Skip to content

Commit 060ae59

Browse files
rlirli
committed
Enable SSO login through authorization_grant with PKCE
1 parent cb108eb commit 060ae59

File tree

6 files changed

+909
-5
lines changed

6 files changed

+909
-5
lines changed

buildSrc/src/main/kotlin/software/aws/toolkits/gradle/sdk/GenerateSdk.kt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@ open class GenerateSdk : DefaultTask() {
3939
logger.info("Generating SDK from $this")
4040
val models = C2jModels.builder()
4141
.serviceModel(loadServiceModel())
42+
.endpointRuleSetModel(loadOptionalModel("endpoint-rule-set-1.json"))
43+
.endpointTestSuiteModel(loadOptionalModel("endpoint-tests-1.json"))
4244
.paginatorsModel(loadOptionalModel("paginators-1.json"))
4345
.customizationConfig(loadOptionalModel("customization.config") ?: CustomizationConfig.create())
4446
.waitersModel(loadOptionalModel("waiters-2.json"))

plugins/core/jetbrains-community/resources/META-INF/aws.toolkit.core.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@
6767
<postStartupActivity implementation="software.aws.toolkits.jetbrains.core.plugin.PluginAutoUpdater"/>
6868
<postStartupActivity implementation="software.aws.toolkits.jetbrains.core.AwsTelemetryPrompter"/>
6969

70-
<registryKey key="aws.dev.pkceAuth" description="True if new authorization requests should be using the PKCE grant flow"
70+
<registryKey key="aws.dev.useDAG" description="True if DAG should be used instead of authorization_grant with PKCE"
7171
defaultValue="false" restartRequired="false"/>
7272
<registryKey key="aws.telemetry.endpoint" description="Endpoint to use for publishing AWS client-side telemetry"
7373
defaultValue="https://client-telemetry.us-east-1.amazonaws.com" restartRequired="true"/>

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ class SsoAccessTokenProvider(
5656
get() = _authorization.get()
5757

5858
private val isNewAuthPkce: Boolean
59-
get() = Registry.`is`("aws.dev.pkceAuth", false)
59+
get() = !Registry.`is`("aws.dev.useDAG", false)
6060

6161
private val dagClientRegistrationCacheKey by lazy {
6262
DeviceAuthorizationClientRegistrationCacheKey(

plugins/core/sdk-codegen/codegen-resources/ssooidc/endpoint-rule-set-1.json

Lines changed: 339 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,339 @@
1+
{
2+
"version": "1.0",
3+
"parameters": {
4+
"Region": {
5+
"builtIn": "AWS::Region",
6+
"required": false,
7+
"documentation": "The AWS region used to dispatch the request.",
8+
"type": "String"
9+
},
10+
"UseDualStack": {
11+
"builtIn": "AWS::UseDualStack",
12+
"required": true,
13+
"default": false,
14+
"documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
15+
"type": "Boolean"
16+
},
17+
"UseFIPS": {
18+
"builtIn": "AWS::UseFIPS",
19+
"required": true,
20+
"default": false,
21+
"documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
22+
"type": "Boolean"
23+
},
24+
"Endpoint": {
25+
"builtIn": "SDK::Endpoint",
26+
"required": false,
27+
"documentation": "Override the endpoint used to send this request",
28+
"type": "String"
29+
}
30+
},
31+
"rules": [
32+
{
33+
"conditions": [
34+
{
35+
"fn": "isSet",
36+
"argv": [
37+
{
38+
"ref": "Endpoint"
39+
}
40+
]
41+
}
42+
],
43+
"rules": [
44+
{
45+
"conditions": [
46+
{
47+
"fn": "booleanEquals",
48+
"argv": [
49+
{
50+
"ref": "UseFIPS"
51+
},
52+
true
53+
]
54+
}
55+
],
56+
"error": "Invalid Configuration: FIPS and custom endpoint are not supported",
57+
"type": "error"
58+
},
59+
{
60+
"conditions": [
61+
{
62+
"fn": "booleanEquals",
63+
"argv": [
64+
{
65+
"ref": "UseDualStack"
66+
},
67+
true
68+
]
69+
}
70+
],
71+
"error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
72+
"type": "error"
73+
},
74+
{
75+
"conditions": [],
76+
"endpoint": {
77+
"url": {
78+
"ref": "Endpoint"
79+
},
80+
"properties": {},
81+
"headers": {}
82+
},
83+
"type": "endpoint"
84+
}
85+
],
86+
"type": "tree"
87+
},
88+
{
89+
"conditions": [
90+
{
91+
"fn": "isSet",
92+
"argv": [
93+
{
94+
"ref": "Region"
95+
}
96+
]
97+
}
98+
],
99+
"rules": [
100+
{
101+
"conditions": [
102+
{
103+
"fn": "aws.partition",
104+
"argv": [
105+
{
106+
"ref": "Region"
107+
}
108+
],
109+
"assign": "PartitionResult"
110+
}
111+
],
112+
"rules": [
113+
{
114+
"conditions": [
115+
{
116+
"fn": "booleanEquals",
117+
"argv": [
118+
{
119+
"ref": "UseFIPS"
120+
},
121+
true
122+
]
123+
},
124+
{
125+
"fn": "booleanEquals",
126+
"argv": [
127+
{
128+
"ref": "UseDualStack"
129+
},
130+
true
131+
]
132+
}
133+
],
134+
"rules": [
135+
{
136+
"conditions": [
137+
{
138+
"fn": "booleanEquals",
139+
"argv": [
140+
true,
141+
{
142+
"fn": "getAttr",
143+
"argv": [
144+
{
145+
"ref": "PartitionResult"
146+
},
147+
"supportsFIPS"
148+
]
149+
}
150+
]
151+
},
152+
{
153+
"fn": "booleanEquals",
154+
"argv": [
155+
true,
156+
{
157+
"fn": "getAttr",
158+
"argv": [
159+
{
160+
"ref": "PartitionResult"
161+
},
162+
"supportsDualStack"
163+
]
164+
}
165+
]
166+
}
167+
],
168+
"rules": [
169+
{
170+
"conditions": [],
171+
"endpoint": {
172+
"url": "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
173+
"properties": {},
174+
"headers": {}
175+
},
176+
"type": "endpoint"
177+
}
178+
],
179+
"type": "tree"
180+
},
181+
{
182+
"conditions": [],
183+
"error": "FIPS and DualStack are enabled, but this partition does not support one or both",
184+
"type": "error"
185+
}
186+
],
187+
"type": "tree"
188+
},
189+
{
190+
"conditions": [
191+
{
192+
"fn": "booleanEquals",
193+
"argv": [
194+
{
195+
"ref": "UseFIPS"
196+
},
197+
true
198+
]
199+
}
200+
],
201+
"rules": [
202+
{
203+
"conditions": [
204+
{
205+
"fn": "booleanEquals",
206+
"argv": [
207+
{
208+
"fn": "getAttr",
209+
"argv": [
210+
{
211+
"ref": "PartitionResult"
212+
},
213+
"supportsFIPS"
214+
]
215+
},
216+
true
217+
]
218+
}
219+
],
220+
"rules": [
221+
{
222+
"conditions": [
223+
{
224+
"fn": "stringEquals",
225+
"argv": [
226+
{
227+
"fn": "getAttr",
228+
"argv": [
229+
{
230+
"ref": "PartitionResult"
231+
},
232+
"name"
233+
]
234+
},
235+
"aws-us-gov"
236+
]
237+
}
238+
],
239+
"endpoint": {
240+
"url": "https://oidc.{Region}.amazonaws.com",
241+
"properties": {},
242+
"headers": {}
243+
},
244+
"type": "endpoint"
245+
},
246+
{
247+
"conditions": [],
248+
"endpoint": {
249+
"url": "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}",
250+
"properties": {},
251+
"headers": {}
252+
},
253+
"type": "endpoint"
254+
}
255+
],
256+
"type": "tree"
257+
},
258+
{
259+
"conditions": [],
260+
"error": "FIPS is enabled but this partition does not support FIPS",
261+
"type": "error"
262+
}
263+
],
264+
"type": "tree"
265+
},
266+
{
267+
"conditions": [
268+
{
269+
"fn": "booleanEquals",
270+
"argv": [
271+
{
272+
"ref": "UseDualStack"
273+
},
274+
true
275+
]
276+
}
277+
],
278+
"rules": [
279+
{
280+
"conditions": [
281+
{
282+
"fn": "booleanEquals",
283+
"argv": [
284+
true,
285+
{
286+
"fn": "getAttr",
287+
"argv": [
288+
{
289+
"ref": "PartitionResult"
290+
},
291+
"supportsDualStack"
292+
]
293+
}
294+
]
295+
}
296+
],
297+
"rules": [
298+
{
299+
"conditions": [],
300+
"endpoint": {
301+
"url": "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}",
302+
"properties": {},
303+
"headers": {}
304+
},
305+
"type": "endpoint"
306+
}
307+
],
308+
"type": "tree"
309+
},
310+
{
311+
"conditions": [],
312+
"error": "DualStack is enabled but this partition does not support DualStack",
313+
"type": "error"
314+
}
315+
],
316+
"type": "tree"
317+
},
318+
{
319+
"conditions": [],
320+
"endpoint": {
321+
"url": "https://oidc.{Region}.{PartitionResult#dnsSuffix}",
322+
"properties": {},
323+
"headers": {}
324+
},
325+
"type": "endpoint"
326+
}
327+
],
328+
"type": "tree"
329+
}
330+
],
331+
"type": "tree"
332+
},
333+
{
334+
"conditions": [],
335+
"error": "Invalid Configuration: Missing Region",
336+
"type": "error"
337+
}
338+
]
339+
}

0 commit comments

Comments
 (0)