api_op_CreateTokenWithIAM.go (11101B)
1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package ssooidc 4 5 import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/service/ssooidc/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12 ) 13 14 // Creates and returns access and refresh tokens for authorized client 15 // applications that are authenticated using any IAM entity, such as a service role 16 // or user. These tokens might contain defined scopes that specify permissions such 17 // as read:profile or write:data . Through downscoping, you can use the scopes 18 // parameter to request tokens with reduced permissions compared to the original 19 // client application's permissions or, if applicable, the refresh token's scopes. 20 // The access token can be used to fetch short-lived credentials for the assigned 21 // Amazon Web Services accounts or to access application APIs using bearer 22 // authentication. 23 // 24 // This API is used with Signature Version 4. For more information, see [Amazon Web Services Signature Version 4 for API Requests]. 25 // 26 // [Amazon Web Services Signature Version 4 for API Requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html 27 func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) { 28 if params == nil { 29 params = &CreateTokenWithIAMInput{} 30 } 31 32 result, metadata, err := c.invokeOperation(ctx, "CreateTokenWithIAM", params, optFns, c.addOperationCreateTokenWithIAMMiddlewares) 33 if err != nil { 34 return nil, err 35 } 36 37 out := result.(*CreateTokenWithIAMOutput) 38 out.ResultMetadata = metadata 39 return out, nil 40 } 41 42 type CreateTokenWithIAMInput struct { 43 44 // The unique identifier string for the client or application. This value is an 45 // application ARN that has OAuth grants configured. 46 // 47 // This member is required. 48 ClientId *string 49 50 // Supports the following OAuth grant types: Authorization Code, Refresh Token, 51 // JWT Bearer, and Token Exchange. Specify one of the following values, depending 52 // on the grant type that you want: 53 // 54 // * Authorization Code - authorization_code 55 // 56 // * Refresh Token - refresh_token 57 // 58 // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer 59 // 60 // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange 61 // 62 // This member is required. 63 GrantType *string 64 65 // Used only when calling this API for the JWT Bearer grant type. This value 66 // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To 67 // authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the 68 // application. 69 Assertion *string 70 71 // Used only when calling this API for the Authorization Code grant type. This 72 // short-lived code is used to identify this authorization request. The code is 73 // obtained through a redirect from IAM Identity Center to a redirect URI persisted 74 // in the Authorization Code GrantOptions for the application. 75 Code *string 76 77 // Used only when calling this API for the Authorization Code grant type. This 78 // value is generated by the client and presented to validate the original code 79 // challenge value the client passed at authorization time. 80 CodeVerifier *string 81 82 // Used only when calling this API for the Authorization Code grant type. This 83 // value specifies the location of the client or application that has registered to 84 // receive the authorization code. 85 RedirectUri *string 86 87 // Used only when calling this API for the Refresh Token grant type. This token is 88 // used to refresh short-lived tokens, such as the access token, that might expire. 89 // 90 // For more information about the features and limitations of the current IAM 91 // Identity Center OIDC implementation, see Considerations for Using this Guide in 92 // the [IAM Identity Center OIDC API Reference]. 93 // 94 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html 95 RefreshToken *string 96 97 // Used only when calling this API for the Token Exchange grant type. This value 98 // specifies the type of token that the requester can receive. The following values 99 // are supported: 100 // 101 // * Access Token - urn:ietf:params:oauth:token-type:access_token 102 // 103 // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token 104 RequestedTokenType *string 105 106 // The list of scopes for which authorization is requested. The access token that 107 // is issued is limited to the scopes that are granted. If the value is not 108 // specified, IAM Identity Center authorizes all scopes configured for the 109 // application, including the following default scopes: openid , aws , 110 // sts:identity_context . 111 Scope []string 112 113 // Used only when calling this API for the Token Exchange grant type. This value 114 // specifies the subject of the exchange. The value of the subject token must be an 115 // access token issued by IAM Identity Center to a different client or application. 116 // The access token must have authorized scopes that indicate the requested 117 // application as a target audience. 118 SubjectToken *string 119 120 // Used only when calling this API for the Token Exchange grant type. This value 121 // specifies the type of token that is passed as the subject of the exchange. The 122 // following value is supported: 123 // 124 // * Access Token - urn:ietf:params:oauth:token-type:access_token 125 SubjectTokenType *string 126 127 noSmithyDocumentSerde 128 } 129 130 type CreateTokenWithIAMOutput struct { 131 132 // A bearer token to access Amazon Web Services accounts and applications assigned 133 // to a user. 134 AccessToken *string 135 136 // A structure containing information from IAM Identity Center managed user and 137 // group information. 138 AwsAdditionalDetails *types.AwsAdditionalDetails 139 140 // Indicates the time in seconds when an access token will expire. 141 ExpiresIn int32 142 143 // A JSON Web Token (JWT) that identifies the user associated with the issued 144 // access token. 145 IdToken *string 146 147 // Indicates the type of tokens that are issued by IAM Identity Center. The 148 // following values are supported: 149 // 150 // * Access Token - urn:ietf:params:oauth:token-type:access_token 151 // 152 // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token 153 IssuedTokenType *string 154 155 // A token that, if present, can be used to refresh a previously issued access 156 // token that might have expired. 157 // 158 // For more information about the features and limitations of the current IAM 159 // Identity Center OIDC implementation, see Considerations for Using this Guide in 160 // the [IAM Identity Center OIDC API Reference]. 161 // 162 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html 163 RefreshToken *string 164 165 // The list of scopes for which authorization is granted. The access token that is 166 // issued is limited to the scopes that are granted. 167 Scope []string 168 169 // Used to notify the requester that the returned token is an access token. The 170 // supported token type is Bearer . 171 TokenType *string 172 173 // Metadata pertaining to the operation's result. 174 ResultMetadata middleware.Metadata 175 176 noSmithyDocumentSerde 177 } 178 179 func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { 180 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { 181 return err 182 } 183 err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateTokenWithIAM{}, middleware.After) 184 if err != nil { 185 return err 186 } 187 err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateTokenWithIAM{}, middleware.After) 188 if err != nil { 189 return err 190 } 191 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateTokenWithIAM"); err != nil { 192 return fmt.Errorf("add protocol finalizers: %v", err) 193 } 194 195 if err = addlegacyEndpointContextSetter(stack, options); err != nil { 196 return err 197 } 198 if err = addSetLoggerMiddleware(stack, options); err != nil { 199 return err 200 } 201 if err = addClientRequestID(stack); err != nil { 202 return err 203 } 204 if err = addComputeContentLength(stack); err != nil { 205 return err 206 } 207 if err = addResolveEndpointMiddleware(stack, options); err != nil { 208 return err 209 } 210 if err = addComputePayloadSHA256(stack); err != nil { 211 return err 212 } 213 if err = addRetry(stack, options); err != nil { 214 return err 215 } 216 if err = addRawResponseToMetadata(stack); err != nil { 217 return err 218 } 219 if err = addRecordResponseTiming(stack); err != nil { 220 return err 221 } 222 if err = addSpanRetryLoop(stack, options); err != nil { 223 return err 224 } 225 if err = addClientUserAgent(stack, options); err != nil { 226 return err 227 } 228 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 229 return err 230 } 231 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 232 return err 233 } 234 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { 235 return err 236 } 237 if err = addTimeOffsetBuild(stack, c); err != nil { 238 return err 239 } 240 if err = addUserAgentRetryMode(stack, options); err != nil { 241 return err 242 } 243 if err = addCredentialSource(stack, options); err != nil { 244 return err 245 } 246 if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil { 247 return err 248 } 249 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil { 250 return err 251 } 252 if err = addRecursionDetection(stack); err != nil { 253 return err 254 } 255 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 256 return err 257 } 258 if err = addResponseErrorMiddleware(stack); err != nil { 259 return err 260 } 261 if err = addRequestResponseLogging(stack, options); err != nil { 262 return err 263 } 264 if err = addDisableHTTPSMiddleware(stack, options); err != nil { 265 return err 266 } 267 if err = addInterceptBeforeRetryLoop(stack, options); err != nil { 268 return err 269 } 270 if err = addInterceptAttempt(stack, options); err != nil { 271 return err 272 } 273 if err = addInterceptExecution(stack, options); err != nil { 274 return err 275 } 276 if err = addInterceptBeforeSerialization(stack, options); err != nil { 277 return err 278 } 279 if err = addInterceptAfterSerialization(stack, options); err != nil { 280 return err 281 } 282 if err = addInterceptBeforeSigning(stack, options); err != nil { 283 return err 284 } 285 if err = addInterceptAfterSigning(stack, options); err != nil { 286 return err 287 } 288 if err = addInterceptTransmit(stack, options); err != nil { 289 return err 290 } 291 if err = addInterceptBeforeDeserialization(stack, options); err != nil { 292 return err 293 } 294 if err = addInterceptAfterDeserialization(stack, options); err != nil { 295 return err 296 } 297 if err = addSpanInitializeStart(stack); err != nil { 298 return err 299 } 300 if err = addSpanInitializeEnd(stack); err != nil { 301 return err 302 } 303 if err = addSpanBuildRequestStart(stack); err != nil { 304 return err 305 } 306 if err = addSpanBuildRequestEnd(stack); err != nil { 307 return err 308 } 309 return nil 310 } 311 312 func newServiceMetadataMiddleware_opCreateTokenWithIAM(region string) *awsmiddleware.RegisterServiceMetadata { 313 return &awsmiddleware.RegisterServiceMetadata{ 314 Region: region, 315 ServiceID: ServiceID, 316 OperationName: "CreateTokenWithIAM", 317 } 318 }