SignInService / Client / create_oauth2_token_with_iam

create_oauth2_token_with_iam

SignInService.Client.create_oauth2_token_with_iam(**kwargs)

Grants permission to exchange client credentials for an OAuth 2.0 access token scoped to a resource that can be used to access AWS services from applications

See also: AWS API Documentation

Request Syntax

response = client.create_oauth2_token_with_iam(
    grantType='string',
    resource='string'
)
Parameters:
  • grantType (string) –

    [REQUIRED]

    OAuth 2.0 grant type. Must be “client_credentials”.

  • resource (string) –

    [REQUIRED]

    The OAuth resource for which the access token is requested. Example: “aws-mcp.amazonaws.com”.

Return type:

dict

Returns:

Response Syntax

{
    'accessToken': 'string',
    'tokenType': 'string',
    'expiresIn': 123
}

Response Structure

  • (dict) –

    Output structure for CreateOAuth2TokenWithIAM operation

    Contains the JWT access token, token type, and expiration per RFC 6749 §5.1.

    • accessToken (string) –

      JWT access token containing principal identity, resource scope, and session metadata

    • tokenType (string) –

      Always “Bearer” per OAuth 2.1 specification

    • expiresIn (integer) –

      Token lifetime in seconds. Value is the minimum of session validity and 1 hour.

Exceptions