1// Code generated by smithy-go-codegen DO NOT EDIT.
  2
  3package ssooidc
  4
  5import (
  6	"context"
  7	"fmt"
  8	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
  9	"github.com/aws/smithy-go/middleware"
 10	smithyhttp "github.com/aws/smithy-go/transport/http"
 11)
 12
 13// Creates and returns access and refresh tokens for clients and applications that
 14// are authenticated using IAM entities. The access token can be used to fetch
 15// short-term credentials for the assigned Amazon Web Services accounts or to
 16// access application APIs using bearer authentication.
 17func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) {
 18	if params == nil {
 19		params = &CreateTokenWithIAMInput{}
 20	}
 21
 22	result, metadata, err := c.invokeOperation(ctx, "CreateTokenWithIAM", params, optFns, c.addOperationCreateTokenWithIAMMiddlewares)
 23	if err != nil {
 24		return nil, err
 25	}
 26
 27	out := result.(*CreateTokenWithIAMOutput)
 28	out.ResultMetadata = metadata
 29	return out, nil
 30}
 31
 32type CreateTokenWithIAMInput struct {
 33
 34	// The unique identifier string for the client or application. This value is an
 35	// application ARN that has OAuth grants configured.
 36	//
 37	// This member is required.
 38	ClientId *string
 39
 40	// Supports the following OAuth grant types: Authorization Code, Refresh Token,
 41	// JWT Bearer, and Token Exchange. Specify one of the following values, depending
 42	// on the grant type that you want:
 43	//
 44	// * Authorization Code - authorization_code
 45	//
 46	// * Refresh Token - refresh_token
 47	//
 48	// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
 49	//
 50	// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
 51	//
 52	// This member is required.
 53	GrantType *string
 54
 55	// Used only when calling this API for the JWT Bearer grant type. This value
 56	// specifies the JSON Web Token (JWT) issued by a trusted token issuer. To
 57	// authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the
 58	// application.
 59	Assertion *string
 60
 61	// Used only when calling this API for the Authorization Code grant type. This
 62	// short-term code is used to identify this authorization request. The code is
 63	// obtained through a redirect from IAM Identity Center to a redirect URI persisted
 64	// in the Authorization Code GrantOptions for the application.
 65	Code *string
 66
 67	// Used only when calling this API for the Authorization Code grant type. This
 68	// value is generated by the client and presented to validate the original code
 69	// challenge value the client passed at authorization time.
 70	CodeVerifier *string
 71
 72	// Used only when calling this API for the Authorization Code grant type. This
 73	// value specifies the location of the client or application that has registered to
 74	// receive the authorization code.
 75	RedirectUri *string
 76
 77	// Used only when calling this API for the Refresh Token grant type. This token is
 78	// used to refresh short-term tokens, such as the access token, that might expire.
 79	//
 80	// For more information about the features and limitations of the current IAM
 81	// Identity Center OIDC implementation, see Considerations for Using this Guide in
 82	// the [IAM Identity Center OIDC API Reference].
 83	//
 84	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
 85	RefreshToken *string
 86
 87	// Used only when calling this API for the Token Exchange grant type. This value
 88	// specifies the type of token that the requester can receive. The following values
 89	// are supported:
 90	//
 91	// * Access Token - urn:ietf:params:oauth:token-type:access_token
 92	//
 93	// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
 94	RequestedTokenType *string
 95
 96	// The list of scopes for which authorization is requested. The access token that
 97	// is issued is limited to the scopes that are granted. If the value is not
 98	// specified, IAM Identity Center authorizes all scopes configured for the
 99	// application, including the following default scopes: openid , aws ,
100	// sts:identity_context .
101	Scope []string
102
103	// Used only when calling this API for the Token Exchange grant type. This value
104	// specifies the subject of the exchange. The value of the subject token must be an
105	// access token issued by IAM Identity Center to a different client or application.
106	// The access token must have authorized scopes that indicate the requested
107	// application as a target audience.
108	SubjectToken *string
109
110	// Used only when calling this API for the Token Exchange grant type. This value
111	// specifies the type of token that is passed as the subject of the exchange. The
112	// following value is supported:
113	//
114	// * Access Token - urn:ietf:params:oauth:token-type:access_token
115	SubjectTokenType *string
116
117	noSmithyDocumentSerde
118}
119
120type CreateTokenWithIAMOutput struct {
121
122	// A bearer token to access Amazon Web Services accounts and applications assigned
123	// to a user.
124	AccessToken *string
125
126	// Indicates the time in seconds when an access token will expire.
127	ExpiresIn int32
128
129	// A JSON Web Token (JWT) that identifies the user associated with the issued
130	// access token.
131	IdToken *string
132
133	// Indicates the type of tokens that are issued by IAM Identity Center. The
134	// following values are supported:
135	//
136	// * Access Token - urn:ietf:params:oauth:token-type:access_token
137	//
138	// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
139	IssuedTokenType *string
140
141	// A token that, if present, can be used to refresh a previously issued access
142	// token that might have expired.
143	//
144	// For more information about the features and limitations of the current IAM
145	// Identity Center OIDC implementation, see Considerations for Using this Guide in
146	// the [IAM Identity Center OIDC API Reference].
147	//
148	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
149	RefreshToken *string
150
151	// The list of scopes for which authorization is granted. The access token that is
152	// issued is limited to the scopes that are granted.
153	Scope []string
154
155	// Used to notify the requester that the returned token is an access token. The
156	// supported token type is Bearer .
157	TokenType *string
158
159	// Metadata pertaining to the operation's result.
160	ResultMetadata middleware.Metadata
161
162	noSmithyDocumentSerde
163}
164
165func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) {
166	if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
167		return err
168	}
169	err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateTokenWithIAM{}, middleware.After)
170	if err != nil {
171		return err
172	}
173	err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateTokenWithIAM{}, middleware.After)
174	if err != nil {
175		return err
176	}
177	if err := addProtocolFinalizerMiddlewares(stack, options, "CreateTokenWithIAM"); err != nil {
178		return fmt.Errorf("add protocol finalizers: %v", err)
179	}
180
181	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
182		return err
183	}
184	if err = addSetLoggerMiddleware(stack, options); err != nil {
185		return err
186	}
187	if err = addClientRequestID(stack); err != nil {
188		return err
189	}
190	if err = addComputeContentLength(stack); err != nil {
191		return err
192	}
193	if err = addResolveEndpointMiddleware(stack, options); err != nil {
194		return err
195	}
196	if err = addComputePayloadSHA256(stack); err != nil {
197		return err
198	}
199	if err = addRetry(stack, options); err != nil {
200		return err
201	}
202	if err = addRawResponseToMetadata(stack); err != nil {
203		return err
204	}
205	if err = addRecordResponseTiming(stack); err != nil {
206		return err
207	}
208	if err = addClientUserAgent(stack, options); err != nil {
209		return err
210	}
211	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
212		return err
213	}
214	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
215		return err
216	}
217	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
218		return err
219	}
220	if err = addTimeOffsetBuild(stack, c); err != nil {
221		return err
222	}
223	if err = addUserAgentRetryMode(stack, options); err != nil {
224		return err
225	}
226	if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil {
227		return err
228	}
229	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil {
230		return err
231	}
232	if err = addRecursionDetection(stack); err != nil {
233		return err
234	}
235	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
236		return err
237	}
238	if err = addResponseErrorMiddleware(stack); err != nil {
239		return err
240	}
241	if err = addRequestResponseLogging(stack, options); err != nil {
242		return err
243	}
244	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
245		return err
246	}
247	return nil
248}
249
250func newServiceMetadataMiddleware_opCreateTokenWithIAM(region string) *awsmiddleware.RegisterServiceMetadata {
251	return &awsmiddleware.RegisterServiceMetadata{
252		Region:        region,
253		ServiceID:     ServiceID,
254		OperationName: "CreateTokenWithIAM",
255	}
256}