Skip to content

Commit

Permalink
feat(client-sso-oidc): Updated request parameters for PKCE support.
Browse files Browse the repository at this point in the history
  • Loading branch information
awstools committed May 10, 2024
1 parent d56a60a commit a25b371
Show file tree
Hide file tree
Showing 6 changed files with 298 additions and 7 deletions.
1 change: 1 addition & 0 deletions clients/client-sso-oidc/src/commands/CreateTokenCommand.ts
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ export interface CreateTokenCommandOutput extends CreateTokenResponse, __Metadat
* "STRING_VALUE",
* ],
* redirectUri: "STRING_VALUE",
* codeVerifier: "STRING_VALUE",
* };
* const command = new CreateTokenCommand(input);
* const response = await client.send(command);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ export interface CreateTokenWithIAMCommandOutput extends CreateTokenWithIAMRespo
/**
* <p>Creates and returns access and refresh tokens for clients and applications that are
* authenticated using IAM entities. The access token can be used to fetch short-term credentials
* for the assigned AWS accounts or to access application APIs using <code>bearer</code>
* for the assigned Amazon Web Services accounts or to access application APIs using <code>bearer</code>
* authentication.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
Expand All @@ -55,6 +55,7 @@ export interface CreateTokenWithIAMCommandOutput extends CreateTokenWithIAMRespo
* subjectToken: "STRING_VALUE",
* subjectTokenType: "STRING_VALUE",
* requestedTokenType: "STRING_VALUE",
* codeVerifier: "STRING_VALUE",
* };
* const command = new CreateTokenWithIAMCommand(input);
* const response = await client.send(command);
Expand Down
14 changes: 14 additions & 0 deletions clients/client-sso-oidc/src/commands/RegisterClientCommand.ts
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@ export interface RegisterClientCommandOutput extends RegisterClientResponse, __M
* scopes: [ // Scopes
* "STRING_VALUE",
* ],
* redirectUris: [ // RedirectUris
* "STRING_VALUE",
* ],
* grantTypes: [ // GrantTypes
* "STRING_VALUE",
* ],
* issuerUrl: "STRING_VALUE",
* entitledApplicationArn: "STRING_VALUE",
* };
* const command = new RegisterClientCommand(input);
* const response = await client.send(command);
Expand Down Expand Up @@ -73,13 +81,19 @@ export interface RegisterClientCommandOutput extends RegisterClientResponse, __M
* <p>Indicates that the client information sent in the request during registration is
* invalid.</p>
*
* @throws {@link InvalidRedirectUriException} (client fault)
* <p>Indicates that one or more redirect URI in the request is not supported for this operation.</p>
*
* @throws {@link InvalidRequestException} (client fault)
* <p>Indicates that something is wrong with the input to the request. For example, a required
* parameter might be missing or out of range.</p>
*
* @throws {@link InvalidScopeException} (client fault)
* <p>Indicates that the scope provided in the request is invalid.</p>
*
* @throws {@link UnsupportedGrantTypeException} (client fault)
* <p>Indicates that the grant type in the request is not supported by the service.</p>
*
* @throws {@link SSOOIDCServiceException}
* <p>Base exception class for all service exceptions from SSOOIDC service.</p>
*
Expand Down
84 changes: 82 additions & 2 deletions clients/client-sso-oidc/src/models/models_0.ts
Original file line number Diff line number Diff line change
Expand Up @@ -146,14 +146,22 @@ export interface CreateTokenRequest {
* @public
*/
redirectUri?: string;

/**
* <p>Used only when calling this API for the Authorization Code grant type. This value is generated
* by the client and presented to validate the original code challenge value the client passed at
* authorization time.</p>
* @public
*/
codeVerifier?: string;
}

/**
* @public
*/
export interface CreateTokenResponse {
/**
* <p>A bearer token to access AWS accounts and applications assigned to a user.</p>
* <p>A bearer token to access Amazon Web Services accounts and applications assigned to a user.</p>
* @public
*/
accessToken?: string;
Expand Down Expand Up @@ -616,14 +624,22 @@ export interface CreateTokenWithIAMRequest {
* @public
*/
requestedTokenType?: string;

/**
* <p>Used only when calling this API for the Authorization Code grant type. This value is generated
* by the client and presented to validate the original code challenge value the client passed at
* authorization time.</p>
* @public
*/
codeVerifier?: string;
}

/**
* @public
*/
export interface CreateTokenWithIAMResponse {
/**
* <p>A bearer token to access AWS accounts and applications assigned to a user.</p>
* <p>A bearer token to access Amazon Web Services accounts and applications assigned to a user.</p>
* @public
*/
accessToken?: string;
Expand Down Expand Up @@ -764,6 +780,41 @@ export class InvalidClientMetadataException extends __BaseException {
}
}

/**
* <p>Indicates that one or more redirect URI in the request is not supported for this operation.</p>
* @public
*/
export class InvalidRedirectUriException extends __BaseException {
readonly name: "InvalidRedirectUriException" = "InvalidRedirectUriException";
readonly $fault: "client" = "client";
/**
* <p>Single error code.
* For this exception the value will be <code>invalid_redirect_uri</code>.</p>
* @public
*/
error?: string;

/**
* <p>Human-readable text providing additional information, used to assist the
* client developer in understanding the error that occurred.</p>
* @public
*/
error_description?: string;
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<InvalidRedirectUriException, __BaseException>) {
super({
name: "InvalidRedirectUriException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidRedirectUriException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}

/**
* @public
*/
Expand All @@ -787,6 +838,33 @@ export interface RegisterClientRequest {
* @public
*/
scopes?: string[];

/**
* <p>The list of redirect URI that are defined by the client. At completion of authorization,
* this list is used to restrict what locations the user agent can be redirected back to.</p>
* @public
*/
redirectUris?: string[];

/**
* <p>The list of OAuth 2.0 grant types that are defined by the client. This list is used to
* restrict the token granting flows available to the client.</p>
* @public
*/
grantTypes?: string[];

/**
* <p>The IAM Identity Center Issuer URL associated with an instance of IAM Identity Center. This value is needed for user access to resources through the client.</p>
* @public
*/
issuerUrl?: string;

/**
* <p>This IAM Identity Center application ARN is used to define administrator-managed configuration for public client access to resources. At
* authorization, the scopes, grants, and redirect URI available to this client will be restricted by this application resource.</p>
* @public
*/
entitledApplicationArn?: string;
}

/**
Expand Down Expand Up @@ -913,6 +991,7 @@ export const CreateTokenRequestFilterSensitiveLog = (obj: CreateTokenRequest): a
...obj,
...(obj.clientSecret && { clientSecret: SENSITIVE_STRING }),
...(obj.refreshToken && { refreshToken: SENSITIVE_STRING }),
...(obj.codeVerifier && { codeVerifier: SENSITIVE_STRING }),
});

/**
Expand All @@ -933,6 +1012,7 @@ export const CreateTokenWithIAMRequestFilterSensitiveLog = (obj: CreateTokenWith
...(obj.refreshToken && { refreshToken: SENSITIVE_STRING }),
...(obj.assertion && { assertion: SENSITIVE_STRING }),
...(obj.subjectToken && { subjectToken: SENSITIVE_STRING }),
...(obj.codeVerifier && { codeVerifier: SENSITIVE_STRING }),
});

/**
Expand Down
35 changes: 35 additions & 0 deletions clients/client-sso-oidc/src/protocols/Aws_restJson1.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ import {
InvalidClientException,
InvalidClientMetadataException,
InvalidGrantException,
InvalidRedirectUriException,
InvalidRequestException,
InvalidRequestRegionException,
InvalidScopeException,
Expand Down Expand Up @@ -63,6 +64,7 @@ export const se_CreateTokenCommand = async (
clientId: [],
clientSecret: [],
code: [],
codeVerifier: [],
deviceCode: [],
grantType: [],
redirectUri: [],
Expand Down Expand Up @@ -95,6 +97,7 @@ export const se_CreateTokenWithIAMCommand = async (
assertion: [],
clientId: [],
code: [],
codeVerifier: [],
grantType: [],
redirectUri: [],
refreshToken: [],
Expand Down Expand Up @@ -125,6 +128,10 @@ export const se_RegisterClientCommand = async (
take(input, {
clientName: [],
clientType: [],
entitledApplicationArn: [],
grantTypes: (_) => _json(_),
issuerUrl: [],
redirectUris: (_) => _json(_),
scopes: (_) => _json(_),
})
);
Expand Down Expand Up @@ -309,6 +316,9 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext):
case "InvalidClientMetadataException":
case "com.amazonaws.ssooidc#InvalidClientMetadataException":
throw await de_InvalidClientMetadataExceptionRes(parsedOutput, context);
case "InvalidRedirectUriException":
case "com.amazonaws.ssooidc#InvalidRedirectUriException":
throw await de_InvalidRedirectUriExceptionRes(parsedOutput, context);
default:
const parsedBody = parsedOutput.body;
return throwDefaultError({
Expand Down Expand Up @@ -467,6 +477,27 @@ const de_InvalidGrantExceptionRes = async (
return __decorateServiceException(exception, parsedOutput.body);
};

/**
* deserializeAws_restJson1InvalidRedirectUriExceptionRes
*/
const de_InvalidRedirectUriExceptionRes = async (
parsedOutput: any,
context: __SerdeContext
): Promise<InvalidRedirectUriException> => {
const contents: any = map({});
const data: any = parsedOutput.body;
const doc = take(data, {
error: __expectString,
error_description: __expectString,
});
Object.assign(contents, doc);
const exception = new InvalidRedirectUriException({
$metadata: deserializeMetadata(parsedOutput),
...contents,
});
return __decorateServiceException(exception, parsedOutput.body);
};

/**
* deserializeAws_restJson1InvalidRequestExceptionRes
*/
Expand Down Expand Up @@ -592,6 +623,10 @@ const de_UnsupportedGrantTypeExceptionRes = async (
return __decorateServiceException(exception, parsedOutput.body);
};

// se_GrantTypes omitted.

// se_RedirectUris omitted.

// se_Scopes omitted.

// de_Scopes omitted.
Expand Down
Loading

0 comments on commit a25b371

Please sign in to comment.