AWS Single Sign-On 2019-06-10
- Client: Aws\SSO\SSOClient
- Service ID: sso
- Version: 2019-06-10
This page describes the parameters and results for the operations of the AWS Single Sign-On (2019-06-10), and shows how to use the Aws\SSO\SSOClient object to call the described operations. This documentation is specific to the 2019-06-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- GetRoleCredentials ( array $params = [] )
Returns the STS short-term credentials for a given role name that is assigned to the user.
- ListAccountRoles ( array $params = [] )
Lists all roles that are assigned to the user for a given Amazon Web Services account.
- ListAccounts ( array $params = [] )
Lists all Amazon Web Services accounts assigned to the user.
- Logout ( array $params = [] )
Removes the locally stored SSO tokens from the client-side cache and sends an API call to the Amazon Web Services SSO service to invalidate the corresponding server-side Amazon Web Services SSO sign in session.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
GetRoleCredentials
$result = $client->getRoleCredentials([/* ... */]); $promise = $client->getRoleCredentialsAsync([/* ... */]);
Returns the STS short-term credentials for a given role name that is assigned to the user.
Parameter Syntax
$result = $client->getRoleCredentials([
'accessToken' => '<string>', // REQUIRED
'accountId' => '<string>', // REQUIRED
'roleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the Amazon Web Services SSO OIDC API Reference Guide. - accountId
-
- Required: Yes
- Type: string
The identifier for the Amazon Web Services account that is assigned to the user.
- roleName
-
- Required: Yes
- Type: string
The friendly name of the role that is assigned to the user.
Result Syntax
[
'roleCredentials' => [
'accessKeyId' => '<string>',
'expiration' => <integer>,
'secretAccessKey' => '<string>',
'sessionToken' => '<string>',
],
]
Result Details
Members
- roleCredentials
-
- Type: RoleCredentials structure
The credentials for the role that is assigned to the user.
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
-
The specified resource doesn't exist.
ListAccountRoles
$result = $client->listAccountRoles([/* ... */]); $promise = $client->listAccountRolesAsync([/* ... */]);
Lists all roles that are assigned to the user for a given Amazon Web Services account.
Parameter Syntax
$result = $client->listAccountRoles([
'accessToken' => '<string>', // REQUIRED
'accountId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the Amazon Web Services SSO OIDC API Reference Guide. - accountId
-
- Required: Yes
- Type: string
The identifier for the Amazon Web Services account that is assigned to the user.
- maxResults
-
- Type: int
The number of items that clients can request per page.
- nextToken
-
- Type: string
The page token from the previous response output when you request subsequent pages.
Result Syntax
[
'nextToken' => '<string>',
'roleList' => [
[
'accountId' => '<string>',
'roleName' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The page token client that is used to retrieve the list of accounts.
- roleList
-
- Type: Array of RoleInfo structures
A paginated response with the list of roles and the next token if more results are available.
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
-
The specified resource doesn't exist.
ListAccounts
$result = $client->listAccounts([/* ... */]); $promise = $client->listAccountsAsync([/* ... */]);
Lists all Amazon Web Services accounts assigned to the user. These Amazon Web Services accounts are assigned by the administrator of the account. For more information, see Assign User Access in the Amazon Web Services SSO User Guide. This operation returns a paginated response.
Parameter Syntax
$result = $client->listAccounts([
'accessToken' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the Amazon Web Services SSO OIDC API Reference Guide. - maxResults
-
- Type: int
This is the number of items clients can request per page.
- nextToken
-
- Type: string
(Optional) When requesting subsequent pages, this is the page token from the previous response output.
Result Syntax
[
'accountList' => [
[
'accountId' => '<string>',
'accountName' => '<string>',
'emailAddress' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- accountList
-
- Type: Array of AccountInfo structures
A paginated response with the list of account information and the next token if more results are available.
- nextToken
-
- Type: string
The page token client that is used to retrieve the list of accounts.
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
-
The specified resource doesn't exist.
Logout
$result = $client->logout([/* ... */]); $promise = $client->logoutAsync([/* ... */]);
Removes the locally stored SSO tokens from the client-side cache and sends an API call to the Amazon Web Services SSO service to invalidate the corresponding server-side Amazon Web Services SSO sign in session.
If a user uses Amazon Web Services SSO to access the AWS CLI, the user’s Amazon Web Services SSO sign in session is used to obtain an IAM session, as specified in the corresponding Amazon Web Services SSO permission set. More specifically, Amazon Web Services SSO assumes an IAM role in the target account on behalf of the user, and the corresponding temporary Amazon Web Services credentials are returned to the client.
After user logout, any existing IAM role sessions that were created by using Amazon Web Services SSO permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the Amazon Web Services SSO User Guide.
Parameter Syntax
$result = $client->logout([
'accessToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accessToken
-
- Required: Yes
- Type: string
The token issued by the
CreateTokenAPI call. For more information, see CreateToken in the Amazon Web Services SSO OIDC API Reference Guide.
Result Syntax
[]
Result Details
Errors
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
-
Indicates that the request is being made too frequently and is more than what the server can handle.
Shapes
AccountInfo
Description
Provides information about your Amazon Web Services account.
Members
- accountId
-
- Type: string
The identifier of the Amazon Web Services account that is assigned to the user.
- accountName
-
- Type: string
The display name of the Amazon Web Services account that is assigned to the user.
- emailAddress
-
- Type: string
The email address of the Amazon Web Services account that is assigned to the user.
InvalidRequestException
Description
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
Members
ResourceNotFoundException
RoleCredentials
Description
Provides information about the role credentials that are assigned to the user.
Members
- accessKeyId
-
- Type: string
The identifier used for the temporary security credentials. For more information, see Using Temporary Security Credentials to Request Access to Amazon Web Services Resources in the Amazon Web Services IAM User Guide.
- expiration
-
- Type: long (int|float)
The date on which temporary security credentials expire.
- secretAccessKey
-
- Type: string
The key that is used to sign the request. For more information, see Using Temporary Security Credentials to Request Access to Amazon Web Services Resources in the Amazon Web Services IAM User Guide.
- sessionToken
-
- Type: string
The token used for temporary credentials. For more information, see Using Temporary Security Credentials to Request Access to Amazon Web Services Resources in the Amazon Web Services IAM User Guide.
RoleInfo
Description
Provides information about the role that is assigned to the user.
Members
TooManyRequestsException
Description
Indicates that the request is being made too frequently and is more than what the server can handle.