@depup/aws-sdk__client-sso-oidc 3.1010.0-depup.0

package/dist-es/runtimeConfig.shared.js

@@ -0,0 +1,45 @@
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
+import { AwsRestJsonProtocol } from "@aws-sdk/core/protocols";
+import { NoAuthSigner } from "@smithy/core";
+import { NoOpLogger } from "@smithy/smithy-client";
+import { parseUrl } from "@smithy/url-parser";
+import { fromBase64, toBase64 } from "@smithy/util-base64";
+import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
+import { defaultSSOOIDCHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
+import { defaultEndpointResolver } from "./endpoint/endpointResolver";
+import { errorTypeRegistries } from "./schemas/schemas_0";
+export const getRuntimeConfig = (config) => {
+    return {
+        apiVersion: "2019-06-10",
+        base64Decoder: config?.base64Decoder ?? fromBase64,
+        base64Encoder: config?.base64Encoder ?? toBase64,
+        disableHostPrefix: config?.disableHostPrefix ?? false,
+        endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
+        extensions: config?.extensions ?? [],
+        httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultSSOOIDCHttpAuthSchemeProvider,
+        httpAuthSchemes: config?.httpAuthSchemes ?? [
+            {
+                schemeId: "aws.auth#sigv4",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
+                signer: new AwsSdkSigV4Signer(),
+            },
+            {
+                schemeId: "smithy.api#noAuth",
+                identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
+                signer: new NoAuthSigner(),
+            },
+        ],
+        logger: config?.logger ?? new NoOpLogger(),
+        protocol: config?.protocol ?? AwsRestJsonProtocol,
+        protocolSettings: config?.protocolSettings ?? {
+            defaultNamespace: "com.amazonaws.ssooidc",
+            errorTypeRegistries,
+            version: "2019-06-10",
+            serviceTarget: "AWSSSOOIDCService",
+        },
+        serviceId: config?.serviceId ?? "SSO OIDC",
+        urlParser: config?.urlParser ?? parseUrl,
+        utf8Decoder: config?.utf8Decoder ?? fromUtf8,
+        utf8Encoder: config?.utf8Encoder ?? toUtf8,
+    };
+};

package/dist-es/runtimeExtensions.js

@@ -0,0 +1,9 @@
+import { getAwsRegionExtensionConfiguration, resolveAwsRegionExtensionConfiguration, } from "@aws-sdk/region-config-resolver";
+import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
+import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
+export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
+    const extensionConfiguration = Object.assign(getAwsRegionExtensionConfiguration(runtimeConfig), getDefaultExtensionConfiguration(runtimeConfig), getHttpHandlerExtensionConfiguration(runtimeConfig), getHttpAuthExtensionConfiguration(runtimeConfig));
+    extensions.forEach((extension) => extension.configure(extensionConfiguration));
+    return Object.assign(runtimeConfig, resolveAwsRegionExtensionConfiguration(extensionConfiguration), resolveDefaultRuntimeConfig(extensionConfiguration), resolveHttpHandlerRuntimeConfig(extensionConfiguration), resolveHttpAuthRuntimeConfig(extensionConfiguration));
+};

package/dist-es/schemas/schemas_0.js

@@ -0,0 +1,243 @@
+const _A = "Assertion";
+const _AAD = "AwsAdditionalDetails";
+const _ADE = "AccessDeniedException";
+const _APE = "AuthorizationPendingException";
+const _AT = "AccessToken";
+const _CS = "ClientSecret";
+const _CT = "CreateToken";
+const _CTR = "CreateTokenRequest";
+const _CTRr = "CreateTokenResponse";
+const _CTWIAM = "CreateTokenWithIAM";
+const _CTWIAMR = "CreateTokenWithIAMRequest";
+const _CTWIAMRr = "CreateTokenWithIAMResponse";
+const _CV = "CodeVerifier";
+const _ETE = "ExpiredTokenException";
+const _ICE = "InvalidClientException";
+const _ICME = "InvalidClientMetadataException";
+const _IGE = "InvalidGrantException";
+const _IRE = "InvalidRequestException";
+const _IRRE = "InvalidRequestRegionException";
+const _IRUE = "InvalidRedirectUriException";
+const _ISE = "InternalServerException";
+const _ISEn = "InvalidScopeException";
+const _IT = "IdToken";
+const _RC = "RegisterClient";
+const _RCR = "RegisterClientRequest";
+const _RCRe = "RegisterClientResponse";
+const _RT = "RefreshToken";
+const _SDA = "StartDeviceAuthorization";
+const _SDAR = "StartDeviceAuthorizationRequest";
+const _SDARt = "StartDeviceAuthorizationResponse";
+const _SDE = "SlowDownException";
+const _ST = "SubjectToken";
+const _UCE = "UnauthorizedClientException";
+const _UGTE = "UnsupportedGrantTypeException";
+const _a = "assertion";
+const _aAD = "awsAdditionalDetails";
+const _aE = "authorizationEndpoint";
+const _aT = "accessToken";
+const _c = "client";
+const _cI = "clientId";
+const _cIIA = "clientIdIssuedAt";
+const _cN = "clientName";
+const _cS = "clientSecret";
+const _cSEA = "clientSecretExpiresAt";
+const _cT = "clientType";
+const _cV = "codeVerifier";
+const _co = "code";
+const _dC = "deviceCode";
+const _e = "error";
+const _eAA = "entitledApplicationArn";
+const _eI = "expiresIn";
+const _ed = "error_description";
+const _en = "endpoint";
+const _gT = "grantType";
+const _gTr = "grantTypes";
+const _h = "http";
+const _hE = "httpError";
+const _i = "interval";
+const _iC = "identityContext";
+const _iT = "idToken";
+const _iTT = "issuedTokenType";
+const _iU = "issuerUrl";
+const _r = "reason";
+const _rT = "refreshToken";
+const _rTT = "requestedTokenType";
+const _rU = "redirectUri";
+const _rUe = "redirectUris";
+const _re = "region";
+const _s = "smithy.ts.sdk.synthetic.com.amazonaws.ssooidc";
+const _sT = "subjectToken";
+const _sTT = "subjectTokenType";
+const _sU = "startUrl";
+const _sc = "scope";
+const _sco = "scopes";
+const _se = "server";
+const _tE = "tokenEndpoint";
+const _tT = "tokenType";
+const _uC = "userCode";
+const _vU = "verificationUri";
+const _vUC = "verificationUriComplete";
+const n0 = "com.amazonaws.ssooidc";
+import { TypeRegistry } from "@smithy/core/schema";
+import { AccessDeniedException, AuthorizationPendingException, ExpiredTokenException, InternalServerException, InvalidClientException, InvalidClientMetadataException, InvalidGrantException, InvalidRedirectUriException, InvalidRequestException, InvalidRequestRegionException, InvalidScopeException, SlowDownException, UnauthorizedClientException, UnsupportedGrantTypeException, } from "../models/errors";
+import { SSOOIDCServiceException } from "../models/SSOOIDCServiceException";
+const _s_registry = TypeRegistry.for(_s);
+export var SSOOIDCServiceException$ = [-3, _s, "SSOOIDCServiceException", 0, [], []];
+_s_registry.registerError(SSOOIDCServiceException$, SSOOIDCServiceException);
+const n0_registry = TypeRegistry.for(n0);
+export var AccessDeniedException$ = [-3, n0, _ADE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _r, _ed],
+    [0, 0, 0]
+];
+n0_registry.registerError(AccessDeniedException$, AccessDeniedException);
+export var AuthorizationPendingException$ = [-3, n0, _APE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(AuthorizationPendingException$, AuthorizationPendingException);
+export var ExpiredTokenException$ = [-3, n0, _ETE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(ExpiredTokenException$, ExpiredTokenException);
+export var InternalServerException$ = [-3, n0, _ISE,
+    { [_e]: _se, [_hE]: 500 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(InternalServerException$, InternalServerException);
+export var InvalidClientException$ = [-3, n0, _ICE,
+    { [_e]: _c, [_hE]: 401 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(InvalidClientException$, InvalidClientException);
+export var InvalidClientMetadataException$ = [-3, n0, _ICME,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(InvalidClientMetadataException$, InvalidClientMetadataException);
+export var InvalidGrantException$ = [-3, n0, _IGE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(InvalidGrantException$, InvalidGrantException);
+export var InvalidRedirectUriException$ = [-3, n0, _IRUE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(InvalidRedirectUriException$, InvalidRedirectUriException);
+export var InvalidRequestException$ = [-3, n0, _IRE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _r, _ed],
+    [0, 0, 0]
+];
+n0_registry.registerError(InvalidRequestException$, InvalidRequestException);
+export var InvalidRequestRegionException$ = [-3, n0, _IRRE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed, _en, _re],
+    [0, 0, 0, 0]
+];
+n0_registry.registerError(InvalidRequestRegionException$, InvalidRequestRegionException);
+export var InvalidScopeException$ = [-3, n0, _ISEn,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(InvalidScopeException$, InvalidScopeException);
+export var SlowDownException$ = [-3, n0, _SDE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(SlowDownException$, SlowDownException);
+export var UnauthorizedClientException$ = [-3, n0, _UCE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(UnauthorizedClientException$, UnauthorizedClientException);
+export var UnsupportedGrantTypeException$ = [-3, n0, _UGTE,
+    { [_e]: _c, [_hE]: 400 },
+    [_e, _ed],
+    [0, 0]
+];
+n0_registry.registerError(UnsupportedGrantTypeException$, UnsupportedGrantTypeException);
+export const errorTypeRegistries = [
+    _s_registry,
+    n0_registry,
+];
+var AccessToken = [0, n0, _AT, 8, 0];
+var Assertion = [0, n0, _A, 8, 0];
+var ClientSecret = [0, n0, _CS, 8, 0];
+var CodeVerifier = [0, n0, _CV, 8, 0];
+var IdToken = [0, n0, _IT, 8, 0];
+var RefreshToken = [0, n0, _RT, 8, 0];
+var SubjectToken = [0, n0, _ST, 8, 0];
+export var AwsAdditionalDetails$ = [3, n0, _AAD,
+    0,
+    [_iC],
+    [0]
+];
+export var CreateTokenRequest$ = [3, n0, _CTR,
+    0,
+    [_cI, _cS, _gT, _dC, _co, _rT, _sc, _rU, _cV],
+    [0, [() => ClientSecret, 0], 0, 0, 0, [() => RefreshToken, 0], 64 | 0, 0, [() => CodeVerifier, 0]], 3
+];
+export var CreateTokenResponse$ = [3, n0, _CTRr,
+    0,
+    [_aT, _tT, _eI, _rT, _iT],
+    [[() => AccessToken, 0], 0, 1, [() => RefreshToken, 0], [() => IdToken, 0]]
+];
+export var CreateTokenWithIAMRequest$ = [3, n0, _CTWIAMR,
+    0,
+    [_cI, _gT, _co, _rT, _a, _sc, _rU, _sT, _sTT, _rTT, _cV],
+    [0, 0, 0, [() => RefreshToken, 0], [() => Assertion, 0], 64 | 0, 0, [() => SubjectToken, 0], 0, 0, [() => CodeVerifier, 0]], 2
+];
+export var CreateTokenWithIAMResponse$ = [3, n0, _CTWIAMRr,
+    0,
+    [_aT, _tT, _eI, _rT, _iT, _iTT, _sc, _aAD],
+    [[() => AccessToken, 0], 0, 1, [() => RefreshToken, 0], [() => IdToken, 0], 0, 64 | 0, () => AwsAdditionalDetails$]
+];
+export var RegisterClientRequest$ = [3, n0, _RCR,
+    0,
+    [_cN, _cT, _sco, _rUe, _gTr, _iU, _eAA],
+    [0, 0, 64 | 0, 64 | 0, 64 | 0, 0, 0], 2
+];
+export var RegisterClientResponse$ = [3, n0, _RCRe,
+    0,
+    [_cI, _cS, _cIIA, _cSEA, _aE, _tE],
+    [0, [() => ClientSecret, 0], 1, 1, 0, 0]
+];
+export var StartDeviceAuthorizationRequest$ = [3, n0, _SDAR,
+    0,
+    [_cI, _cS, _sU],
+    [0, [() => ClientSecret, 0], 0], 3
+];
+export var StartDeviceAuthorizationResponse$ = [3, n0, _SDARt,
+    0,
+    [_dC, _uC, _vU, _vUC, _eI, _i],
+    [0, 0, 0, 0, 1, 1]
+];
+var GrantTypes = 64 | 0;
+var RedirectUris = 64 | 0;
+var Scopes = 64 | 0;
+export var CreateToken$ = [9, n0, _CT,
+    { [_h]: ["POST", "/token", 200] }, () => CreateTokenRequest$, () => CreateTokenResponse$
+];
+export var CreateTokenWithIAM$ = [9, n0, _CTWIAM,
+    { [_h]: ["POST", "/token?aws_iam=t", 200] }, () => CreateTokenWithIAMRequest$, () => CreateTokenWithIAMResponse$
+];
+export var RegisterClient$ = [9, n0, _RC,
+    { [_h]: ["POST", "/client/register", 200] }, () => RegisterClientRequest$, () => RegisterClientResponse$
+];
+export var StartDeviceAuthorization$ = [9, n0, _SDA,
+    { [_h]: ["POST", "/device_authorization", 200] }, () => StartDeviceAuthorizationRequest$, () => StartDeviceAuthorizationResponse$
+];

package/dist-types/SSOOIDC.d.ts

@@ -0,0 +1,76 @@
+import type { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
+import { CreateTokenCommandInput, CreateTokenCommandOutput } from "./commands/CreateTokenCommand";
+import { CreateTokenWithIAMCommandInput, CreateTokenWithIAMCommandOutput } from "./commands/CreateTokenWithIAMCommand";
+import { RegisterClientCommandInput, RegisterClientCommandOutput } from "./commands/RegisterClientCommand";
+import { StartDeviceAuthorizationCommandInput, StartDeviceAuthorizationCommandOutput } from "./commands/StartDeviceAuthorizationCommand";
+import { SSOOIDCClient } from "./SSOOIDCClient";
+export interface SSOOIDC {
+    /**
+     * @see {@link CreateTokenCommand}
+     */
+    createToken(args: CreateTokenCommandInput, options?: __HttpHandlerOptions): Promise<CreateTokenCommandOutput>;
+    createToken(args: CreateTokenCommandInput, cb: (err: any, data?: CreateTokenCommandOutput) => void): void;
+    createToken(args: CreateTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateTokenCommandOutput) => void): void;
+    /**
+     * @see {@link CreateTokenWithIAMCommand}
+     */
+    createTokenWithIAM(args: CreateTokenWithIAMCommandInput, options?: __HttpHandlerOptions): Promise<CreateTokenWithIAMCommandOutput>;
+    createTokenWithIAM(args: CreateTokenWithIAMCommandInput, cb: (err: any, data?: CreateTokenWithIAMCommandOutput) => void): void;
+    createTokenWithIAM(args: CreateTokenWithIAMCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateTokenWithIAMCommandOutput) => void): void;
+    /**
+     * @see {@link RegisterClientCommand}
+     */
+    registerClient(args: RegisterClientCommandInput, options?: __HttpHandlerOptions): Promise<RegisterClientCommandOutput>;
+    registerClient(args: RegisterClientCommandInput, cb: (err: any, data?: RegisterClientCommandOutput) => void): void;
+    registerClient(args: RegisterClientCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RegisterClientCommandOutput) => void): void;
+    /**
+     * @see {@link StartDeviceAuthorizationCommand}
+     */
+    startDeviceAuthorization(args: StartDeviceAuthorizationCommandInput, options?: __HttpHandlerOptions): Promise<StartDeviceAuthorizationCommandOutput>;
+    startDeviceAuthorization(args: StartDeviceAuthorizationCommandInput, cb: (err: any, data?: StartDeviceAuthorizationCommandOutput) => void): void;
+    startDeviceAuthorization(args: StartDeviceAuthorizationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: StartDeviceAuthorizationCommandOutput) => void): void;
+}
+/**
+ * <p>IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI or a
+ *       native application) to register with IAM Identity Center. The service also enables the client to fetch the
+ *       user’s access token upon successful authentication and authorization with IAM Identity Center.</p>
+ *          <p>
+ *             <b>API namespaces</b>
+ *          </p>
+ *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
+ *          <p>
+ *             <b>Considerations for using this guide</b>
+ *          </p>
+ *          <p>Before you begin using this guide, we recommend that you first review the following
+ *       important information about how the IAM Identity Center OIDC service works.</p>
+ *          <ul>
+ *             <li>
+ *                <p>The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device
+ *           Authorization Grant standard (<a href="https://tools.ietf.org/html/rfc8628">https://tools.ietf.org/html/rfc8628</a>) that are necessary to enable single
+ *           sign-on authentication with the CLI. </p>
+ *             </li>
+ *             <li>
+ *                <p>With older versions of the CLI, the service only emits OIDC access tokens, so to
+ *           obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that
+ *           supports token refresh and doesn’t require re-authentication, update to the latest CLI
+ *           version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh
+ *           and configurable IAM Identity Center session durations. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html">Configure Amazon Web Services access portal session duration </a>. </p>
+ *             </li>
+ *             <li>
+ *                <p>The access tokens provided by this service grant access to all Amazon Web Services account
+ *           entitlements assigned to an IAM Identity Center user, not just a particular application.</p>
+ *             </li>
+ *             <li>
+ *                <p>The documentation in this guide does not describe the mechanism to convert the access
+ *           token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service
+ *           endpoints. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html">GetRoleCredentials</a> in the <i>IAM Identity Center Portal API Reference
+ *           Guide</i>.</p>
+ *             </li>
+ *          </ul>
+ *          <p>For general information about IAM Identity Center, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">What is
+ *         IAM Identity Center?</a> in the <i>IAM Identity Center User Guide</i>.</p>
+ * @public
+ */
+export declare class SSOOIDC extends SSOOIDCClient implements SSOOIDC {
+}

package/dist-types/SSOOIDCClient.d.ts

@@ -0,0 +1,229 @@
+import { type HostHeaderInputConfig, type HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
+import { type UserAgentInputConfig, type UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
+import { type RegionInputConfig, type RegionResolvedConfig } from "@smithy/config-resolver";
+import { type EndpointInputConfig, type EndpointResolvedConfig } from "@smithy/middleware-endpoint";
+import { type RetryInputConfig, type RetryResolvedConfig } from "@smithy/middleware-retry";
+import type { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
+import { type DefaultsMode as __DefaultsMode, type SmithyConfiguration as __SmithyConfiguration, type SmithyResolvedConfiguration as __SmithyResolvedConfiguration, Client as __Client } from "@smithy/smithy-client";
+import { type BodyLengthCalculator as __BodyLengthCalculator, type CheckOptionalClientConfig as __CheckOptionalClientConfig, type ChecksumConstructor as __ChecksumConstructor, type Decoder as __Decoder, type Encoder as __Encoder, type HashConstructor as __HashConstructor, type HttpHandlerOptions as __HttpHandlerOptions, type Logger as __Logger, type Provider as __Provider, type StreamCollector as __StreamCollector, type UrlParser as __UrlParser, AwsCredentialIdentityProvider, Provider, UserAgent as __UserAgent } from "@smithy/types";
+import { type HttpAuthSchemeInputConfig, type HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
+import { CreateTokenCommandInput, CreateTokenCommandOutput } from "./commands/CreateTokenCommand";
+import { CreateTokenWithIAMCommandInput, CreateTokenWithIAMCommandOutput } from "./commands/CreateTokenWithIAMCommand";
+import { RegisterClientCommandInput, RegisterClientCommandOutput } from "./commands/RegisterClientCommand";
+import { StartDeviceAuthorizationCommandInput, StartDeviceAuthorizationCommandOutput } from "./commands/StartDeviceAuthorizationCommand";
+import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
+import { type RuntimeExtension, type RuntimeExtensionsConfig } from "./runtimeExtensions";
+export { __Client };
+/**
+ * @public
+ */
+export type ServiceInputTypes = CreateTokenCommandInput | CreateTokenWithIAMCommandInput | RegisterClientCommandInput | StartDeviceAuthorizationCommandInput;
+/**
+ * @public
+ */
+export type ServiceOutputTypes = CreateTokenCommandOutput | CreateTokenWithIAMCommandOutput | RegisterClientCommandOutput | StartDeviceAuthorizationCommandOutput;
+/**
+ * @public
+ */
+export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
+    /**
+     * The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
+     */
+    requestHandler?: __HttpHandlerUserInput;
+    /**
+     * A constructor for a class implementing the {@link @smithy/types#ChecksumConstructor} interface
+     * that computes the SHA-256 HMAC or checksum of a string or binary buffer.
+     * @internal
+     */
+    sha256?: __ChecksumConstructor | __HashConstructor;
+    /**
+     * The function that will be used to convert strings into HTTP endpoints.
+     * @internal
+     */
+    urlParser?: __UrlParser;
+    /**
+     * A function that can calculate the length of a request body.
+     * @internal
+     */
+    bodyLengthChecker?: __BodyLengthCalculator;
+    /**
+     * A function that converts a stream into an array of bytes.
+     * @internal
+     */
+    streamCollector?: __StreamCollector;
+    /**
+     * The function that will be used to convert a base64-encoded string to a byte array.
+     * @internal
+     */
+    base64Decoder?: __Decoder;
+    /**
+     * The function that will be used to convert binary data to a base64-encoded string.
+     * @internal
+     */
+    base64Encoder?: __Encoder;
+    /**
+     * The function that will be used to convert a UTF8-encoded string to a byte array.
+     * @internal
+     */
+    utf8Decoder?: __Decoder;
+    /**
+     * The function that will be used to convert binary data to a UTF-8 encoded string.
+     * @internal
+     */
+    utf8Encoder?: __Encoder;
+    /**
+     * The runtime environment.
+     * @internal
+     */
+    runtime?: string;
+    /**
+     * Disable dynamically changing the endpoint of the client based on the hostPrefix
+     * trait of an operation.
+     */
+    disableHostPrefix?: boolean;
+    /**
+     * Unique service identifier.
+     * @internal
+     */
+    serviceId?: string;
+    /**
+     * Enables IPv6/IPv4 dualstack endpoint.
+     */
+    useDualstackEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * Enables FIPS compatible endpoints.
+     */
+    useFipsEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * The AWS region to which this client will send requests
+     */
+    region?: string | __Provider<string>;
+    /**
+     * Setting a client profile is similar to setting a value for the
+     * AWS_PROFILE environment variable. Setting a profile on a client
+     * in code only affects the single client instance, unlike AWS_PROFILE.
+     *
+     * When set, and only for environments where an AWS configuration
+     * file exists, fields configurable by this file will be retrieved
+     * from the specified profile within that file.
+     * Conflicting code configuration and environment variables will
+     * still have higher priority.
+     *
+     * For client credential resolution that involves checking the AWS
+     * configuration file, the client's profile (this value) will be
+     * used unless a different profile is set in the credential
+     * provider options.
+     *
+     */
+    profile?: string;
+    /**
+     * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+     * @internal
+     */
+    defaultUserAgentProvider?: Provider<__UserAgent>;
+    /**
+     * Default credentials provider; Not available in browser runtime.
+     * @deprecated
+     * @internal
+     */
+    credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
+    /**
+     * Value for how many times a request will be made at most in case of retry.
+     */
+    maxAttempts?: number | __Provider<number>;
+    /**
+     * Specifies which retry algorithm to use.
+     * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-smithy-util-retry/Enum/RETRY_MODES/
+     *
+     */
+    retryMode?: string | __Provider<string>;
+    /**
+     * Optional logger for logging debug/info/warn/error.
+     */
+    logger?: __Logger;
+    /**
+     * Optional extensions
+     */
+    extensions?: RuntimeExtension[];
+    /**
+     * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
+     */
+    defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
+}
+/**
+ * @public
+ */
+export type SSOOIDCClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & HttpAuthSchemeInputConfig & ClientInputEndpointParameters;
+/**
+ * @public
+ *
+ *  The configuration interface of SSOOIDCClient class constructor that set the region, credentials and other options.
+ */
+export interface SSOOIDCClientConfig extends SSOOIDCClientConfigType {
+}
+/**
+ * @public
+ */
+export type SSOOIDCClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters;
+/**
+ * @public
+ *
+ *  The resolved configuration interface of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}.
+ */
+export interface SSOOIDCClientResolvedConfig extends SSOOIDCClientResolvedConfigType {
+}
+/**
+ * <p>IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI or a
+ *       native application) to register with IAM Identity Center. The service also enables the client to fetch the
+ *       user’s access token upon successful authentication and authorization with IAM Identity Center.</p>
+ *          <p>
+ *             <b>API namespaces</b>
+ *          </p>
+ *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
+ *          <p>
+ *             <b>Considerations for using this guide</b>
+ *          </p>
+ *          <p>Before you begin using this guide, we recommend that you first review the following
+ *       important information about how the IAM Identity Center OIDC service works.</p>
+ *          <ul>
+ *             <li>
+ *                <p>The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device
+ *           Authorization Grant standard (<a href="https://tools.ietf.org/html/rfc8628">https://tools.ietf.org/html/rfc8628</a>) that are necessary to enable single
+ *           sign-on authentication with the CLI. </p>
+ *             </li>
+ *             <li>
+ *                <p>With older versions of the CLI, the service only emits OIDC access tokens, so to
+ *           obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that
+ *           supports token refresh and doesn’t require re-authentication, update to the latest CLI
+ *           version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh
+ *           and configurable IAM Identity Center session durations. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html">Configure Amazon Web Services access portal session duration </a>. </p>
+ *             </li>
+ *             <li>
+ *                <p>The access tokens provided by this service grant access to all Amazon Web Services account
+ *           entitlements assigned to an IAM Identity Center user, not just a particular application.</p>
+ *             </li>
+ *             <li>
+ *                <p>The documentation in this guide does not describe the mechanism to convert the access
+ *           token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service
+ *           endpoints. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html">GetRoleCredentials</a> in the <i>IAM Identity Center Portal API Reference
+ *           Guide</i>.</p>
+ *             </li>
+ *          </ul>
+ *          <p>For general information about IAM Identity Center, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">What is
+ *         IAM Identity Center?</a> in the <i>IAM Identity Center User Guide</i>.</p>
+ * @public
+ */
+export declare class SSOOIDCClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, SSOOIDCClientResolvedConfig> {
+    /**
+     * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}.
+     */
+    readonly config: SSOOIDCClientResolvedConfig;
+    constructor(...[configuration]: __CheckOptionalClientConfig<SSOOIDCClientConfig>);
+    /**
+     * Destroy underlying resources, like sockets. It's usually not necessary to do this.
+     * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed.
+     * Otherwise, sockets might stay open for quite a long time before the server terminates them.
+     */
+    destroy(): void;
+}

package/dist-types/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,29 @@
+import { type HttpAuthScheme, AwsCredentialIdentity, AwsCredentialIdentityProvider } from "@smithy/types";
+import type { SSOOIDCHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+    httpAuthSchemes(): HttpAuthScheme[];
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: SSOOIDCHttpAuthSchemeProvider): void;
+    httpAuthSchemeProvider(): SSOOIDCHttpAuthSchemeProvider;
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+    httpAuthSchemes: HttpAuthScheme[];
+    httpAuthSchemeProvider: SSOOIDCHttpAuthSchemeProvider;
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+/**
+ * @internal
+ */
+export declare const getHttpAuthExtensionConfiguration: (runtimeConfig: HttpAuthRuntimeConfig) => HttpAuthExtensionConfiguration;
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthRuntimeConfig: (config: HttpAuthExtensionConfiguration) => HttpAuthRuntimeConfig;