1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package ssooidc 4 5 import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11 ) 12 13 // Creates and returns access and refresh tokens for clients and applications that 14 // are authenticated using IAM entities. The access token can be used to fetch 15 // short-term credentials for the assigned AWS accounts or to access application 16 // APIs using bearer authentication. 17 func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) { 18 if params == nil { 19 params = &CreateTokenWithIAMInput{} 20 } 21 22 result, metadata, err := c.invokeOperation(ctx, "CreateTokenWithIAM", params, optFns, c.addOperationCreateTokenWithIAMMiddlewares) 23 if err != nil { 24 return nil, err 25 } 26 27 out := result.(*CreateTokenWithIAMOutput) 28 out.ResultMetadata = metadata 29 return out, nil 30 } 31 32 type CreateTokenWithIAMInput struct { 33 34 // The unique identifier string for the client or application. This value is an 35 // application ARN that has OAuth grants configured. 36 // 37 // This member is required. 38 ClientId *string 39 40 // Supports the following OAuth grant types: Authorization Code, Refresh Token, 41 // JWT Bearer, and Token Exchange. Specify one of the following values, depending 42 // on the grant type that you want: * Authorization Code - authorization_code * 43 // Refresh Token - refresh_token * JWT Bearer - 44 // urn:ietf:params:oauth:grant-type:jwt-bearer * Token Exchange - 45 // urn:ietf:params:oauth:grant-type:token-exchange 46 // 47 // This member is required. 48 GrantType *string 49 50 // Used only when calling this API for the JWT Bearer grant type. This value 51 // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To 52 // authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the 53 // application. 54 Assertion *string 55 56 // Used only when calling this API for the Authorization Code grant type. This 57 // short-term code is used to identify this authorization request. The code is 58 // obtained through a redirect from IAM Identity Center to a redirect URI persisted 59 // in the Authorization Code GrantOptions for the application. 60 Code *string 61 62 // Used only when calling this API for the Authorization Code grant type. This 63 // value specifies the location of the client or application that has registered to 64 // receive the authorization code. 65 RedirectUri *string 66 67 // Used only when calling this API for the Refresh Token grant type. This token is 68 // used to refresh short-term tokens, such as the access token, that might expire. 69 // For more information about the features and limitations of the current IAM 70 // Identity Center OIDC implementation, see Considerations for Using this Guide in 71 // the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) 72 // . 73 RefreshToken *string 74 75 // Used only when calling this API for the Token Exchange grant type. This value 76 // specifies the type of token that the requester can receive. The following values 77 // are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token * 78 // Refresh Token - urn:ietf:params:oauth:token-type:refresh_token 79 RequestedTokenType *string 80 81 // The list of scopes for which authorization is requested. The access token that 82 // is issued is limited to the scopes that are granted. If the value is not 83 // specified, IAM Identity Center authorizes all scopes configured for the 84 // application, including the following default scopes: openid , aws , 85 // sts:identity_context . 86 Scope []string 87 88 // Used only when calling this API for the Token Exchange grant type. This value 89 // specifies the subject of the exchange. The value of the subject token must be an 90 // access token issued by IAM Identity Center to a different client or application. 91 // The access token must have authorized scopes that indicate the requested 92 // application as a target audience. 93 SubjectToken *string 94 95 // Used only when calling this API for the Token Exchange grant type. This value 96 // specifies the type of token that is passed as the subject of the exchange. The 97 // following value is supported: * Access Token - 98 // urn:ietf:params:oauth:token-type:access_token 99 SubjectTokenType *string 100 101 noSmithyDocumentSerde 102 } 103 104 type CreateTokenWithIAMOutput struct { 105 106 // A bearer token to access AWS accounts and applications assigned to a user. 107 AccessToken *string 108 109 // Indicates the time in seconds when an access token will expire. 110 ExpiresIn int32 111 112 // A JSON Web Token (JWT) that identifies the user associated with the issued 113 // access token. 114 IdToken *string 115 116 // Indicates the type of tokens that are issued by IAM Identity Center. The 117 // following values are supported: * Access Token - 118 // urn:ietf:params:oauth:token-type:access_token * Refresh Token - 119 // urn:ietf:params:oauth:token-type:refresh_token 120 IssuedTokenType *string 121 122 // A token that, if present, can be used to refresh a previously issued access 123 // token that might have expired. For more information about the features and 124 // limitations of the current IAM Identity Center OIDC implementation, see 125 // Considerations for Using this Guide in the IAM Identity Center OIDC API 126 // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) 127 // . 128 RefreshToken *string 129 130 // The list of scopes for which authorization is granted. The access token that is 131 // issued is limited to the scopes that are granted. 132 Scope []string 133 134 // Used to notify the requester that the returned token is an access token. The 135 // supported token type is Bearer . 136 TokenType *string 137 138 // Metadata pertaining to the operation's result. 139 ResultMetadata middleware.Metadata 140 141 noSmithyDocumentSerde 142 } 143 144 func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { 145 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { 146 return err 147 } 148 err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateTokenWithIAM{}, middleware.After) 149 if err != nil { 150 return err 151 } 152 err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateTokenWithIAM{}, middleware.After) 153 if err != nil { 154 return err 155 } 156 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateTokenWithIAM"); err != nil { 157 return fmt.Errorf("add protocol finalizers: %v", err) 158 } 159 160 if err = addlegacyEndpointContextSetter(stack, options); err != nil { 161 return err 162 } 163 if err = addSetLoggerMiddleware(stack, options); err != nil { 164 return err 165 } 166 if err = addClientRequestID(stack); err != nil { 167 return err 168 } 169 if err = addComputeContentLength(stack); err != nil { 170 return err 171 } 172 if err = addResolveEndpointMiddleware(stack, options); err != nil { 173 return err 174 } 175 if err = addComputePayloadSHA256(stack); err != nil { 176 return err 177 } 178 if err = addRetry(stack, options); err != nil { 179 return err 180 } 181 if err = addRawResponseToMetadata(stack); err != nil { 182 return err 183 } 184 if err = addRecordResponseTiming(stack); err != nil { 185 return err 186 } 187 if err = addClientUserAgent(stack, options); err != nil { 188 return err 189 } 190 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 191 return err 192 } 193 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 194 return err 195 } 196 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { 197 return err 198 } 199 if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil { 200 return err 201 } 202 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil { 203 return err 204 } 205 if err = addRecursionDetection(stack); err != nil { 206 return err 207 } 208 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 209 return err 210 } 211 if err = addResponseErrorMiddleware(stack); err != nil { 212 return err 213 } 214 if err = addRequestResponseLogging(stack, options); err != nil { 215 return err 216 } 217 if err = addDisableHTTPSMiddleware(stack, options); err != nil { 218 return err 219 } 220 return nil 221 } 222 223 func newServiceMetadataMiddleware_opCreateTokenWithIAM(region string) *awsmiddleware.RegisterServiceMetadata { 224 return &awsmiddleware.RegisterServiceMetadata{ 225 Region: region, 226 ServiceID: ServiceID, 227 OperationName: "CreateTokenWithIAM", 228 } 229 } 230