README
@datafire/amazonaws_sso_oidc
Client library for AWS SSO OIDC
Installation and Usage
npm install --save @datafire/amazonaws_sso_oidc
let amazonaws_sso_oidc = require('@datafire/amazonaws_sso_oidc').create({
accessKeyId: "",
secretAccessKey: "",
region: ""
});
.then(data => {
console.log(data);
});
Description
AWS Single Sign-On (SSO) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with AWS SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with AWS SSO. This service conforms with the OAuth 2.0 based implementation of the device authorization grant standard (https://tools.ietf.org/html/rfc8628).
For general information about AWS SSO, see What is AWS Single Sign-On? in the AWS SSO User Guide.
This API reference guide describes the AWS SSO OIDC operations that you can call programatically and includes detailed information on data types and errors.
AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .Net, iOS, and Android. The SDKs provide a convenient way to create programmatic access to AWS SSO and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.
Actions
RegisterClient
amazonaws_sso_oidc.RegisterClient({
"clientName": "",
"clientType": ""
}, context)
Input
- input
object- clientName required
string: The friendly name of the client. - clientType required
string: The type of client. The service supports onlypublicas a client type. Anything other than public will be rejected by the service. - scopes
array: The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.- items Scope
- clientName required
Output
- output RegisterClientResponse
StartDeviceAuthorization
amazonaws_sso_oidc.StartDeviceAuthorization({
"clientId": "",
"clientSecret": "",
"startUrl": ""
}, context)
Input
- input
object- clientId required
string: The unique identifier string for the client that is registered with AWS SSO. This value should come from the persisted result of the RegisterClient API operation. - clientSecret required
string: A secret string that is generated for the client. This value should come from the persisted result of the RegisterClient API operation. - startUrl required
string: The URL for the AWS SSO user portal. For more information, see Using the User Portal in the AWS Single Sign-On User Guide.
- clientId required
Output
CreateToken
amazonaws_sso_oidc.CreateToken({
"clientId": "",
"clientSecret": "",
"grantType": "",
"deviceCode": ""
}, context)
Input
- input
object- clientId required
string: The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API. - clientSecret required
string: A secret string generated for the client. This value should come from the persisted result of the RegisterClient API. - code
string: The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token. - deviceCode required
string: Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API. - grantType required
string: Supports grant types for authorization code, refresh token, and device code request. - redirectUri
string: The location of the application that will receive the authorization code. Users authorize the service to send the request to this location. - refreshToken
string: The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service. - scope
array: The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.- items Scope
- clientId required
Output
- output CreateTokenResponse
Definitions
AccessDeniedException
AccessToken
- AccessToken
string
AuthCode
- AuthCode
string
AuthorizationPendingException
ClientId
- ClientId
string
ClientName
- ClientName
string
ClientSecret
- ClientSecret
string
ClientType
- ClientType
string
CreateTokenRequest
- CreateTokenRequest
object- clientId required
- clientSecret required
- code
- deviceCode required
- grantType required
- redirectUri
- refreshToken
- scope
- items Scope
CreateTokenResponse
- CreateTokenResponse
object- accessToken
- expiresIn
- idToken
- refreshToken
- tokenType
DeviceCode
- DeviceCode
string
ExpirationInSeconds
- ExpirationInSeconds
integer
ExpiredTokenException
GrantType
- GrantType
string
IdToken
- IdToken
string
InternalServerException
IntervalInSeconds
- IntervalInSeconds
integer
InvalidClientException
InvalidClientMetadataException
InvalidGrantException
InvalidRequestException
InvalidScopeException
LongTimeStampType
- LongTimeStampType
integer
RefreshToken
- RefreshToken
string
RegisterClientRequest
- RegisterClientRequest
object- clientName required
- clientType required
- scopes
- items Scope
RegisterClientResponse
- RegisterClientResponse
object- authorizationEndpoint
- clientId
- clientIdIssuedAt
- clientSecret
- clientSecretExpiresAt
- tokenEndpoint
Scope
- Scope
string
Scopes
- Scopes
array- items Scope
SlowDownException
StartDeviceAuthorizationRequest
- StartDeviceAuthorizationRequest
object- clientId required
- clientSecret required
- startUrl required
StartDeviceAuthorizationResponse
- StartDeviceAuthorizationResponse
object- deviceCode
- expiresIn
- interval
- userCode
- verificationUri
- verificationUriComplete
TokenType
- TokenType
string
URI
- URI
string
UnauthorizedClientException
UnsupportedGrantTypeException
UserCode
- UserCode
string