|
34 | 34 | {"shape":"ExpiredTokenException"}, |
35 | 35 | {"shape":"InternalServerException"} |
36 | 36 | ], |
37 | | - "documentation":"<p>Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.</p>", |
| 37 | + "documentation":"<p>Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the Amazon Web Services account.</p>", |
38 | 38 | "authtype":"none" |
39 | 39 | }, |
40 | 40 | "RegisterClient":{ |
|
51 | 51 | {"shape":"InvalidClientMetadataException"}, |
52 | 52 | {"shape":"InternalServerException"} |
53 | 53 | ], |
54 | | - "documentation":"<p>Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.</p>", |
| 54 | + "documentation":"<p>Registers a client with Amazon Web Services SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.</p>", |
55 | 55 | "authtype":"none" |
56 | 56 | }, |
57 | 57 | "StartDeviceAuthorization":{ |
|
119 | 119 | }, |
120 | 120 | "grantType":{ |
121 | 121 | "shape":"GrantType", |
122 | | - "documentation":"<p>Supports grant types for authorization code, refresh token, and device code request.</p>" |
| 122 | + "documentation":"<p>Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:</p> <p> <code>urn:ietf:params:oauth:grant-type:<i>device_code</i> </code> </p> <p>For information about how to obtain the device code, see the <a>StartDeviceAuthorization</a> topic.</p>" |
123 | 123 | }, |
124 | 124 | "deviceCode":{ |
125 | 125 | "shape":"DeviceCode", |
|
131 | 131 | }, |
132 | 132 | "refreshToken":{ |
133 | 133 | "shape":"RefreshToken", |
134 | | - "documentation":"<p>The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service.</p>" |
| 134 | + "documentation":"<p>Currently, <code>refreshToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current Amazon Web Services SSO OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">Amazon Web Services SSO OIDC API Reference</a>.</p> <p>The token used to obtain an access token in the event that the access token is invalid or expired.</p>" |
135 | 135 | }, |
136 | 136 | "scope":{ |
137 | 137 | "shape":"Scopes", |
|
148 | 148 | "members":{ |
149 | 149 | "accessToken":{ |
150 | 150 | "shape":"AccessToken", |
151 | | - "documentation":"<p>An opaque token to access AWS SSO resources assigned to a user.</p>" |
| 151 | + "documentation":"<p>An opaque token to access Amazon Web Services SSO resources assigned to a user.</p>" |
152 | 152 | }, |
153 | 153 | "tokenType":{ |
154 | 154 | "shape":"TokenType", |
|
160 | 160 | }, |
161 | 161 | "refreshToken":{ |
162 | 162 | "shape":"RefreshToken", |
163 | | - "documentation":"<p>A token that, if present, can be used to refresh a previously issued access token that might have expired.</p>" |
| 163 | + "documentation":"<p>Currently, <code>refreshToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current Amazon Web Services SSO OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">Amazon Web Services SSO OIDC API Reference</a>.</p> <p>A token that, if present, can be used to refresh a previously issued access token that might have expired.</p>" |
164 | 164 | }, |
165 | 165 | "idToken":{ |
166 | 166 | "shape":"IdToken", |
167 | | - "documentation":"<p>The identifier of the user that associated with the access token, if present.</p>" |
| 167 | + "documentation":"<p>Currently, <code>idToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current Amazon Web Services SSO OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">Amazon Web Services SSO OIDC API Reference</a>.</p> <p>The identifier of the user that associated with the access token, if present.</p>" |
168 | 168 | } |
169 | 169 | } |
170 | 170 | }, |
|
323 | 323 | "members":{ |
324 | 324 | "clientId":{ |
325 | 325 | "shape":"ClientId", |
326 | | - "documentation":"<p>The unique identifier string for the client that is registered with AWS SSO. This value should come from the persisted result of the <a>RegisterClient</a> API operation.</p>" |
| 326 | + "documentation":"<p>The unique identifier string for the client that is registered with Amazon Web Services SSO. This value should come from the persisted result of the <a>RegisterClient</a> API operation.</p>" |
327 | 327 | }, |
328 | 328 | "clientSecret":{ |
329 | 329 | "shape":"ClientSecret", |
330 | 330 | "documentation":"<p>A secret string that is generated for the client. This value should come from the persisted result of the <a>RegisterClient</a> API operation.</p>" |
331 | 331 | }, |
332 | 332 | "startUrl":{ |
333 | 333 | "shape":"URI", |
334 | | - "documentation":"<p>The URL for the AWS SSO user portal. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html\">Using the User Portal</a> in the <i>AWS Single Sign-On User Guide</i>.</p>" |
| 334 | + "documentation":"<p>The URL for the AWS access portal. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html\">Using the AWS access portal</a> in the <i>Amazon Web Services SSO User Guide</i>.</p>" |
335 | 335 | } |
336 | 336 | } |
337 | 337 | }, |
|
388 | 388 | }, |
389 | 389 | "UserCode":{"type":"string"} |
390 | 390 | }, |
391 | | - "documentation":"<p>AWS Single Sign-On (SSO) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with AWS SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with AWS SSO. This service conforms with the OAuth 2.0 based implementation of the device authorization grant standard (<a href=\"https://tools.ietf.org/html/rfc8628\">https://tools.ietf.org/html/rfc8628</a>).</p> <p>For general information about AWS SSO, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html\">What is AWS Single Sign-On?</a> in the <i>AWS SSO User Guide</i>.</p> <p>This API reference guide describes the AWS SSO OIDC operations that you can call programatically and includes detailed information on data types and errors.</p> <note> <p>AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .Net, iOS, and Android. The SDKs provide a convenient way to create programmatic access to AWS SSO and other AWS services. For more information about the AWS SDKs, including how to download and install them, see <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a>.</p> </note>" |
| 391 | + "documentation":"<p>Amazon Web Services Single Sign On OpenID Connect (OIDC) is a web service that enables a client (such as Amazon Web Services CLI or a native application) to register with Amazon Web Services SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with Amazon Web Services SSO.</p> <note> <p>Although Amazon Web Services Single Sign-On was renamed, the <code>sso</code> and <code>identitystore</code> API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed\">Amazon Web Services SSO rename</a>.</p> </note> <p> <b>Considerations for Using This Guide</b> </p> <p>Before you begin using this guide, we recommend that you first review the following important information about how the Amazon Web Services SSO OIDC service works.</p> <ul> <li> <p>The Amazon Web Services SSO OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (<a href=\"https://tools.ietf.org/html/rfc8628\">https://tools.ietf.org/html/rfc8628</a>) that are necessary to enable single sign-on authentication with the AWS CLI. Support for other OIDC flows frequently needed for native applications, such as Authorization Code Flow (+ PKCE), will be addressed in future releases.</p> </li> <li> <p>The service emits only OIDC access tokens, such that obtaining a new token (For example, token refresh) requires explicit user re-authentication.</p> </li> <li> <p>The access tokens provided by this service grant access to all AWS account entitlements assigned to an Amazon Web Services SSO user, not just a particular application.</p> </li> <li> <p>The documentation in this guide does not describe the mechanism to convert the access token into AWS Auth (“sigv4”) credentials for use with IAM-protected AWS service endpoints. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html\">GetRoleCredentials</a> in the <i>Amazon Web Services SSO Portal API Reference Guide</i>.</p> </li> </ul> <p>For general information about Amazon Web Services SSO, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html\">What is Amazon Web Services SSO?</a> in the <i>Amazon Web Services SSO User Guide</i>.</p>" |
392 | 392 | } |
0 commit comments