import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; import { DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse } from "../models/models_0"; import { deserializeAws_queryDecodeAuthorizationMessageCommand, serializeAws_queryDecodeAuthorizationMessageCommand, } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { FinalizeHandlerArguments, Handler, HandlerExecutionContext, MiddlewareStack, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, SerdeContext as __SerdeContext, } from "@aws-sdk/types"; export interface DecodeAuthorizationMessageCommandInput extends DecodeAuthorizationMessageRequest {} export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthorizationMessageResponse, __MetadataBearer {} /** *
Decodes additional information about the authorization status of a request from an * encoded message returned in response to an Amazon Web Services request.
*For example, if a user is not authorized to perform an operation that he or she has
* requested, the request returns a Client.UnauthorizedOperation
response (an
* HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
* provide details about this authorization failure.
Only certain Amazon Web Services operations return an encoded authorization message. The * documentation for an individual operation indicates whether that operation returns an * encoded message in addition to returning an HTTP code.
*The message is encoded because the details of the authorization status can constitute
* privileged information that the user who requested the operation should not see. To decode
* an authorization status message, a user must be granted permissions via an IAM policy to
* request the DecodeAuthorizationMessage
* (sts:DecodeAuthorizationMessage
) action.
The decoded message includes the following type of information:
*Whether the request was denied due to an explicit deny or due to the absence of an * explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in the * IAM User Guide.
*The principal who made the request.
*The requested action.
*The requested resource.
*The values of condition keys in the context of the user's request.
*