuth2TokenResponse
+ * //   tokenOutput: { // CreateOAuth2TokenResponseBody
+ * //     accessToken: { // AccessToken
+ * //       accessKeyId: "STRING_VALUE", // required
+ * //       secretAccessKey: "STRING_VALUE", // required
+ * //       sessionToken: "STRING_VALUE", // required
+ * //     },
+ * //     tokenType: "STRING_VALUE", // required
+ * //     expiresIn: Number("int"), // required
+ * //     refreshToken: "STRING_VALUE", // required
+ * //     idToken: "STRING_VALUE",
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param CreateOAuth2TokenCommandInput - {@link CreateOAuth2TokenCommandInput}
+ * @returns {@link CreateOAuth2TokenCommandOutput}
+ * @see {@link CreateOAuth2TokenCommandInput} for command's `input` shape.
+ * @see {@link CreateOAuth2TokenCommandOutput} for command's `response` shape.
+ * @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  Error thrown for access denied scenarios with flexible HTTP status mapping
+ *
+ * Runtime HTTP Status Code Mapping:
+ * - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
+ * - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
+ *
+ * The specific HTTP status code is determined at runtime based on the error enum value.
+ * Consumers should use the error field to determine the specific access denial reason.
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  Error thrown when an internal server error occurs
+ *
+ * HTTP Status Code: 500 Internal Server Error
+ *
+ * Used for unexpected server-side errors that prevent request processing.
+ *
+ * @throws {@link TooManyRequestsError} (client fault)
+ *  Error thrown when rate limit is exceeded
+ *
+ * HTTP Status Code: 429 Too Many Requests
+ *
+ * Possible OAuth2ErrorCode values:
+ * - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
+ *
+ * Possible causes:
+ * - Too many token requests from the same client
+ * - Rate limiting based on client_id or IP address
+ * - Abuse prevention mechanisms triggered
+ * - Service protection against excessive token generation
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  Error thrown when request validation fails
+ *
+ * HTTP Status Code: 400 Bad Request
+ *
+ * Used for request validation errors such as malformed parameters,
+ * missing required fields, or invalid parameter values.
+ *
+ * @throws {@link SigninServiceException}
+ * <p>Base exception class for all service exceptions from Signin service.</p>
+ *
+ *
+ * @public
+ */
+export declare class CreateOAuth2TokenCommand extends CreateOAuth2TokenCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CreateOAuth2TokenRequest;
+            output: CreateOAuth2TokenResponse;
+        };
+        sdk: {
+            input: CreateOAuth2TokenCommandInput;
+            output: CreateOAuth2TokenCommandOutput;
+        };
+    };
+}

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/commands/index.d.ts

@@ -0,0 +1 @@
+export * from "./CreateOAuth2TokenCommand";