CreateToken - AWS License Manager

CreateToken

Creates a long-lived token.

A refresh token is a JWT token used to get an access token. With an access token, you can call AssumeRoleWithWebIdentity to get role credentials that you can use to call License Manager to manage the specified license.

Request Syntax

{ "ClientToken": "string", "ExpirationInDays": number, "LicenseArn": "string", "RoleArns": [ "string" ], "TokenProperties": [ "string" ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ClientToken

Idempotency token, valid for 10 minutes.

Type: String

Length Constraints: Maximum length of 2048.

Pattern: \S+

Required: Yes

ExpirationInDays

Token expiration, in days, counted from token creation. The default is 365 days.

Type: Integer

Required: No

LicenseArn

Amazon Resource Name (ARN) of the license. The ARN is mapped to the aud claim of the JWT token.

Type: String

Length Constraints: Maximum length of 2048.

Pattern: ^arn:aws(-(cn|us-gov|iso-b|iso-c|iso-d))?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$

Required: Yes

RoleArns

Amazon Resource Name (ARN) of the IAM roles to embed in the token. License Manager does not check whether the roles are in use.

Type: Array of strings

Length Constraints: Maximum length of 2048.

Pattern: ^arn:aws(-(cn|us-gov|iso-b|iso-c|iso-d))?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$

Required: No

TokenProperties

Data specified by the caller to be included in the JWT token. The data is mapped to the amr claim of the JWT token.

Type: Array of strings

Array Members: Maximum number of 3 items.

Required: No

Response Syntax

{ "Token": "string", "TokenId": "string", "TokenType": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Token

Refresh token, encoded as a JWT token.

Type: String

Length Constraints: Maximum length of 4096.

Pattern: \S+

TokenId

Token ID.

Type: String

TokenType

Token type.

Type: String

Valid Values: REFRESH_TOKEN

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Access to resource denied.

HTTP Status Code: 400

AuthorizationException

The AWS user account does not have permission to perform the action. Check the IAM policy associated with this account.

HTTP Status Code: 400

RateLimitExceededException

Too many requests have been submitted. Try again after a brief wait.

HTTP Status Code: 400

RedirectException

This is not the correct Region for the resource. Try again.

HTTP Status Code: 400

ResourceLimitExceededException

Your resource limits have been exceeded.

HTTP Status Code: 400

ResourceNotFoundException

The resource cannot be found.

HTTP Status Code: 400

ServerInternalException

The server experienced an internal error. Try again.

HTTP Status Code: 500

ValidationException

The provided input is not valid. Try your request again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: