commonMain.aws.sdk.kotlin.services.ssooidc.SsoOidcClient.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of ssooidc-jvm Show documentation
Show all versions of ssooidc-jvm Show documentation
The AWS SDK for Kotlin client for SSO OIDC
// Code generated by smithy-kotlin-codegen. DO NOT EDIT!
package aws.sdk.kotlin.services.ssooidc
import aws.sdk.kotlin.runtime.auth.credentials.DefaultChainCredentialsProvider
import aws.sdk.kotlin.runtime.auth.credentials.internal.manage
import aws.sdk.kotlin.runtime.client.AwsSdkClientConfig
import aws.sdk.kotlin.runtime.config.AbstractAwsSdkClientFactory
import aws.sdk.kotlin.runtime.config.endpoints.resolveEndpointUrl
import aws.sdk.kotlin.runtime.config.profile.AwsProfile
import aws.sdk.kotlin.runtime.config.profile.AwsSharedConfig
import aws.sdk.kotlin.runtime.http.retries.AwsRetryPolicy
import aws.sdk.kotlin.services.ssooidc.auth.DefaultSsoOidcAuthSchemeProvider
import aws.sdk.kotlin.services.ssooidc.auth.SsoOidcAuthSchemeProvider
import aws.sdk.kotlin.services.ssooidc.endpoints.DefaultSsoOidcEndpointProvider
import aws.sdk.kotlin.services.ssooidc.endpoints.SsoOidcEndpointParameters
import aws.sdk.kotlin.services.ssooidc.endpoints.SsoOidcEndpointProvider
import aws.sdk.kotlin.services.ssooidc.model.CreateTokenRequest
import aws.sdk.kotlin.services.ssooidc.model.CreateTokenResponse
import aws.sdk.kotlin.services.ssooidc.model.CreateTokenWithIamRequest
import aws.sdk.kotlin.services.ssooidc.model.CreateTokenWithIamResponse
import aws.sdk.kotlin.services.ssooidc.model.RegisterClientRequest
import aws.sdk.kotlin.services.ssooidc.model.RegisterClientResponse
import aws.sdk.kotlin.services.ssooidc.model.StartDeviceAuthorizationRequest
import aws.sdk.kotlin.services.ssooidc.model.StartDeviceAuthorizationResponse
import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProvider
import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProviderConfig
import aws.smithy.kotlin.runtime.awsprotocol.ClockSkewInterceptor
import aws.smithy.kotlin.runtime.client.AbstractSdkClientBuilder
import aws.smithy.kotlin.runtime.client.AbstractSdkClientFactory
import aws.smithy.kotlin.runtime.client.LogMode
import aws.smithy.kotlin.runtime.client.RetryClientConfig
import aws.smithy.kotlin.runtime.client.RetryStrategyClientConfig
import aws.smithy.kotlin.runtime.client.RetryStrategyClientConfigImpl
import aws.smithy.kotlin.runtime.client.SdkClient
import aws.smithy.kotlin.runtime.client.SdkClientConfig
import aws.smithy.kotlin.runtime.http.auth.AuthScheme
import aws.smithy.kotlin.runtime.http.auth.HttpAuthConfig
import aws.smithy.kotlin.runtime.http.config.HttpClientConfig
import aws.smithy.kotlin.runtime.http.config.HttpEngineConfig
import aws.smithy.kotlin.runtime.http.engine.HttpClientEngine
import aws.smithy.kotlin.runtime.http.engine.HttpEngineConfigImpl
import aws.smithy.kotlin.runtime.http.interceptors.HttpInterceptor
import aws.smithy.kotlin.runtime.net.url.Url
import aws.smithy.kotlin.runtime.retries.RetryStrategy
import aws.smithy.kotlin.runtime.retries.policy.RetryPolicy
import aws.smithy.kotlin.runtime.telemetry.Global
import aws.smithy.kotlin.runtime.telemetry.TelemetryConfig
import aws.smithy.kotlin.runtime.telemetry.TelemetryProvider
import aws.smithy.kotlin.runtime.util.LazyAsyncValue
import kotlin.collections.List
import kotlin.jvm.JvmStatic
public const val ServiceId: String = "SSO OIDC"
public const val SdkVersion: String = "1.3.25"
public const val ServiceApiVersion: String = "2019-06-10"
/**
* IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI or a native application) to register with IAM Identity Center. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with IAM Identity Center.
*
* IAM Identity Center uses the `sso` and `identitystore` API namespaces.
*
* **Considerations for Using This Guide**
*
* Before you begin using this guide, we recommend that you first review the following important information about how the IAM Identity Center OIDC service works.
* + The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard ([https://tools.ietf.org/html/rfc8628](https://tools.ietf.org/html/rfc8628)) that are necessary to enable single sign-on authentication with the CLI.
* + With older versions of the CLI, the service only emits OIDC access tokens, so to obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that supports token refresh and doesn’t require re-authentication, update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh and configurable IAM Identity Center session durations. For more information, see [Configure Amazon Web Services access portal session duration ](https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
* + The access tokens provided by this service grant access to all Amazon Web Services account entitlements assigned to an IAM Identity Center user, not just a particular application.
* + The documentation in this guide does not describe the mechanism to convert the access token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service endpoints. For more information, see [GetRoleCredentials](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) in the *IAM Identity Center Portal API Reference Guide*.
*
* For general information about IAM Identity Center, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the *IAM Identity Center User Guide*.
*/
public interface SsoOidcClient : SdkClient {
/**
* SsoOidcClient's configuration
*/
public override val config: Config
public companion object : AbstractAwsSdkClientFactory()
{
@JvmStatic
override fun builder(): Builder = Builder()
override fun finalizeConfig(builder: Builder) {
super.finalizeConfig(builder)
builder.config.interceptors.add(0, ClockSkewInterceptor())
}
override suspend fun finalizeEnvironmentalConfig(builder: Builder, sharedConfig: LazyAsyncValue, activeProfile: LazyAsyncValue) {
super.finalizeEnvironmentalConfig(builder, sharedConfig, activeProfile)
builder.config.endpointUrl = builder.config.endpointUrl ?: resolveEndpointUrl(
sharedConfig,
"SsoOidc",
"SSO_OIDC",
"sso_oidc",
)
}
}
public class Builder internal constructor(): AbstractSdkClientBuilder() {
override val config: Config.Builder = Config.Builder()
override fun newClient(config: Config): SsoOidcClient = DefaultSsoOidcClient(config)
}
public class Config private constructor(builder: Builder) : AwsSdkClientConfig, CredentialsProviderConfig, HttpAuthConfig, HttpClientConfig, HttpEngineConfig by builder.buildHttpEngineConfig(), RetryClientConfig, RetryStrategyClientConfig by builder.buildRetryStrategyClientConfig(), SdkClientConfig, TelemetryConfig {
override val clientName: String = builder.clientName
override val region: String? = builder.region
override val authSchemes: kotlin.collections.List = builder.authSchemes
override val credentialsProvider: CredentialsProvider = builder.credentialsProvider ?: DefaultChainCredentialsProvider(httpClient = httpClient, region = region).manage()
public val endpointProvider: SsoOidcEndpointProvider = builder.endpointProvider ?: DefaultSsoOidcEndpointProvider()
public val endpointUrl: Url? = builder.endpointUrl
override val interceptors: kotlin.collections.List = builder.interceptors
override val logMode: LogMode = builder.logMode ?: LogMode.Default
override val retryPolicy: RetryPolicy = builder.retryPolicy ?: AwsRetryPolicy.Default
override val telemetryProvider: TelemetryProvider = builder.telemetryProvider ?: TelemetryProvider.Global
override val useDualStack: Boolean = builder.useDualStack ?: false
override val useFips: Boolean = builder.useFips ?: false
override val applicationId: String? = builder.applicationId
public val authSchemeProvider: SsoOidcAuthSchemeProvider = builder.authSchemeProvider ?: DefaultSsoOidcAuthSchemeProvider()
public companion object {
public inline operator fun invoke(block: Builder.() -> kotlin.Unit): Config = Builder().apply(block).build()
}
public fun toBuilder(): Builder = Builder().apply {
clientName = [email protected]
region = [email protected]
authSchemes = [email protected]
credentialsProvider = [email protected]
endpointProvider = [email protected]
endpointUrl = [email protected]
httpClient = [email protected]
interceptors = [email protected]()
logMode = [email protected]
retryPolicy = [email protected]
retryStrategy = [email protected]
telemetryProvider = [email protected]
useDualStack = [email protected]
useFips = [email protected]
applicationId = [email protected]
authSchemeProvider = [email protected]
}
public class Builder : AwsSdkClientConfig.Builder, CredentialsProviderConfig.Builder, HttpAuthConfig.Builder, HttpClientConfig.Builder, HttpEngineConfig.Builder by HttpEngineConfigImpl.BuilderImpl(), RetryClientConfig.Builder, RetryStrategyClientConfig.Builder by RetryStrategyClientConfigImpl.BuilderImpl(), SdkClientConfig.Builder, TelemetryConfig.Builder {
/**
* A reader-friendly name for the client.
*/
override var clientName: String = "SSO OIDC"
/**
* The AWS region (e.g. `us-west-2`) to make requests to. See about AWS
* [global infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) for more
* information
*/
override var region: String? = null
/**
* Register new or override default [AuthScheme]s configured for this client. By default, the set
* of auth schemes configured comes from the service model. An auth scheme configured explicitly takes
* precedence over the defaults and can be used to customize identity resolution and signing for specific
* authentication schemes.
*/
override var authSchemes: kotlin.collections.List = emptyList()
/**
* The AWS credentials provider to use for authenticating requests. If not provided a
* [aws.sdk.kotlin.runtime.auth.credentials.DefaultChainCredentialsProvider] instance will be used.
* NOTE: The caller is responsible for managing the lifetime of the provider when set. The SDK
* client will not close it when the client is closed.
*/
override var credentialsProvider: CredentialsProvider? = null
/**
* The endpoint provider used to determine where to make service requests. **This is an advanced config
* option.**
*
* Endpoint resolution occurs as part of the workflow for every request made via the service client.
*
* The inputs to endpoint resolution are defined on a per-service basis (see [EndpointParameters]).
*/
public var endpointProvider: SsoOidcEndpointProvider? = null
/**
* A custom endpoint to route requests to. The endpoint set here is passed to the configured
* [endpointProvider], which may inspect and modify it as needed.
*
* Setting a custom endpointUrl should generally be preferred to overriding the [endpointProvider] and is
* the recommended way to route requests to development or preview instances of a service.
*
* **This is an advanced config option.**
*/
public var endpointUrl: Url? = null
/**
* Add an [aws.smithy.kotlin.runtime.client.Interceptor] that will have access to read and modify
* the request and response objects as they are processed by the SDK.
* Interceptors added using this method are executed in the order they are configured and are always
* later than any added automatically by the SDK.
*/
override var interceptors: kotlin.collections.MutableList = kotlin.collections.mutableListOf()
/**
* Configure events that will be logged. By default clients will not output
* raw requests or responses. Use this setting to opt-in to additional debug logging.
*
* This can be used to configure logging of requests, responses, retries, etc of SDK clients.
*
* **NOTE**: Logging of raw requests or responses may leak sensitive information! It may also have
* performance considerations when dumping the request/response body. This is primarily a tool for
* debug purposes.
*/
override var logMode: LogMode? = null
/**
* The policy to use for evaluating operation results and determining whether/how to retry.
*/
override var retryPolicy: RetryPolicy? = null
/**
* The telemetry provider used to instrument the SDK operations with. By default, the global telemetry
* provider will be used.
*/
override var telemetryProvider: TelemetryProvider? = null
/**
* Flag to toggle whether to use dual-stack endpoints when making requests.
* See [https://docs.aws.amazon.com/sdkref/latest/guide/feature-endpoints.html] for more information.
* ` Disabled by default.
*/
override var useDualStack: Boolean? = null
/**
* Flag to toggle whether to use [FIPS](https://aws.amazon.com/compliance/fips/) endpoints when making requests.
* ` Disabled by default.
*/
override var useFips: Boolean? = null
/**
* An optional application specific identifier.
* When set it will be appended to the User-Agent header of every request in the form of: `app/{applicationId}`.
* When not explicitly set, the value will be loaded from the following locations:
*
* - JVM System Property: `aws.userAgentAppId`
* - Environment variable: `AWS_SDK_UA_APP_ID`
* - Shared configuration profile attribute: `sdk_ua_app_id`
*
* See [shared configuration settings](https://docs.aws.amazon.com/sdkref/latest/guide/settings-reference.html)
* reference for more information on environment variables and shared config settings.
*/
override var applicationId: String? = null
/**
* Configure the provider used to resolve the authentication scheme to use for a particular operation.
*/
public var authSchemeProvider: SsoOidcAuthSchemeProvider? = null
override fun build(): Config = Config(this)
}
}
/**
* Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using `bearer` authentication.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateToken.sample
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateToken.sample2
*/
public suspend fun createToken(input: CreateTokenRequest): CreateTokenResponse
/**
* Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned Amazon Web Services accounts or to access application APIs using `bearer` authentication.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample2
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample3
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample4
*/
public suspend fun createTokenWithIam(input: CreateTokenWithIamRequest): CreateTokenWithIamResponse
/**
* Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.RegisterClient.sample
*/
public suspend fun registerClient(input: RegisterClientRequest): RegisterClientResponse
/**
* Initiates device authorization by requesting a pair of verification codes from the authorization service.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.StartDeviceAuthorization.sample
*/
public suspend fun startDeviceAuthorization(input: StartDeviceAuthorizationRequest): StartDeviceAuthorizationResponse
}
/**
* Create a copy of the client with one or more configuration values overridden.
* This method allows the caller to perform scoped config overrides for one or more client operations.
*
* Any resources created on your behalf will be shared between clients, and will only be closed when ALL clients using them are closed.
* If you provide a resource (e.g. [HttpClientEngine]) to the SDK, you are responsible for managing the lifetime of that resource.
*/
public fun SsoOidcClient.withConfig(block: SsoOidcClient.Config.Builder.() -> Unit): SsoOidcClient {
val newConfig = config.toBuilder().apply(block).build()
return DefaultSsoOidcClient(newConfig)
}
/**
* Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using `bearer` authentication.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateToken.sample
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateToken.sample2
*/
public suspend inline fun SsoOidcClient.createToken(crossinline block: CreateTokenRequest.Builder.() -> Unit): CreateTokenResponse = createToken(CreateTokenRequest.Builder().apply(block).build())
/**
* Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned Amazon Web Services accounts or to access application APIs using `bearer` authentication.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample2
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample3
* @sample aws.sdk.kotlin.services.ssooidc.samples.CreateTokenWithIAM.sample4
*/
public suspend inline fun SsoOidcClient.createTokenWithIam(crossinline block: CreateTokenWithIamRequest.Builder.() -> Unit): CreateTokenWithIamResponse = createTokenWithIam(CreateTokenWithIamRequest.Builder().apply(block).build())
/**
* Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.RegisterClient.sample
*/
public suspend inline fun SsoOidcClient.registerClient(crossinline block: RegisterClientRequest.Builder.() -> Unit): RegisterClientResponse = registerClient(RegisterClientRequest.Builder().apply(block).build())
/**
* Initiates device authorization by requesting a pair of verification codes from the authorization service.
*
* @sample aws.sdk.kotlin.services.ssooidc.samples.StartDeviceAuthorization.sample
*/
public suspend inline fun SsoOidcClient.startDeviceAuthorization(crossinline block: StartDeviceAuthorizationRequest.Builder.() -> Unit): StartDeviceAuthorizationResponse = startDeviceAuthorization(StartDeviceAuthorizationRequest.Builder().apply(block).build())