Skip to content

/AWS1/CL_SISCREO2TOKENRSPBODY

Response body payload for CreateOAuth2Token operation

The response content depends on the grant_type from the request: - grant_type=authorization_code: Returns all fields including refresh_token and id_token - grant_type=refresh_token: Returns access_token, token_type, expires_in, refresh_token (no id_token)

CONSTRUCTOR

IMPORTING

Required arguments:

io_accesstoken TYPE REF TO /AWS1/CL_SISACCESSTOKEN /AWS1/CL_SISACCESSTOKEN

Scoped-down AWS credentials (15 minute duration) Present for both authorization code redemption and token refresh

iv_tokentype TYPE /AWS1/SISTOKENTYPE /AWS1/SISTOKENTYPE

Token type indicating this is AWS SigV4 credentials Value is "aws_sigv4" for both flows

iv_expiresin TYPE /AWS1/SISEXPIRESIN /AWS1/SISEXPIRESIN

Time to expiry in seconds (maximum 900) Present for both authorization code redemption and token refresh

iv_refreshtoken TYPE /AWS1/SISREFRESHTOKEN /AWS1/SISREFRESHTOKEN

Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of presented jwk) Always present in responses (required for both flows)

Optional arguments:

iv_idtoken TYPE /AWS1/SISIDTOKEN /AWS1/SISIDTOKEN

ID token containing user identity information Present only in authorization code redemption response (grant_type=authorization_code) Not included in token refresh responses

Queryable Attributes

accessToken

Scoped-down AWS credentials (15 minute duration) Present for both authorization code redemption and token refresh

Accessible with the following methods

Method Description
GET_ACCESSTOKEN() Getter for ACCESSTOKEN

tokenType

Token type indicating this is AWS SigV4 credentials Value is "aws_sigv4" for both flows

Accessible with the following methods

Method Description
GET_TOKENTYPE() Getter for TOKENTYPE, with configurable default
ASK_TOKENTYPE() Getter for TOKENTYPE w/ exceptions if field has no value
HAS_TOKENTYPE() Determine if TOKENTYPE has a value

expiresIn

Time to expiry in seconds (maximum 900) Present for both authorization code redemption and token refresh

Accessible with the following methods

Method Description
GET_EXPIRESIN() Getter for EXPIRESIN, with configurable default
ASK_EXPIRESIN() Getter for EXPIRESIN w/ exceptions if field has no value
HAS_EXPIRESIN() Determine if EXPIRESIN has a value

refreshToken

Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of presented jwk) Always present in responses (required for both flows)

Accessible with the following methods

Method Description
GET_REFRESHTOKEN() Getter for REFRESHTOKEN, with configurable default
ASK_REFRESHTOKEN() Getter for REFRESHTOKEN w/ exceptions if field has no value
HAS_REFRESHTOKEN() Determine if REFRESHTOKEN has a value

idToken

ID token containing user identity information Present only in authorization code redemption response (grant_type=authorization_code) Not included in token refresh responses

Accessible with the following methods

Method Description
GET_IDTOKEN() Getter for IDTOKEN, with configurable default
ASK_IDTOKEN() Getter for IDTOKEN w/ exceptions if field has no value
HAS_IDTOKEN() Determine if IDTOKEN has a value