Skip to content

/AWS1/CL_SSICRETOKENWITHIAMRSP

CreateTokenWithIAMResponse

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_accesstoken TYPE /AWS1/SSIACCESSTOKEN /AWS1/SSIACCESSTOKEN

A bearer token to access Amazon Web Services accounts and applications assigned to a user.

iv_tokentype TYPE /AWS1/SSITOKENTYPE /AWS1/SSITOKENTYPE

Used to notify the requester that the returned token is an access token. The supported token type is Bearer.

iv_expiresin TYPE /AWS1/SSIEXPIRATIONINSECONDS /AWS1/SSIEXPIRATIONINSECONDS

Indicates the time in seconds when an access token will expire.

iv_refreshtoken TYPE /AWS1/SSIREFRESHTOKEN /AWS1/SSIREFRESHTOKEN

A token that, if present, can be used to refresh a previously issued access token that might have expired.

For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.

iv_idtoken TYPE /AWS1/SSIIDTOKEN /AWS1/SSIIDTOKEN

A JSON Web Token (JWT) that identifies the user associated with the issued access token.

iv_issuedtokentype TYPE /AWS1/SSITOKENTYPEURI /AWS1/SSITOKENTYPEURI

Indicates the type of tokens that are issued by IAM Identity Center. The following values are supported:

Access Token - urn:ietf:params:oauth:token-type:access_token

Refresh Token - urn:ietf:params:oauth:token-type:refresh_token

it_scope TYPE /AWS1/CL_SSISCOPES_W=>TT_SCOPES TT_SCOPES

The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.

io_awsadditionaldetails TYPE REF TO /AWS1/CL_SSIAWSADDLDETAILS /AWS1/CL_SSIAWSADDLDETAILS

A structure containing information from the idToken. Only the identityContext is in it, which is a value extracted from the idToken. This provides direct access to identity information without requiring JWT parsing.

Queryable Attributes

accessToken

A bearer token to access Amazon Web Services accounts and applications assigned to a user.

Accessible with the following methods

Method Description
GET_ACCESSTOKEN() Getter for ACCESSTOKEN, with configurable default
ASK_ACCESSTOKEN() Getter for ACCESSTOKEN w/ exceptions if field has no value
HAS_ACCESSTOKEN() Determine if ACCESSTOKEN has a value

tokenType

Used to notify the requester that the returned token is an access token. The supported token type is Bearer.

Accessible with the following methods

Method Description
GET_TOKENTYPE() Getter for TOKENTYPE, with configurable default
ASK_TOKENTYPE() Getter for TOKENTYPE w/ exceptions if field has no value
HAS_TOKENTYPE() Determine if TOKENTYPE has a value

expiresIn

Indicates the time in seconds when an access token will expire.

Accessible with the following methods

Method Description
GET_EXPIRESIN() Getter for EXPIRESIN

refreshToken

A token that, if present, can be used to refresh a previously issued access token that might have expired.

For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.

Accessible with the following methods

Method Description
GET_REFRESHTOKEN() Getter for REFRESHTOKEN, with configurable default
ASK_REFRESHTOKEN() Getter for REFRESHTOKEN w/ exceptions if field has no value
HAS_REFRESHTOKEN() Determine if REFRESHTOKEN has a value

idToken

A JSON Web Token (JWT) that identifies the user associated with the issued access token.

Accessible with the following methods

Method Description
GET_IDTOKEN() Getter for IDTOKEN, with configurable default
ASK_IDTOKEN() Getter for IDTOKEN w/ exceptions if field has no value
HAS_IDTOKEN() Determine if IDTOKEN has a value

issuedTokenType

Indicates the type of tokens that are issued by IAM Identity Center. The following values are supported:

Access Token - urn:ietf:params:oauth:token-type:access_token

Refresh Token - urn:ietf:params:oauth:token-type:refresh_token

Accessible with the following methods

Method Description
GET_ISSUEDTOKENTYPE() Getter for ISSUEDTOKENTYPE, with configurable default
ASK_ISSUEDTOKENTYPE() Getter for ISSUEDTOKENTYPE w/ exceptions if field has no val
HAS_ISSUEDTOKENTYPE() Determine if ISSUEDTOKENTYPE has a value

scope

The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.

Accessible with the following methods

Method Description
GET_SCOPE() Getter for SCOPE, with configurable default
ASK_SCOPE() Getter for SCOPE w/ exceptions if field has no value
HAS_SCOPE() Determine if SCOPE has a value

awsAdditionalDetails

A structure containing information from the idToken. Only the identityContext is in it, which is a value extracted from the idToken. This provides direct access to identity information without requiring JWT parsing.

Accessible with the following methods

Method Description
GET_AWSADDITIONALDETAILS() Getter for AWSADDITIONALDETAILS