feat(client-sso-oidc): This release includes exception definition and documentation updates.

Author: awstools

clients/client-sso-oidc/README.md

@@ -13,7 +13,7 @@ user’s access token upon successful authentication and authorization with IAM
 <b>API namespaces</b>
 </p>
 <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
-OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
 <p>
 <b>Considerations for using this guide</b>
 </p>

clients/client-sso-oidc/src/SSOOIDC.ts

@@ -96,7 +96,7 @@ export interface SSOOIDC {
  *             <b>API namespaces</b>
  *          </p>
  *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
- *       OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
  *          <p>
  *             <b>Considerations for using this guide</b>
  *          </p>

clients/client-sso-oidc/src/SSOOIDCClient.ts

@@ -287,7 +287,7 @@ export interface SSOOIDCClientResolvedConfig extends SSOOIDCClientResolvedConfig
  *             <b>API namespaces</b>
  *          </p>
  *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
- *       OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
  *          <p>
  *             <b>Considerations for using this guide</b>
  *          </p>

clients/client-sso-oidc/src/commands/CreateTokenWithIAMCommand.ts

@@ -33,10 +33,14 @@ export interface CreateTokenWithIAMCommandInput extends CreateTokenWithIAMReques
 export interface CreateTokenWithIAMCommandOutput extends CreateTokenWithIAMResponse, __MetadataBearer {}
 
 /**
- * <p>Creates and returns access and refresh tokens for clients and applications that are
- *       authenticated using IAM entities. The access token can be used to fetch short-lived
- *       credentials for the assigned Amazon Web Services accounts or to access application APIs using
- *         <code>bearer</code> authentication.</p>
+ * <p>Creates and returns access and refresh tokens for authorized client applications that are
+ *       authenticated using any IAM entity, such as a service
+ *       role or user. These tokens might contain defined scopes that specify permissions such as <code>read:profile</code> or <code>write:data</code>. Through downscoping, you can use the scopes parameter to request tokens with reduced permissions compared to the original client application's permissions or, if applicable, the refresh token's scopes. The access token can be used to fetch short-lived credentials for the assigned
+ *       Amazon Web Services accounts or to access application APIs using <code>bearer</code> authentication.</p>
+ *          <note>
+ *             <p>This API is used with Signature Version 4. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html">Amazon Web Services Signature
+ *           Version 4 for API Requests</a>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-oidc/src/commands/RegisterClientCommand.ts

@@ -96,6 +96,10 @@ export interface RegisterClientCommandOutput extends RegisterClientResponse, __M
  * @throws {@link InvalidScopeException} (client fault)
  *  <p>Indicates that the scope provided in the request is invalid.</p>
  *
+ * @throws {@link SlowDownException} (client fault)
+ *  <p>Indicates that the client is making the request too frequently and is more than the
+ *       service can handle. </p>
+ *
  * @throws {@link UnsupportedGrantTypeException} (client fault)
  *  <p>Indicates that the grant type in the request is not supported by the service.</p>
  *

clients/client-sso-oidc/src/index.ts

@@ -8,7 +8,7 @@
  *             <b>API namespaces</b>
  *          </p>
  *          <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API namespaces. IAM Identity Center
- *       OpenID Connect uses the <code>sso-oidc</code> namespace.</p>
+ *       OpenID Connect uses the <code>sso-oauth</code> namespace.</p>
  *          <p>
  *             <b>Considerations for using this guide</b>
  *          </p>

clients/client-sso-oidc/src/models/models_0.ts

@@ -3,6 +3,20 @@ import { ExceptionOptionType as __ExceptionOptionType, SENSITIVE_STRING } from "
 
 import { SSOOIDCServiceException as __BaseException } from "./SSOOIDCServiceException";
 
+/**
+ * @public
+ * @enum
+ */
+export const AccessDeniedExceptionReason = {
+  KMS_ACCESS_DENIED: "KMS_AccessDeniedException",
+} as const;
+
+/**
+ * @public
+ */
+export type AccessDeniedExceptionReason =
+  (typeof AccessDeniedExceptionReason)[keyof typeof AccessDeniedExceptionReason];
+
 /**
  * <p>You do not have sufficient access to perform this action.</p>
  * @public
@@ -16,6 +30,12 @@ export class AccessDeniedException extends __BaseException {
    */
   error?: string | undefined;
 
+  /**
+   * <p>A string that uniquely identifies a reason for the error.</p>
+   * @public
+   */
+  reason?: AccessDeniedExceptionReason | undefined;
+
   /**
    * <p>Human-readable text providing additional information, used to assist the client developer
    *       in understanding the error that occurred.</p>
@@ -33,6 +53,7 @@ export class AccessDeniedException extends __BaseException {
     });
     Object.setPrototypeOf(this, AccessDeniedException.prototype);
     this.error = opts.error;
+    this.reason = opts.reason;
     this.error_description = opts.error_description;
   }
 }
@@ -74,15 +95,16 @@ export class AuthorizationPendingException extends __BaseException {
 }
 
 /**
- * <p>This structure contains Amazon Web Services-specific parameter extensions for the token endpoint
- *       responses and includes the identity context.</p>
+ * <p>This structure contains Amazon Web Services-specific parameter extensions and the <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html">identity context</a>.</p>
  * @public
  */
 export interface AwsAdditionalDetails {
   /**
-   * <p>STS context assertion that carries a user identifier to the Amazon Web Services service that it calls
-   *       and can be used to obtain an identity-enhanced IAM role session. This value corresponds to
-   *       the <code>sts:identity_context</code> claim in the ID token.</p>
+   * <p>The trusted context assertion is signed and encrypted by STS. It provides access to
+   *         <code>sts:identity_context</code> claim in the <code>idToken</code> without JWT
+   *       parsing</p>
+   *          <p>Identity context comprises information that Amazon Web Services services use to make authorization
+   *       decisions when they receive requests.</p>
    * @public
    */
   identityContext?: string | undefined;
@@ -144,9 +166,7 @@ export interface CreateTokenRequest {
   refreshToken?: string | undefined;
 
   /**
-   * <p>The list of scopes for which authorization is requested. The access token that is issued
-   *       is limited to the scopes that are granted. If this value is not specified, IAM Identity Center authorizes
-   *       all scopes that are configured for the client during the call to <a>RegisterClient</a>.</p>
+   * <p>The list of scopes for which authorization is requested. This parameter has no effect; the access token will always include all scopes configured during client registration.</p>
    * @public
    */
   scope?: string[] | undefined;
@@ -354,6 +374,23 @@ export class InvalidGrantException extends __BaseException {
   }
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const InvalidRequestExceptionReason = {
+  KMS_DISABLED_KEY: "KMS_DisabledException",
+  KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException",
+  KMS_INVALID_STATE: "KMS_InvalidStateException",
+  KMS_KEY_NOT_FOUND: "KMS_NotFoundException",
+} as const;
+
+/**
+ * @public
+ */
+export type InvalidRequestExceptionReason =
+  (typeof InvalidRequestExceptionReason)[keyof typeof InvalidRequestExceptionReason];
+
 /**
  * <p>Indicates that something is wrong with the input to the request. For example, a required
  *       parameter might be missing or out of range.</p>
@@ -369,6 +406,12 @@ export class InvalidRequestException extends __BaseException {
    */
   error?: string | undefined;
 
+  /**
+   * <p>A string that uniquely identifies a reason for the error.</p>
+   * @public
+   */
+  reason?: InvalidRequestExceptionReason | undefined;
+
   /**
    * <p>Human-readable text providing additional information, used to assist the client developer
    *       in understanding the error that occurred.</p>
@@ -386,6 +429,7 @@ export class InvalidRequestException extends __BaseException {
     });
     Object.setPrototypeOf(this, InvalidRequestException.prototype);
     this.error = opts.error;
+    this.reason = opts.reason;
     this.error_description = opts.error_description;
   }
 }
@@ -698,10 +742,8 @@ export interface CreateTokenWithIAMResponse {
   scope?: string[] | undefined;
 
   /**
-   * <p>A structure containing information from the <code>idToken</code>. Only the
-   *         <code>identityContext</code> is in it, which is a value extracted from the
-   *         <code>idToken</code>. This provides direct access to identity information without requiring
-   *       JWT parsing.</p>
+   * <p>A structure containing information from IAM Identity Center managed user and group
+   *       information.</p>
    * @public
    */
   awsAdditionalDetails?: AwsAdditionalDetails | undefined;

clients/client-sso-oidc/src/protocols/Aws_restJson1.ts

@@ -343,6 +343,7 @@ const de_AccessDeniedExceptionRes = async (
   const doc = take(data, {
     error: __expectString,
     error_description: __expectString,
+    reason: __expectString,
   });
   Object.assign(contents, doc);
   const exception = new AccessDeniedException({
@@ -511,6 +512,7 @@ const de_InvalidRequestExceptionRes = async (
   const doc = take(data, {
     error: __expectString,
     error_description: __expectString,
+    reason: __expectString,
   });
   Object.assign(contents, doc);
   const exception = new InvalidRequestException({