SignInService / Client / create_oauth2_token_with_iam
create_oauth2_token_with_iam¶
- SignInService.Client.create_oauth2_token_with_iam(**kwargs)¶
Grants permission to exchange client credentials for an OAuth 2.0 access token scoped to a resource that can be used to access AWS services from applications
See also: AWS API Documentation
Request Syntax
response = client.create_oauth2_token_with_iam( grantType='string', resource='string' )
- Parameters:
grantType (string) –
[REQUIRED]
OAuth 2.0 grant type. Must be “client_credentials”.
resource (string) –
[REQUIRED]
The OAuth resource for which the access token is requested. Example: “aws-mcp.amazonaws.com”.
- Return type:
dict
- Returns:
Response Syntax
{ 'accessToken': 'string', 'tokenType': 'string', 'expiresIn': 123 }
Response Structure
(dict) –
Output structure for CreateOAuth2TokenWithIAM operation
Contains the JWT access token, token type, and expiration per RFC 6749 §5.1.
accessToken (string) –
JWT access token containing principal identity, resource scope, and session metadata
tokenType (string) –
Always “Bearer” per OAuth 2.1 specification
expiresIn (integer) –
Token lifetime in seconds. Value is the minimum of session validity and 1 hour.
Exceptions