Documentation
¶
Overview ¶
Package ssooidc provides the API client, operations, and parameter types for AWS SSO OIDC.
AWS Single Sign-On (SSO) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with AWS SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with AWS SSO. This service conforms with the OAuth 2.0 based implementation of the device authorization grant standard (https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628)). For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the AWS SSO User Guide. This API reference guide describes the AWS SSO OIDC operations that you can call programatically and includes detailed information on data types and errors. AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .Net, iOS, and Android. The SDKs provide a convenient way to create programmatic access to AWS SSO and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
Index ¶
- Constants
- func NewDefaultEndpointResolver() *internalendpoints.Resolver
- func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)
- func WithEndpointResolver(v EndpointResolver) func(*Options)
- type Client
- func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error)
- func (c *Client) RegisterClient(ctx context.Context, params *RegisterClientInput, optFns ...func(*Options)) (*RegisterClientOutput, error)
- func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDeviceAuthorizationInput, ...) (*StartDeviceAuthorizationOutput, error)
- type CreateTokenInput
- type CreateTokenOutput
- type EndpointResolver
- type EndpointResolverFunc
- type EndpointResolverOptions
- type HTTPClient
- type HTTPSignerV4
- type Options
- type RegisterClientInput
- type RegisterClientOutput
- type ResolveEndpoint
- type StartDeviceAuthorizationInput
- type StartDeviceAuthorizationOutput
Constants ¶
const ServiceAPIVersion = "2019-06-10"
const ServiceID = "SSO OIDC"
Variables ¶
This section is empty.
Functions ¶
func NewDefaultEndpointResolver ¶
func NewDefaultEndpointResolver() *internalendpoints.Resolver
NewDefaultEndpointResolver constructs a new service endpoint resolver
func WithAPIOptions ¶ added in v1.0.0
func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)
WithAPIOptions returns a functional option for setting the Client's APIOptions option.
func WithEndpointResolver ¶
func WithEndpointResolver(v EndpointResolver) func(*Options)
WithEndpointResolver returns a functional option for setting the Client's EndpointResolver option.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client provides the API client to make operations call for AWS SSO OIDC.
func New ¶
New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.
func NewFromConfig ¶
NewFromConfig returns a new client from the provided config.
func (*Client) CreateToken ¶
func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error)
Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
func (*Client) RegisterClient ¶
func (c *Client) RegisterClient(ctx context.Context, params *RegisterClientInput, optFns ...func(*Options)) (*RegisterClientOutput, error)
Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
func (*Client) StartDeviceAuthorization ¶
func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDeviceAuthorizationInput, optFns ...func(*Options)) (*StartDeviceAuthorizationOutput, error)
Initiates device authorization by requesting a pair of verification codes from the authorization service.
type CreateTokenInput ¶
type CreateTokenInput struct {
// The unique identifier string for each client. This value should come from the
// persisted result of the RegisterClient API.
//
// This member is required.
ClientId *string
// A secret string generated for the client. This value should come from the
// persisted result of the RegisterClient API.
//
// This member is required.
ClientSecret *string
// Supports grant types for authorization code, refresh token, and device code
// request.
//
// This member is required.
GrantType *string
// The authorization code received from the authorization service. This parameter
// is required to perform an authorization grant request to get access to a token.
Code *string
// Used only when calling this API for the device code grant type. This short-term
// code is used to identify this authentication attempt. This should come from an
// in-memory reference to the result of the StartDeviceAuthorization API.
DeviceCode *string
// The location of the application that will receive the authorization code. Users
// authorize the service to send the request to this location.
RedirectUri *string
// The token used to obtain an access token in the event that the access token is
// invalid or expired. This token is not issued by the service.
RefreshToken *string
// The list of scopes that is defined by the client. Upon authorization, this list
// is used to restrict permissions when granting an access token.
Scope []string
// contains filtered or unexported fields
}
type CreateTokenOutput ¶
type CreateTokenOutput struct {
// An opaque token to access AWS SSO resources assigned to a user.
AccessToken *string
// Indicates the time in seconds when an access token will expire.
ExpiresIn int32
// The identifier of the user that associated with the access token, if present.
IdToken *string
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired.
RefreshToken *string
// Used to notify the client that the returned token is an access token. The
// supported type is BearerToken.
TokenType *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
// contains filtered or unexported fields
}
type EndpointResolver ¶
type EndpointResolver interface {
ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}
EndpointResolver interface for resolving service endpoints.
func EndpointResolverFromURL ¶ added in v1.1.0
func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver
EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.
type EndpointResolverFunc ¶
type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)
EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.
func (EndpointResolverFunc) ResolveEndpoint ¶
func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)
type EndpointResolverOptions ¶ added in v0.29.0
type EndpointResolverOptions = internalendpoints.Options
EndpointResolverOptions is the service endpoint resolver options
type HTTPSignerV4 ¶
type Options ¶
type Options struct {
// Set of options to modify how an operation is invoked. These apply to all
// operations invoked for this client. Use functional options on operation call to
// modify this list for per operation behavior.
APIOptions []func(*middleware.Stack) error
// Configures the events that will be sent to the configured logger.
ClientLogMode aws.ClientLogMode
// The credentials object to use when signing requests.
Credentials aws.CredentialsProvider
// The configuration DefaultsMode that the SDK should use when constructing the
// clients initial default settings.
DefaultsMode aws.DefaultsMode
// The endpoint options to be used when attempting to resolve an endpoint.
EndpointOptions EndpointResolverOptions
// The service endpoint resolver.
EndpointResolver EndpointResolver
// Signature Version 4 (SigV4) Signer
HTTPSignerV4 HTTPSignerV4
// The logger writer interface to write logging messages to.
Logger logging.Logger
// The region to send requests to. (Required)
Region string
// RetryMaxAttempts specifies the maximum number attempts an API client will call
// an operation that fails with a retryable error. A value of 0 is ignored, and
// will not be used to configure the API client created default retryer, or modify
// per operation call's retry max attempts. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. If specified in an operation call's functional
// options with a value that is different than the constructed client's Options,
// the Client's Retryer will be wrapped to use the operation's specific
// RetryMaxAttempts value.
RetryMaxAttempts int
// RetryMode specifies the retry mode the API client will be created with, if
// Retryer option is not also specified. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. Currently does not support per operation call
// overrides, may in the future.
RetryMode aws.RetryMode
// Retryer guides how HTTP requests should be retried in case of recoverable
// failures. When nil the API client will use a default retryer. The kind of
// default retry created by the API client can be changed with the RetryMode
// option.
Retryer aws.Retryer
// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
// should not populate this structure programmatically, or rely on the values here
// within your applications.
RuntimeEnvironment aws.RuntimeEnvironment
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
// implementation if nil.
HTTPClient HTTPClient
// contains filtered or unexported fields
}
type RegisterClientInput ¶
type RegisterClientInput struct {
// The friendly name of the client.
//
// This member is required.
ClientName *string
// The type of client. The service supports only public as a client type. Anything
// other than public will be rejected by the service.
//
// This member is required.
ClientType *string
// The list of scopes that are defined by the client. Upon authorization, this list
// is used to restrict permissions when granting an access token.
Scopes []string
// contains filtered or unexported fields
}
type RegisterClientOutput ¶
type RegisterClientOutput struct {
// The endpoint where the client can request authorization.
AuthorizationEndpoint *string
// The unique identifier string for each client. This client uses this identifier
// to get authenticated by the service in subsequent calls.
ClientId *string
// Indicates the time at which the clientId and clientSecret were issued.
ClientIdIssuedAt int64
// A secret string generated for the client. The client will use this string to get
// authenticated by the service in subsequent calls.
ClientSecret *string
// Indicates the time at which the clientId and clientSecret will become invalid.
ClientSecretExpiresAt int64
// The endpoint where the client can get an access token.
TokenEndpoint *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
// contains filtered or unexported fields
}
type ResolveEndpoint ¶
type ResolveEndpoint struct {
Resolver EndpointResolver
Options EndpointResolverOptions
}
func (*ResolveEndpoint) HandleSerialize ¶
func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( out middleware.SerializeOutput, metadata middleware.Metadata, err error, )
func (*ResolveEndpoint) ID ¶
func (*ResolveEndpoint) ID() string
type StartDeviceAuthorizationInput ¶
type StartDeviceAuthorizationInput struct {
// The unique identifier string for the client that is registered with AWS SSO.
// This value should come from the persisted result of the RegisterClient API
// operation.
//
// This member is required.
ClientId *string
// A secret string that is generated for the client. This value should come from
// the persisted result of the RegisterClient API operation.
//
// This member is required.
ClientSecret *string
// The URL for the AWS SSO user portal. For more information, see Using the User
// Portal
// (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// in the AWS Single Sign-On User Guide.
//
// This member is required.
StartUrl *string
// contains filtered or unexported fields
}
type StartDeviceAuthorizationOutput ¶
type StartDeviceAuthorizationOutput struct {
// The short-lived code that is used by the device when polling for a session
// token.
DeviceCode *string
// Indicates the number of seconds in which the verification code will become
// invalid.
ExpiresIn int32
// Indicates the number of seconds the client must wait between attempts when
// polling for a session.
Interval int32
// A one-time user verification code. This is needed to authorize an in-use device.
UserCode *string
// The URI of the verification page that takes the userCode to authorize the
// device.
VerificationUri *string
// An alternate URL that the client can use to automatically launch a browser. This
// process skips the manual step in which the user visits the verification page and
// enters their code.
VerificationUriComplete *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
// contains filtered or unexported fields
}
Source Files
Directories