Documentation ¶
Overview ¶
Package ssooidc provides the client and types for making API requests to SSO OIDC.
AWS Single Sign-On (SSO) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with AWS SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with AWS SSO. This service conforms with the OAuth 2.0 based implementation of the device authorization grant standard (https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628)).
For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the AWS SSO User Guide.
This API reference guide describes the AWS SSO OIDC operations that you can call programatically and includes detailed information on data types and errors.
AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .Net, iOS, and Android. The SDKs provide a convenient way to create programmatic access to AWS SSO and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
See https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10 for more information on this service.
See ssooidc package documentation for more information. https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/
Using the Client ¶
To use SSO OIDC with the SDK use the New function to create a new service client. With that client you can make API requests to the service. These clients are safe to use concurrently.
See the SDK's documentation for more information on how to use the SDK. https://docs.aws.amazon.com/sdk-for-go/api/
See aws.Config documentation for more information on configuring SDK clients. https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
See the SSO OIDC client for more information on creating client for this service. https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/#New
Index ¶
- Constants
- type Client
- type CreateTokenInput
- type CreateTokenOutput
- type CreateTokenRequest
- type CreateTokenResponse
- type RegisterClientInput
- type RegisterClientOutput
- type RegisterClientRequest
- type RegisterClientResponse
- type StartDeviceAuthorizationInput
- type StartDeviceAuthorizationOutput
- type StartDeviceAuthorizationRequest
- type StartDeviceAuthorizationResponse
Constants ¶
const ( ServiceName = "SSO OIDC" // Service's name ServiceID = "SSOOIDC" // Service's identifier EndpointsID = "oidc" // Service's Endpoint identifier )
const ( // ErrCodeAccessDeniedException for service response error code // "AccessDeniedException". // // You do not have sufficient access to perform this action. ErrCodeAccessDeniedException = "AccessDeniedException" // ErrCodeAuthorizationPendingException for service response error code // "AuthorizationPendingException". // // Indicates that a request to authorize a client with an access user session // token is pending. ErrCodeAuthorizationPendingException = "AuthorizationPendingException" // ErrCodeExpiredTokenException for service response error code // "ExpiredTokenException". // // Indicates that the token issued by the service is expired and is no longer // valid. ErrCodeExpiredTokenException = "ExpiredTokenException" // ErrCodeInternalServerException for service response error code // "InternalServerException". // // Indicates that an error from the service occurred while trying to process // a request. ErrCodeInternalServerException = "InternalServerException" // ErrCodeInvalidClientException for service response error code // "InvalidClientException". // // Indicates that the clientId or clientSecret in the request is invalid. For // example, this can occur when a client sends an incorrect clientId or an expired // clientSecret. ErrCodeInvalidClientException = "InvalidClientException" // ErrCodeInvalidClientMetadataException for service response error code // "InvalidClientMetadataException". // // Indicates that the client information sent in the request during registration // is invalid. ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException" // ErrCodeInvalidGrantException for service response error code // "InvalidGrantException". // // Indicates that a request contains an invalid grant. This can occur if a client // makes a CreateToken request with an invalid grant type. ErrCodeInvalidGrantException = "InvalidGrantException" // ErrCodeInvalidRequestException for service response error code // "InvalidRequestException". // // Indicates that something is wrong with the input to the request. For example, // a required parameter might be missing or out of range. ErrCodeInvalidRequestException = "InvalidRequestException" // ErrCodeInvalidScopeException for service response error code // "InvalidScopeException". // // Indicates that the scope provided in the request is invalid. ErrCodeInvalidScopeException = "InvalidScopeException" // ErrCodeSlowDownException for service response error code // "SlowDownException". // // Indicates that the client is making the request too frequently and is more // than the service can handle. ErrCodeSlowDownException = "SlowDownException" // "UnauthorizedClientException". // // Indicates that the client is not currently authorized to make the request. // This can happen when a clientId is not issued for a public client. ErrCodeUnauthorizedClientException = "UnauthorizedClientException" // ErrCodeUnsupportedGrantTypeException for service response error code // "UnsupportedGrantTypeException". // // Indicates that the grant type in the request is not supported by the service. ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
Client provides the API operation methods for making requests to SSO OIDC. See this package's package overview docs for details on the service.
The client's methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.
func New ¶
New creates a new instance of the client from the provided Config.
Example:
// Create a client from just a config. svc := ssooidc.New(myConfig)
func (*Client) CreateTokenRequest ¶
func (c *Client) CreateTokenRequest(input *CreateTokenInput) CreateTokenRequest
CreateTokenRequest returns a request value for making API operation for AWS SSO OIDC.
Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
// Example sending a request using CreateTokenRequest. req := client.CreateTokenRequest(params) resp, err := req.Send(context.TODO()) if err == nil { fmt.Println(resp) }
Please also see https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken
func (*Client) RegisterClientRequest ¶
func (c *Client) RegisterClientRequest(input *RegisterClientInput) RegisterClientRequest
RegisterClientRequest returns a request value for making API operation for AWS SSO OIDC.
Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
// Example sending a request using RegisterClientRequest. req := client.RegisterClientRequest(params) resp, err := req.Send(context.TODO()) if err == nil { fmt.Println(resp) }
Please also see https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient
func (*Client) StartDeviceAuthorizationRequest ¶
func (c *Client) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) StartDeviceAuthorizationRequest
StartDeviceAuthorizationRequest returns a request value for making API operation for AWS SSO OIDC.
Initiates device authorization by requesting a pair of verification codes from the authorization service.
// Example sending a request using StartDeviceAuthorizationRequest. req := client.StartDeviceAuthorizationRequest(params) resp, err := req.Send(context.TODO()) if err == nil { fmt.Println(resp) }
Please also see https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization
type CreateTokenInput ¶
type CreateTokenInput struct { // The unique identifier string for each client. This value should come from // the persisted result of the RegisterClient API. // // ClientId is a required field ClientId *string `locationName:"clientId" type:"string" required:"true"` // A secret string generated for the client. This value should come from the // persisted result of the RegisterClient API. // // ClientSecret is a required field ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` // The authorization code received from the authorization service. This parameter // is required to perform an authorization grant request to get access to a // token. Code *string `locationName:"code" type:"string"` // Used only when calling this API for the device code grant type. This short-term // code is used to identify this authentication attempt. This should come from // an in-memory reference to the result of the StartDeviceAuthorization API. // // DeviceCode is a required field DeviceCode *string `locationName:"deviceCode" type:"string" required:"true"` // Supports grant types for authorization code, refresh token, and device code // request. // // GrantType is a required field GrantType *string `locationName:"grantType" type:"string" required:"true"` // The location of the application that will receive the authorization code. // Users authorize the service to send the request to this location. RedirectUri *string `locationName:"redirectUri" type:"string"` // The token used to obtain an access token in the event that the access token // is invalid or expired. This token is not issued by the service. RefreshToken *string `locationName:"refreshToken" type:"string"` // The list of scopes that is defined by the client. Upon authorization, this // list is used to restrict permissions when granting an access token. Scope []string `locationName:"scope" type:"list"` // contains filtered or unexported fields }
func (CreateTokenInput) MarshalFields ¶
func (s CreateTokenInput) MarshalFields(e protocol.FieldEncoder) error
MarshalFields encodes the AWS API shape using the passed in protocol encoder.
func (CreateTokenInput) String ¶
func (s CreateTokenInput) String() string
String returns the string representation
func (*CreateTokenInput) Validate ¶
func (s *CreateTokenInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateTokenOutput ¶
type CreateTokenOutput struct { // An opaque token to access AWS SSO resources assigned to a user. AccessToken *string `locationName:"accessToken" type:"string"` // Indicates the time in seconds when an access token will expire. ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` // The identifier of the user that associated with the access token, if present. IdToken *string `locationName:"idToken" type:"string"` // A token that, if present, can be used to refresh a previously issued access // token that might have expired. RefreshToken *string `locationName:"refreshToken" type:"string"` // Used to notify the client that the returned token is an access token. The // supported type is BearerToken. TokenType *string `locationName:"tokenType" type:"string"` // contains filtered or unexported fields }
func (CreateTokenOutput) MarshalFields ¶
func (s CreateTokenOutput) MarshalFields(e protocol.FieldEncoder) error
MarshalFields encodes the AWS API shape using the passed in protocol encoder.
func (CreateTokenOutput) String ¶
func (s CreateTokenOutput) String() string
String returns the string representation
type CreateTokenRequest ¶
type CreateTokenRequest struct { *aws.Request Input *CreateTokenInput Copy func(*CreateTokenInput) CreateTokenRequest }
CreateTokenRequest is the request type for the CreateToken API operation.
func (CreateTokenRequest) Send ¶
func (r CreateTokenRequest) Send(ctx context.Context) (*CreateTokenResponse, error)
Send marshals and sends the CreateToken API request.
type CreateTokenResponse ¶
type CreateTokenResponse struct { *CreateTokenOutput // contains filtered or unexported fields }
CreateTokenResponse is the response type for the CreateToken API operation.
func (*CreateTokenResponse) SDKResponseMetdata ¶
func (r *CreateTokenResponse) SDKResponseMetdata() *aws.Response
SDKResponseMetdata returns the response metadata for the CreateToken request.
type RegisterClientInput ¶
type RegisterClientInput struct { // The friendly name of the client. // // ClientName is a required field ClientName *string `locationName:"clientName" type:"string" required:"true"` // The type of client. The service supports only public as a client type. Anything // other than public will be rejected by the service. // // ClientType is a required field ClientType *string `locationName:"clientType" type:"string" required:"true"` // The list of scopes that are defined by the client. Upon authorization, this // list is used to restrict permissions when granting an access token. Scopes []string `locationName:"scopes" type:"list"` // contains filtered or unexported fields }
func (RegisterClientInput) MarshalFields ¶
func (s RegisterClientInput) MarshalFields(e protocol.FieldEncoder) error
MarshalFields encodes the AWS API shape using the passed in protocol encoder.
func (RegisterClientInput) String ¶
func (s RegisterClientInput) String() string
String returns the string representation
func (*RegisterClientInput) Validate ¶
func (s *RegisterClientInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegisterClientOutput ¶
type RegisterClientOutput struct { // The endpoint where the client can request authorization. AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` // The unique identifier string for each client. This client uses this identifier // to get authenticated by the service in subsequent calls. ClientId *string `locationName:"clientId" type:"string"` // Indicates the time at which the clientId and clientSecret were issued. ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"` // A secret string generated for the client. The client will use this string // to get authenticated by the service in subsequent calls. ClientSecret *string `locationName:"clientSecret" type:"string"` // Indicates the time at which the clientId and clientSecret will become invalid. ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` // The endpoint where the client can get an access token. TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` // contains filtered or unexported fields }
func (RegisterClientOutput) MarshalFields ¶
func (s RegisterClientOutput) MarshalFields(e protocol.FieldEncoder) error
MarshalFields encodes the AWS API shape using the passed in protocol encoder.
func (RegisterClientOutput) String ¶
func (s RegisterClientOutput) String() string
String returns the string representation
type RegisterClientRequest ¶
type RegisterClientRequest struct { *aws.Request Input *RegisterClientInput Copy func(*RegisterClientInput) RegisterClientRequest }
RegisterClientRequest is the request type for the RegisterClient API operation.
func (RegisterClientRequest) Send ¶
func (r RegisterClientRequest) Send(ctx context.Context) (*RegisterClientResponse, error)
Send marshals and sends the RegisterClient API request.
type RegisterClientResponse ¶
type RegisterClientResponse struct { *RegisterClientOutput // contains filtered or unexported fields }
RegisterClientResponse is the response type for the RegisterClient API operation.
func (*RegisterClientResponse) SDKResponseMetdata ¶
func (r *RegisterClientResponse) SDKResponseMetdata() *aws.Response
SDKResponseMetdata returns the response metadata for the RegisterClient request.
type StartDeviceAuthorizationInput ¶
type StartDeviceAuthorizationInput struct { // The unique identifier string for the client that is registered with AWS SSO. // This value should come from the persisted result of the RegisterClient API // operation. // // ClientId is a required field ClientId *string `locationName:"clientId" type:"string" required:"true"` // A secret string that is generated for the client. This value should come // from the persisted result of the RegisterClient API operation. // // ClientSecret is a required field ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` // The URL for the AWS SSO user portal. For more information, see Using the // User Portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) // in the AWS Single Sign-On User Guide. // // StartUrl is a required field StartUrl *string `locationName:"startUrl" type:"string" required:"true"` // contains filtered or unexported fields }
func (StartDeviceAuthorizationInput) MarshalFields ¶
func (s StartDeviceAuthorizationInput) MarshalFields(e protocol.FieldEncoder) error
MarshalFields encodes the AWS API shape using the passed in protocol encoder.
func (StartDeviceAuthorizationInput) String ¶
func (s StartDeviceAuthorizationInput) String() string
String returns the string representation
func (*StartDeviceAuthorizationInput) Validate ¶
func (s *StartDeviceAuthorizationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type StartDeviceAuthorizationOutput ¶
type StartDeviceAuthorizationOutput struct { // The short-lived code that is used by the device when polling for a session // token. DeviceCode *string `locationName:"deviceCode" type:"string"` // Indicates the number of seconds in which the verification code will become // invalid. ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` // Indicates the number of seconds the client must wait between attempts when // polling for a session. Interval *int64 `locationName:"interval" type:"integer"` // A one-time user verification code. This is needed to authorize an in-use // device. UserCode *string `locationName:"userCode" type:"string"` // The URI of the verification page that takes the userCode to authorize the // device. VerificationUri *string `locationName:"verificationUri" type:"string"` // An alternate URL that the client can use to automatically launch a browser. // This process skips the manual step in which the user visits the verification // page and enters their code. VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"` // contains filtered or unexported fields }
func (StartDeviceAuthorizationOutput) MarshalFields ¶
func (s StartDeviceAuthorizationOutput) MarshalFields(e protocol.FieldEncoder) error
MarshalFields encodes the AWS API shape using the passed in protocol encoder.
func (StartDeviceAuthorizationOutput) String ¶
func (s StartDeviceAuthorizationOutput) String() string
String returns the string representation
type StartDeviceAuthorizationRequest ¶
type StartDeviceAuthorizationRequest struct { *aws.Request Input *StartDeviceAuthorizationInput Copy func(*StartDeviceAuthorizationInput) StartDeviceAuthorizationRequest }
StartDeviceAuthorizationRequest is the request type for the StartDeviceAuthorization API operation.
func (StartDeviceAuthorizationRequest) Send ¶
func (r StartDeviceAuthorizationRequest) Send(ctx context.Context) (*StartDeviceAuthorizationResponse, error)
Send marshals and sends the StartDeviceAuthorization API request.
type StartDeviceAuthorizationResponse ¶
type StartDeviceAuthorizationResponse struct { *StartDeviceAuthorizationOutput // contains filtered or unexported fields }
StartDeviceAuthorizationResponse is the response type for the StartDeviceAuthorization API operation.
func (*StartDeviceAuthorizationResponse) SDKResponseMetdata ¶
func (r *StartDeviceAuthorizationResponse) SDKResponseMetdata() *aws.Response
SDKResponseMetdata returns the response metadata for the StartDeviceAuthorization request.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package ssooidciface provides an interface to enable mocking the AWS SSO OIDC service client for testing your code.
|
Package ssooidciface provides an interface to enable mocking the AWS SSO OIDC service client for testing your code. |