ssooidc

package
v1.49.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2023 License: Apache-2.0 Imports: 10 Imported by: 31

Documentation

Overview

Package ssooidc provides the client and types for making API requests to AWS SSO OIDC.

IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI or a native application) to register with IAM Identity Center. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with IAM Identity Center.

IAM Identity Center uses the sso and identitystore API namespaces.

Considerations for Using This Guide

Before you begin using this guide, we recommend that you first review the following important information about how the IAM Identity Center OIDC service works.

  • The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single sign-on authentication with the CLI.

  • With older versions of the CLI, the service only emits OIDC access tokens, so to obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that supports token refresh and doesn’t require re-authentication, update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh and configurable IAM Identity Center session durations. For more information, see Configure Amazon Web Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).

  • The access tokens provided by this service grant access to all Amazon Web Services account entitlements assigned to an IAM Identity Center user, not just a particular application.

  • The documentation in this guide does not describe the mechanism to convert the access token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service endpoints. For more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) in the IAM Identity Center Portal API Reference Guide.

For general information about IAM Identity Center, see What is IAM Identity Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the IAM Identity Center User Guide.

See https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10 for more information on this service.

See ssooidc package documentation for more information. https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/

Using the Client

To contact AWS SSO OIDC with the SDK use the New function to create a new service client. With that client you can make API requests to the service. These clients are safe to use concurrently.

See the SDK's documentation for more information on how to use the SDK. https://docs.aws.amazon.com/sdk-for-go/api/

See aws.Config documentation for more information on configuring SDK clients. https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config

See the AWS SSO OIDC client SSOOIDC for more information on creating client for this service. https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/#New

Index

Examples

Constants

View Source
const (

	// ErrCodeAccessDeniedException for service response error code
	// "AccessDeniedException".
	//
	// You do not have sufficient access to perform this action.
	ErrCodeAccessDeniedException = "AccessDeniedException"

	// ErrCodeAuthorizationPendingException for service response error code
	// "AuthorizationPendingException".
	//
	// Indicates that a request to authorize a client with an access user session
	// token is pending.
	ErrCodeAuthorizationPendingException = "AuthorizationPendingException"

	// ErrCodeExpiredTokenException for service response error code
	// "ExpiredTokenException".
	//
	// Indicates that the token issued by the service is expired and is no longer
	// valid.
	ErrCodeExpiredTokenException = "ExpiredTokenException"

	// ErrCodeInternalServerException for service response error code
	// "InternalServerException".
	//
	// Indicates that an error from the service occurred while trying to process
	// a request.
	ErrCodeInternalServerException = "InternalServerException"

	// ErrCodeInvalidClientException for service response error code
	// "InvalidClientException".
	//
	// Indicates that the clientId or clientSecret in the request is invalid. For
	// example, this can occur when a client sends an incorrect clientId or an expired
	// clientSecret.
	ErrCodeInvalidClientException = "InvalidClientException"

	// ErrCodeInvalidClientMetadataException for service response error code
	// "InvalidClientMetadataException".
	//
	// Indicates that the client information sent in the request during registration
	// is invalid.
	ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException"

	// ErrCodeInvalidGrantException for service response error code
	// "InvalidGrantException".
	//
	// Indicates that a request contains an invalid grant. This can occur if a client
	// makes a CreateToken request with an invalid grant type.
	ErrCodeInvalidGrantException = "InvalidGrantException"

	// ErrCodeInvalidRequestException for service response error code
	// "InvalidRequestException".
	//
	// Indicates that something is wrong with the input to the request. For example,
	// a required parameter might be missing or out of range.
	ErrCodeInvalidRequestException = "InvalidRequestException"

	// ErrCodeInvalidRequestRegionException for service response error code
	// "InvalidRequestRegionException".
	//
	// Indicates that a token provided as input to the request was issued by and
	// is only usable by calling IAM Identity Center endpoints in another region.
	ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"

	// ErrCodeInvalidScopeException for service response error code
	// "InvalidScopeException".
	//
	// Indicates that the scope provided in the request is invalid.
	ErrCodeInvalidScopeException = "InvalidScopeException"

	// ErrCodeSlowDownException for service response error code
	// "SlowDownException".
	//
	// Indicates that the client is making the request too frequently and is more
	// than the service can handle.
	ErrCodeSlowDownException = "SlowDownException"

	// ErrCodeUnauthorizedClientException for service response error code
	// "UnauthorizedClientException".
	//
	// Indicates that the client is not currently authorized to make the request.
	// This can happen when a clientId is not issued for a public client.
	ErrCodeUnauthorizedClientException = "UnauthorizedClientException"

	// ErrCodeUnsupportedGrantTypeException for service response error code
	// "UnsupportedGrantTypeException".
	//
	// Indicates that the grant type in the request is not supported by the service.
	ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException"
)
View Source
const (
	ServiceName = "SSO OIDC" // Name of service.
	EndpointsID = "oidc"     // ID to lookup a service endpoint with.
	ServiceID   = "SSO OIDC" // ServiceID is a unique identifier of a specific service.
)

Service information constants

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessDeniedException added in v1.28.0

type AccessDeniedException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be access_denied.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

You do not have sufficient access to perform this action.

func (*AccessDeniedException) Code added in v1.28.0

func (s *AccessDeniedException) Code() string

Code returns the exception type name.

func (*AccessDeniedException) Error added in v1.28.0

func (s *AccessDeniedException) Error() string

func (AccessDeniedException) GoString added in v1.28.0

func (s AccessDeniedException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*AccessDeniedException) Message added in v1.28.0

func (s *AccessDeniedException) Message() string

Message returns the exception's message.

func (*AccessDeniedException) OrigErr added in v1.28.0

func (s *AccessDeniedException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*AccessDeniedException) RequestID added in v1.28.0

func (s *AccessDeniedException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*AccessDeniedException) StatusCode added in v1.28.0

func (s *AccessDeniedException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (AccessDeniedException) String added in v1.28.0

func (s AccessDeniedException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type AuthorizationPendingException added in v1.28.0

type AuthorizationPendingException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be authorization_pending.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that a request to authorize a client with an access user session token is pending.

func (*AuthorizationPendingException) Code added in v1.28.0

Code returns the exception type name.

func (*AuthorizationPendingException) Error added in v1.28.0

func (AuthorizationPendingException) GoString added in v1.28.0

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*AuthorizationPendingException) Message added in v1.28.0

Message returns the exception's message.

func (*AuthorizationPendingException) OrigErr added in v1.28.0

func (s *AuthorizationPendingException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*AuthorizationPendingException) RequestID added in v1.28.0

func (s *AuthorizationPendingException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*AuthorizationPendingException) StatusCode added in v1.28.0

func (s *AuthorizationPendingException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (AuthorizationPendingException) String added in v1.28.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type CreateTokenInput

type CreateTokenInput struct {

	// The unique identifier string for the client or application. This value comes
	// from the result of the RegisterClient API.
	//
	// ClientId is a required field
	ClientId *string `locationName:"clientId" type:"string" required:"true"`

	// A secret string generated for the client. This value should come from the
	// persisted result of the RegisterClient API.
	//
	// ClientSecret is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenInput's
	// String and GoString methods.
	//
	// ClientSecret is a required field
	ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`

	// Used only when calling this API for the Authorization Code grant type. The
	// short-term code is used to identify this authorization request. This grant
	// type is currently unsupported for the CreateToken API.
	Code *string `locationName:"code" type:"string"`

	// Used only when calling this API for the Device Code grant type. This short-term
	// code is used to identify this authorization request. This comes from the
	// result of the StartDeviceAuthorization API.
	DeviceCode *string `locationName:"deviceCode" type:"string"`

	// Supports the following OAuth grant types: Device Code and Refresh Token.
	// Specify either of the following values, depending on the grant type that
	// you want:
	//
	// * Device Code - urn:ietf:params:oauth:grant-type:device_code
	//
	// * Refresh Token - refresh_token
	//
	// For information about how to obtain the device code, see the StartDeviceAuthorization
	// topic.
	//
	// GrantType is a required field
	GrantType *string `locationName:"grantType" type:"string" required:"true"`

	// Used only when calling this API for the Authorization Code grant type. This
	// value specifies the location of the client or application that has registered
	// to receive the authorization code.
	RedirectUri *string `locationName:"redirectUri" type:"string"`

	// Used only when calling this API for the Refresh Token grant type. This token
	// is used to refresh short-term tokens, such as the access token, that might
	// expire.
	//
	// For more information about the features and limitations of the current IAM
	// Identity Center OIDC implementation, see Considerations for Using this Guide
	// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
	//
	// RefreshToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenInput's
	// String and GoString methods.
	RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

	// The list of scopes for which authorization is requested. The access token
	// that is issued is limited to the scopes that are granted. If this value is
	// not specified, IAM Identity Center authorizes all scopes that are configured
	// for the client during the call to RegisterClient.
	Scope []*string `locationName:"scope" type:"list"`
	// contains filtered or unexported fields
}

func (CreateTokenInput) GoString

func (s CreateTokenInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenInput) SetClientId

func (s *CreateTokenInput) SetClientId(v string) *CreateTokenInput

SetClientId sets the ClientId field's value.

func (*CreateTokenInput) SetClientSecret

func (s *CreateTokenInput) SetClientSecret(v string) *CreateTokenInput

SetClientSecret sets the ClientSecret field's value.

func (*CreateTokenInput) SetCode

func (s *CreateTokenInput) SetCode(v string) *CreateTokenInput

SetCode sets the Code field's value.

func (*CreateTokenInput) SetDeviceCode

func (s *CreateTokenInput) SetDeviceCode(v string) *CreateTokenInput

SetDeviceCode sets the DeviceCode field's value.

func (*CreateTokenInput) SetGrantType

func (s *CreateTokenInput) SetGrantType(v string) *CreateTokenInput

SetGrantType sets the GrantType field's value.

func (*CreateTokenInput) SetRedirectUri

func (s *CreateTokenInput) SetRedirectUri(v string) *CreateTokenInput

SetRedirectUri sets the RedirectUri field's value.

func (*CreateTokenInput) SetRefreshToken

func (s *CreateTokenInput) SetRefreshToken(v string) *CreateTokenInput

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenInput) SetScope

func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput

SetScope sets the Scope field's value.

func (CreateTokenInput) String

func (s CreateTokenInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenInput) Validate

func (s *CreateTokenInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CreateTokenOutput

type CreateTokenOutput struct {

	// A bearer token to access AWS accounts and applications assigned to a user.
	//
	// AccessToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenOutput's
	// String and GoString methods.
	AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`

	// Indicates the time in seconds when an access token will expire.
	ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

	// The idToken is not implemented or supported. For more information about the
	// features and limitations of the current IAM Identity Center OIDC implementation,
	// see Considerations for Using this Guide in the IAM Identity Center OIDC API
	// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
	//
	// A JSON Web Token (JWT) that identifies who is associated with the issued
	// access token.
	//
	// IdToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenOutput's
	// String and GoString methods.
	IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`

	// A token that, if present, can be used to refresh a previously issued access
	// token that might have expired.
	//
	// For more information about the features and limitations of the current IAM
	// Identity Center OIDC implementation, see Considerations for Using this Guide
	// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
	//
	// RefreshToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenOutput's
	// String and GoString methods.
	RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

	// Used to notify the client that the returned token is an access token. The
	// supported token type is Bearer.
	TokenType *string `locationName:"tokenType" type:"string"`
	// contains filtered or unexported fields
}

func (CreateTokenOutput) GoString

func (s CreateTokenOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenOutput) SetAccessToken

func (s *CreateTokenOutput) SetAccessToken(v string) *CreateTokenOutput

SetAccessToken sets the AccessToken field's value.

func (*CreateTokenOutput) SetExpiresIn

func (s *CreateTokenOutput) SetExpiresIn(v int64) *CreateTokenOutput

SetExpiresIn sets the ExpiresIn field's value.

func (*CreateTokenOutput) SetIdToken

func (s *CreateTokenOutput) SetIdToken(v string) *CreateTokenOutput

SetIdToken sets the IdToken field's value.

func (*CreateTokenOutput) SetRefreshToken

func (s *CreateTokenOutput) SetRefreshToken(v string) *CreateTokenOutput

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenOutput) SetTokenType

func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput

SetTokenType sets the TokenType field's value.

func (CreateTokenOutput) String

func (s CreateTokenOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type CreateTokenWithIAMInput added in v1.48.0

type CreateTokenWithIAMInput struct {

	// Used only when calling this API for the JWT Bearer grant type. This value
	// specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize
	// a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
	//
	// Assertion is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
	// String and GoString methods.
	Assertion *string `locationName:"assertion" type:"string" sensitive:"true"`

	// The unique identifier string for the client or application. This value is
	// an application ARN that has OAuth grants configured.
	//
	// ClientId is a required field
	ClientId *string `locationName:"clientId" type:"string" required:"true"`

	// Used only when calling this API for the Authorization Code grant type. This
	// short-term code is used to identify this authorization request. The code
	// is obtained through a redirect from IAM Identity Center to a redirect URI
	// persisted in the Authorization Code GrantOptions for the application.
	Code *string `locationName:"code" type:"string"`

	// Supports the following OAuth grant types: Authorization Code, Refresh Token,
	// JWT Bearer, and Token Exchange. Specify one of the following values, depending
	// on the grant type that you want:
	//
	// * Authorization Code - authorization_code
	//
	// * Refresh Token - refresh_token
	//
	// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
	//
	// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
	//
	// GrantType is a required field
	GrantType *string `locationName:"grantType" type:"string" required:"true"`

	// Used only when calling this API for the Authorization Code grant type. This
	// value specifies the location of the client or application that has registered
	// to receive the authorization code.
	RedirectUri *string `locationName:"redirectUri" type:"string"`

	// Used only when calling this API for the Refresh Token grant type. This token
	// is used to refresh short-term tokens, such as the access token, that might
	// expire.
	//
	// For more information about the features and limitations of the current IAM
	// Identity Center OIDC implementation, see Considerations for Using this Guide
	// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
	//
	// RefreshToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
	// String and GoString methods.
	RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

	// Used only when calling this API for the Token Exchange grant type. This value
	// specifies the type of token that the requester can receive. The following
	// values are supported:
	//
	// * Access Token - urn:ietf:params:oauth:token-type:access_token
	//
	// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
	RequestedTokenType *string `locationName:"requestedTokenType" type:"string"`

	// The list of scopes for which authorization is requested. The access token
	// that is issued is limited to the scopes that are granted. If the value is
	// not specified, IAM Identity Center authorizes all scopes configured for the
	// application, including the following default scopes: openid, aws, sts:identity_context.
	Scope []*string `locationName:"scope" type:"list"`

	// Used only when calling this API for the Token Exchange grant type. This value
	// specifies the subject of the exchange. The value of the subject token must
	// be an access token issued by IAM Identity Center to a different client or
	// application. The access token must have authorized scopes that indicate the
	// requested application as a target audience.
	//
	// SubjectToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
	// String and GoString methods.
	SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"`

	// Used only when calling this API for the Token Exchange grant type. This value
	// specifies the type of token that is passed as the subject of the exchange.
	// The following value is supported:
	//
	// * Access Token - urn:ietf:params:oauth:token-type:access_token
	SubjectTokenType *string `locationName:"subjectTokenType" type:"string"`
	// contains filtered or unexported fields
}

func (CreateTokenWithIAMInput) GoString added in v1.48.0

func (s CreateTokenWithIAMInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenWithIAMInput) SetAssertion added in v1.48.0

SetAssertion sets the Assertion field's value.

func (*CreateTokenWithIAMInput) SetClientId added in v1.48.0

SetClientId sets the ClientId field's value.

func (*CreateTokenWithIAMInput) SetCode added in v1.48.0

SetCode sets the Code field's value.

func (*CreateTokenWithIAMInput) SetGrantType added in v1.48.0

SetGrantType sets the GrantType field's value.

func (*CreateTokenWithIAMInput) SetRedirectUri added in v1.48.0

SetRedirectUri sets the RedirectUri field's value.

func (*CreateTokenWithIAMInput) SetRefreshToken added in v1.48.0

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenWithIAMInput) SetRequestedTokenType added in v1.48.0

func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput

SetRequestedTokenType sets the RequestedTokenType field's value.

func (*CreateTokenWithIAMInput) SetScope added in v1.48.0

SetScope sets the Scope field's value.

func (*CreateTokenWithIAMInput) SetSubjectToken added in v1.48.0

SetSubjectToken sets the SubjectToken field's value.

func (*CreateTokenWithIAMInput) SetSubjectTokenType added in v1.48.0

func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput

SetSubjectTokenType sets the SubjectTokenType field's value.

func (CreateTokenWithIAMInput) String added in v1.48.0

func (s CreateTokenWithIAMInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenWithIAMInput) Validate added in v1.48.0

func (s *CreateTokenWithIAMInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CreateTokenWithIAMOutput added in v1.48.0

type CreateTokenWithIAMOutput struct {

	// A bearer token to access AWS accounts and applications assigned to a user.
	//
	// AccessToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
	// String and GoString methods.
	AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`

	// Indicates the time in seconds when an access token will expire.
	ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

	// A JSON Web Token (JWT) that identifies the user associated with the issued
	// access token.
	//
	// IdToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
	// String and GoString methods.
	IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`

	// Indicates the type of tokens that are issued by IAM Identity Center. The
	// following values are supported:
	//
	// * Access Token - urn:ietf:params:oauth:token-type:access_token
	//
	// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
	IssuedTokenType *string `locationName:"issuedTokenType" type:"string"`

	// A token that, if present, can be used to refresh a previously issued access
	// token that might have expired.
	//
	// For more information about the features and limitations of the current IAM
	// Identity Center OIDC implementation, see Considerations for Using this Guide
	// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
	//
	// RefreshToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
	// String and GoString methods.
	RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

	// The list of scopes for which authorization is granted. The access token that
	// is issued is limited to the scopes that are granted.
	Scope []*string `locationName:"scope" type:"list"`

	// Used to notify the requester that the returned token is an access token.
	// The supported token type is Bearer.
	TokenType *string `locationName:"tokenType" type:"string"`
	// contains filtered or unexported fields
}

func (CreateTokenWithIAMOutput) GoString added in v1.48.0

func (s CreateTokenWithIAMOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenWithIAMOutput) SetAccessToken added in v1.48.0

SetAccessToken sets the AccessToken field's value.

func (*CreateTokenWithIAMOutput) SetExpiresIn added in v1.48.0

SetExpiresIn sets the ExpiresIn field's value.

func (*CreateTokenWithIAMOutput) SetIdToken added in v1.48.0

SetIdToken sets the IdToken field's value.

func (*CreateTokenWithIAMOutput) SetIssuedTokenType added in v1.48.0

func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput

SetIssuedTokenType sets the IssuedTokenType field's value.

func (*CreateTokenWithIAMOutput) SetRefreshToken added in v1.48.0

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenWithIAMOutput) SetScope added in v1.48.0

SetScope sets the Scope field's value.

func (*CreateTokenWithIAMOutput) SetTokenType added in v1.48.0

SetTokenType sets the TokenType field's value.

func (CreateTokenWithIAMOutput) String added in v1.48.0

func (s CreateTokenWithIAMOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ExpiredTokenException added in v1.28.0

type ExpiredTokenException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be expired_token.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the token issued by the service is expired and is no longer valid.

func (*ExpiredTokenException) Code added in v1.28.0

func (s *ExpiredTokenException) Code() string

Code returns the exception type name.

func (*ExpiredTokenException) Error added in v1.28.0

func (s *ExpiredTokenException) Error() string

func (ExpiredTokenException) GoString added in v1.28.0

func (s ExpiredTokenException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ExpiredTokenException) Message added in v1.28.0

func (s *ExpiredTokenException) Message() string

Message returns the exception's message.

func (*ExpiredTokenException) OrigErr added in v1.28.0

func (s *ExpiredTokenException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*ExpiredTokenException) RequestID added in v1.28.0

func (s *ExpiredTokenException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*ExpiredTokenException) StatusCode added in v1.28.0

func (s *ExpiredTokenException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (ExpiredTokenException) String added in v1.28.0

func (s ExpiredTokenException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InternalServerException added in v1.28.0

type InternalServerException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be server_error.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that an error from the service occurred while trying to process a request.

func (*InternalServerException) Code added in v1.28.0

func (s *InternalServerException) Code() string

Code returns the exception type name.

func (*InternalServerException) Error added in v1.28.0

func (s *InternalServerException) Error() string

func (InternalServerException) GoString added in v1.28.0

func (s InternalServerException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InternalServerException) Message added in v1.28.0

func (s *InternalServerException) Message() string

Message returns the exception's message.

func (*InternalServerException) OrigErr added in v1.28.0

func (s *InternalServerException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InternalServerException) RequestID added in v1.28.0

func (s *InternalServerException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InternalServerException) StatusCode added in v1.28.0

func (s *InternalServerException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InternalServerException) String added in v1.28.0

func (s InternalServerException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidClientException added in v1.28.0

type InvalidClientException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be invalid_client.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

func (*InvalidClientException) Code added in v1.28.0

func (s *InvalidClientException) Code() string

Code returns the exception type name.

func (*InvalidClientException) Error added in v1.28.0

func (s *InvalidClientException) Error() string

func (InvalidClientException) GoString added in v1.28.0

func (s InvalidClientException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidClientException) Message added in v1.28.0

func (s *InvalidClientException) Message() string

Message returns the exception's message.

func (*InvalidClientException) OrigErr added in v1.28.0

func (s *InvalidClientException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidClientException) RequestID added in v1.28.0

func (s *InvalidClientException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidClientException) StatusCode added in v1.28.0

func (s *InvalidClientException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidClientException) String added in v1.28.0

func (s InvalidClientException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidClientMetadataException added in v1.28.0

type InvalidClientMetadataException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be invalid_client_metadata.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the client information sent in the request during registration is invalid.

func (*InvalidClientMetadataException) Code added in v1.28.0

Code returns the exception type name.

func (*InvalidClientMetadataException) Error added in v1.28.0

func (InvalidClientMetadataException) GoString added in v1.28.0

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidClientMetadataException) Message added in v1.28.0

Message returns the exception's message.

func (*InvalidClientMetadataException) OrigErr added in v1.28.0

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidClientMetadataException) RequestID added in v1.28.0

func (s *InvalidClientMetadataException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidClientMetadataException) StatusCode added in v1.28.0

func (s *InvalidClientMetadataException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidClientMetadataException) String added in v1.28.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidGrantException added in v1.28.0

type InvalidGrantException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be invalid_grant.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.

func (*InvalidGrantException) Code added in v1.28.0

func (s *InvalidGrantException) Code() string

Code returns the exception type name.

func (*InvalidGrantException) Error added in v1.28.0

func (s *InvalidGrantException) Error() string

func (InvalidGrantException) GoString added in v1.28.0

func (s InvalidGrantException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidGrantException) Message added in v1.28.0

func (s *InvalidGrantException) Message() string

Message returns the exception's message.

func (*InvalidGrantException) OrigErr added in v1.28.0

func (s *InvalidGrantException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidGrantException) RequestID added in v1.28.0

func (s *InvalidGrantException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidGrantException) StatusCode added in v1.28.0

func (s *InvalidGrantException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidGrantException) String added in v1.28.0

func (s InvalidGrantException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRequestException added in v1.28.0

type InvalidRequestException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be invalid_request.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

func (*InvalidRequestException) Code added in v1.28.0

func (s *InvalidRequestException) Code() string

Code returns the exception type name.

func (*InvalidRequestException) Error added in v1.28.0

func (s *InvalidRequestException) Error() string

func (InvalidRequestException) GoString added in v1.28.0

func (s InvalidRequestException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRequestException) Message added in v1.28.0

func (s *InvalidRequestException) Message() string

Message returns the exception's message.

func (*InvalidRequestException) OrigErr added in v1.28.0

func (s *InvalidRequestException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRequestException) RequestID added in v1.28.0

func (s *InvalidRequestException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRequestException) StatusCode added in v1.28.0

func (s *InvalidRequestException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRequestException) String added in v1.28.0

func (s InvalidRequestException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRequestRegionException added in v1.48.0

type InvalidRequestRegionException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Indicates the IAM Identity Center endpoint which the requester may call with
	// this token.
	Endpoint *string `locationName:"endpoint" type:"string"`

	// Single error code. For this exception the value will be invalid_request.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`

	// Indicates the region which the requester may call with this token.
	Region *string `locationName:"region" type:"string"`
	// contains filtered or unexported fields
}

Indicates that a token provided as input to the request was issued by and is only usable by calling IAM Identity Center endpoints in another region.

func (*InvalidRequestRegionException) Code added in v1.48.0

Code returns the exception type name.

func (*InvalidRequestRegionException) Error added in v1.48.0

func (InvalidRequestRegionException) GoString added in v1.48.0

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRequestRegionException) Message added in v1.48.0

Message returns the exception's message.

func (*InvalidRequestRegionException) OrigErr added in v1.48.0

func (s *InvalidRequestRegionException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRequestRegionException) RequestID added in v1.48.0

func (s *InvalidRequestRegionException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRequestRegionException) StatusCode added in v1.48.0

func (s *InvalidRequestRegionException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRequestRegionException) String added in v1.48.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidScopeException added in v1.28.0

type InvalidScopeException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be invalid_scope.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the scope provided in the request is invalid.

func (*InvalidScopeException) Code added in v1.28.0

func (s *InvalidScopeException) Code() string

Code returns the exception type name.

func (*InvalidScopeException) Error added in v1.28.0

func (s *InvalidScopeException) Error() string

func (InvalidScopeException) GoString added in v1.28.0

func (s InvalidScopeException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidScopeException) Message added in v1.28.0

func (s *InvalidScopeException) Message() string

Message returns the exception's message.

func (*InvalidScopeException) OrigErr added in v1.28.0

func (s *InvalidScopeException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidScopeException) RequestID added in v1.28.0

func (s *InvalidScopeException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidScopeException) StatusCode added in v1.28.0

func (s *InvalidScopeException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidScopeException) String added in v1.28.0

func (s InvalidScopeException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RegisterClientInput

type RegisterClientInput struct {

	// The friendly name of the client.
	//
	// ClientName is a required field
	ClientName *string `locationName:"clientName" type:"string" required:"true"`

	// The type of client. The service supports only public as a client type. Anything
	// other than public will be rejected by the service.
	//
	// ClientType is a required field
	ClientType *string `locationName:"clientType" type:"string" required:"true"`

	// The list of scopes that are defined by the client. Upon authorization, this
	// list is used to restrict permissions when granting an access token.
	Scopes []*string `locationName:"scopes" type:"list"`
	// contains filtered or unexported fields
}

func (RegisterClientInput) GoString

func (s RegisterClientInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RegisterClientInput) SetClientName

func (s *RegisterClientInput) SetClientName(v string) *RegisterClientInput

SetClientName sets the ClientName field's value.

func (*RegisterClientInput) SetClientType

func (s *RegisterClientInput) SetClientType(v string) *RegisterClientInput

SetClientType sets the ClientType field's value.

func (*RegisterClientInput) SetScopes

func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput

SetScopes sets the Scopes field's value.

func (RegisterClientInput) String

func (s RegisterClientInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RegisterClientInput) Validate

func (s *RegisterClientInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type RegisterClientOutput

type RegisterClientOutput struct {

	// An endpoint that the client can use to request authorization.
	AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`

	// The unique identifier string for each client. This client uses this identifier
	// to get authenticated by the service in subsequent calls.
	ClientId *string `locationName:"clientId" type:"string"`

	// Indicates the time at which the clientId and clientSecret were issued.
	ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"`

	// A secret string generated for the client. The client will use this string
	// to get authenticated by the service in subsequent calls.
	//
	// ClientSecret is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by RegisterClientOutput's
	// String and GoString methods.
	ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"`

	// Indicates the time at which the clientId and clientSecret will become invalid.
	ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`

	// An endpoint that the client can use to create tokens.
	TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
	// contains filtered or unexported fields
}

func (RegisterClientOutput) GoString

func (s RegisterClientOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RegisterClientOutput) SetAuthorizationEndpoint

func (s *RegisterClientOutput) SetAuthorizationEndpoint(v string) *RegisterClientOutput

SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value.

func (*RegisterClientOutput) SetClientId

SetClientId sets the ClientId field's value.

func (*RegisterClientOutput) SetClientIdIssuedAt

func (s *RegisterClientOutput) SetClientIdIssuedAt(v int64) *RegisterClientOutput

SetClientIdIssuedAt sets the ClientIdIssuedAt field's value.

func (*RegisterClientOutput) SetClientSecret

func (s *RegisterClientOutput) SetClientSecret(v string) *RegisterClientOutput

SetClientSecret sets the ClientSecret field's value.

func (*RegisterClientOutput) SetClientSecretExpiresAt

func (s *RegisterClientOutput) SetClientSecretExpiresAt(v int64) *RegisterClientOutput

SetClientSecretExpiresAt sets the ClientSecretExpiresAt field's value.

func (*RegisterClientOutput) SetTokenEndpoint

func (s *RegisterClientOutput) SetTokenEndpoint(v string) *RegisterClientOutput

SetTokenEndpoint sets the TokenEndpoint field's value.

func (RegisterClientOutput) String

func (s RegisterClientOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type SSOOIDC

type SSOOIDC struct {
	*client.Client
}

SSOOIDC provides the API operation methods for making requests to AWS SSO OIDC. See this package's package overview docs for details on the service.

SSOOIDC methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.

func New

func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC

New creates a new instance of the SSOOIDC client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.

Example:

mySession := session.Must(session.NewSession())

// Create a SSOOIDC client from just a session.
svc := ssooidc.New(mySession)

// Create a SSOOIDC client with additional configuration
svc := ssooidc.New(mySession, aws.NewConfig().WithRegion("us-west-2"))

func (*SSOOIDC) CreateToken

func (c *SSOOIDC) CreateToken(input *CreateTokenInput) (*CreateTokenOutput, error)

CreateToken API operation for AWS SSO OIDC.

Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation CreateToken for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

  • InvalidClientException Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

  • InvalidGrantException Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.

  • UnauthorizedClientException Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

  • UnsupportedGrantTypeException Indicates that the grant type in the request is not supported by the service.

  • InvalidScopeException Indicates that the scope provided in the request is invalid.

  • AuthorizationPendingException Indicates that a request to authorize a client with an access user session token is pending.

  • SlowDownException Indicates that the client is making the request too frequently and is more than the service can handle.

  • AccessDeniedException You do not have sufficient access to perform this action.

  • ExpiredTokenException Indicates that the token issued by the service is expired and is no longer valid.

  • InternalServerException Indicates that an error from the service occurred while trying to process a request.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken

Example (Shared00)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.CreateTokenInput{
		ClientId:     aws.String("_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID"),
		ClientSecret: aws.String("VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0"),
		DeviceCode:   aws.String("yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE"),
		GrantType:    aws.String("urn:ietf:params:oauth:grant-type:device-code"),
	}

	result, err := svc.CreateToken(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeInvalidGrantException:
				fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeUnsupportedGrantTypeException:
				fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeAuthorizationPendingException:
				fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeAccessDeniedException:
				fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
			case ssooidc.ErrCodeExpiredTokenException:
				fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared01)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.CreateTokenInput{
		ClientId:     aws.String("_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID"),
		ClientSecret: aws.String("VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0"),
		GrantType:    aws.String("refresh_token"),
		RefreshToken: aws.String("aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN"),
		Scope: []*string{
			aws.String("codewhisperer:completions"),
		},
	}

	result, err := svc.CreateToken(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeInvalidGrantException:
				fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeUnsupportedGrantTypeException:
				fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeAuthorizationPendingException:
				fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeAccessDeniedException:
				fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
			case ssooidc.ErrCodeExpiredTokenException:
				fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SSOOIDC) CreateTokenRequest

func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Request, output *CreateTokenOutput)

CreateTokenRequest generates a "aws/request.Request" representing the client's request for the CreateToken operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See CreateToken for more information on using the CreateToken API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the CreateTokenRequest method.
req, resp := client.CreateTokenRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken

func (*SSOOIDC) CreateTokenWithContext

func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInput, opts ...request.Option) (*CreateTokenOutput, error)

CreateTokenWithContext is the same as CreateToken with the addition of the ability to pass a context and additional request options.

See CreateToken for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSOOIDC) CreateTokenWithIAM added in v1.48.0

func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error)

CreateTokenWithIAM API operation for AWS SSO OIDC.

Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation CreateTokenWithIAM for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

  • InvalidClientException Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

  • InvalidGrantException Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.

  • UnauthorizedClientException Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

  • UnsupportedGrantTypeException Indicates that the grant type in the request is not supported by the service.

  • InvalidScopeException Indicates that the scope provided in the request is invalid.

  • AuthorizationPendingException Indicates that a request to authorize a client with an access user session token is pending.

  • SlowDownException Indicates that the client is making the request too frequently and is more than the service can handle.

  • AccessDeniedException You do not have sufficient access to perform this action.

  • ExpiredTokenException Indicates that the token issued by the service is expired and is no longer valid.

  • InternalServerException Indicates that an error from the service occurred while trying to process a request.

  • InvalidRequestRegionException Indicates that a token provided as input to the request was issued by and is only usable by calling IAM Identity Center endpoints in another region.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM

Example (Shared00)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.CreateTokenWithIAMInput{
		ClientId:    aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
		Code:        aws.String("yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE"),
		GrantType:   aws.String("authorization_code"),
		RedirectUri: aws.String("https://mywebapp.example/redirect"),
		Scope: []*string{
			aws.String("openid"),
			aws.String("aws"),
			aws.String("sts:identity_context"),
		},
	}

	result, err := svc.CreateTokenWithIAM(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeInvalidGrantException:
				fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeUnsupportedGrantTypeException:
				fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeAuthorizationPendingException:
				fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeAccessDeniedException:
				fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
			case ssooidc.ErrCodeExpiredTokenException:
				fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			case ssooidc.ErrCodeInvalidRequestRegionException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared01)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.CreateTokenWithIAMInput{
		ClientId:     aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
		GrantType:    aws.String("refresh_token"),
		RefreshToken: aws.String("aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN"),
	}

	result, err := svc.CreateTokenWithIAM(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeInvalidGrantException:
				fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeUnsupportedGrantTypeException:
				fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeAuthorizationPendingException:
				fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeAccessDeniedException:
				fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
			case ssooidc.ErrCodeExpiredTokenException:
				fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			case ssooidc.ErrCodeInvalidRequestRegionException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared02)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.CreateTokenWithIAMInput{
		Assertion: aws.String("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw"),
		ClientId:  aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
		GrantType: aws.String("urn:ietf:params:oauth:grant-type:jwt-bearer"),
	}

	result, err := svc.CreateTokenWithIAM(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeInvalidGrantException:
				fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeUnsupportedGrantTypeException:
				fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeAuthorizationPendingException:
				fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeAccessDeniedException:
				fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
			case ssooidc.ErrCodeExpiredTokenException:
				fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			case ssooidc.ErrCodeInvalidRequestRegionException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared03)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.CreateTokenWithIAMInput{
		ClientId:           aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
		GrantType:          aws.String("urn:ietf:params:oauth:grant-type:token-exchange"),
		RequestedTokenType: aws.String("urn:ietf:params:oauth:token-type:access_token"),
		SubjectToken:       aws.String("aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN"),
		SubjectTokenType:   aws.String("urn:ietf:params:oauth:token-type:access_token"),
	}

	result, err := svc.CreateTokenWithIAM(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeInvalidGrantException:
				fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeUnsupportedGrantTypeException:
				fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeAuthorizationPendingException:
				fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeAccessDeniedException:
				fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
			case ssooidc.ErrCodeExpiredTokenException:
				fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			case ssooidc.ErrCodeInvalidRequestRegionException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SSOOIDC) CreateTokenWithIAMRequest added in v1.48.0

func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput)

CreateTokenWithIAMRequest generates a "aws/request.Request" representing the client's request for the CreateTokenWithIAM operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See CreateTokenWithIAM for more information on using the CreateTokenWithIAM API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the CreateTokenWithIAMRequest method.
req, resp := client.CreateTokenWithIAMRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM

func (*SSOOIDC) CreateTokenWithIAMWithContext added in v1.48.0

func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error)

CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of the ability to pass a context and additional request options.

See CreateTokenWithIAM for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSOOIDC) RegisterClient

func (c *SSOOIDC) RegisterClient(input *RegisterClientInput) (*RegisterClientOutput, error)

RegisterClient API operation for AWS SSO OIDC.

Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation RegisterClient for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

  • InvalidScopeException Indicates that the scope provided in the request is invalid.

  • InvalidClientMetadataException Indicates that the client information sent in the request during registration is invalid.

  • InternalServerException Indicates that an error from the service occurred while trying to process a request.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient

Example (Shared00)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.RegisterClientInput{
		ClientName: aws.String("My IDE Plugin"),
		ClientType: aws.String("public"),
		Scopes: []*string{
			aws.String("sso:account:access"),
			aws.String("codewhisperer:completions"),
		},
	}

	result, err := svc.RegisterClient(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidScopeException:
				fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientMetadataException:
				fmt.Println(ssooidc.ErrCodeInvalidClientMetadataException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SSOOIDC) RegisterClientRequest

func (c *SSOOIDC) RegisterClientRequest(input *RegisterClientInput) (req *request.Request, output *RegisterClientOutput)

RegisterClientRequest generates a "aws/request.Request" representing the client's request for the RegisterClient operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See RegisterClient for more information on using the RegisterClient API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the RegisterClientRequest method.
req, resp := client.RegisterClientRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient

func (*SSOOIDC) RegisterClientWithContext

func (c *SSOOIDC) RegisterClientWithContext(ctx aws.Context, input *RegisterClientInput, opts ...request.Option) (*RegisterClientOutput, error)

RegisterClientWithContext is the same as RegisterClient with the addition of the ability to pass a context and additional request options.

See RegisterClient for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSOOIDC) StartDeviceAuthorization

func (c *SSOOIDC) StartDeviceAuthorization(input *StartDeviceAuthorizationInput) (*StartDeviceAuthorizationOutput, error)

StartDeviceAuthorization API operation for AWS SSO OIDC.

Initiates device authorization by requesting a pair of verification codes from the authorization service.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation StartDeviceAuthorization for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

  • InvalidClientException Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

  • UnauthorizedClientException Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

  • SlowDownException Indicates that the client is making the request too frequently and is more than the service can handle.

  • InternalServerException Indicates that an error from the service occurred while trying to process a request.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization

Example (Shared00)
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ssooidc"
)

func main() {
	svc := ssooidc.New(session.New())
	input := &ssooidc.StartDeviceAuthorizationInput{
		ClientId:     aws.String("_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID"),
		ClientSecret: aws.String("VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0"),
		StartUrl:     aws.String("https://identitycenter.amazonaws.com/ssoins-111111111111"),
	}

	result, err := svc.StartDeviceAuthorization(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case ssooidc.ErrCodeInvalidRequestException:
				fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
			case ssooidc.ErrCodeInvalidClientException:
				fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
			case ssooidc.ErrCodeUnauthorizedClientException:
				fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
			case ssooidc.ErrCodeSlowDownException:
				fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
			case ssooidc.ErrCodeInternalServerException:
				fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SSOOIDC) StartDeviceAuthorizationRequest

func (c *SSOOIDC) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) (req *request.Request, output *StartDeviceAuthorizationOutput)

StartDeviceAuthorizationRequest generates a "aws/request.Request" representing the client's request for the StartDeviceAuthorization operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See StartDeviceAuthorization for more information on using the StartDeviceAuthorization API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the StartDeviceAuthorizationRequest method.
req, resp := client.StartDeviceAuthorizationRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization

func (*SSOOIDC) StartDeviceAuthorizationWithContext

func (c *SSOOIDC) StartDeviceAuthorizationWithContext(ctx aws.Context, input *StartDeviceAuthorizationInput, opts ...request.Option) (*StartDeviceAuthorizationOutput, error)

StartDeviceAuthorizationWithContext is the same as StartDeviceAuthorization with the addition of the ability to pass a context and additional request options.

See StartDeviceAuthorization for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

type SlowDownException added in v1.28.0

type SlowDownException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be slow_down.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the client is making the request too frequently and is more than the service can handle.

func (*SlowDownException) Code added in v1.28.0

func (s *SlowDownException) Code() string

Code returns the exception type name.

func (*SlowDownException) Error added in v1.28.0

func (s *SlowDownException) Error() string

func (SlowDownException) GoString added in v1.28.0

func (s SlowDownException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*SlowDownException) Message added in v1.28.0

func (s *SlowDownException) Message() string

Message returns the exception's message.

func (*SlowDownException) OrigErr added in v1.28.0

func (s *SlowDownException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*SlowDownException) RequestID added in v1.28.0

func (s *SlowDownException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*SlowDownException) StatusCode added in v1.28.0

func (s *SlowDownException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (SlowDownException) String added in v1.28.0

func (s SlowDownException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type StartDeviceAuthorizationInput

type StartDeviceAuthorizationInput struct {

	// The unique identifier string for the client that is registered with IAM Identity
	// Center. This value should come from the persisted result of the RegisterClient
	// API operation.
	//
	// ClientId is a required field
	ClientId *string `locationName:"clientId" type:"string" required:"true"`

	// A secret string that is generated for the client. This value should come
	// from the persisted result of the RegisterClient API operation.
	//
	// ClientSecret is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's
	// String and GoString methods.
	//
	// ClientSecret is a required field
	ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`

	// The URL for the Amazon Web Services access portal. For more information,
	// see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
	// in the IAM Identity Center User Guide.
	//
	// StartUrl is a required field
	StartUrl *string `locationName:"startUrl" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (StartDeviceAuthorizationInput) GoString

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StartDeviceAuthorizationInput) SetClientId

SetClientId sets the ClientId field's value.

func (*StartDeviceAuthorizationInput) SetClientSecret

SetClientSecret sets the ClientSecret field's value.

func (*StartDeviceAuthorizationInput) SetStartUrl

SetStartUrl sets the StartUrl field's value.

func (StartDeviceAuthorizationInput) String

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StartDeviceAuthorizationInput) Validate

func (s *StartDeviceAuthorizationInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type StartDeviceAuthorizationOutput

type StartDeviceAuthorizationOutput struct {

	// The short-lived code that is used by the device when polling for a session
	// token.
	DeviceCode *string `locationName:"deviceCode" type:"string"`

	// Indicates the number of seconds in which the verification code will become
	// invalid.
	ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

	// Indicates the number of seconds the client must wait between attempts when
	// polling for a session.
	Interval *int64 `locationName:"interval" type:"integer"`

	// A one-time user verification code. This is needed to authorize an in-use
	// device.
	UserCode *string `locationName:"userCode" type:"string"`

	// The URI of the verification page that takes the userCode to authorize the
	// device.
	VerificationUri *string `locationName:"verificationUri" type:"string"`

	// An alternate URL that the client can use to automatically launch a browser.
	// This process skips the manual step in which the user visits the verification
	// page and enters their code.
	VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"`
	// contains filtered or unexported fields
}

func (StartDeviceAuthorizationOutput) GoString

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StartDeviceAuthorizationOutput) SetDeviceCode

SetDeviceCode sets the DeviceCode field's value.

func (*StartDeviceAuthorizationOutput) SetExpiresIn

SetExpiresIn sets the ExpiresIn field's value.

func (*StartDeviceAuthorizationOutput) SetInterval

SetInterval sets the Interval field's value.

func (*StartDeviceAuthorizationOutput) SetUserCode

SetUserCode sets the UserCode field's value.

func (*StartDeviceAuthorizationOutput) SetVerificationUri

SetVerificationUri sets the VerificationUri field's value.

func (*StartDeviceAuthorizationOutput) SetVerificationUriComplete

func (s *StartDeviceAuthorizationOutput) SetVerificationUriComplete(v string) *StartDeviceAuthorizationOutput

SetVerificationUriComplete sets the VerificationUriComplete field's value.

func (StartDeviceAuthorizationOutput) String

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UnauthorizedClientException added in v1.28.0

type UnauthorizedClientException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be unauthorized_client.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

func (*UnauthorizedClientException) Code added in v1.28.0

Code returns the exception type name.

func (*UnauthorizedClientException) Error added in v1.28.0

func (UnauthorizedClientException) GoString added in v1.28.0

func (s UnauthorizedClientException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UnauthorizedClientException) Message added in v1.28.0

func (s *UnauthorizedClientException) Message() string

Message returns the exception's message.

func (*UnauthorizedClientException) OrigErr added in v1.28.0

func (s *UnauthorizedClientException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*UnauthorizedClientException) RequestID added in v1.28.0

func (s *UnauthorizedClientException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*UnauthorizedClientException) StatusCode added in v1.28.0

func (s *UnauthorizedClientException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (UnauthorizedClientException) String added in v1.28.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UnsupportedGrantTypeException added in v1.28.0

type UnsupportedGrantTypeException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// Single error code. For this exception the value will be unsupported_grant_type.
	Error_ *string `locationName:"error" type:"string"`

	// Human-readable text providing additional information, used to assist the
	// client developer in understanding the error that occurred.
	Error_description *string `locationName:"error_description" type:"string"`

	Message_ *string `locationName:"message" type:"string"`
	// contains filtered or unexported fields
}

Indicates that the grant type in the request is not supported by the service.

func (*UnsupportedGrantTypeException) Code added in v1.28.0

Code returns the exception type name.

func (*UnsupportedGrantTypeException) Error added in v1.28.0

func (UnsupportedGrantTypeException) GoString added in v1.28.0

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UnsupportedGrantTypeException) Message added in v1.28.0

Message returns the exception's message.

func (*UnsupportedGrantTypeException) OrigErr added in v1.28.0

func (s *UnsupportedGrantTypeException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*UnsupportedGrantTypeException) RequestID added in v1.28.0

func (s *UnsupportedGrantTypeException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*UnsupportedGrantTypeException) StatusCode added in v1.28.0

func (s *UnsupportedGrantTypeException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (UnsupportedGrantTypeException) String added in v1.28.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

Directories

Path Synopsis
Package ssooidciface provides an interface to enable mocking the AWS SSO OIDC service client for testing your code.
Package ssooidciface provides an interface to enable mocking the AWS SSO OIDC service client for testing your code.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL