AWS Single Sign-On 2019-06-10
- Client: Aws\SSO\SSOClient
- Service ID: sso
- Version: 2019-06-10
This page describes the parameters and results for the operations of the AWS Single Sign-On (2019-06-10), and shows how to use the Aws\SSO\SSOClient object to call the described operations. This documentation is specific to the 2019-06-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- GetRoleCredentials ( array $params = [] )
Returns the STS short-term credentials for a given role name that is assigned to the user.
- ListAccountRoles ( array $params = [] )
Lists all roles that are assigned to the user for a given AWS account.
- ListAccounts ( array $params = [] )
Lists all AWS accounts assigned to the user.
- Logout ( array $params = [] )
Removes the client- and server-side session that is associated with the user.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
GetRoleCredentials
$result = $client->getRoleCredentials([/* ... */]); $promise = $client->getRoleCredentialsAsync([/* ... */]);
Returns the STS short-term credentials for a given role name that is assigned to the user.
Parameter Syntax
$result = $client->getRoleCredentials([
'accessToken' => '<string>', // REQUIRED
'accountId' => '<string>', // REQUIRED
'roleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the AWS SSO OIDC API Reference Guide. - accountId
-
- Required: Yes
- Type: string
The identifier for the AWS account that is assigned to the user.
- roleName
-
- Required: Yes
- Type: string
The friendly name of the role that is assigned to the user.
Result Syntax
[
'roleCredentials' => [
'accessKeyId' => '<string>',
'expiration' => <integer>,
'secretAccessKey' => '<string>',
'sessionToken' => '<string>',
],
]
Result Details
Members
- roleCredentials
-
- Type: RoleCredentials structure
The credentials for the role that is assigned to the user.
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
-
The specified resource doesn't exist.
ListAccountRoles
$result = $client->listAccountRoles([/* ... */]); $promise = $client->listAccountRolesAsync([/* ... */]);
Lists all roles that are assigned to the user for a given AWS account.
Parameter Syntax
$result = $client->listAccountRoles([
'accessToken' => '<string>', // REQUIRED
'accountId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the AWS SSO OIDC API Reference Guide. - accountId
-
- Required: Yes
- Type: string
The identifier for the AWS account that is assigned to the user.
- maxResults
-
- Type: int
The number of items that clients can request per page.
- nextToken
-
- Type: string
The page token from the previous response output when you request subsequent pages.
Result Syntax
[
'nextToken' => '<string>',
'roleList' => [
[
'accountId' => '<string>',
'roleName' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The page token client that is used to retrieve the list of accounts.
- roleList
-
- Type: Array of RoleInfo structures
A paginated response with the list of roles and the next token if more results are available.
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
-
The specified resource doesn't exist.
ListAccounts
$result = $client->listAccounts([/* ... */]); $promise = $client->listAccountsAsync([/* ... */]);
Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access in the AWS SSO User Guide. This operation returns a paginated response.
Parameter Syntax
$result = $client->listAccounts([
'accessToken' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the AWS SSO OIDC API Reference Guide. - maxResults
-
- Type: int
This is the number of items clients can request per page.
- nextToken
-
- Type: string
(Optional) When requesting subsequent pages, this is the page token from the previous response output.
Result Syntax
[
'accountList' => [
[
'accountId' => '<string>',
'accountName' => '<string>',
'emailAddress' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- accountList
-
- Type: Array of AccountInfo structures
A paginated response with the list of account information and the next token if more results are available.
- nextToken
-
- Type: string
The page token client that is used to retrieve the list of accounts.
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
-
The specified resource doesn't exist.
Logout
$result = $client->logout([/* ... */]); $promise = $client->logoutAsync([/* ... */]);
Removes the client- and server-side session that is associated with the user.
Parameter Syntax
$result = $client->logout([
'accessToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the AWS SSO OIDC API Reference Guide.
Result Syntax
[]
Result Details
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
Shapes
AccountInfo
Description
Provides information about your AWS account.
Members
InvalidRequestException
Description
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
Members
ResourceNotFoundException
RoleCredentials
Description
Provides information about the role credentials that are assigned to the user.
Members
- accessKeyId
-
- Type: string
The identifier used for the temporary security credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide.
- expiration
-
- Type: long (int|float)
The date on which temporary security credentials expire.
- secretAccessKey
-
- Type: string
The key that is used to sign the request. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide.
- sessionToken
-
- Type: string
The token used for temporary credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide.
RoleInfo
Description
Provides information about the role that is assigned to the user.
Members
TooManyRequestsException
Description
Indicates that the request is being made too frequently and is more than what the server can handle.