software.amazon.awssdk.services.ssooidc.SsoOidcClient Maven / Gradle / Ivy
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.ssooidc;
import java.util.function.Consumer;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.annotations.ThreadSafe;
import software.amazon.awssdk.awscore.AwsClient;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.regions.ServiceMetadata;
import software.amazon.awssdk.services.ssooidc.model.AccessDeniedException;
import software.amazon.awssdk.services.ssooidc.model.AuthorizationPendingException;
import software.amazon.awssdk.services.ssooidc.model.CreateTokenRequest;
import software.amazon.awssdk.services.ssooidc.model.CreateTokenResponse;
import software.amazon.awssdk.services.ssooidc.model.ExpiredTokenException;
import software.amazon.awssdk.services.ssooidc.model.InternalServerException;
import software.amazon.awssdk.services.ssooidc.model.InvalidClientException;
import software.amazon.awssdk.services.ssooidc.model.InvalidClientMetadataException;
import software.amazon.awssdk.services.ssooidc.model.InvalidGrantException;
import software.amazon.awssdk.services.ssooidc.model.InvalidRequestException;
import software.amazon.awssdk.services.ssooidc.model.InvalidScopeException;
import software.amazon.awssdk.services.ssooidc.model.RegisterClientRequest;
import software.amazon.awssdk.services.ssooidc.model.RegisterClientResponse;
import software.amazon.awssdk.services.ssooidc.model.SlowDownException;
import software.amazon.awssdk.services.ssooidc.model.SsoOidcException;
import software.amazon.awssdk.services.ssooidc.model.StartDeviceAuthorizationRequest;
import software.amazon.awssdk.services.ssooidc.model.StartDeviceAuthorizationResponse;
import software.amazon.awssdk.services.ssooidc.model.UnauthorizedClientException;
import software.amazon.awssdk.services.ssooidc.model.UnsupportedGrantTypeException;
/**
* Service client for accessing SSO OIDC. This can be created using the static {@link #builder()} method.
*
*
* AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC) is a web service that enables a
* client (such as AWS CLI or a native application) to register with IAM Identity Center. The service also enables the
* client to fetch the user’s access token upon successful authentication and authorization with IAM Identity Center.
*
*
*
* Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will
* continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.
*
*
*
* Considerations for Using This Guide
*
*
* Before you begin using this guide, we recommend that you first review the following important information about how
* the IAM Identity Center OIDC service works.
*
*
* -
*
* The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization
* Grant standard (https://tools.ietf.org/html/rfc8628) that are
* necessary to enable single sign-on authentication with the AWS CLI. Support for other OIDC flows frequently needed
* for native applications, such as Authorization Code Flow (+ PKCE), will be addressed in future releases.
*
*
* -
*
* The service emits only OIDC access tokens, such that obtaining a new token (For example, token refresh) requires
* explicit user re-authentication.
*
*
* -
*
* The access tokens provided by this service grant access to all AWS account entitlements assigned to an IAM Identity
* Center user, not just a particular application.
*
*
* -
*
* The documentation in this guide does not describe the mechanism to convert the access token into AWS Auth (“sigv4”)
* credentials for use with IAM-protected AWS service endpoints. For more information, see GetRoleCredentials in the IAM Identity Center Portal API Reference Guide.
*
*
*
*
* For general information about IAM Identity Center, see What is IAM Identity Center? in the
* IAM Identity Center User Guide.
*
*/
@Generated("software.amazon.awssdk:codegen")
@SdkPublicApi
@ThreadSafe
public interface SsoOidcClient extends AwsClient {
String SERVICE_NAME = "awsssooidc";
/**
* Value for looking up the service's metadata from the
* {@link software.amazon.awssdk.regions.ServiceMetadataProvider}.
*/
String SERVICE_METADATA_ID = "oidc";
/**
*
* Creates and returns an access token for the authorized client. The access token issued will be used to fetch
* short-term credentials for the assigned roles in the AWS account.
*
*
* @param createTokenRequest
* @return Result of the CreateToken operation returned by the service.
* @throws InvalidRequestException
* Indicates that something is wrong with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws InvalidClientException
* Indicates that the clientId or clientSecret in the request is invalid. For
* example, this can occur when a client sends an incorrect clientId or an expired
* clientSecret.
* @throws InvalidGrantException
* Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken
* request with an invalid grant type.
* @throws UnauthorizedClientException
* Indicates that the client is not currently authorized to make the request. This can happen when a
* clientId is not issued for a public client.
* @throws UnsupportedGrantTypeException
* Indicates that the grant type in the request is not supported by the service.
* @throws InvalidScopeException
* Indicates that the scope provided in the request is invalid.
* @throws AuthorizationPendingException
* Indicates that a request to authorize a client with an access user session token is pending.
* @throws SlowDownException
* Indicates that the client is making the request too frequently and is more than the service can handle.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ExpiredTokenException
* Indicates that the token issued by the service is expired and is no longer valid.
* @throws InternalServerException
* Indicates that an error from the service occurred while trying to process a request.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws SsoOidcException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample SsoOidcClient.CreateToken
* @see AWS API
* Documentation
*/
default CreateTokenResponse createToken(CreateTokenRequest createTokenRequest) throws InvalidRequestException,
InvalidClientException, InvalidGrantException, UnauthorizedClientException, UnsupportedGrantTypeException,
InvalidScopeException, AuthorizationPendingException, SlowDownException, AccessDeniedException,
ExpiredTokenException, InternalServerException, AwsServiceException, SdkClientException, SsoOidcException {
throw new UnsupportedOperationException();
}
/**
*
* Creates and returns an access token for the authorized client. The access token issued will be used to fetch
* short-term credentials for the assigned roles in the AWS account.
*
*
*
* This is a convenience which creates an instance of the {@link CreateTokenRequest.Builder} avoiding the need to
* create one manually via {@link CreateTokenRequest#builder()}
*
*
* @param createTokenRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.ssooidc.model.CreateTokenRequest.Builder} to create a request.
* @return Result of the CreateToken operation returned by the service.
* @throws InvalidRequestException
* Indicates that something is wrong with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws InvalidClientException
* Indicates that the clientId or clientSecret in the request is invalid. For
* example, this can occur when a client sends an incorrect clientId or an expired
* clientSecret.
* @throws InvalidGrantException
* Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken
* request with an invalid grant type.
* @throws UnauthorizedClientException
* Indicates that the client is not currently authorized to make the request. This can happen when a
* clientId is not issued for a public client.
* @throws UnsupportedGrantTypeException
* Indicates that the grant type in the request is not supported by the service.
* @throws InvalidScopeException
* Indicates that the scope provided in the request is invalid.
* @throws AuthorizationPendingException
* Indicates that a request to authorize a client with an access user session token is pending.
* @throws SlowDownException
* Indicates that the client is making the request too frequently and is more than the service can handle.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ExpiredTokenException
* Indicates that the token issued by the service is expired and is no longer valid.
* @throws InternalServerException
* Indicates that an error from the service occurred while trying to process a request.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws SsoOidcException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample SsoOidcClient.CreateToken
* @see AWS API
* Documentation
*/
default CreateTokenResponse createToken(Consumer createTokenRequest)
throws InvalidRequestException, InvalidClientException, InvalidGrantException, UnauthorizedClientException,
UnsupportedGrantTypeException, InvalidScopeException, AuthorizationPendingException, SlowDownException,
AccessDeniedException, ExpiredTokenException, InternalServerException, AwsServiceException, SdkClientException,
SsoOidcException {
return createToken(CreateTokenRequest.builder().applyMutation(createTokenRequest).build());
}
/**
*
* Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output
* should be persisted for reuse through many authentication requests.
*
*
* @param registerClientRequest
* @return Result of the RegisterClient operation returned by the service.
* @throws InvalidRequestException
* Indicates that something is wrong with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws InvalidScopeException
* Indicates that the scope provided in the request is invalid.
* @throws InvalidClientMetadataException
* Indicates that the client information sent in the request during registration is invalid.
* @throws InternalServerException
* Indicates that an error from the service occurred while trying to process a request.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws SsoOidcException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample SsoOidcClient.RegisterClient
* @see AWS API
* Documentation
*/
default RegisterClientResponse registerClient(RegisterClientRequest registerClientRequest) throws InvalidRequestException,
InvalidScopeException, InvalidClientMetadataException, InternalServerException, AwsServiceException,
SdkClientException, SsoOidcException {
throw new UnsupportedOperationException();
}
/**
*
* Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output
* should be persisted for reuse through many authentication requests.
*
*
*
* This is a convenience which creates an instance of the {@link RegisterClientRequest.Builder} avoiding the need to
* create one manually via {@link RegisterClientRequest#builder()}
*
*
* @param registerClientRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.ssooidc.model.RegisterClientRequest.Builder} to create a request.
* @return Result of the RegisterClient operation returned by the service.
* @throws InvalidRequestException
* Indicates that something is wrong with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws InvalidScopeException
* Indicates that the scope provided in the request is invalid.
* @throws InvalidClientMetadataException
* Indicates that the client information sent in the request during registration is invalid.
* @throws InternalServerException
* Indicates that an error from the service occurred while trying to process a request.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws SsoOidcException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample SsoOidcClient.RegisterClient
* @see AWS API
* Documentation
*/
default RegisterClientResponse registerClient(Consumer registerClientRequest)
throws InvalidRequestException, InvalidScopeException, InvalidClientMetadataException, InternalServerException,
AwsServiceException, SdkClientException, SsoOidcException {
return registerClient(RegisterClientRequest.builder().applyMutation(registerClientRequest).build());
}
/**
*
* Initiates device authorization by requesting a pair of verification codes from the authorization service.
*
*
* @param startDeviceAuthorizationRequest
* @return Result of the StartDeviceAuthorization operation returned by the service.
* @throws InvalidRequestException
* Indicates that something is wrong with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws InvalidClientException
* Indicates that the clientId or clientSecret in the request is invalid. For
* example, this can occur when a client sends an incorrect clientId or an expired
* clientSecret.
* @throws UnauthorizedClientException
* Indicates that the client is not currently authorized to make the request. This can happen when a
* clientId is not issued for a public client.
* @throws SlowDownException
* Indicates that the client is making the request too frequently and is more than the service can handle.
* @throws InternalServerException
* Indicates that an error from the service occurred while trying to process a request.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws SsoOidcException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample SsoOidcClient.StartDeviceAuthorization
* @see AWS API Documentation
*/
default StartDeviceAuthorizationResponse startDeviceAuthorization(
StartDeviceAuthorizationRequest startDeviceAuthorizationRequest) throws InvalidRequestException,
InvalidClientException, UnauthorizedClientException, SlowDownException, InternalServerException, AwsServiceException,
SdkClientException, SsoOidcException {
throw new UnsupportedOperationException();
}
/**
*
* Initiates device authorization by requesting a pair of verification codes from the authorization service.
*
*
*
* This is a convenience which creates an instance of the {@link StartDeviceAuthorizationRequest.Builder} avoiding
* the need to create one manually via {@link StartDeviceAuthorizationRequest#builder()}
*
*
* @param startDeviceAuthorizationRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.ssooidc.model.StartDeviceAuthorizationRequest.Builder} to create a
* request.
* @return Result of the StartDeviceAuthorization operation returned by the service.
* @throws InvalidRequestException
* Indicates that something is wrong with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws InvalidClientException
* Indicates that the clientId or clientSecret in the request is invalid. For
* example, this can occur when a client sends an incorrect clientId or an expired
* clientSecret.
* @throws UnauthorizedClientException
* Indicates that the client is not currently authorized to make the request. This can happen when a
* clientId is not issued for a public client.
* @throws SlowDownException
* Indicates that the client is making the request too frequently and is more than the service can handle.
* @throws InternalServerException
* Indicates that an error from the service occurred while trying to process a request.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws SsoOidcException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample SsoOidcClient.StartDeviceAuthorization
* @see AWS API Documentation
*/
default StartDeviceAuthorizationResponse startDeviceAuthorization(
Consumer startDeviceAuthorizationRequest) throws InvalidRequestException,
InvalidClientException, UnauthorizedClientException, SlowDownException, InternalServerException, AwsServiceException,
SdkClientException, SsoOidcException {
return startDeviceAuthorization(StartDeviceAuthorizationRequest.builder().applyMutation(startDeviceAuthorizationRequest)
.build());
}
/**
* Create a {@link SsoOidcClient} with the region loaded from the
* {@link software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain} and credentials loaded from the
* {@link software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider}.
*/
static SsoOidcClient create() {
return builder().build();
}
/**
* Create a builder that can be used to configure and create a {@link SsoOidcClient}.
*/
static SsoOidcClientBuilder builder() {
return new DefaultSsoOidcClientBuilder();
}
static ServiceMetadata serviceMetadata() {
return ServiceMetadata.of(SERVICE_METADATA_ID);
}
@Override
default SsoOidcServiceClientConfiguration serviceClientConfiguration() {
throw new UnsupportedOperationException();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy