Skip to content

Commit 092ea6d

Browse files
Adds support for OAuth 2.0 token operations in AWS Sign-In, CreateOAuth2TokenWithIAM (client credentials flow), IntrospectOAuth2TokenWithIAM (token inspection), and RevokeOAuth2TokenWithIAM (token revocation).
1 parent 3273613 commit 092ea6d

26 files changed

Lines changed: 2402 additions & 597 deletions

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.11.842
1+
1.11.843

generated/src/aws-cpp-sdk-signin/include/aws/signin/SigninClient.h

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,35 @@ class AWS_SIGNIN_API SigninClient : public Aws::Client::AWSJsonClient,
124124
return SubmitAsync(&SigninClient::CreateOAuth2Token, request, handler, context);
125125
}
126126

127+
/**
128+
* <p>Grants permission to exchange client credentials for an OAuth 2.0 access
129+
* token scoped to a resource that can be used to access AWS services from
130+
* applications</p><p><h3>See Also:</h3> <a
131+
* href="http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAM">AWS
132+
* API Reference</a></p>
133+
*/
134+
virtual Model::CreateOAuth2TokenWithIAMOutcome CreateOAuth2TokenWithIAM(const Model::CreateOAuth2TokenWithIAMRequest& request) const;
135+
136+
/**
137+
* A Callable wrapper for CreateOAuth2TokenWithIAM that returns a future to the operation so that it can be executed in parallel to other
138+
* requests.
139+
*/
140+
template <typename CreateOAuth2TokenWithIAMRequestT = Model::CreateOAuth2TokenWithIAMRequest>
141+
Model::CreateOAuth2TokenWithIAMOutcomeCallable CreateOAuth2TokenWithIAMCallable(const CreateOAuth2TokenWithIAMRequestT& request) const {
142+
return SubmitCallable(&SigninClient::CreateOAuth2TokenWithIAM, request);
143+
}
144+
145+
/**
146+
* An Async wrapper for CreateOAuth2TokenWithIAM that queues the request into a thread executor and triggers associated callback when
147+
* operation has finished.
148+
*/
149+
template <typename CreateOAuth2TokenWithIAMRequestT = Model::CreateOAuth2TokenWithIAMRequest>
150+
void CreateOAuth2TokenWithIAMAsync(const CreateOAuth2TokenWithIAMRequestT& request,
151+
const CreateOAuth2TokenWithIAMResponseReceivedHandler& handler,
152+
const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const {
153+
return SubmitAsync(&SigninClient::CreateOAuth2TokenWithIAM, request, handler, context);
154+
}
155+
127156
/**
128157
* <p>Delete console authorization configuration with automatic scope
129158
* detection</p><p><h3>See Also:</h3> <a
@@ -242,6 +271,42 @@ class AWS_SIGNIN_API SigninClient : public Aws::Client::AWSJsonClient,
242271
return SubmitAsync(&SigninClient::GetResourcePolicy, request, handler, context);
243272
}
244273

274+
/**
275+
* <p>Grants permission to inspect the metadata and state of an OAuth 2.0 access
276+
* token or refresh token</p> <p>Implements RFC 7662 OAuth 2.0 Token Introspection
277+
* over a SigV4-authenticated endpoint. Inspects the metadata of an access_token or
278+
* refresh_token issued by AWS Sign-In and returns the claims associated with
279+
* it.</p> <p>Inactive token semantics (RFC 7662 §2.2): when the supplied token is
280+
* unknown, expired, revoked, malformed, or owned by a different account, the
281+
* response body is exactly { &quot;active&quot;: false } with all other claims
282+
* omitted.</p><p><h3>See Also:</h3> <a
283+
* href="http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/IntrospectOAuth2TokenWithIAM">AWS
284+
* API Reference</a></p>
285+
*/
286+
virtual Model::IntrospectOAuth2TokenWithIAMOutcome IntrospectOAuth2TokenWithIAM(
287+
const Model::IntrospectOAuth2TokenWithIAMRequest& request) const;
288+
289+
/**
290+
* A Callable wrapper for IntrospectOAuth2TokenWithIAM that returns a future to the operation so that it can be executed in parallel to
291+
* other requests.
292+
*/
293+
template <typename IntrospectOAuth2TokenWithIAMRequestT = Model::IntrospectOAuth2TokenWithIAMRequest>
294+
Model::IntrospectOAuth2TokenWithIAMOutcomeCallable IntrospectOAuth2TokenWithIAMCallable(
295+
const IntrospectOAuth2TokenWithIAMRequestT& request) const {
296+
return SubmitCallable(&SigninClient::IntrospectOAuth2TokenWithIAM, request);
297+
}
298+
299+
/**
300+
* An Async wrapper for IntrospectOAuth2TokenWithIAM that queues the request into a thread executor and triggers associated callback when
301+
* operation has finished.
302+
*/
303+
template <typename IntrospectOAuth2TokenWithIAMRequestT = Model::IntrospectOAuth2TokenWithIAMRequest>
304+
void IntrospectOAuth2TokenWithIAMAsync(const IntrospectOAuth2TokenWithIAMRequestT& request,
305+
const IntrospectOAuth2TokenWithIAMResponseReceivedHandler& handler,
306+
const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const {
307+
return SubmitAsync(&SigninClient::IntrospectOAuth2TokenWithIAM, request, handler, context);
308+
}
309+
245310
/**
246311
* <p>Retrieve all permission statements in the account's SignIn resource-based
247312
* policy</p><p><h3>See Also:</h3> <a
@@ -332,6 +397,38 @@ class AWS_SIGNIN_API SigninClient : public Aws::Client::AWSJsonClient,
332397
return SubmitAsync(&SigninClient::PutResourcePermissionStatement, request, handler, context);
333398
}
334399

400+
/**
401+
* <p>Grants permission to revoke an OAuth 2.0 refresh token and its associated
402+
* refresh tokens</p> <p>Revokes a refresh_token issued by AWS Sign-In,
403+
* invalidating the entire token chain so that the refresh_token can no longer be
404+
* used to mint new access_tokens.</p> <p>Idempotency: revoking an already-revoked,
405+
* expired, or otherwise invalid token still returns 200 OK with an empty body.
406+
* Only the refresh_token type is accepted.</p><p><h3>See Also:</h3> <a
407+
* href="http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/RevokeOAuth2TokenWithIAM">AWS
408+
* API Reference</a></p>
409+
*/
410+
virtual Model::RevokeOAuth2TokenWithIAMOutcome RevokeOAuth2TokenWithIAM(const Model::RevokeOAuth2TokenWithIAMRequest& request) const;
411+
412+
/**
413+
* A Callable wrapper for RevokeOAuth2TokenWithIAM that returns a future to the operation so that it can be executed in parallel to other
414+
* requests.
415+
*/
416+
template <typename RevokeOAuth2TokenWithIAMRequestT = Model::RevokeOAuth2TokenWithIAMRequest>
417+
Model::RevokeOAuth2TokenWithIAMOutcomeCallable RevokeOAuth2TokenWithIAMCallable(const RevokeOAuth2TokenWithIAMRequestT& request) const {
418+
return SubmitCallable(&SigninClient::RevokeOAuth2TokenWithIAM, request);
419+
}
420+
421+
/**
422+
* An Async wrapper for RevokeOAuth2TokenWithIAM that queues the request into a thread executor and triggers associated callback when
423+
* operation has finished.
424+
*/
425+
template <typename RevokeOAuth2TokenWithIAMRequestT = Model::RevokeOAuth2TokenWithIAMRequest>
426+
void RevokeOAuth2TokenWithIAMAsync(const RevokeOAuth2TokenWithIAMRequestT& request,
427+
const RevokeOAuth2TokenWithIAMResponseReceivedHandler& handler,
428+
const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const {
429+
return SubmitAsync(&SigninClient::RevokeOAuth2TokenWithIAM, request, handler, context);
430+
}
431+
335432
virtual void OverrideEndpoint(const Aws::String& endpoint);
336433
virtual std::shared_ptr<SigninEndpointProviderBase>& accessEndpointProvider();
337434

generated/src/aws-cpp-sdk-signin/include/aws/signin/SigninServiceClientModel.h

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,19 +20,22 @@
2020

2121
/* Service model headers required in SigninClient header */
2222
#include <aws/signin/model/CreateOAuth2TokenResult.h>
23+
#include <aws/signin/model/CreateOAuth2TokenWithIAMResult.h>
2324
#include <aws/signin/model/DeleteConsoleAuthorizationConfigurationRequest.h>
2425
#include <aws/signin/model/DeleteConsoleAuthorizationConfigurationResult.h>
2526
#include <aws/signin/model/DeleteResourcePermissionStatementResult.h>
2627
#include <aws/signin/model/GetConsoleAuthorizationConfigurationRequest.h>
2728
#include <aws/signin/model/GetConsoleAuthorizationConfigurationResult.h>
2829
#include <aws/signin/model/GetResourcePolicyRequest.h>
2930
#include <aws/signin/model/GetResourcePolicyResult.h>
31+
#include <aws/signin/model/IntrospectOAuth2TokenWithIAMResult.h>
3032
#include <aws/signin/model/ListResourcePermissionStatementsRequest.h>
3133
#include <aws/signin/model/ListResourcePermissionStatementsResult.h>
3234
#include <aws/signin/model/PutConsoleAuthorizationConfigurationRequest.h>
3335
#include <aws/signin/model/PutConsoleAuthorizationConfigurationResult.h>
3436
#include <aws/signin/model/PutResourcePermissionStatementRequest.h>
3537
#include <aws/signin/model/PutResourcePermissionStatementResult.h>
38+
#include <aws/signin/model/RevokeOAuth2TokenWithIAMResult.h>
3639
/* End of service model headers required in SigninClient header */
3740

3841
namespace Aws {
@@ -67,35 +70,44 @@ using SigninEndpointProvider = Aws::Signin::Endpoint::SigninEndpointProvider;
6770
namespace Model {
6871
/* Service model forward declarations required in SigninClient header */
6972
class CreateOAuth2TokenRequest;
73+
class CreateOAuth2TokenWithIAMRequest;
7074
class DeleteConsoleAuthorizationConfigurationRequest;
7175
class DeleteResourcePermissionStatementRequest;
7276
class GetConsoleAuthorizationConfigurationRequest;
7377
class GetResourcePolicyRequest;
78+
class IntrospectOAuth2TokenWithIAMRequest;
7479
class ListResourcePermissionStatementsRequest;
7580
class PutConsoleAuthorizationConfigurationRequest;
7681
class PutResourcePermissionStatementRequest;
82+
class RevokeOAuth2TokenWithIAMRequest;
7783
/* End of service model forward declarations required in SigninClient header */
7884

7985
/* Service model Outcome class definitions */
8086
typedef Aws::Utils::Outcome<CreateOAuth2TokenResult, SigninError> CreateOAuth2TokenOutcome;
87+
typedef Aws::Utils::Outcome<CreateOAuth2TokenWithIAMResult, SigninError> CreateOAuth2TokenWithIAMOutcome;
8188
typedef Aws::Utils::Outcome<DeleteConsoleAuthorizationConfigurationResult, SigninError> DeleteConsoleAuthorizationConfigurationOutcome;
8289
typedef Aws::Utils::Outcome<DeleteResourcePermissionStatementResult, SigninError> DeleteResourcePermissionStatementOutcome;
8390
typedef Aws::Utils::Outcome<GetConsoleAuthorizationConfigurationResult, SigninError> GetConsoleAuthorizationConfigurationOutcome;
8491
typedef Aws::Utils::Outcome<GetResourcePolicyResult, SigninError> GetResourcePolicyOutcome;
92+
typedef Aws::Utils::Outcome<IntrospectOAuth2TokenWithIAMResult, SigninError> IntrospectOAuth2TokenWithIAMOutcome;
8593
typedef Aws::Utils::Outcome<ListResourcePermissionStatementsResult, SigninError> ListResourcePermissionStatementsOutcome;
8694
typedef Aws::Utils::Outcome<PutConsoleAuthorizationConfigurationResult, SigninError> PutConsoleAuthorizationConfigurationOutcome;
8795
typedef Aws::Utils::Outcome<PutResourcePermissionStatementResult, SigninError> PutResourcePermissionStatementOutcome;
96+
typedef Aws::Utils::Outcome<RevokeOAuth2TokenWithIAMResult, SigninError> RevokeOAuth2TokenWithIAMOutcome;
8897
/* End of service model Outcome class definitions */
8998

9099
/* Service model Outcome callable definitions */
91100
typedef std::future<CreateOAuth2TokenOutcome> CreateOAuth2TokenOutcomeCallable;
101+
typedef std::future<CreateOAuth2TokenWithIAMOutcome> CreateOAuth2TokenWithIAMOutcomeCallable;
92102
typedef std::future<DeleteConsoleAuthorizationConfigurationOutcome> DeleteConsoleAuthorizationConfigurationOutcomeCallable;
93103
typedef std::future<DeleteResourcePermissionStatementOutcome> DeleteResourcePermissionStatementOutcomeCallable;
94104
typedef std::future<GetConsoleAuthorizationConfigurationOutcome> GetConsoleAuthorizationConfigurationOutcomeCallable;
95105
typedef std::future<GetResourcePolicyOutcome> GetResourcePolicyOutcomeCallable;
106+
typedef std::future<IntrospectOAuth2TokenWithIAMOutcome> IntrospectOAuth2TokenWithIAMOutcomeCallable;
96107
typedef std::future<ListResourcePermissionStatementsOutcome> ListResourcePermissionStatementsOutcomeCallable;
97108
typedef std::future<PutConsoleAuthorizationConfigurationOutcome> PutConsoleAuthorizationConfigurationOutcomeCallable;
98109
typedef std::future<PutResourcePermissionStatementOutcome> PutResourcePermissionStatementOutcomeCallable;
110+
typedef std::future<RevokeOAuth2TokenWithIAMOutcome> RevokeOAuth2TokenWithIAMOutcomeCallable;
99111
/* End of service model Outcome callable definitions */
100112
} // namespace Model
101113

@@ -105,6 +117,9 @@ class SigninClient;
105117
typedef std::function<void(const SigninClient*, const Model::CreateOAuth2TokenRequest&, const Model::CreateOAuth2TokenOutcome&,
106118
const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
107119
CreateOAuth2TokenResponseReceivedHandler;
120+
typedef std::function<void(const SigninClient*, const Model::CreateOAuth2TokenWithIAMRequest&,
121+
const Model::CreateOAuth2TokenWithIAMOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
122+
CreateOAuth2TokenWithIAMResponseReceivedHandler;
108123
typedef std::function<void(const SigninClient*, const Model::DeleteConsoleAuthorizationConfigurationRequest&,
109124
const Model::DeleteConsoleAuthorizationConfigurationOutcome&,
110125
const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
@@ -120,6 +135,10 @@ typedef std::function<void(const SigninClient*, const Model::GetConsoleAuthoriza
120135
typedef std::function<void(const SigninClient*, const Model::GetResourcePolicyRequest&, const Model::GetResourcePolicyOutcome&,
121136
const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
122137
GetResourcePolicyResponseReceivedHandler;
138+
typedef std::function<void(const SigninClient*, const Model::IntrospectOAuth2TokenWithIAMRequest&,
139+
const Model::IntrospectOAuth2TokenWithIAMOutcome&,
140+
const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
141+
IntrospectOAuth2TokenWithIAMResponseReceivedHandler;
123142
typedef std::function<void(const SigninClient*, const Model::ListResourcePermissionStatementsRequest&,
124143
const Model::ListResourcePermissionStatementsOutcome&,
125144
const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
@@ -132,6 +151,9 @@ typedef std::function<void(const SigninClient*, const Model::PutResourcePermissi
132151
const Model::PutResourcePermissionStatementOutcome&,
133152
const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
134153
PutResourcePermissionStatementResponseReceivedHandler;
154+
typedef std::function<void(const SigninClient*, const Model::RevokeOAuth2TokenWithIAMRequest&,
155+
const Model::RevokeOAuth2TokenWithIAMOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&)>
156+
RevokeOAuth2TokenWithIAMResponseReceivedHandler;
135157
/* End of service model async handlers definitions */
136158
} // namespace Signin
137159
} // namespace Aws

generated/src/aws-cpp-sdk-signin/include/aws/signin/model/AccessToken.h

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,9 @@ namespace Signin {
2020
namespace Model {
2121

2222
/**
23-
* <p>AWS credentials structure containing temporary access credentials</p> <p>The
24-
* scoped-down, 15 minute duration AWS credentials. Scoping down will be based on
25-
* CLI policy (CLI team needs to create it). Similar to cloud shell
26-
* implementation.</p><p><h3>See Also:</h3> <a
23+
* <p>AWS credentials structure containing temporary access credentials</p>
24+
* <p>Scoped, temporary AWS credentials with a 15-minute duration.</p><p><h3>See
25+
* Also:</h3> <a
2726
* href="http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/AccessToken">AWS
2827
* API Reference</a></p>
2928
*/
Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
/**
2+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3+
* SPDX-License-Identifier: Apache-2.0.
4+
*/
5+
6+
#pragma once
7+
#include <aws/core/utils/memory/stl/AWSString.h>
8+
#include <aws/signin/SigninRequest.h>
9+
#include <aws/signin/Signin_EXPORTS.h>
10+
11+
#include <utility>
12+
13+
namespace Aws {
14+
namespace Signin {
15+
namespace Model {
16+
17+
/**
18+
* <p>Input structure for CreateOAuth2TokenWithIAM operation</p><p><h3>See
19+
* Also:</h3> <a
20+
* href="http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenWithIAMRequest">AWS
21+
* API Reference</a></p>
22+
*/
23+
class CreateOAuth2TokenWithIAMRequest : public SigninRequest {
24+
public:
25+
AWS_SIGNIN_API CreateOAuth2TokenWithIAMRequest() = default;
26+
27+
// Service request name is the Operation name which will send this request out,
28+
// each operation should has unique request name, so that we can get operation's name from this request.
29+
// Note: this is not true for response, multiple operations may have the same response name,
30+
// so we can not get operation's name from response.
31+
inline virtual const char* GetServiceRequestName() const override { return "CreateOAuth2TokenWithIAM"; }
32+
33+
AWS_SIGNIN_API Aws::String SerializePayload() const override;
34+
35+
/**
36+
* Helper function to collect parameters (configurable and static hardcoded) required for endpoint computation.
37+
*/
38+
AWS_SIGNIN_API EndpointParameters GetEndpointContextParams() const override;
39+
40+
///@{
41+
/**
42+
* <p>OAuth 2.0 grant type. Must be &quot;client_credentials&quot;.</p>
43+
*/
44+
inline const Aws::String& GetGrantType() const { return m_grantType; }
45+
inline bool GrantTypeHasBeenSet() const { return m_grantTypeHasBeenSet; }
46+
template <typename GrantTypeT = Aws::String>
47+
void SetGrantType(GrantTypeT&& value) {
48+
m_grantTypeHasBeenSet = true;
49+
m_grantType = std::forward<GrantTypeT>(value);
50+
}
51+
template <typename GrantTypeT = Aws::String>
52+
CreateOAuth2TokenWithIAMRequest& WithGrantType(GrantTypeT&& value) {
53+
SetGrantType(std::forward<GrantTypeT>(value));
54+
return *this;
55+
}
56+
///@}
57+
58+
///@{
59+
/**
60+
* <p>The OAuth resource for which the access token is requested. Example:
61+
* &quot;aws-mcp.amazonaws.com&quot;.</p>
62+
*/
63+
inline const Aws::String& GetResource() const { return m_resource; }
64+
inline bool ResourceHasBeenSet() const { return m_resourceHasBeenSet; }
65+
template <typename ResourceT = Aws::String>
66+
void SetResource(ResourceT&& value) {
67+
m_resourceHasBeenSet = true;
68+
m_resource = std::forward<ResourceT>(value);
69+
}
70+
template <typename ResourceT = Aws::String>
71+
CreateOAuth2TokenWithIAMRequest& WithResource(ResourceT&& value) {
72+
SetResource(std::forward<ResourceT>(value));
73+
return *this;
74+
}
75+
///@}
76+
private:
77+
Aws::String m_grantType;
78+
79+
Aws::String m_resource;
80+
bool m_grantTypeHasBeenSet = false;
81+
bool m_resourceHasBeenSet = false;
82+
};
83+
84+
} // namespace Model
85+
} // namespace Signin
86+
} // namespace Aws

0 commit comments

Comments
 (0)