Class: Aws::Signin::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::Signin::Client
- Includes:
- ClientStubs
- Defined in:
- gems/aws-sdk-core/lib/aws-sdk-signin/client.rb
Overview
An API client for Signin. To construct a client, you need to configure a :region and :credentials.
client = Aws::Signin::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#create_o_auth_2_token(params = {}) ⇒ Types::CreateOAuth2TokenResponse
CreateOAuth2Token API.
-
#create_o_auth_2_token_with_iam(params = {}) ⇒ Types::CreateOAuth2TokenWithIAMResponse
Grants permission to exchange client credentials for an OAuth 2.0 access token scoped to a resource that can be used to access AWS services from applications.
-
#delete_console_authorization_configuration(params = {}) ⇒ Types::DeleteConsoleAuthorizationConfigurationOutput
Delete console authorization configuration with automatic scope detection.
-
#delete_resource_permission_statement(params = {}) ⇒ Struct
Remove a permission statement from the account's SignIn resource-based policy.
-
#get_console_authorization_configuration(params = {}) ⇒ Types::GetConsoleAuthorizationConfigurationOutput
Get console authorization configuration with automatic scope detection.
-
#get_resource_policy(params = {}) ⇒ Types::GetResourcePolicyOutput
Retrieve the account's consolidated SignIn resource-based policy.
-
#introspect_o_auth_2_token_with_iam(params = {}) ⇒ Types::IntrospectOAuth2TokenWithIAMResponse
Grants permission to inspect the metadata and state of an OAuth 2.0 access token or refresh token.
-
#list_resource_permission_statements(params = {}) ⇒ Types::ListResourcePermissionStatementsOutput
Retrieve all permission statements in the account's SignIn resource-based policy.
-
#put_console_authorization_configuration(params = {}) ⇒ Types::PutConsoleAuthorizationConfigurationOutput
Enable console authorization configuration with automatic scope detection.
-
#put_resource_permission_statement(params = {}) ⇒ Types::PutResourcePermissionStatementOutput
Create a permission statement in the account's SignIn resource-based policy.
-
#revoke_o_auth_2_token_with_iam(params = {}) ⇒ Struct
Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
471 472 473 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 471 def initialize(*args) super end |
Instance Method Details
#create_o_auth_2_token(params = {}) ⇒ Types::CreateOAuth2TokenResponse
CreateOAuth2Token API
Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded
This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:
- Authorization code redemption (grant_type=authorization_code) - NOT idempotent
- Token refresh (grant_type=refresh_token) - Idempotent within token validity window
The operation behavior is determined by the grant_type parameter in the request body:
Authorization Code Flow (NOT Idempotent):
- JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
- Returns access_token, token_type, expires_in, refresh_token, and id_token
- Each authorization code can only be used ONCE for security (prevents replay attacks)
Token Refresh Flow (Idempotent):
- JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
- Returns access_token, token_type, expires_in, and refresh_token (no id_token)
- Multiple calls with same refresh_token return consistent results within validity window
Authentication and authorization:
- Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
- CLI clients (public): authn/authz skipped based on client_id & grant_type
Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.
557 558 559 560 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 557 def create_o_auth_2_token(params = {}, = {}) req = build_request(:create_o_auth_2_token, params) req.send_request() end |
#create_o_auth_2_token_with_iam(params = {}) ⇒ Types::CreateOAuth2TokenWithIAMResponse
Grants permission to exchange client credentials for an OAuth 2.0 access token scoped to a resource that can be used to access AWS services from applications
596 597 598 599 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 596 def create_o_auth_2_token_with_iam(params = {}, = {}) req = build_request(:create_o_auth_2_token_with_iam, params) req.send_request() end |
#delete_console_authorization_configuration(params = {}) ⇒ Types::DeleteConsoleAuthorizationConfigurationOutput
Delete console authorization configuration with automatic scope detection
629 630 631 632 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 629 def (params = {}, = {}) req = build_request(:delete_console_authorization_configuration, params) req.send_request() end |
#delete_resource_permission_statement(params = {}) ⇒ Struct
Remove a permission statement from the account's SignIn resource-based policy
659 660 661 662 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 659 def (params = {}, = {}) req = build_request(:delete_resource_permission_statement, params) req.send_request() end |
#get_console_authorization_configuration(params = {}) ⇒ Types::GetConsoleAuthorizationConfigurationOutput
Get console authorization configuration with automatic scope detection
691 692 693 694 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 691 def (params = {}, = {}) req = build_request(:get_console_authorization_configuration, params) req.send_request() end |
#get_resource_policy(params = {}) ⇒ Types::GetResourcePolicyOutput
Retrieve the account's consolidated SignIn resource-based policy
721 722 723 724 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 721 def get_resource_policy(params = {}, = {}) req = build_request(:get_resource_policy, params) req.send_request() end |
#introspect_o_auth_2_token_with_iam(params = {}) ⇒ Types::IntrospectOAuth2TokenWithIAMResponse
Grants permission to inspect the metadata and state of an OAuth 2.0 access token or refresh token
Implements RFC 7662 OAuth 2.0 Token Introspection over a SigV4-authenticated endpoint. Inspects the metadata of an access_token or refresh_token issued by AWS Sign-In and returns the claims associated with it.
Inactive token semantics (RFC 7662 ยง2.2): when the supplied token is unknown, expired, revoked, malformed, or owned by a different account, the response body is exactly { "active": false } with all other claims omitted.
794 795 796 797 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 794 def introspect_o_auth_2_token_with_iam(params = {}, = {}) req = build_request(:introspect_o_auth_2_token_with_iam, params) req.send_request() end |
#list_resource_permission_statements(params = {}) ⇒ Types::ListResourcePermissionStatementsOutput
Retrieve all permission statements in the account's SignIn resource-based policy
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
836 837 838 839 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 836 def (params = {}, = {}) req = build_request(:list_resource_permission_statements, params) req.send_request() end |
#put_console_authorization_configuration(params = {}) ⇒ Types::PutConsoleAuthorizationConfigurationOutput
Enable console authorization configuration with automatic scope detection
869 870 871 872 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 869 def (params = {}, = {}) req = build_request(:put_console_authorization_configuration, params) req.send_request() end |
#put_resource_permission_statement(params = {}) ⇒ Types::PutResourcePermissionStatementOutput
Create a permission statement in the account's SignIn resource-based policy
930 931 932 933 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 930 def (params = {}, = {}) req = build_request(:put_resource_permission_statement, params) req.send_request() end |
#revoke_o_auth_2_token_with_iam(params = {}) ⇒ Struct
Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens
Revokes a refresh_token issued by AWS Sign-In, invalidating the entire token chain so that the refresh_token can no longer be used to mint new access_tokens.
Idempotency: revoking an already-revoked, expired, or otherwise invalid token still returns 200 OK with an empty body. Only the refresh_token type is accepted.
963 964 965 966 |
# File 'gems/aws-sdk-core/lib/aws-sdk-signin/client.rb', line 963 def revoke_o_auth_2_token_with_iam(params = {}, = {}) req = build_request(:revoke_o_auth_2_token_with_iam, params) req.send_request() end |