/ cloudformation-templates / node_modules / aws-cdk / node_modules / aws-sdk / clients / ssooidc.d.ts
ssooidc.d.ts
1 import {Request} from '../lib/request'; 2 import {Response} from '../lib/response'; 3 import {AWSError} from '../lib/error'; 4 import {Service} from '../lib/service'; 5 import {ServiceConfigurationOptions} from '../lib/service'; 6 import {ConfigBase as Config} from '../lib/config-base'; 7 interface Blob {} 8 declare class SSOOIDC extends Service { 9 /** 10 * Constructs a service object. This object has one method for each API operation. 11 */ 12 constructor(options?: SSOOIDC.Types.ClientConfiguration) 13 config: Config & SSOOIDC.Types.ClientConfiguration; 14 /** 15 * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account. 16 */ 17 createToken(params: SSOOIDC.Types.CreateTokenRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>; 18 /** 19 * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account. 20 */ 21 createToken(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>; 22 /** 23 * Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests. 24 */ 25 registerClient(params: SSOOIDC.Types.RegisterClientRequest, callback?: (err: AWSError, data: SSOOIDC.Types.RegisterClientResponse) => void): Request<SSOOIDC.Types.RegisterClientResponse, AWSError>; 26 /** 27 * Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests. 28 */ 29 registerClient(callback?: (err: AWSError, data: SSOOIDC.Types.RegisterClientResponse) => void): Request<SSOOIDC.Types.RegisterClientResponse, AWSError>; 30 /** 31 * Initiates device authorization by requesting a pair of verification codes from the authorization service. 32 */ 33 startDeviceAuthorization(params: SSOOIDC.Types.StartDeviceAuthorizationRequest, callback?: (err: AWSError, data: SSOOIDC.Types.StartDeviceAuthorizationResponse) => void): Request<SSOOIDC.Types.StartDeviceAuthorizationResponse, AWSError>; 34 /** 35 * Initiates device authorization by requesting a pair of verification codes from the authorization service. 36 */ 37 startDeviceAuthorization(callback?: (err: AWSError, data: SSOOIDC.Types.StartDeviceAuthorizationResponse) => void): Request<SSOOIDC.Types.StartDeviceAuthorizationResponse, AWSError>; 38 } 39 declare namespace SSOOIDC { 40 export type AccessToken = string; 41 export type AuthCode = string; 42 export type ClientId = string; 43 export type ClientName = string; 44 export type ClientSecret = string; 45 export type ClientType = string; 46 export interface CreateTokenRequest { 47 /** 48 * The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API. 49 */ 50 clientId: ClientId; 51 /** 52 * A secret string generated for the client. This value should come from the persisted result of the RegisterClient API. 53 */ 54 clientSecret: ClientSecret; 55 /** 56 * Supports grant types for authorization code, refresh token, and device code request. 57 */ 58 grantType: GrantType; 59 /** 60 * Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API. 61 */ 62 deviceCode: DeviceCode; 63 /** 64 * The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token. 65 */ 66 code?: AuthCode; 67 /** 68 * The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service. 69 */ 70 refreshToken?: RefreshToken; 71 /** 72 * The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token. 73 */ 74 scope?: Scopes; 75 /** 76 * The location of the application that will receive the authorization code. Users authorize the service to send the request to this location. 77 */ 78 redirectUri?: URI; 79 } 80 export interface CreateTokenResponse { 81 /** 82 * An opaque token to access AWS SSO resources assigned to a user. 83 */ 84 accessToken?: AccessToken; 85 /** 86 * Used to notify the client that the returned token is an access token. The supported type is BearerToken. 87 */ 88 tokenType?: TokenType; 89 /** 90 * Indicates the time in seconds when an access token will expire. 91 */ 92 expiresIn?: ExpirationInSeconds; 93 /** 94 * A token that, if present, can be used to refresh a previously issued access token that might have expired. 95 */ 96 refreshToken?: RefreshToken; 97 /** 98 * The identifier of the user that associated with the access token, if present. 99 */ 100 idToken?: IdToken; 101 } 102 export type DeviceCode = string; 103 export type ExpirationInSeconds = number; 104 export type GrantType = string; 105 export type IdToken = string; 106 export type IntervalInSeconds = number; 107 export type LongTimeStampType = number; 108 export type RefreshToken = string; 109 export interface RegisterClientRequest { 110 /** 111 * The friendly name of the client. 112 */ 113 clientName: ClientName; 114 /** 115 * The type of client. The service supports only public as a client type. Anything other than public will be rejected by the service. 116 */ 117 clientType: ClientType; 118 /** 119 * The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token. 120 */ 121 scopes?: Scopes; 122 } 123 export interface RegisterClientResponse { 124 /** 125 * The unique identifier string for each client. This client uses this identifier to get authenticated by the service in subsequent calls. 126 */ 127 clientId?: ClientId; 128 /** 129 * A secret string generated for the client. The client will use this string to get authenticated by the service in subsequent calls. 130 */ 131 clientSecret?: ClientSecret; 132 /** 133 * Indicates the time at which the clientId and clientSecret were issued. 134 */ 135 clientIdIssuedAt?: LongTimeStampType; 136 /** 137 * Indicates the time at which the clientId and clientSecret will become invalid. 138 */ 139 clientSecretExpiresAt?: LongTimeStampType; 140 /** 141 * The endpoint where the client can request authorization. 142 */ 143 authorizationEndpoint?: URI; 144 /** 145 * The endpoint where the client can get an access token. 146 */ 147 tokenEndpoint?: URI; 148 } 149 export type Scope = string; 150 export type Scopes = Scope[]; 151 export interface StartDeviceAuthorizationRequest { 152 /** 153 * The unique identifier string for the client that is registered with AWS SSO. This value should come from the persisted result of the RegisterClient API operation. 154 */ 155 clientId: ClientId; 156 /** 157 * A secret string that is generated for the client. This value should come from the persisted result of the RegisterClient API operation. 158 */ 159 clientSecret: ClientSecret; 160 /** 161 * The URL for the AWS SSO user portal. For more information, see Using the User Portal in the AWS Single Sign-On User Guide. 162 */ 163 startUrl: URI; 164 } 165 export interface StartDeviceAuthorizationResponse { 166 /** 167 * The short-lived code that is used by the device when polling for a session token. 168 */ 169 deviceCode?: DeviceCode; 170 /** 171 * A one-time user verification code. This is needed to authorize an in-use device. 172 */ 173 userCode?: UserCode; 174 /** 175 * The URI of the verification page that takes the userCode to authorize the device. 176 */ 177 verificationUri?: URI; 178 /** 179 * An alternate URL that the client can use to automatically launch a browser. This process skips the manual step in which the user visits the verification page and enters their code. 180 */ 181 verificationUriComplete?: URI; 182 /** 183 * Indicates the number of seconds in which the verification code will become invalid. 184 */ 185 expiresIn?: ExpirationInSeconds; 186 /** 187 * Indicates the number of seconds the client must wait between attempts when polling for a session. 188 */ 189 interval?: IntervalInSeconds; 190 } 191 export type TokenType = string; 192 export type URI = string; 193 export type UserCode = string; 194 /** 195 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. 196 */ 197 export type apiVersion = "2019-06-10"|"latest"|string; 198 export interface ClientApiVersions { 199 /** 200 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. 201 */ 202 apiVersion?: apiVersion; 203 } 204 export type ClientConfiguration = ServiceConfigurationOptions & ClientApiVersions; 205 /** 206 * Contains interfaces for use with the SSOOIDC client. 207 */ 208 export import Types = SSOOIDC; 209 } 210 export = SSOOIDC;