{
  "authorizeoauth2access": {
    "name": "AuthorizeOAuth2Access",
    "description": "Grants permission to authenticate through a browser and obtain an OAuth 2.0 authorization code for credential exchange",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "oauth2-public-client-localhost",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      },
      {
        "name": "oauth2-public-client-remote",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createoauth2token": {
    "name": "CreateOAuth2Token",
    "description": "Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "oauth2-public-client-localhost",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      },
      {
        "name": "oauth2-public-client-remote",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createtrustedidentitypropagationapplicationforconsole": {
    "name": "CreateTrustedIdentityPropagationApplicationForConsole",
    "description": "Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": [
      "sso:CreateApplication",
      "sso:GetSharedSsoConfiguration",
      "sso:ListApplications",
      "sso:PutApplicationAccessScope",
      "sso:PutApplicationAssignmentConfiguration",
      "sso:PutApplicationAuthenticationMethod",
      "sso:PutApplicationGrant"
    ]
  },
  "listtrustedidentitypropagationapplicationsforconsole": {
    "name": "ListTrustedIdentityPropagationApplicationsForConsole",
    "description": "Grants permission to list all Identity Center applications that represent the AWS Management Console",
    "accessLevel": "List",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": [
      "sso:GetSharedSsoConfiguration",
      "sso:ListApplications"
    ]
  }
}