async-aws · jderusse · Sep 24, 2025 · Sep 24, 2025
diff --git a/manifest.json b/manifest.json
@@ -1,6 +1,6 @@
 {
     "variables": {
-        "${LATEST}": "3.356.23"
+        "${LATEST}": "3.356.24"
     },
     "endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json",
     "services": {

diff --git a/src/Service/SsoOidc/CHANGELOG.md b/src/Service/SsoOidc/CHANGELOG.md
@@ -5,6 +5,7 @@
 ### Added
 
 - AWS api-change: Rework regions configuration
+- AWS api-change: This release includes exception definition and documentation updates.
 
 ## 1.1.1
 

diff --git a/src/Service/SsoOidc/src/Enum/AccessDeniedExceptionReason.php b/src/Service/SsoOidc/src/Enum/AccessDeniedExceptionReason.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace AsyncAws\SsoOidc\Enum;
+
+final class AccessDeniedExceptionReason
+{
+    public const KMS_ACCESS_DENIED_EXCEPTION = 'KMS_AccessDeniedException';
+
+    public static function exists(string $value): bool
+    {
+        return isset([
+            self::KMS_ACCESS_DENIED_EXCEPTION => true,
+        ][$value]);
+    }
+}
diff --git a/src/Service/SsoOidc/src/Enum/InvalidRequestExceptionReason.php b/src/Service/SsoOidc/src/Enum/InvalidRequestExceptionReason.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace AsyncAws\SsoOidc\Enum;
+
+final class InvalidRequestExceptionReason
+{
+    public const KMS_DISABLED_EXCEPTION = 'KMS_DisabledException';
+    public const KMS_INVALID_KEY_USAGE_EXCEPTION = 'KMS_InvalidKeyUsageException';
+    public const KMS_INVALID_STATE_EXCEPTION = 'KMS_InvalidStateException';
+    public const KMS_NOT_FOUND_EXCEPTION = 'KMS_NotFoundException';
+
+    public static function exists(string $value): bool
+    {
+        return isset([
+            self::KMS_DISABLED_EXCEPTION => true,
+            self::KMS_INVALID_KEY_USAGE_EXCEPTION => true,
+            self::KMS_INVALID_STATE_EXCEPTION => true,
+            self::KMS_NOT_FOUND_EXCEPTION => true,
+        ][$value]);
+    }
+}
diff --git a/src/Service/SsoOidc/src/Exception/AccessDeniedException.php b/src/Service/SsoOidc/src/Exception/AccessDeniedException.php
@@ -3,6 +3,7 @@
 namespace AsyncAws\SsoOidc\Exception;
 
 use AsyncAws\Core\Exception\Http\ClientException;
+use AsyncAws\SsoOidc\Enum\AccessDeniedExceptionReason;
 use Symfony\Contracts\HttpClient\ResponseInterface;
 
 /**
@@ -17,6 +18,13 @@ final class AccessDeniedException extends ClientException
      */
     private $error;
 
+    /**
+     * A string that uniquely identifies a reason for the error.
+     *
+     * @var AccessDeniedExceptionReason::*|null
+     */
+    private $reason;
+
     /**
      * Human-readable text providing additional information, used to assist the client developer in understanding the error
      * that occurred.
@@ -35,11 +43,20 @@ public function getError_description(): ?string
         return $this->error_description;
     }
 
+    /**
+     * @return AccessDeniedExceptionReason::*|null
+     */
+    public function getReason(): ?string
+    {
+        return $this->reason;
+    }
+
     protected function populateResult(ResponseInterface $response): void
     {
         $data = $response->toArray(false);
 
         $this->error = isset($data['error']) ? (string) $data['error'] : null;
+        $this->reason = isset($data['reason']) ? (string) $data['reason'] : null;
         $this->error_description = isset($data['error_description']) ? (string) $data['error_description'] : null;
     }
 }
diff --git a/src/Service/SsoOidc/src/Exception/InvalidRequestException.php b/src/Service/SsoOidc/src/Exception/InvalidRequestException.php
@@ -3,6 +3,7 @@
 namespace AsyncAws\SsoOidc\Exception;
 
 use AsyncAws\Core\Exception\Http\ClientException;
+use AsyncAws\SsoOidc\Enum\InvalidRequestExceptionReason;
 use Symfony\Contracts\HttpClient\ResponseInterface;
 
 /**
@@ -18,6 +19,13 @@ final class InvalidRequestException extends ClientException
      */
     private $error;
 
+    /**
+     * A string that uniquely identifies a reason for the error.
+     *
+     * @var InvalidRequestExceptionReason::*|null
+     */
+    private $reason;
+
     /**
      * Human-readable text providing additional information, used to assist the client developer in understanding the error
      * that occurred.
@@ -36,11 +44,20 @@ public function getError_description(): ?string
         return $this->error_description;
     }
 
+    /**
+     * @return InvalidRequestExceptionReason::*|null
+     */
+    public function getReason(): ?string
+    {
+        return $this->reason;
+    }
+
     protected function populateResult(ResponseInterface $response): void
     {
         $data = $response->toArray(false);
 
         $this->error = isset($data['error']) ? (string) $data['error'] : null;
+        $this->reason = isset($data['reason']) ? (string) $data['reason'] : null;
         $this->error_description = isset($data['error_description']) ? (string) $data['error_description'] : null;
     }
 }
diff --git a/src/Service/SsoOidc/src/Input/CreateTokenRequest.php b/src/Service/SsoOidc/src/Input/CreateTokenRequest.php
@@ -74,9 +74,8 @@ final class CreateTokenRequest extends Input
     private $refreshToken;
 
     /**
-     * The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes
-     * that are granted. If this value is not specified, IAM Identity Center authorizes all scopes that are configured for
-     * the client during the call to RegisterClient.
+     * The list of scopes for which authorization is requested. This parameter has no effect; the access token will always
+     * include all scopes configured during client registration.
      *
      * @var string[]|null
      */