1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package ssooidc
4
5import (
6 "context"
7 "fmt"
8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9 "github.com/aws/smithy-go/middleware"
10 smithyhttp "github.com/aws/smithy-go/transport/http"
11)
12
13// Creates and returns access and refresh tokens for clients that are
14// authenticated using client secrets. The access token can be used to fetch
15// short-term credentials for the assigned AWS accounts or to access application
16// APIs using bearer authentication.
17func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error) {
18 if params == nil {
19 params = &CreateTokenInput{}
20 }
21
22 result, metadata, err := c.invokeOperation(ctx, "CreateToken", params, optFns, c.addOperationCreateTokenMiddlewares)
23 if err != nil {
24 return nil, err
25 }
26
27 out := result.(*CreateTokenOutput)
28 out.ResultMetadata = metadata
29 return out, nil
30}
31
32type CreateTokenInput struct {
33
34 // The unique identifier string for the client or application. This value comes
35 // from the result of the RegisterClientAPI.
36 //
37 // This member is required.
38 ClientId *string
39
40 // A secret string generated for the client. This value should come from the
41 // persisted result of the RegisterClientAPI.
42 //
43 // This member is required.
44 ClientSecret *string
45
46 // Supports the following OAuth grant types: Device Code and Refresh Token.
47 // Specify either of the following values, depending on the grant type that you
48 // want:
49 //
50 // * Device Code - urn:ietf:params:oauth:grant-type:device_code
51 //
52 // * Refresh Token - refresh_token
53 //
54 // For information about how to obtain the device code, see the StartDeviceAuthorization topic.
55 //
56 // This member is required.
57 GrantType *string
58
59 // Used only when calling this API for the Authorization Code grant type. The
60 // short-term code is used to identify this authorization request. This grant type
61 // is currently unsupported for the CreateTokenAPI.
62 Code *string
63
64 // Used only when calling this API for the Authorization Code grant type. This
65 // value is generated by the client and presented to validate the original code
66 // challenge value the client passed at authorization time.
67 CodeVerifier *string
68
69 // Used only when calling this API for the Device Code grant type. This short-term
70 // code is used to identify this authorization request. This comes from the result
71 // of the StartDeviceAuthorizationAPI.
72 DeviceCode *string
73
74 // Used only when calling this API for the Authorization Code grant type. This
75 // value specifies the location of the client or application that has registered to
76 // receive the authorization code.
77 RedirectUri *string
78
79 // Used only when calling this API for the Refresh Token grant type. This token is
80 // used to refresh short-term tokens, such as the access token, that might expire.
81 //
82 // For more information about the features and limitations of the current IAM
83 // Identity Center OIDC implementation, see Considerations for Using this Guide in
84 // the [IAM Identity Center OIDC API Reference].
85 //
86 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
87 RefreshToken *string
88
89 // The list of scopes for which authorization is requested. The access token that
90 // is issued is limited to the scopes that are granted. If this value is not
91 // specified, IAM Identity Center authorizes all scopes that are configured for the
92 // client during the call to RegisterClient.
93 Scope []string
94
95 noSmithyDocumentSerde
96}
97
98type CreateTokenOutput struct {
99
100 // A bearer token to access Amazon Web Services accounts and applications assigned
101 // to a user.
102 AccessToken *string
103
104 // Indicates the time in seconds when an access token will expire.
105 ExpiresIn int32
106
107 // The idToken is not implemented or supported. For more information about the
108 // features and limitations of the current IAM Identity Center OIDC implementation,
109 // see Considerations for Using this Guide in the [IAM Identity Center OIDC API Reference].
110 //
111 // A JSON Web Token (JWT) that identifies who is associated with the issued access
112 // token.
113 //
114 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
115 IdToken *string
116
117 // A token that, if present, can be used to refresh a previously issued access
118 // token that might have expired.
119 //
120 // For more information about the features and limitations of the current IAM
121 // Identity Center OIDC implementation, see Considerations for Using this Guide in
122 // the [IAM Identity Center OIDC API Reference].
123 //
124 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
125 RefreshToken *string
126
127 // Used to notify the client that the returned token is an access token. The
128 // supported token type is Bearer .
129 TokenType *string
130
131 // Metadata pertaining to the operation's result.
132 ResultMetadata middleware.Metadata
133
134 noSmithyDocumentSerde
135}
136
137func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
138 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
139 return err
140 }
141 err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateToken{}, middleware.After)
142 if err != nil {
143 return err
144 }
145 err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateToken{}, middleware.After)
146 if err != nil {
147 return err
148 }
149 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateToken"); err != nil {
150 return fmt.Errorf("add protocol finalizers: %v", err)
151 }
152
153 if err = addlegacyEndpointContextSetter(stack, options); err != nil {
154 return err
155 }
156 if err = addSetLoggerMiddleware(stack, options); err != nil {
157 return err
158 }
159 if err = addClientRequestID(stack); err != nil {
160 return err
161 }
162 if err = addComputeContentLength(stack); err != nil {
163 return err
164 }
165 if err = addResolveEndpointMiddleware(stack, options); err != nil {
166 return err
167 }
168 if err = addRetry(stack, options); err != nil {
169 return err
170 }
171 if err = addRawResponseToMetadata(stack); err != nil {
172 return err
173 }
174 if err = addRecordResponseTiming(stack); err != nil {
175 return err
176 }
177 if err = addClientUserAgent(stack, options); err != nil {
178 return err
179 }
180 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
181 return err
182 }
183 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
184 return err
185 }
186 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
187 return err
188 }
189 if err = addTimeOffsetBuild(stack, c); err != nil {
190 return err
191 }
192 if err = addUserAgentRetryMode(stack, options); err != nil {
193 return err
194 }
195 if err = addOpCreateTokenValidationMiddleware(stack); err != nil {
196 return err
197 }
198 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil {
199 return err
200 }
201 if err = addRecursionDetection(stack); err != nil {
202 return err
203 }
204 if err = addRequestIDRetrieverMiddleware(stack); err != nil {
205 return err
206 }
207 if err = addResponseErrorMiddleware(stack); err != nil {
208 return err
209 }
210 if err = addRequestResponseLogging(stack, options); err != nil {
211 return err
212 }
213 if err = addDisableHTTPSMiddleware(stack, options); err != nil {
214 return err
215 }
216 return nil
217}
218
219func newServiceMetadataMiddleware_opCreateToken(region string) *awsmiddleware.RegisterServiceMetadata {
220 return &awsmiddleware.RegisterServiceMetadata{
221 Region: region,
222 ServiceID: ServiceID,
223 OperationName: "CreateToken",
224 }
225}