p6-cdk-s3-protector 0.0.48 → 0.0.50

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/commands/CreateOAuth2TokenCommand.d.ts

@@ -0,0 +1,157 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { CreateOAuth2TokenRequest, CreateOAuth2TokenResponse } from "../models/models_0";
+import { SigninClientResolvedConfig } from "../SigninClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateOAuth2TokenCommand}.
+ */
+export interface CreateOAuth2TokenCommandInput extends CreateOAuth2TokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateOAuth2TokenCommand}.
+ */
+export interface CreateOAuth2TokenCommandOutput extends CreateOAuth2TokenResponse, __MetadataBearer {
+}
+declare const CreateOAuth2TokenCommand_base: {
+    new (input: CreateOAuth2TokenCommandInput): import("@smithy/smithy-client").CommandImpl<CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput, SigninClientResolvedConfig, CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput>;
+    new (input: CreateOAuth2TokenCommandInput): import("@smithy/smithy-client").CommandImpl<CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput, SigninClientResolvedConfig, CreateOAuth2TokenCommandInput, CreateOAuth2TokenCommandOutput>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * CreateOAuth2Token API
+ *
+ * Path: /v1/token
+ * Request Method: POST
+ * Content-Type: application/json or application/x-www-form-urlencoded
+ *
+ * This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:
+ * 1. Authorization code redemption (grant_type=authorization_code) - NOT idempotent
+ * 2. Token refresh (grant_type=refresh_token) - Idempotent within token validity window
+ *
+ * The operation behavior is determined by the grant_type parameter in the request body:
+ *
+ * **Authorization Code Flow (NOT Idempotent):**
+ * - JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
+ * - Returns access_token, token_type, expires_in, refresh_token, and id_token
+ * - Each authorization code can only be used ONCE for security (prevents replay attacks)
+ *
+ * **Token Refresh Flow (Idempotent):**
+ * - JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
+ * - Returns access_token, token_type, expires_in, and refresh_token (no id_token)
+ * - Multiple calls with same refresh_token return consistent results within validity window
+ *
+ * Authentication and authorization:
+ * - Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
+ * - CLI clients (public): authn/authz skipped based on client_id & grant_type
+ *
+ * Note: This operation cannot be marked as @idempotent because it handles both idempotent
+ * (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { SigninClient, CreateOAuth2TokenCommand } from "@aws-sdk/client-signin"; // ES Modules import
+ * // const { SigninClient, CreateOAuth2TokenCommand } = require("@aws-sdk/client-signin"); // CommonJS import
+ * // import type { SigninClientConfig } from "@aws-sdk/client-signin";
+ * const config = {}; // type is SigninClientConfig
+ * const client = new SigninClient(config);
+ * const input = { // CreateOAuth2TokenRequest
+ *   tokenInput: { // CreateOAuth2TokenRequestBody
+ *     clientId: "STRING_VALUE", // required
+ *     grantType: "STRING_VALUE", // required
+ *     code: "STRING_VALUE",
+ *     redirectUri: "STRING_VALUE",
+ *     codeVerifier: "STRING_VALUE",
+ *     refreshToken: "STRING_VALUE",
+ *   },
+ * };
+ * const command = new CreateOAuth2TokenCommand(input);
+ * const response = await client.send(command);
+ * // { // CreateOAuth2TokenResponse
+ * //   tokenOutput: { // CreateOAuth2TokenResponseBody
+ * //     accessToken: { // AccessToken
+ * //       accessKeyId: "STRING_VALUE", // required
+ * //       secretAccessKey: "STRING_VALUE", // required
+ * //       sessionToken: "STRING_VALUE", // required
+ * //     },
+ * //     tokenType: "STRING_VALUE", // required
+ * //     expiresIn: Number("int"), // required
+ * //     refreshToken: "STRING_VALUE", // required
+ * //     idToken: "STRING_VALUE",
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param CreateOAuth2TokenCommandInput - {@link CreateOAuth2TokenCommandInput}
+ * @returns {@link CreateOAuth2TokenCommandOutput}
+ * @see {@link CreateOAuth2TokenCommandInput} for command's `input` shape.
+ * @see {@link CreateOAuth2TokenCommandOutput} for command's `response` shape.
+ * @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  Error thrown for access denied scenarios with flexible HTTP status mapping
+ *
+ * Runtime HTTP Status Code Mapping:
+ * - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
+ * - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
+ *
+ * The specific HTTP status code is determined at runtime based on the error enum value.
+ * Consumers should use the error field to determine the specific access denial reason.
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  Error thrown when an internal server error occurs
+ *
+ * HTTP Status Code: 500 Internal Server Error
+ *
+ * Used for unexpected server-side errors that prevent request processing.
+ *
+ * @throws {@link TooManyRequestsError} (client fault)
+ *  Error thrown when rate limit is exceeded
+ *
+ * HTTP Status Code: 429 Too Many Requests
+ *
+ * Possible OAuth2ErrorCode values:
+ * - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
+ *
+ * Possible causes:
+ * - Too many token requests from the same client
+ * - Rate limiting based on client_id or IP address
+ * - Abuse prevention mechanisms triggered
+ * - Service protection against excessive token generation
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  Error thrown when request validation fails
+ *
+ * HTTP Status Code: 400 Bad Request
+ *
+ * Used for request validation errors such as malformed parameters,
+ * missing required fields, or invalid parameter values.
+ *
+ * @throws {@link SigninServiceException}
+ * <p>Base exception class for all service exceptions from Signin service.</p>
+ *
+ *
+ * @public
+ */
+export declare class CreateOAuth2TokenCommand extends CreateOAuth2TokenCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CreateOAuth2TokenRequest;
+            output: CreateOAuth2TokenResponse;
+        };
+        sdk: {
+            input: CreateOAuth2TokenCommandInput;
+            output: CreateOAuth2TokenCommandOutput;
+        };
+    };
+}

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/commands/index.d.ts

@@ -0,0 +1 @@
+export * from "./CreateOAuth2TokenCommand";

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts → nested-clients/dist-types/submodules/signin}/extensionConfiguration.d.ts

@@ -5,5 +5,5 @@ import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfigur
 /**
  * @internal
  */
-export interface STSExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration, HttpAuthExtensionConfiguration {
+export interface SigninExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration, HttpAuthExtensionConfiguration {
 }

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * AWS Sign-In manages authentication for AWS services. This service provides
+ * secure authentication flows for accessing AWS resources from the console and developer tools.
+ *
+ * @packageDocumentation
+ */
+export * from "./SigninClient";
+export * from "./Signin";
+export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
+export type { RuntimeExtension } from "./runtimeExtensions";
+export type { SigninExtensionConfiguration } from "./extensionConfiguration";
+export * from "./commands";
+export * from "./models/enums";
+export * from "./models/errors";
+export type * from "./models/models_0";
+export { SigninServiceException } from "./models/SigninServiceException";

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts/models/STSServiceException.d.ts → nested-clients/dist-types/submodules/signin/models/SigninServiceException.d.ts}

@@ -4,9 +4,9 @@ export { __ServiceException };
 /**
  * @public
  *
- * Base exception class for all service exceptions from STS service.
+ * Base exception class for all service exceptions from Signin service.
  */
-export declare class STSServiceException extends __ServiceException {
+export declare class SigninServiceException extends __ServiceException {
     /**
      * @internal
      */

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/models/enums.d.ts

@@ -0,0 +1,34 @@
+/**
+ * @public
+ * @enum
+ */
+export declare const OAuth2ErrorCode: {
+    /**
+     * Authorization code has expired
+     */
+    readonly AUTHCODE_EXPIRED: "AUTHCODE_EXPIRED";
+    /**
+     * Insufficient permissions to perform this operation
+     */
+    readonly INSUFFICIENT_PERMISSIONS: "INSUFFICIENT_PERMISSIONS";
+    /**
+     * The request is missing a required parameter, includes an invalid parameter value, or is otherwise malformed
+     */
+    readonly INVALID_REQUEST: "INVALID_REQUEST";
+    /**
+     * Internal server error occurred
+     */
+    readonly SERVER_ERROR: "server_error";
+    /**
+     * Token has expired and needs to be refreshed
+     */
+    readonly TOKEN_EXPIRED: "TOKEN_EXPIRED";
+    /**
+     * User credentials have been changed
+     */
+    readonly USER_CREDENTIALS_CHANGED: "USER_CREDENTIALS_CHANGED";
+};
+/**
+ * @public
+ */
+export type OAuth2ErrorCode = (typeof OAuth2ErrorCode)[keyof typeof OAuth2ErrorCode];

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/models/errors.d.ts

@@ -0,0 +1,102 @@
+import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
+import { OAuth2ErrorCode } from "./enums";
+import { SigninServiceException as __BaseException } from "./SigninServiceException";
+/**
+ * Error thrown for access denied scenarios with flexible HTTP status mapping
+ *
+ * Runtime HTTP Status Code Mapping:
+ * - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
+ * - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
+ *
+ * The specific HTTP status code is determined at runtime based on the error enum value.
+ * Consumers should use the error field to determine the specific access denial reason.
+ * @public
+ */
+export declare class AccessDeniedException extends __BaseException {
+    readonly name: "AccessDeniedException";
+    readonly $fault: "client";
+    /**
+     * OAuth 2.0 error code indicating the specific type of access denial
+     * Can be TOKEN_EXPIRED, AUTHCODE_EXPIRED, USER_CREDENTIALS_CHANGED, or INSUFFICIENT_PERMISSIONS
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>);
+}
+/**
+ * Error thrown when an internal server error occurs
+ *
+ * HTTP Status Code: 500 Internal Server Error
+ *
+ * Used for unexpected server-side errors that prevent request processing.
+ * @public
+ */
+export declare class InternalServerException extends __BaseException {
+    readonly name: "InternalServerException";
+    readonly $fault: "server";
+    /**
+     * OAuth 2.0 error code indicating server error
+     * Will be SERVER_ERROR for internal server errors
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InternalServerException, __BaseException>);
+}
+/**
+ * Error thrown when rate limit is exceeded
+ *
+ * HTTP Status Code: 429 Too Many Requests
+ *
+ * Possible OAuth2ErrorCode values:
+ * - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
+ *
+ * Possible causes:
+ * - Too many token requests from the same client
+ * - Rate limiting based on client_id or IP address
+ * - Abuse prevention mechanisms triggered
+ * - Service protection against excessive token generation
+ * @public
+ */
+export declare class TooManyRequestsError extends __BaseException {
+    readonly name: "TooManyRequestsError";
+    readonly $fault: "client";
+    /**
+     * OAuth 2.0 error code indicating the specific type of error
+     * Will be INVALID_REQUEST for rate limiting scenarios
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<TooManyRequestsError, __BaseException>);
+}
+/**
+ * Error thrown when request validation fails
+ *
+ * HTTP Status Code: 400 Bad Request
+ *
+ * Used for request validation errors such as malformed parameters,
+ * missing required fields, or invalid parameter values.
+ * @public
+ */
+export declare class ValidationException extends __BaseException {
+    readonly name: "ValidationException";
+    readonly $fault: "client";
+    /**
+     * OAuth 2.0 error code indicating validation failure
+     * Will be INVALID_REQUEST for validation errors
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ValidationException, __BaseException>);
+}

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/models/models_0.d.ts

@@ -0,0 +1,142 @@
+/**
+ * AWS credentials structure containing temporary access credentials
+ *
+ * The scoped-down, 15 minute duration AWS credentials.
+ * Scoping down will be based on CLI policy (CLI team needs to create it).
+ * Similar to cloud shell implementation.
+ * @public
+ */
+export interface AccessToken {
+    /**
+     * AWS access key ID for temporary credentials
+     * @public
+     */
+    accessKeyId: string | undefined;
+    /**
+     * AWS secret access key for temporary credentials
+     * @public
+     */
+    secretAccessKey: string | undefined;
+    /**
+     * AWS session token for temporary credentials
+     * @public
+     */
+    sessionToken: string | undefined;
+}
+/**
+ * Request body payload for CreateOAuth2Token operation
+ *
+ * The operation type is determined by the grant_type parameter:
+ * - grant_type=authorization_code: Requires code, redirect_uri, code_verifier
+ * - grant_type=refresh_token: Requires refresh_token
+ * @public
+ */
+export interface CreateOAuth2TokenRequestBody {
+    /**
+     * The client identifier (ARN) used during Sign-In onboarding
+     * Required for both authorization code and refresh token flows
+     * @public
+     */
+    clientId: string | undefined;
+    /**
+     * OAuth 2.0 grant type - determines which flow is used
+     * Must be "authorization_code" or "refresh_token"
+     * @public
+     */
+    grantType: string | undefined;
+    /**
+     * The authorization code received from /v1/authorize
+     * Required only when grant_type=authorization_code
+     * @public
+     */
+    code?: string | undefined;
+    /**
+     * The redirect URI that must match the original authorization request
+     * Required only when grant_type=authorization_code
+     * @public
+     */
+    redirectUri?: string | undefined;
+    /**
+     * PKCE code verifier to prove possession of the original code challenge
+     * Required only when grant_type=authorization_code
+     * @public
+     */
+    codeVerifier?: string | undefined;
+    /**
+     * The refresh token returned from auth_code redemption
+     * Required only when grant_type=refresh_token
+     * @public
+     */
+    refreshToken?: string | undefined;
+}
+/**
+ * Input structure for CreateOAuth2Token operation
+ *
+ * Contains flattened token operation inputs for both authorization code and refresh token flows.
+ * The operation type is determined by the grant_type parameter in the request body.
+ * @public
+ */
+export interface CreateOAuth2TokenRequest {
+    /**
+     * Flattened token operation inputs
+     * The specific operation is determined by grant_type in the request body
+     * @public
+     */
+    tokenInput: CreateOAuth2TokenRequestBody | undefined;
+}
+/**
+ * Response body payload for CreateOAuth2Token operation
+ *
+ * The response content depends on the grant_type from the request:
+ * - grant_type=authorization_code: Returns all fields including refresh_token and id_token
+ * - grant_type=refresh_token: Returns access_token, token_type, expires_in, refresh_token (no id_token)
+ * @public
+ */
+export interface CreateOAuth2TokenResponseBody {
+    /**
+     * Scoped-down AWS credentials (15 minute duration)
+     * Present for both authorization code redemption and token refresh
+     * @public
+     */
+    accessToken: AccessToken | undefined;
+    /**
+     * Token type indicating this is AWS SigV4 credentials
+     * Value is "aws_sigv4" for both flows
+     * @public
+     */
+    tokenType: string | undefined;
+    /**
+     * Time to expiry in seconds (maximum 900)
+     * Present for both authorization code redemption and token refresh
+     * @public
+     */
+    expiresIn: number | undefined;
+    /**
+     * Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of presented jwk)
+     * Always present in responses (required for both flows)
+     * @public
+     */
+    refreshToken: string | undefined;
+    /**
+     * ID token containing user identity information
+     * Present only in authorization code redemption response (grant_type=authorization_code)
+     * Not included in token refresh responses
+     * @public
+     */
+    idToken?: string | undefined;
+}
+/**
+ * Output structure for CreateOAuth2Token operation
+ *
+ * Contains flattened token operation outputs for both authorization code and refresh token flows.
+ * The response content depends on the grant_type from the original request.
+ * @public
+ */
+export interface CreateOAuth2TokenResponse {
+    /**
+     * Flattened token operation outputs
+     * The specific response fields depend on the grant_type used in the request
+     * @public
+     */
+    tokenOutput: CreateOAuth2TokenResponseBody | undefined;
+}

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sso-oidc → nested-clients/dist-types/submodules/signin}/runtimeConfig.browser.d.ts

@@ -1,12 +1,13 @@
 import { FetchHttpHandler as RequestHandler } from "@smithy/fetch-http-handler";
-import { SSOOIDCClientConfig } from "./SSOOIDCClient";
+import { SigninClientConfig } from "./SigninClient";
 /**
  * @internal
  */
-export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
+export declare const getRuntimeConfig: (config: SigninClientConfig) => {
     runtime: string;
     defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
+    credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((_: unknown) => () => Promise<import("@smithy/types").AwsCredentialIdentity>);
     defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-browser").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
     maxAttempts: number | import("@smithy/types").Provider<number>;
     region: string | import("@smithy/types").Provider<any>;
@@ -48,7 +49,7 @@ export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
         identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
         signer: import("@smithy/core").NoAuthSigner;
     })[];
-    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SSOOIDCHttpAuthSchemeProvider;
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SigninHttpAuthSchemeProvider;
     credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme) => Promise<import("@smithy/types").RequestSigner>);
     signingEscapePath?: boolean;

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sso-oidc → nested-clients/dist-types/submodules/signin}/runtimeConfig.d.ts

@@ -1,9 +1,9 @@
 import { NodeHttpHandler as RequestHandler } from "@smithy/node-http-handler";
-import { SSOOIDCClientConfig } from "./SSOOIDCClient";
+import { SigninClientConfig } from "./SigninClient";
 /**
  * @internal
  */
-export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
+export declare const getRuntimeConfig: (config: SigninClientConfig) => {
     runtime: string;
     defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     authSchemePreference: string[] | import("@smithy/types").Provider<string[]>;
@@ -28,6 +28,7 @@ export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
     disableHostPrefix: boolean;
     serviceId: string;
     profile?: string;
+    credentialDefaultProvider?: (input: any) => import("@smithy/types").AwsCredentialIdentityProvider;
     logger: import("@smithy/types").Logger;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
     protocol: import("@smithy/types").ClientProtocol<import("@smithy/types").HttpRequest, import("@smithy/types").HttpResponse>;
@@ -48,7 +49,7 @@ export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
         identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
         signer: import("@smithy/core").NoAuthSigner;
     })[];
-    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SSOOIDCHttpAuthSchemeProvider;
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SigninHttpAuthSchemeProvider;
     credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme) => Promise<import("@smithy/types").RequestSigner>);
     signingEscapePath?: boolean;

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sso-oidc → nested-clients/dist-types/submodules/signin}/runtimeConfig.native.d.ts

@@ -1,8 +1,8 @@
-import { SSOOIDCClientConfig } from "./SSOOIDCClient";
+import { SigninClientConfig } from "./SigninClient";
 /**
  * @internal
  */
-export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
+export declare const getRuntimeConfig: (config: SigninClientConfig) => {
     runtime: string;
     sha256: import("@smithy/types").HashConstructor;
     requestHandler: import("@smithy/types").NodeHttpHandlerOptions | import("@smithy/types").FetchHttpHandlerOptions | Record<string, unknown> | import("@smithy/protocol-http").HttpHandler<any> | import("@smithy/fetch-http-handler").FetchHttpHandler;
@@ -22,6 +22,7 @@ export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
     region: string | import("@smithy/types").Provider<any>;
     profile?: string;
     defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-browser").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
+    credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((_: unknown) => () => Promise<import("@smithy/types").AwsCredentialIdentity>);
     maxAttempts: number | import("@smithy/types").Provider<number>;
     retryMode: string | import("@smithy/types").Provider<string>;
     logger: import("@smithy/types").Logger;
@@ -47,7 +48,7 @@ export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
         identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
         signer: import("@smithy/core").NoAuthSigner;
     })[];
-    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SSOOIDCHttpAuthSchemeProvider;
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SigninHttpAuthSchemeProvider;
     credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme) => Promise<import("@smithy/types").RequestSigner>);
     signingEscapePath?: boolean;

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sso-oidc → nested-clients/dist-types/submodules/signin}/runtimeConfig.shared.d.ts

@@ -1,11 +1,11 @@
 import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoAuthSigner } from "@smithy/core";
 import { IdentityProviderConfig } from "@smithy/types";
-import { SSOOIDCClientConfig } from "./SSOOIDCClient";
+import { SigninClientConfig } from "./SigninClient";
 /**
  * @internal
  */
-export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
+export declare const getRuntimeConfig: (config: SigninClientConfig) => {
     apiVersion: string;
     base64Decoder: import("@smithy/types").Decoder;
     base64Encoder: (_input: Uint8Array | string) => string;
@@ -14,7 +14,7 @@ export declare const getRuntimeConfig: (config: SSOOIDCClientConfig) => {
         logger?: import("@smithy/types").Logger;
     }) => import("@smithy/types").EndpointV2;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
-    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SSOOIDCHttpAuthSchemeProvider;
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SigninHttpAuthSchemeProvider;
     httpAuthSchemes: import("@smithy/types").HttpAuthScheme[] | ({
         schemeId: string;
         identityProvider: (ipc: IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | undefined;

package/node_modules/@aws-sdk/{token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts → nested-clients/dist-types/submodules/signin}/runtimeExtensions.d.ts

@@ -1,9 +1,9 @@
-import { STSExtensionConfiguration } from "./extensionConfiguration";
+import { SigninExtensionConfiguration } from "./extensionConfiguration";
 /**
  * @public
  */
 export interface RuntimeExtension {
-    configure(extensionConfiguration: STSExtensionConfiguration): void;
+    configure(extensionConfiguration: SigninExtensionConfiguration): void;
 }
 /**
  * @public

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/signin/schemas/schemas_0.d.ts

@@ -0,0 +1,14 @@
+import { StaticErrorSchema, StaticOperationSchema, StaticSimpleSchema, StaticStructureSchema } from "@smithy/types";
+export declare var RefreshToken: StaticSimpleSchema;
+export declare var AccessDeniedException: StaticErrorSchema;
+export declare var AccessToken: StaticStructureSchema;
+export declare var CreateOAuth2TokenRequest: StaticStructureSchema;
+export declare var CreateOAuth2TokenRequestBody: StaticStructureSchema;
+export declare var CreateOAuth2TokenResponse: StaticStructureSchema;
+export declare var CreateOAuth2TokenResponseBody: StaticStructureSchema;
+export declare var InternalServerException: StaticErrorSchema;
+export declare var TooManyRequestsError: StaticErrorSchema;
+export declare var ValidationException: StaticErrorSchema;
+export declare var __Unit: "unit";
+export declare var SigninServiceException: StaticErrorSchema;
+export declare var CreateOAuth2Token: StaticOperationSchema;

package/node_modules/@aws-sdk/{credential-provider-node/node_modules/@aws-sdk/nested-clients → nested-clients}/dist-types/submodules/sso-oidc/index.d.ts

@@ -47,5 +47,7 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export type { RuntimeExtension } from "./runtimeExtensions";
 export type { SSOOIDCExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
-export * from "./models";
+export * from "./models/enums";
+export * from "./models/errors";
+export type * from "./models/models_0";
 export { SSOOIDCServiceException } from "./models/SSOOIDCServiceException";

package/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sso-oidc/models/enums.d.ts

@@ -0,0 +1,25 @@
+/**
+ * @public
+ * @enum
+ */
+export declare const AccessDeniedExceptionReason: {
+    readonly KMS_ACCESS_DENIED: "KMS_AccessDeniedException";
+};
+/**
+ * @public
+ */
+export type AccessDeniedExceptionReason = (typeof AccessDeniedExceptionReason)[keyof typeof AccessDeniedExceptionReason];
+/**
+ * @public
+ * @enum
+ */
+export declare const InvalidRequestExceptionReason: {
+    readonly KMS_DISABLED_KEY: "KMS_DisabledException";
+    readonly KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException";
+    readonly KMS_INVALID_STATE: "KMS_InvalidStateException";
+    readonly KMS_KEY_NOT_FOUND: "KMS_NotFoundException";
+};
+/**
+ * @public
+ */
+export type InvalidRequestExceptionReason = (typeof InvalidRequestExceptionReason)[keyof typeof InvalidRequestExceptionReason];