1 | import {Request} from '../lib/request';
|
2 | import {Response} from '../lib/response';
|
3 | import {AWSError} from '../lib/error';
|
4 | import {Service} from '../lib/service';
|
5 | import {ServiceConfigurationOptions} from '../lib/service';
|
6 | import {ConfigBase as Config} from '../lib/config';
|
7 | interface Blob {}
|
8 | declare class SSOOIDC extends Service {
|
9 | /**
|
10 | * Constructs a service object. This object has one method for each API operation.
|
11 | */
|
12 | constructor(options?: SSOOIDC.Types.ClientConfiguration)
|
13 | config: Config & SSOOIDC.Types.ClientConfiguration;
|
14 | /**
|
15 | * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
|
16 | */
|
17 | createToken(params: SSOOIDC.Types.CreateTokenRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
|
18 | /**
|
19 | * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
|
20 | */
|
21 | createToken(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
|
22 | /**
|
23 | * Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
|
24 | */
|
25 | registerClient(params: SSOOIDC.Types.RegisterClientRequest, callback?: (err: AWSError, data: SSOOIDC.Types.RegisterClientResponse) => void): Request<SSOOIDC.Types.RegisterClientResponse, AWSError>;
|
26 | /**
|
27 | * Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
|
28 | */
|
29 | registerClient(callback?: (err: AWSError, data: SSOOIDC.Types.RegisterClientResponse) => void): Request<SSOOIDC.Types.RegisterClientResponse, AWSError>;
|
30 | /**
|
31 | * Initiates device authorization by requesting a pair of verification codes from the authorization service.
|
32 | */
|
33 | startDeviceAuthorization(params: SSOOIDC.Types.StartDeviceAuthorizationRequest, callback?: (err: AWSError, data: SSOOIDC.Types.StartDeviceAuthorizationResponse) => void): Request<SSOOIDC.Types.StartDeviceAuthorizationResponse, AWSError>;
|
34 | /**
|
35 | * Initiates device authorization by requesting a pair of verification codes from the authorization service.
|
36 | */
|
37 | startDeviceAuthorization(callback?: (err: AWSError, data: SSOOIDC.Types.StartDeviceAuthorizationResponse) => void): Request<SSOOIDC.Types.StartDeviceAuthorizationResponse, AWSError>;
|
38 | }
|
39 | declare namespace SSOOIDC {
|
40 | export type AccessToken = string;
|
41 | export type AuthCode = string;
|
42 | export type ClientId = string;
|
43 | export type ClientName = string;
|
44 | export type ClientSecret = string;
|
45 | export type ClientType = string;
|
46 | export interface CreateTokenRequest {
|
47 | /**
|
48 | * The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.
|
49 | */
|
50 | clientId: ClientId;
|
51 | /**
|
52 | * A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.
|
53 | */
|
54 | clientSecret: ClientSecret;
|
55 | /**
|
56 | * Supports grant types for authorization code, refresh token, and device code request.
|
57 | */
|
58 | grantType: GrantType;
|
59 | /**
|
60 | * Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.
|
61 | */
|
62 | deviceCode: DeviceCode;
|
63 | /**
|
64 | * The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.
|
65 | */
|
66 | code?: AuthCode;
|
67 | /**
|
68 | * The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service.
|
69 | */
|
70 | refreshToken?: RefreshToken;
|
71 | /**
|
72 | * The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
|
73 | */
|
74 | scope?: Scopes;
|
75 | /**
|
76 | * The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.
|
77 | */
|
78 | redirectUri?: URI;
|
79 | }
|
80 | export interface CreateTokenResponse {
|
81 | /**
|
82 | * An opaque token to access AWS SSO resources assigned to a user.
|
83 | */
|
84 | accessToken?: AccessToken;
|
85 | /**
|
86 | * Used to notify the client that the returned token is an access token. The supported type is BearerToken.
|
87 | */
|
88 | tokenType?: TokenType;
|
89 | /**
|
90 | * Indicates the time in seconds when an access token will expire.
|
91 | */
|
92 | expiresIn?: ExpirationInSeconds;
|
93 | /**
|
94 | * A token that, if present, can be used to refresh a previously issued access token that might have expired.
|
95 | */
|
96 | refreshToken?: RefreshToken;
|
97 | /**
|
98 | * The identifier of the user that associated with the access token, if present.
|
99 | */
|
100 | idToken?: IdToken;
|
101 | }
|
102 | export type DeviceCode = string;
|
103 | export type ExpirationInSeconds = number;
|
104 | export type GrantType = string;
|
105 | export type IdToken = string;
|
106 | export type IntervalInSeconds = number;
|
107 | export type LongTimeStampType = number;
|
108 | export type RefreshToken = string;
|
109 | export interface RegisterClientRequest {
|
110 | /**
|
111 | * The friendly name of the client.
|
112 | */
|
113 | clientName: ClientName;
|
114 | /**
|
115 | * The type of client. The service supports only public as a client type. Anything other than public will be rejected by the service.
|
116 | */
|
117 | clientType: ClientType;
|
118 | /**
|
119 | * The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
|
120 | */
|
121 | scopes?: Scopes;
|
122 | }
|
123 | export interface RegisterClientResponse {
|
124 | /**
|
125 | * The unique identifier string for each client. This client uses this identifier to get authenticated by the service in subsequent calls.
|
126 | */
|
127 | clientId?: ClientId;
|
128 | /**
|
129 | * A secret string generated for the client. The client will use this string to get authenticated by the service in subsequent calls.
|
130 | */
|
131 | clientSecret?: ClientSecret;
|
132 | /**
|
133 | * Indicates the time at which the clientId and clientSecret were issued.
|
134 | */
|
135 | clientIdIssuedAt?: LongTimeStampType;
|
136 | /**
|
137 | * Indicates the time at which the clientId and clientSecret will become invalid.
|
138 | */
|
139 | clientSecretExpiresAt?: LongTimeStampType;
|
140 | /**
|
141 | * The endpoint where the client can request authorization.
|
142 | */
|
143 | authorizationEndpoint?: URI;
|
144 | /**
|
145 | * The endpoint where the client can get an access token.
|
146 | */
|
147 | tokenEndpoint?: URI;
|
148 | }
|
149 | export type Scope = string;
|
150 | export type Scopes = Scope[];
|
151 | export interface StartDeviceAuthorizationRequest {
|
152 | /**
|
153 | * The unique identifier string for the client that is registered with AWS SSO. This value should come from the persisted result of the RegisterClient API operation.
|
154 | */
|
155 | clientId: ClientId;
|
156 | /**
|
157 | * A secret string that is generated for the client. This value should come from the persisted result of the RegisterClient API operation.
|
158 | */
|
159 | clientSecret: ClientSecret;
|
160 | /**
|
161 | * The URL for the AWS SSO user portal. For more information, see Using the User Portal in the AWS Single Sign-On User Guide.
|
162 | */
|
163 | startUrl: URI;
|
164 | }
|
165 | export interface StartDeviceAuthorizationResponse {
|
166 | /**
|
167 | * The short-lived code that is used by the device when polling for a session token.
|
168 | */
|
169 | deviceCode?: DeviceCode;
|
170 | /**
|
171 | * A one-time user verification code. This is needed to authorize an in-use device.
|
172 | */
|
173 | userCode?: UserCode;
|
174 | /**
|
175 | * The URI of the verification page that takes the userCode to authorize the device.
|
176 | */
|
177 | verificationUri?: URI;
|
178 | /**
|
179 | * An alternate URL that the client can use to automatically launch a browser. This process skips the manual step in which the user visits the verification page and enters their code.
|
180 | */
|
181 | verificationUriComplete?: URI;
|
182 | /**
|
183 | * Indicates the number of seconds in which the verification code will become invalid.
|
184 | */
|
185 | expiresIn?: ExpirationInSeconds;
|
186 | /**
|
187 | * Indicates the number of seconds the client must wait between attempts when polling for a session.
|
188 | */
|
189 | interval?: IntervalInSeconds;
|
190 | }
|
191 | export type TokenType = string;
|
192 | export type URI = string;
|
193 | export type UserCode = string;
|
194 | /**
|
195 | * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.
|
196 | */
|
197 | export type apiVersion = "2019-06-10"|"latest"|string;
|
198 | export interface ClientApiVersions {
|
199 | /**
|
200 | * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.
|
201 | */
|
202 | apiVersion?: apiVersion;
|
203 | }
|
204 | export type ClientConfiguration = ServiceConfigurationOptions & ClientApiVersions;
|
205 | /**
|
206 | * Contains interfaces for use with the SSOOIDC client.
|
207 | */
|
208 | export import Types = SSOOIDC;
|
209 | }
|
210 | export = SSOOIDC;
|