import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient";
import { DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse } from "../models/models_0";
import {
deserializeAws_queryDecodeAuthorizationMessageCommand,
serializeAws_queryDecodeAuthorizationMessageCommand,
} from "../protocols/Aws_query";
import { getSerdePlugin } from "@aws-sdk/middleware-serde";
import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
import { Command as $Command } from "@aws-sdk/smithy-client";
import {
FinalizeHandlerArguments,
Handler,
HandlerExecutionContext,
MiddlewareStack,
HttpHandlerOptions as __HttpHandlerOptions,
MetadataBearer as __MetadataBearer,
SerdeContext as __SerdeContext,
} from "@aws-sdk/types";
export interface DecodeAuthorizationMessageCommandInput extends DecodeAuthorizationMessageRequest {}
export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthorizationMessageResponse, __MetadataBearer {}
/**
* Decodes additional information about the authorization status of a request from an
* encoded message returned in response to an Amazon Web Services request.
* For example, if a user is not authorized to perform an operation that he or she has
* requested, the request returns a Client.UnauthorizedOperation response (an
* HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
* provide details about this authorization failure.
*
* Only certain Amazon Web Services operations return an encoded authorization message. The
* documentation for an individual operation indicates whether that operation returns an
* encoded message in addition to returning an HTTP code.
*
* The message is encoded because the details of the authorization status can constitute
* privileged information that the user who requested the operation should not see. To decode
* an authorization status message, a user must be granted permissions via an IAM policy to
* request the DecodeAuthorizationMessage
* (sts:DecodeAuthorizationMessage) action.
* The decoded message includes the following type of information:
*
* -
*
Whether the request was denied due to an explicit deny or due to the absence of an
* explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in the
* IAM User Guide.
*
* -
*
The principal who made the request.
*
* -
*
The requested action.
*
* -
*
The requested resource.
*
* -
*
The values of condition keys in the context of the user's request.
*
*
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, DecodeAuthorizationMessageCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, DecodeAuthorizationMessageCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* const client = new STSClient(config);
* const command = new DecodeAuthorizationMessageCommand(input);
* const response = await client.send(command);
* ```
*
* @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
* @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for command's `input` shape.
*
*/
export class DecodeAuthorizationMessageCommand extends $Command<
DecodeAuthorizationMessageCommandInput,
DecodeAuthorizationMessageCommandOutput,
STSClientResolvedConfig
> {
// Start section: command_properties
// End section: command_properties
constructor(readonly input: DecodeAuthorizationMessageCommandInput) {
// Start section: command_constructor
super();
// End section: command_constructor
}
/**
* @internal
*/
resolveMiddleware(
clientStack: MiddlewareStack,
configuration: STSClientResolvedConfig,
options?: __HttpHandlerOptions
): Handler {
this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
this.middlewareStack.use(getAwsAuthPlugin(configuration));
const stack = clientStack.concat(this.middlewareStack);
const { logger } = configuration;
const clientName = "STSClient";
const commandName = "DecodeAuthorizationMessageCommand";
const handlerExecutionContext: HandlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: DecodeAuthorizationMessageRequest.filterSensitiveLog,
outputFilterSensitiveLog: DecodeAuthorizationMessageResponse.filterSensitiveLog,
};
const { requestHandler } = configuration;
return stack.resolve(
(request: FinalizeHandlerArguments) =>
requestHandler.handle(request.request as __HttpRequest, options || {}),
handlerExecutionContext
);
}
private serialize(input: DecodeAuthorizationMessageCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
return serializeAws_queryDecodeAuthorizationMessageCommand(input, context);
}
private deserialize(
output: __HttpResponse,
context: __SerdeContext
): Promise {
return deserializeAws_queryDecodeAuthorizationMessageCommand(output, context);
}
// Start section: command_body_extra
// End section: command_body_extra
}