ssooidc

package
v0.23.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2020 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package ssooidc provides the client and types for making API requests to SSO OIDC.

AWS Single Sign-On (SSO) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with AWS SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with AWS SSO. This service conforms with the OAuth 2.0 based implementation of the device authorization grant standard (https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628)).

For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the AWS SSO User Guide.

This API reference guide describes the AWS SSO OIDC operations that you can call programatically and includes detailed information on data types and errors.

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .Net, iOS, and Android. The SDKs provide a convenient way to create programmatic access to AWS SSO and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).

See https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10 for more information on this service.

See ssooidc package documentation for more information. https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/

Using the Client

To use SSO OIDC with the SDK use the New function to create a new service client. With that client you can make API requests to the service. These clients are safe to use concurrently.

See the SDK's documentation for more information on how to use the SDK. https://docs.aws.amazon.com/sdk-for-go/api/

See aws.Config documentation for more information on configuring SDK clients. https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config

See the SSO OIDC client for more information on creating client for this service. https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/#New

Index

Constants

View Source 
const (
	ServiceName = "SSO OIDC" // Service's name
	ServiceID   = "SSOOIDC"  // Service's identifier
	EndpointsID = "oidc"     // Service's Endpoint identifier
)
View Source 
const (

	// ErrCodeAccessDeniedException for service response error code
	// "AccessDeniedException".
	//
	// You do not have sufficient access to perform this action.
	ErrCodeAccessDeniedException = "AccessDeniedException"

	// ErrCodeAuthorizationPendingException for service response error code
	// "AuthorizationPendingException".
	//
	// Indicates that a request to authorize a client with an access user session
	// token is pending.
	ErrCodeAuthorizationPendingException = "AuthorizationPendingException"

	// ErrCodeExpiredTokenException for service response error code
	// "ExpiredTokenException".
	//
	// Indicates that the token issued by the service is expired and is no longer
	// valid.
	ErrCodeExpiredTokenException = "ExpiredTokenException"

	// ErrCodeInternalServerException for service response error code
	// "InternalServerException".
	//
	// Indicates that an error from the service occurred while trying to process
	// a request.
	ErrCodeInternalServerException = "InternalServerException"

	// ErrCodeInvalidClientException for service response error code
	// "InvalidClientException".
	//
	// Indicates that the clientId or clientSecret in the request is invalid. For
	// example, this can occur when a client sends an incorrect clientId or an expired
	// clientSecret.
	ErrCodeInvalidClientException = "InvalidClientException"

	// ErrCodeInvalidClientMetadataException for service response error code
	// "InvalidClientMetadataException".
	//
	// Indicates that the client information sent in the request during registration
	// is invalid.
	ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException"

	// ErrCodeInvalidGrantException for service response error code
	// "InvalidGrantException".
	//
	// Indicates that a request contains an invalid grant. This can occur if a client
	// makes a CreateToken request with an invalid grant type.
	ErrCodeInvalidGrantException = "InvalidGrantException"

	// ErrCodeInvalidRequestException for service response error code
	// "InvalidRequestException".
	//
	// Indicates that something is wrong with the input to the request. For example,
	// a required parameter might be missing or out of range.
	ErrCodeInvalidRequestException = "InvalidRequestException"

	// ErrCodeInvalidScopeException for service response error code
	// "InvalidScopeException".
	//
	// Indicates that the scope provided in the request is invalid.
	ErrCodeInvalidScopeException = "InvalidScopeException"

	// ErrCodeSlowDownException for service response error code
	// "SlowDownException".
	//
	// Indicates that the client is making the request too frequently and is more
	// than the service can handle.
	ErrCodeSlowDownException = "SlowDownException"

	// ErrCodeUnauthorizedClientException for service response error code
	// "UnauthorizedClientException".
	//
	// Indicates that the client is not currently authorized to make the request.
	// This can happen when a clientId is not issued for a public client.
	ErrCodeUnauthorizedClientException = "UnauthorizedClientException"

	// ErrCodeUnsupportedGrantTypeException for service response error code
	// "UnsupportedGrantTypeException".
	//
	// Indicates that the grant type in the request is not supported by the service.
	ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
	*aws.Client
}

Client provides the API operation methods for making requests to SSO OIDC. See this package's package overview docs for details on the service.

The client's methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.

func New 

func New(config aws.Config) *Client

New creates a new instance of the client from the provided Config.

Example: 

// Create a client from just a config.
svc := ssooidc.New(myConfig)

func (*Client) CreateTokenRequest 

func (c *Client) CreateTokenRequest(input *CreateTokenInput) CreateTokenRequest

CreateTokenRequest returns a request value for making API operation for AWS SSO OIDC.

Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account. 

// Example sending a request using CreateTokenRequest.
req := client.CreateTokenRequest(params)
resp, err := req.Send(context.TODO())
if err == nil {
    fmt.Println(resp)
}

Please also see https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken

func (*Client) RegisterClientRequest 

func (c *Client) RegisterClientRequest(input *RegisterClientInput) RegisterClientRequest

RegisterClientRequest returns a request value for making API operation for AWS SSO OIDC.

Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests. 

// Example sending a request using RegisterClientRequest.
req := client.RegisterClientRequest(params)
resp, err := req.Send(context.TODO())
if err == nil {
    fmt.Println(resp)
}

Please also see https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient

func (*Client) StartDeviceAuthorizationRequest 

func (c *Client) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) StartDeviceAuthorizationRequest

StartDeviceAuthorizationRequest returns a request value for making API operation for AWS SSO OIDC.

Initiates device authorization by requesting a pair of verification codes from the authorization service. 

// Example sending a request using StartDeviceAuthorizationRequest.
req := client.StartDeviceAuthorizationRequest(params)
resp, err := req.Send(context.TODO())
if err == nil {
    fmt.Println(resp)
}

Please also see https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization

type CreateTokenInput 

type CreateTokenInput struct {

	// The unique identifier string for each client. This value should come from
	// the persisted result of the RegisterClient API.
	//
	// ClientId is a required field
	ClientId *string `locationName:"clientId" type:"string" required:"true"`

	// A secret string generated for the client. This value should come from the
	// persisted result of the RegisterClient API.
	//
	// ClientSecret is a required field
	ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"`

	// The authorization code received from the authorization service. This parameter
	// is required to perform an authorization grant request to get access to a
	// token.
	Code *string `locationName:"code" type:"string"`

	// Used only when calling this API for the device code grant type. This short-term
	// code is used to identify this authentication attempt. This should come from
	// an in-memory reference to the result of the StartDeviceAuthorization API.
	//
	// DeviceCode is a required field
	DeviceCode *string `locationName:"deviceCode" type:"string" required:"true"`

	// Supports grant types for authorization code, refresh token, and device code
	// request.
	//
	// GrantType is a required field
	GrantType *string `locationName:"grantType" type:"string" required:"true"`

	// The location of the application that will receive the authorization code.
	// Users authorize the service to send the request to this location.
	RedirectUri *string `locationName:"redirectUri" type:"string"`

	// The token used to obtain an access token in the event that the access token
	// is invalid or expired. This token is not issued by the service.
	RefreshToken *string `locationName:"refreshToken" type:"string"`

	// The list of scopes that is defined by the client. Upon authorization, this
	// list is used to restrict permissions when granting an access token.
	Scope []string `locationName:"scope" type:"list"`
	// contains filtered or unexported fields
}

func (CreateTokenInput) MarshalFields 

func (s CreateTokenInput) MarshalFields(e protocol.FieldEncoder) error

MarshalFields encodes the AWS API shape using the passed in protocol encoder.

func (CreateTokenInput) String 

func (s CreateTokenInput) String() string

String returns the string representation

func (*CreateTokenInput) Validate 

func (s *CreateTokenInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CreateTokenOutput 

type CreateTokenOutput struct {

	// An opaque token to access AWS SSO resources assigned to a user.
	AccessToken *string `locationName:"accessToken" type:"string"`

	// Indicates the time in seconds when an access token will expire.
	ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

	// The identifier of the user that associated with the access token, if present.
	IdToken *string `locationName:"idToken" type:"string"`

	// A token that, if present, can be used to refresh a previously issued access
	// token that might have expired.
	RefreshToken *string `locationName:"refreshToken" type:"string"`

	// Used to notify the client that the returned token is an access token. The
	// supported type is BearerToken.
	TokenType *string `locationName:"tokenType" type:"string"`
	// contains filtered or unexported fields
}

func (CreateTokenOutput) MarshalFields 

func (s CreateTokenOutput) MarshalFields(e protocol.FieldEncoder) error

MarshalFields encodes the AWS API shape using the passed in protocol encoder.

func (CreateTokenOutput) String 

func (s CreateTokenOutput) String() string

String returns the string representation

type CreateTokenRequest 

type CreateTokenRequest struct {
	*aws.Request
	Input *CreateTokenInput
	Copy  func(*CreateTokenInput) CreateTokenRequest
}

CreateTokenRequest is the request type for the CreateToken API operation.

func (CreateTokenRequest) Send 

func (r CreateTokenRequest) Send(ctx context.Context) (*CreateTokenResponse, error)

Send marshals and sends the CreateToken API request.

type CreateTokenResponse 

type CreateTokenResponse struct {
	*CreateTokenOutput
	// contains filtered or unexported fields
}

CreateTokenResponse is the response type for the CreateToken API operation.

func (*CreateTokenResponse) SDKResponseMetdata 

func (r *CreateTokenResponse) SDKResponseMetdata() *aws.Response

SDKResponseMetdata returns the response metadata for the CreateToken request.

type RegisterClientInput 

type RegisterClientInput struct {

	// The friendly name of the client.
	//
	// ClientName is a required field
	ClientName *string `locationName:"clientName" type:"string" required:"true"`

	// The type of client. The service supports only public as a client type. Anything
	// other than public will be rejected by the service.
	//
	// ClientType is a required field
	ClientType *string `locationName:"clientType" type:"string" required:"true"`

	// The list of scopes that are defined by the client. Upon authorization, this
	// list is used to restrict permissions when granting an access token.
	Scopes []string `locationName:"scopes" type:"list"`
	// contains filtered or unexported fields
}

func (RegisterClientInput) MarshalFields 

func (s RegisterClientInput) MarshalFields(e protocol.FieldEncoder) error

MarshalFields encodes the AWS API shape using the passed in protocol encoder.

func (RegisterClientInput) String 

func (s RegisterClientInput) String() string

String returns the string representation

func (*RegisterClientInput) Validate 

func (s *RegisterClientInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type RegisterClientOutput 

type RegisterClientOutput struct {

	// The endpoint where the client can request authorization.
	AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`

	// The unique identifier string for each client. This client uses this identifier
	// to get authenticated by the service in subsequent calls.
	ClientId *string `locationName:"clientId" type:"string"`

	// Indicates the time at which the clientId and clientSecret were issued.
	ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"`

	// A secret string generated for the client. The client will use this string
	// to get authenticated by the service in subsequent calls.
	ClientSecret *string `locationName:"clientSecret" type:"string"`

	// Indicates the time at which the clientId and clientSecret will become invalid.
	ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`

	// The endpoint where the client can get an access token.
	TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
	// contains filtered or unexported fields
}

func (RegisterClientOutput) MarshalFields 

func (s RegisterClientOutput) MarshalFields(e protocol.FieldEncoder) error

MarshalFields encodes the AWS API shape using the passed in protocol encoder.

func (RegisterClientOutput) String 

func (s RegisterClientOutput) String() string

String returns the string representation

type RegisterClientRequest 

type RegisterClientRequest struct {
	*aws.Request
	Input *RegisterClientInput
	Copy  func(*RegisterClientInput) RegisterClientRequest
}

RegisterClientRequest is the request type for the RegisterClient API operation.

func (RegisterClientRequest) Send 

func (r RegisterClientRequest) Send(ctx context.Context) (*RegisterClientResponse, error)

Send marshals and sends the RegisterClient API request.

type RegisterClientResponse 

type RegisterClientResponse struct {
	*RegisterClientOutput
	// contains filtered or unexported fields
}

RegisterClientResponse is the response type for the RegisterClient API operation.

func (*RegisterClientResponse) SDKResponseMetdata 

func (r *RegisterClientResponse) SDKResponseMetdata() *aws.Response

SDKResponseMetdata returns the response metadata for the RegisterClient request.

type StartDeviceAuthorizationInput 

type StartDeviceAuthorizationInput struct {

	// The unique identifier string for the client that is registered with AWS SSO.
	// This value should come from the persisted result of the RegisterClient API
	// operation.
	//
	// ClientId is a required field
	ClientId *string `locationName:"clientId" type:"string" required:"true"`

	// A secret string that is generated for the client. This value should come
	// from the persisted result of the RegisterClient API operation.
	//
	// ClientSecret is a required field
	ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"`

	// The URL for the AWS SSO user portal. For more information, see Using the
	// User Portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
	// in the AWS Single Sign-On User Guide.
	//
	// StartUrl is a required field
	StartUrl *string `locationName:"startUrl" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (StartDeviceAuthorizationInput) MarshalFields 

func (s StartDeviceAuthorizationInput) MarshalFields(e protocol.FieldEncoder) error

MarshalFields encodes the AWS API shape using the passed in protocol encoder.

func (StartDeviceAuthorizationInput) String 

func (s StartDeviceAuthorizationInput) String() string

String returns the string representation

func (*StartDeviceAuthorizationInput) Validate 

func (s *StartDeviceAuthorizationInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type StartDeviceAuthorizationOutput 

type StartDeviceAuthorizationOutput struct {

	// The short-lived code that is used by the device when polling for a session
	// token.
	DeviceCode *string `locationName:"deviceCode" type:"string"`

	// Indicates the number of seconds in which the verification code will become
	// invalid.
	ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

	// Indicates the number of seconds the client must wait between attempts when
	// polling for a session.
	Interval *int64 `locationName:"interval" type:"integer"`

	// A one-time user verification code. This is needed to authorize an in-use
	// device.
	UserCode *string `locationName:"userCode" type:"string"`

	// The URI of the verification page that takes the userCode to authorize the
	// device.
	VerificationUri *string `locationName:"verificationUri" type:"string"`

	// An alternate URL that the client can use to automatically launch a browser.
	// This process skips the manual step in which the user visits the verification
	// page and enters their code.
	VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"`
	// contains filtered or unexported fields
}

func (StartDeviceAuthorizationOutput) MarshalFields 

func (s StartDeviceAuthorizationOutput) MarshalFields(e protocol.FieldEncoder) error

MarshalFields encodes the AWS API shape using the passed in protocol encoder.

func (StartDeviceAuthorizationOutput) String 

func (s StartDeviceAuthorizationOutput) String() string

String returns the string representation

type StartDeviceAuthorizationRequest 

type StartDeviceAuthorizationRequest struct {
	*aws.Request
	Input *StartDeviceAuthorizationInput
	Copy  func(*StartDeviceAuthorizationInput) StartDeviceAuthorizationRequest
}

StartDeviceAuthorizationRequest is the request type for the StartDeviceAuthorization API operation.

func (StartDeviceAuthorizationRequest) Send 

func (r StartDeviceAuthorizationRequest) Send(ctx context.Context) (*StartDeviceAuthorizationResponse, error)

Send marshals and sends the StartDeviceAuthorization API request.

type StartDeviceAuthorizationResponse 

type StartDeviceAuthorizationResponse struct {
	*StartDeviceAuthorizationOutput
	// contains filtered or unexported fields
}

StartDeviceAuthorizationResponse is the response type for the StartDeviceAuthorization API operation.

func (*StartDeviceAuthorizationResponse) SDKResponseMetdata 

func (r *StartDeviceAuthorizationResponse) SDKResponseMetdata() *aws.Response

SDKResponseMetdata returns the response metadata for the StartDeviceAuthorization request.

Source Files

View all Source files

Directories

Path Synopsis
Package ssooidciface provides an interface to enable mocking the AWS SSO OIDC service client for testing your code.
 Package ssooidciface provides an interface to enable mocking the AWS SSO OIDC service client for testing your code.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.