const (

    // ErrCodeAccessDeniedException for service response error code
    // "AccessDeniedException".
    //
    // You do not have sufficient access to perform this action.
    ErrCodeAccessDeniedException = "AccessDeniedException"

    // ErrCodeAuthorizationPendingException for service response error code
    // "AuthorizationPendingException".
    //
    // Indicates that a request to authorize a client with an access user session
    // token is pending.
    ErrCodeAuthorizationPendingException = "AuthorizationPendingException"

    // ErrCodeExpiredTokenException for service response error code
    // "ExpiredTokenException".
    //
    // Indicates that the token issued by the service is expired and is no longer
    // valid.
    ErrCodeExpiredTokenException = "ExpiredTokenException"

    // ErrCodeInternalServerException for service response error code
    // "InternalServerException".
    //
    // Indicates that an error from the service occurred while trying to process
    // a request.
    ErrCodeInternalServerException = "InternalServerException"

    // ErrCodeInvalidClientException for service response error code
    // "InvalidClientException".
    //
    // Indicates that the clientId or clientSecret in the request is invalid. For
    // example, this can occur when a client sends an incorrect clientId or an expired
    // clientSecret.
    ErrCodeInvalidClientException = "InvalidClientException"

    // ErrCodeInvalidClientMetadataException for service response error code
    // "InvalidClientMetadataException".
    //
    // Indicates that the client information sent in the request during registration
    // is invalid.
    ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException"

    // ErrCodeInvalidGrantException for service response error code
    // "InvalidGrantException".
    //
    // Indicates that a request contains an invalid grant. This can occur if a client
    // makes a CreateToken request with an invalid grant type.
    ErrCodeInvalidGrantException = "InvalidGrantException"

    // ErrCodeInvalidRedirectUriException for service response error code
    // "InvalidRedirectUriException".
    //
    // Indicates that one or more redirect URI in the request is not supported for
    // this operation.
    ErrCodeInvalidRedirectUriException = "InvalidRedirectUriException"

    // ErrCodeInvalidRequestException for service response error code
    // "InvalidRequestException".
    //
    // Indicates that something is wrong with the input to the request. For example,
    // a required parameter might be missing or out of range.
    ErrCodeInvalidRequestException = "InvalidRequestException"

    // ErrCodeInvalidRequestRegionException for service response error code
    // "InvalidRequestRegionException".
    //
    // Indicates that a token provided as input to the request was issued by and
    // is only usable by calling IAM Identity Center endpoints in another region.
    ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"

    // ErrCodeInvalidScopeException for service response error code
    // "InvalidScopeException".
    //
    // Indicates that the scope provided in the request is invalid.
    ErrCodeInvalidScopeException = "InvalidScopeException"

    // ErrCodeSlowDownException for service response error code
    // "SlowDownException".
    //
    // Indicates that the client is making the request too frequently and is more
    // than the service can handle.
    ErrCodeSlowDownException = "SlowDownException"

    // ErrCodeUnauthorizedClientException for service response error code
    // "UnauthorizedClientException".
    //
    // Indicates that the client is not currently authorized to make the request.
    // This can happen when a clientId is not issued for a public client.
    ErrCodeUnauthorizedClientException = "UnauthorizedClientException"

    // ErrCodeUnsupportedGrantTypeException for service response error code
    // "UnsupportedGrantTypeException".
    //
    // Indicates that the grant type in the request is not supported by the service.
    ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException"
)

const (
    ServiceName = "SSO OIDC" // Name of service.
    EndpointsID = "oidc"     // ID to lookup a service endpoint with.
    ServiceID   = "SSO OIDC" // ServiceID is a unique identifier of a specific service.
)

type AccessDeniedException ¶

type AccessDeniedException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be access_denied.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

You do not have sufficient access to perform this action.

func (*AccessDeniedException) Code ¶

func (s *AccessDeniedException) Code() string

Code returns the exception type name.

func (*AccessDeniedException) Error ¶

func (s *AccessDeniedException) Error() string

func (AccessDeniedException) GoString ¶

func (s AccessDeniedException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*AccessDeniedException) Message ¶

func (s *AccessDeniedException) Message() string

Message returns the exception's message.

func (*AccessDeniedException) OrigErr ¶

func (s *AccessDeniedException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*AccessDeniedException) RequestID ¶

func (s *AccessDeniedException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*AccessDeniedException) StatusCode ¶

func (s *AccessDeniedException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (AccessDeniedException) String ¶

func (s AccessDeniedException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type AuthorizationPendingException ¶

type AuthorizationPendingException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be authorization_pending.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that a request to authorize a client with an access user session token is pending.

func (*AuthorizationPendingException) Code ¶

func (s *AuthorizationPendingException) Code() string

Code returns the exception type name.

func (*AuthorizationPendingException) Error ¶

func (s *AuthorizationPendingException) Error() string

func (AuthorizationPendingException) GoString ¶

func (s AuthorizationPendingException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*AuthorizationPendingException) Message ¶

func (s *AuthorizationPendingException) Message() string

Message returns the exception's message.

func (*AuthorizationPendingException) OrigErr ¶

func (s *AuthorizationPendingException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*AuthorizationPendingException) RequestID ¶

func (s *AuthorizationPendingException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*AuthorizationPendingException) StatusCode ¶

func (s *AuthorizationPendingException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (AuthorizationPendingException) String ¶

func (s AuthorizationPendingException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type CreateTokenInput ¶

type CreateTokenInput struct {

    // The unique identifier string for the client or application. This value comes
    // from the result of the RegisterClient API.
    //
    // ClientId is a required field
    ClientId *string `locationName:"clientId" type:"string" required:"true"`

    // A secret string generated for the client. This value should come from the
    // persisted result of the RegisterClient API.
    //
    // ClientSecret is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenInput's
    // String and GoString methods.
    //
    // ClientSecret is a required field
    ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`

    // Used only when calling this API for the Authorization Code grant type. The
    // short-term code is used to identify this authorization request. This grant
    // type is currently unsupported for the CreateToken API.
    Code *string `locationName:"code" type:"string"`

    // Used only when calling this API for the Authorization Code grant type. This
    // value is generated by the client and presented to validate the original code
    // challenge value the client passed at authorization time.
    //
    // CodeVerifier is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenInput's
    // String and GoString methods.
    CodeVerifier *string `locationName:"codeVerifier" type:"string" sensitive:"true"`

    // Used only when calling this API for the Device Code grant type. This short-term
    // code is used to identify this authorization request. This comes from the
    // result of the StartDeviceAuthorization API.
    DeviceCode *string `locationName:"deviceCode" type:"string"`

    // Supports the following OAuth grant types: Device Code and Refresh Token.
    // Specify either of the following values, depending on the grant type that
    // you want:
    //
    // * Device Code - urn:ietf:params:oauth:grant-type:device_code
    //
    // * Refresh Token - refresh_token
    //
    // For information about how to obtain the device code, see the StartDeviceAuthorization
    // topic.
    //
    // GrantType is a required field
    GrantType *string `locationName:"grantType" type:"string" required:"true"`

    // Used only when calling this API for the Authorization Code grant type. This
    // value specifies the location of the client or application that has registered
    // to receive the authorization code.
    RedirectUri *string `locationName:"redirectUri" type:"string"`

    // Used only when calling this API for the Refresh Token grant type. This token
    // is used to refresh short-term tokens, such as the access token, that might
    // expire.
    //
    // For more information about the features and limitations of the current IAM
    // Identity Center OIDC implementation, see Considerations for Using this Guide
    // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
    //
    // RefreshToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenInput's
    // String and GoString methods.
    RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

    // The list of scopes for which authorization is requested. The access token
    // that is issued is limited to the scopes that are granted. If this value is
    // not specified, IAM Identity Center authorizes all scopes that are configured
    // for the client during the call to RegisterClient.
    Scope []*string `locationName:"scope" type:"list"`
    // contains filtered or unexported fields
}

func (CreateTokenInput) GoString ¶

func (s CreateTokenInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenInput) SetClientId ¶

func (s *CreateTokenInput) SetClientId(v string) *CreateTokenInput

SetClientId sets the ClientId field's value.

func (*CreateTokenInput) SetClientSecret ¶

func (s *CreateTokenInput) SetClientSecret(v string) *CreateTokenInput

SetClientSecret sets the ClientSecret field's value.

func (*CreateTokenInput) SetCode ¶

func (s *CreateTokenInput) SetCode(v string) *CreateTokenInput

SetCode sets the Code field's value.

func (*CreateTokenInput) SetCodeVerifier ¶

func (s *CreateTokenInput) SetCodeVerifier(v string) *CreateTokenInput

SetCodeVerifier sets the CodeVerifier field's value.

func (*CreateTokenInput) SetDeviceCode ¶

func (s *CreateTokenInput) SetDeviceCode(v string) *CreateTokenInput

SetDeviceCode sets the DeviceCode field's value.

func (*CreateTokenInput) SetGrantType ¶

func (s *CreateTokenInput) SetGrantType(v string) *CreateTokenInput

SetGrantType sets the GrantType field's value.

func (*CreateTokenInput) SetRedirectUri ¶

func (s *CreateTokenInput) SetRedirectUri(v string) *CreateTokenInput

SetRedirectUri sets the RedirectUri field's value.

func (*CreateTokenInput) SetRefreshToken ¶

func (s *CreateTokenInput) SetRefreshToken(v string) *CreateTokenInput

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenInput) SetScope ¶

func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput

SetScope sets the Scope field's value.

func (CreateTokenInput) String ¶

func (s CreateTokenInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenInput) Validate ¶

func (s *CreateTokenInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CreateTokenOutput ¶

type CreateTokenOutput struct {

    // A bearer token to access Amazon Web Services accounts and applications assigned
    // to a user.
    //
    // AccessToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenOutput's
    // String and GoString methods.
    AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`

    // Indicates the time in seconds when an access token will expire.
    ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

    // The idToken is not implemented or supported. For more information about the
    // features and limitations of the current IAM Identity Center OIDC implementation,
    // see Considerations for Using this Guide in the IAM Identity Center OIDC API
    // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
    //
    // A JSON Web Token (JWT) that identifies who is associated with the issued
    // access token.
    //
    // IdToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenOutput's
    // String and GoString methods.
    IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`

    // A token that, if present, can be used to refresh a previously issued access
    // token that might have expired.
    //
    // For more information about the features and limitations of the current IAM
    // Identity Center OIDC implementation, see Considerations for Using this Guide
    // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
    //
    // RefreshToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenOutput's
    // String and GoString methods.
    RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

    // Used to notify the client that the returned token is an access token. The
    // supported token type is Bearer.
    TokenType *string `locationName:"tokenType" type:"string"`
    // contains filtered or unexported fields
}

func (CreateTokenOutput) GoString ¶

func (s CreateTokenOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenOutput) SetAccessToken ¶

func (s *CreateTokenOutput) SetAccessToken(v string) *CreateTokenOutput

SetAccessToken sets the AccessToken field's value.

func (*CreateTokenOutput) SetExpiresIn ¶

func (s *CreateTokenOutput) SetExpiresIn(v int64) *CreateTokenOutput

SetExpiresIn sets the ExpiresIn field's value.

func (*CreateTokenOutput) SetIdToken ¶

func (s *CreateTokenOutput) SetIdToken(v string) *CreateTokenOutput

SetIdToken sets the IdToken field's value.

func (*CreateTokenOutput) SetRefreshToken ¶

func (s *CreateTokenOutput) SetRefreshToken(v string) *CreateTokenOutput

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenOutput) SetTokenType ¶

func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput

SetTokenType sets the TokenType field's value.

func (CreateTokenOutput) String ¶

func (s CreateTokenOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type CreateTokenWithIAMInput ¶

type CreateTokenWithIAMInput struct {

    // Used only when calling this API for the JWT Bearer grant type. This value
    // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize
    // a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
    //
    // Assertion is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
    // String and GoString methods.
    Assertion *string `locationName:"assertion" type:"string" sensitive:"true"`

    // The unique identifier string for the client or application. This value is
    // an application ARN that has OAuth grants configured.
    //
    // ClientId is a required field
    ClientId *string `locationName:"clientId" type:"string" required:"true"`

    // Used only when calling this API for the Authorization Code grant type. This
    // short-term code is used to identify this authorization request. The code
    // is obtained through a redirect from IAM Identity Center to a redirect URI
    // persisted in the Authorization Code GrantOptions for the application.
    Code *string `locationName:"code" type:"string"`

    // Used only when calling this API for the Authorization Code grant type. This
    // value is generated by the client and presented to validate the original code
    // challenge value the client passed at authorization time.
    //
    // CodeVerifier is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
    // String and GoString methods.
    CodeVerifier *string `locationName:"codeVerifier" type:"string" sensitive:"true"`

    // Supports the following OAuth grant types: Authorization Code, Refresh Token,
    // JWT Bearer, and Token Exchange. Specify one of the following values, depending
    // on the grant type that you want:
    //
    // * Authorization Code - authorization_code
    //
    // * Refresh Token - refresh_token
    //
    // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
    //
    // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
    //
    // GrantType is a required field
    GrantType *string `locationName:"grantType" type:"string" required:"true"`

    // Used only when calling this API for the Authorization Code grant type. This
    // value specifies the location of the client or application that has registered
    // to receive the authorization code.
    RedirectUri *string `locationName:"redirectUri" type:"string"`

    // Used only when calling this API for the Refresh Token grant type. This token
    // is used to refresh short-term tokens, such as the access token, that might
    // expire.
    //
    // For more information about the features and limitations of the current IAM
    // Identity Center OIDC implementation, see Considerations for Using this Guide
    // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
    //
    // RefreshToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
    // String and GoString methods.
    RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

    // Used only when calling this API for the Token Exchange grant type. This value
    // specifies the type of token that the requester can receive. The following
    // values are supported:
    //
    // * Access Token - urn:ietf:params:oauth:token-type:access_token
    //
    // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
    RequestedTokenType *string `locationName:"requestedTokenType" type:"string"`

    // The list of scopes for which authorization is requested. The access token
    // that is issued is limited to the scopes that are granted. If the value is
    // not specified, IAM Identity Center authorizes all scopes configured for the
    // application, including the following default scopes: openid, aws, sts:identity_context.
    Scope []*string `locationName:"scope" type:"list"`

    // Used only when calling this API for the Token Exchange grant type. This value
    // specifies the subject of the exchange. The value of the subject token must
    // be an access token issued by IAM Identity Center to a different client or
    // application. The access token must have authorized scopes that indicate the
    // requested application as a target audience.
    //
    // SubjectToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
    // String and GoString methods.
    SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"`

    // Used only when calling this API for the Token Exchange grant type. This value
    // specifies the type of token that is passed as the subject of the exchange.
    // The following value is supported:
    //
    // * Access Token - urn:ietf:params:oauth:token-type:access_token
    SubjectTokenType *string `locationName:"subjectTokenType" type:"string"`
    // contains filtered or unexported fields
}

func (CreateTokenWithIAMInput) GoString ¶

func (s CreateTokenWithIAMInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenWithIAMInput) SetAssertion ¶

func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput

SetAssertion sets the Assertion field's value.

func (*CreateTokenWithIAMInput) SetClientId ¶

func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput

SetClientId sets the ClientId field's value.

func (*CreateTokenWithIAMInput) SetCode ¶

func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput

SetCode sets the Code field's value.

func (*CreateTokenWithIAMInput) SetCodeVerifier ¶

func (s *CreateTokenWithIAMInput) SetCodeVerifier(v string) *CreateTokenWithIAMInput

SetCodeVerifier sets the CodeVerifier field's value.

func (*CreateTokenWithIAMInput) SetGrantType ¶

func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput

SetGrantType sets the GrantType field's value.

func (*CreateTokenWithIAMInput) SetRedirectUri ¶

func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput

SetRedirectUri sets the RedirectUri field's value.

func (*CreateTokenWithIAMInput) SetRefreshToken ¶

func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenWithIAMInput) SetRequestedTokenType ¶

func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput

SetRequestedTokenType sets the RequestedTokenType field's value.

func (*CreateTokenWithIAMInput) SetScope ¶

func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput

SetScope sets the Scope field's value.

func (*CreateTokenWithIAMInput) SetSubjectToken ¶

func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput

SetSubjectToken sets the SubjectToken field's value.

func (*CreateTokenWithIAMInput) SetSubjectTokenType ¶

func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput

SetSubjectTokenType sets the SubjectTokenType field's value.

func (CreateTokenWithIAMInput) String ¶

func (s CreateTokenWithIAMInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenWithIAMInput) Validate ¶

func (s *CreateTokenWithIAMInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CreateTokenWithIAMOutput ¶

type CreateTokenWithIAMOutput struct {

    // A bearer token to access Amazon Web Services accounts and applications assigned
    // to a user.
    //
    // AccessToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
    // String and GoString methods.
    AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`

    // Indicates the time in seconds when an access token will expire.
    ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

    // A JSON Web Token (JWT) that identifies the user associated with the issued
    // access token.
    //
    // IdToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
    // String and GoString methods.
    IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`

    // Indicates the type of tokens that are issued by IAM Identity Center. The
    // following values are supported:
    //
    // * Access Token - urn:ietf:params:oauth:token-type:access_token
    //
    // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
    IssuedTokenType *string `locationName:"issuedTokenType" type:"string"`

    // A token that, if present, can be used to refresh a previously issued access
    // token that might have expired.
    //
    // For more information about the features and limitations of the current IAM
    // Identity Center OIDC implementation, see Considerations for Using this Guide
    // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
    //
    // RefreshToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
    // String and GoString methods.
    RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`

    // The list of scopes for which authorization is granted. The access token that
    // is issued is limited to the scopes that are granted.
    Scope []*string `locationName:"scope" type:"list"`

    // Used to notify the requester that the returned token is an access token.
    // The supported token type is Bearer.
    TokenType *string `locationName:"tokenType" type:"string"`
    // contains filtered or unexported fields
}

func (CreateTokenWithIAMOutput) GoString ¶

func (s CreateTokenWithIAMOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateTokenWithIAMOutput) SetAccessToken ¶

func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput

SetAccessToken sets the AccessToken field's value.

func (*CreateTokenWithIAMOutput) SetExpiresIn ¶

func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput

SetExpiresIn sets the ExpiresIn field's value.

func (*CreateTokenWithIAMOutput) SetIdToken ¶

func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput

SetIdToken sets the IdToken field's value.

func (*CreateTokenWithIAMOutput) SetIssuedTokenType ¶

func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput

SetIssuedTokenType sets the IssuedTokenType field's value.

func (*CreateTokenWithIAMOutput) SetRefreshToken ¶

func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput

SetRefreshToken sets the RefreshToken field's value.

func (*CreateTokenWithIAMOutput) SetScope ¶

func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput

SetScope sets the Scope field's value.

func (*CreateTokenWithIAMOutput) SetTokenType ¶

func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput

SetTokenType sets the TokenType field's value.

func (CreateTokenWithIAMOutput) String ¶

func (s CreateTokenWithIAMOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ExpiredTokenException ¶

type ExpiredTokenException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be expired_token.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the token issued by the service is expired and is no longer valid.

func (*ExpiredTokenException) Code ¶

func (s *ExpiredTokenException) Code() string

Code returns the exception type name.

func (*ExpiredTokenException) Error ¶

func (s *ExpiredTokenException) Error() string

func (ExpiredTokenException) GoString ¶

func (s ExpiredTokenException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ExpiredTokenException) Message ¶

func (s *ExpiredTokenException) Message() string

Message returns the exception's message.

func (*ExpiredTokenException) OrigErr ¶

func (s *ExpiredTokenException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*ExpiredTokenException) RequestID ¶

func (s *ExpiredTokenException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*ExpiredTokenException) StatusCode ¶

func (s *ExpiredTokenException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (ExpiredTokenException) String ¶

func (s ExpiredTokenException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InternalServerException ¶

type InternalServerException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be server_error.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that an error from the service occurred while trying to process a request.

func (*InternalServerException) Code ¶

func (s *InternalServerException) Code() string

Code returns the exception type name.

func (*InternalServerException) Error ¶

func (s *InternalServerException) Error() string

func (InternalServerException) GoString ¶

func (s InternalServerException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InternalServerException) Message ¶

func (s *InternalServerException) Message() string

Message returns the exception's message.

func (*InternalServerException) OrigErr ¶

func (s *InternalServerException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InternalServerException) RequestID ¶

func (s *InternalServerException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InternalServerException) StatusCode ¶

func (s *InternalServerException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InternalServerException) String ¶

func (s InternalServerException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidClientException ¶

type InvalidClientException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be invalid_client.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

func (*InvalidClientException) Code ¶

func (s *InvalidClientException) Code() string

Code returns the exception type name.

func (*InvalidClientException) Error ¶

func (s *InvalidClientException) Error() string

func (InvalidClientException) GoString ¶

func (s InvalidClientException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidClientException) Message ¶

func (s *InvalidClientException) Message() string

Message returns the exception's message.

func (*InvalidClientException) OrigErr ¶

func (s *InvalidClientException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidClientException) RequestID ¶

func (s *InvalidClientException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidClientException) StatusCode ¶

func (s *InvalidClientException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidClientException) String ¶

func (s InvalidClientException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidClientMetadataException ¶

type InvalidClientMetadataException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be invalid_client_metadata.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the client information sent in the request during registration is invalid.

func (*InvalidClientMetadataException) Code ¶

func (s *InvalidClientMetadataException) Code() string

Code returns the exception type name.

func (*InvalidClientMetadataException) Error ¶

func (s *InvalidClientMetadataException) Error() string

func (InvalidClientMetadataException) GoString ¶

func (s InvalidClientMetadataException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidClientMetadataException) Message ¶

func (s *InvalidClientMetadataException) Message() string

Message returns the exception's message.

func (*InvalidClientMetadataException) OrigErr ¶

func (s *InvalidClientMetadataException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidClientMetadataException) RequestID ¶

func (s *InvalidClientMetadataException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidClientMetadataException) StatusCode ¶

func (s *InvalidClientMetadataException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidClientMetadataException) String ¶

func (s InvalidClientMetadataException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidGrantException ¶

type InvalidGrantException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be invalid_grant.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.

func (*InvalidGrantException) Code ¶

func (s *InvalidGrantException) Code() string

Code returns the exception type name.

func (*InvalidGrantException) Error ¶

func (s *InvalidGrantException) Error() string

func (InvalidGrantException) GoString ¶

func (s InvalidGrantException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidGrantException) Message ¶

func (s *InvalidGrantException) Message() string

Message returns the exception's message.

func (*InvalidGrantException) OrigErr ¶

func (s *InvalidGrantException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidGrantException) RequestID ¶

func (s *InvalidGrantException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidGrantException) StatusCode ¶

func (s *InvalidGrantException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidGrantException) String ¶

func (s InvalidGrantException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRedirectUriException ¶

type InvalidRedirectUriException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be invalid_redirect_uri.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that one or more redirect URI in the request is not supported for this operation.

func (*InvalidRedirectUriException) Code ¶

func (s *InvalidRedirectUriException) Code() string

Code returns the exception type name.

func (*InvalidRedirectUriException) Error ¶

func (s *InvalidRedirectUriException) Error() string

func (InvalidRedirectUriException) GoString ¶

func (s InvalidRedirectUriException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRedirectUriException) Message ¶

func (s *InvalidRedirectUriException) Message() string

Message returns the exception's message.

func (*InvalidRedirectUriException) OrigErr ¶

func (s *InvalidRedirectUriException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRedirectUriException) RequestID ¶

func (s *InvalidRedirectUriException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRedirectUriException) StatusCode ¶

func (s *InvalidRedirectUriException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRedirectUriException) String ¶

func (s InvalidRedirectUriException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRequestException ¶

type InvalidRequestException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be invalid_request.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

func (*InvalidRequestException) Code ¶

func (s *InvalidRequestException) Code() string

Code returns the exception type name.

func (*InvalidRequestException) Error ¶

func (s *InvalidRequestException) Error() string

func (InvalidRequestException) GoString ¶

func (s InvalidRequestException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRequestException) Message ¶

func (s *InvalidRequestException) Message() string

Message returns the exception's message.

func (*InvalidRequestException) OrigErr ¶

func (s *InvalidRequestException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRequestException) RequestID ¶

func (s *InvalidRequestException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRequestException) StatusCode ¶

func (s *InvalidRequestException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRequestException) String ¶

func (s InvalidRequestException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRequestRegionException ¶

type InvalidRequestRegionException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Indicates the IAM Identity Center endpoint which the requester may call with
    // this token.
    Endpoint *string `locationName:"endpoint" type:"string"`

    // Single error code. For this exception the value will be invalid_request.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`

    // Indicates the region which the requester may call with this token.
    Region *string `locationName:"region" type:"string"`
    // contains filtered or unexported fields
}

Indicates that a token provided as input to the request was issued by and is only usable by calling IAM Identity Center endpoints in another region.

func (*InvalidRequestRegionException) Code ¶

func (s *InvalidRequestRegionException) Code() string

Code returns the exception type name.

func (*InvalidRequestRegionException) Error ¶

func (s *InvalidRequestRegionException) Error() string

func (InvalidRequestRegionException) GoString ¶

func (s InvalidRequestRegionException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRequestRegionException) Message ¶

func (s *InvalidRequestRegionException) Message() string

Message returns the exception's message.

func (*InvalidRequestRegionException) OrigErr ¶

func (s *InvalidRequestRegionException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRequestRegionException) RequestID ¶

func (s *InvalidRequestRegionException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRequestRegionException) StatusCode ¶

func (s *InvalidRequestRegionException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRequestRegionException) String ¶

func (s InvalidRequestRegionException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidScopeException ¶

type InvalidScopeException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be invalid_scope.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the scope provided in the request is invalid.

func (*InvalidScopeException) Code ¶

func (s *InvalidScopeException) Code() string

Code returns the exception type name.

func (*InvalidScopeException) Error ¶

func (s *InvalidScopeException) Error() string

func (InvalidScopeException) GoString ¶

func (s InvalidScopeException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidScopeException) Message ¶

func (s *InvalidScopeException) Message() string

Message returns the exception's message.

func (*InvalidScopeException) OrigErr ¶

func (s *InvalidScopeException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidScopeException) RequestID ¶

func (s *InvalidScopeException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidScopeException) StatusCode ¶

func (s *InvalidScopeException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidScopeException) String ¶

func (s InvalidScopeException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RegisterClientInput ¶

type RegisterClientInput struct {

    // The friendly name of the client.
    //
    // ClientName is a required field
    ClientName *string `locationName:"clientName" type:"string" required:"true"`

    // The type of client. The service supports only public as a client type. Anything
    // other than public will be rejected by the service.
    //
    // ClientType is a required field
    ClientType *string `locationName:"clientType" type:"string" required:"true"`

    // This IAM Identity Center application ARN is used to define administrator-managed
    // configuration for public client access to resources. At authorization, the
    // scopes, grants, and redirect URI available to this client will be restricted
    // by this application resource.
    EntitledApplicationArn *string `locationName:"entitledApplicationArn" type:"string"`

    // The list of OAuth 2.0 grant types that are defined by the client. This list
    // is used to restrict the token granting flows available to the client.
    GrantTypes []*string `locationName:"grantTypes" type:"list"`

    // The IAM Identity Center Issuer URL associated with an instance of IAM Identity
    // Center. This value is needed for user access to resources through the client.
    IssuerUrl *string `locationName:"issuerUrl" type:"string"`

    // The list of redirect URI that are defined by the client. At completion of
    // authorization, this list is used to restrict what locations the user agent
    // can be redirected back to.
    RedirectUris []*string `locationName:"redirectUris" type:"list"`

    // The list of scopes that are defined by the client. Upon authorization, this
    // list is used to restrict permissions when granting an access token.
    Scopes []*string `locationName:"scopes" type:"list"`
    // contains filtered or unexported fields
}

func (RegisterClientInput) GoString ¶

func (s RegisterClientInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RegisterClientInput) SetClientName ¶

func (s *RegisterClientInput) SetClientName(v string) *RegisterClientInput

SetClientName sets the ClientName field's value.

func (*RegisterClientInput) SetClientType ¶

func (s *RegisterClientInput) SetClientType(v string) *RegisterClientInput

SetClientType sets the ClientType field's value.

func (*RegisterClientInput) SetEntitledApplicationArn ¶

func (s *RegisterClientInput) SetEntitledApplicationArn(v string) *RegisterClientInput

SetEntitledApplicationArn sets the EntitledApplicationArn field's value.

func (*RegisterClientInput) SetGrantTypes ¶

func (s *RegisterClientInput) SetGrantTypes(v []*string) *RegisterClientInput

SetGrantTypes sets the GrantTypes field's value.

func (*RegisterClientInput) SetIssuerUrl ¶

func (s *RegisterClientInput) SetIssuerUrl(v string) *RegisterClientInput

SetIssuerUrl sets the IssuerUrl field's value.

func (*RegisterClientInput) SetRedirectUris ¶

func (s *RegisterClientInput) SetRedirectUris(v []*string) *RegisterClientInput

SetRedirectUris sets the RedirectUris field's value.

func (*RegisterClientInput) SetScopes ¶

func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput

SetScopes sets the Scopes field's value.

func (RegisterClientInput) String ¶

func (s RegisterClientInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RegisterClientInput) Validate ¶

func (s *RegisterClientInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type RegisterClientOutput ¶

type RegisterClientOutput struct {

    // An endpoint that the client can use to request authorization.
    AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`

    // The unique identifier string for each client. This client uses this identifier
    // to get authenticated by the service in subsequent calls.
    ClientId *string `locationName:"clientId" type:"string"`

    // Indicates the time at which the clientId and clientSecret were issued.
    ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"`

    // A secret string generated for the client. The client will use this string
    // to get authenticated by the service in subsequent calls.
    //
    // ClientSecret is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by RegisterClientOutput's
    // String and GoString methods.
    ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"`

    // Indicates the time at which the clientId and clientSecret will become invalid.
    ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`

    // An endpoint that the client can use to create tokens.
    TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
    // contains filtered or unexported fields
}

func (RegisterClientOutput) GoString ¶

func (s RegisterClientOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RegisterClientOutput) SetAuthorizationEndpoint ¶

func (s *RegisterClientOutput) SetAuthorizationEndpoint(v string) *RegisterClientOutput

SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value.

func (*RegisterClientOutput) SetClientId ¶

func (s *RegisterClientOutput) SetClientId(v string) *RegisterClientOutput

SetClientId sets the ClientId field's value.

func (*RegisterClientOutput) SetClientIdIssuedAt ¶

func (s *RegisterClientOutput) SetClientIdIssuedAt(v int64) *RegisterClientOutput

SetClientIdIssuedAt sets the ClientIdIssuedAt field's value.

func (*RegisterClientOutput) SetClientSecret ¶

func (s *RegisterClientOutput) SetClientSecret(v string) *RegisterClientOutput

SetClientSecret sets the ClientSecret field's value.

func (*RegisterClientOutput) SetClientSecretExpiresAt ¶

func (s *RegisterClientOutput) SetClientSecretExpiresAt(v int64) *RegisterClientOutput

SetClientSecretExpiresAt sets the ClientSecretExpiresAt field's value.

func (*RegisterClientOutput) SetTokenEndpoint ¶

func (s *RegisterClientOutput) SetTokenEndpoint(v string) *RegisterClientOutput

SetTokenEndpoint sets the TokenEndpoint field's value.

func (RegisterClientOutput) String ¶

func (s RegisterClientOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type SSOOIDC ¶

type SSOOIDC struct {
    *client.Client
}

SSOOIDC provides the API operation methods for making requests to AWS SSO OIDC. See this package's package overview docs for details on the service.

SSOOIDC methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.

func New ¶

func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC

New creates a new instance of the SSOOIDC client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.

Example:

mySession := session.Must(session.NewSession())

// Create a SSOOIDC client from just a session.
svc := ssooidc.New(mySession)

// Create a SSOOIDC client with additional configuration
svc := ssooidc.New(mySession, aws.NewConfig().WithRegion("us-west-2"))

func (*SSOOIDC) CreateToken ¶

func (c *SSOOIDC) CreateToken(input *CreateTokenInput) (*CreateTokenOutput, error)

CreateToken API operation for AWS SSO OIDC.

Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation CreateToken for usage and error information.

Returned Error Types:

• InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

• InvalidClientException Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

• InvalidGrantException Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.

• UnauthorizedClientException Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

• UnsupportedGrantTypeException Indicates that the grant type in the request is not supported by the service.

• InvalidScopeException Indicates that the scope provided in the request is invalid.

• AuthorizationPendingException Indicates that a request to authorize a client with an access user session token is pending.

• SlowDownException Indicates that the client is making the request too frequently and is more than the service can handle.

• AccessDeniedException You do not have sufficient access to perform this action.

• ExpiredTokenException Indicates that the token issued by the service is expired and is no longer valid.

• InternalServerException Indicates that an error from the service occurred while trying to process a request.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken

svc := ssooidc.New(session.New())
input := &ssooidc.CreateTokenInput{
    ClientId:     aws.String("_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID"),
    ClientSecret: aws.String("VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0"),
    DeviceCode:   aws.String("yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE"),
    GrantType:    aws.String("urn:ietf:params:oauth:grant-type:device-code"),
}

result, err := svc.CreateToken(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeInvalidGrantException:
            fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeAuthorizationPendingException:
            fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeAccessDeniedException:
            fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
        case ssooidc.ErrCodeExpiredTokenException:
            fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

svc := ssooidc.New(session.New())
input := &ssooidc.CreateTokenInput{
    ClientId:     aws.String("_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID"),
    ClientSecret: aws.String("VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0"),
    GrantType:    aws.String("refresh_token"),
    RefreshToken: aws.String("aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN"),
    Scope: []*string{
        aws.String("codewhisperer:completions"),
    },
}

result, err := svc.CreateToken(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeInvalidGrantException:
            fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeAuthorizationPendingException:
            fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeAccessDeniedException:
            fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
        case ssooidc.ErrCodeExpiredTokenException:
            fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

func (*SSOOIDC) CreateTokenRequest ¶

func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Request, output *CreateTokenOutput)

CreateTokenRequest generates a "aws/request.Request" representing the client's request for the CreateToken operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See CreateToken for more information on using the CreateToken API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the CreateTokenRequest method.
req, resp := client.CreateTokenRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken

func (*SSOOIDC) CreateTokenWithContext ¶

func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInput, opts ...request.Option) (*CreateTokenOutput, error)

CreateTokenWithContext is the same as CreateToken with the addition of the ability to pass a context and additional request options.

See CreateToken for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSOOIDC) CreateTokenWithIAM ¶

func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error)

CreateTokenWithIAM API operation for AWS SSO OIDC.

Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation CreateTokenWithIAM for usage and error information.

Returned Error Types:

• InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

• InvalidClientException Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

• InvalidGrantException Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.

• UnauthorizedClientException Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

• UnsupportedGrantTypeException Indicates that the grant type in the request is not supported by the service.

• InvalidScopeException Indicates that the scope provided in the request is invalid.

• AuthorizationPendingException Indicates that a request to authorize a client with an access user session token is pending.

• SlowDownException Indicates that the client is making the request too frequently and is more than the service can handle.

• AccessDeniedException You do not have sufficient access to perform this action.

• ExpiredTokenException Indicates that the token issued by the service is expired and is no longer valid.

• InternalServerException Indicates that an error from the service occurred while trying to process a request.

• InvalidRequestRegionException Indicates that a token provided as input to the request was issued by and is only usable by calling IAM Identity Center endpoints in another region.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM

svc := ssooidc.New(session.New())
input := &ssooidc.CreateTokenWithIAMInput{
    ClientId:    aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
    Code:        aws.String("yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE"),
    GrantType:   aws.String("authorization_code"),
    RedirectUri: aws.String("https://mywebapp.example/redirect"),
    Scope: []*string{
        aws.String("openid"),
        aws.String("aws"),
        aws.String("sts:identity_context"),
    },
}

result, err := svc.CreateTokenWithIAM(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeInvalidGrantException:
            fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeAuthorizationPendingException:
            fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeAccessDeniedException:
            fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
        case ssooidc.ErrCodeExpiredTokenException:
            fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        case ssooidc.ErrCodeInvalidRequestRegionException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

svc := ssooidc.New(session.New())
input := &ssooidc.CreateTokenWithIAMInput{
    ClientId:     aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
    GrantType:    aws.String("refresh_token"),
    RefreshToken: aws.String("aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN"),
}

result, err := svc.CreateTokenWithIAM(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeInvalidGrantException:
            fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeAuthorizationPendingException:
            fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeAccessDeniedException:
            fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
        case ssooidc.ErrCodeExpiredTokenException:
            fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        case ssooidc.ErrCodeInvalidRequestRegionException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

svc := ssooidc.New(session.New())
input := &ssooidc.CreateTokenWithIAMInput{
    Assertion: aws.String("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw"),
    ClientId:  aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
    GrantType: aws.String("urn:ietf:params:oauth:grant-type:jwt-bearer"),
}

result, err := svc.CreateTokenWithIAM(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeInvalidGrantException:
            fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeAuthorizationPendingException:
            fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeAccessDeniedException:
            fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
        case ssooidc.ErrCodeExpiredTokenException:
            fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        case ssooidc.ErrCodeInvalidRequestRegionException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

svc := ssooidc.New(session.New())
input := &ssooidc.CreateTokenWithIAMInput{
    ClientId:           aws.String("arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222"),
    GrantType:          aws.String("urn:ietf:params:oauth:grant-type:token-exchange"),
    RequestedTokenType: aws.String("urn:ietf:params:oauth:token-type:access_token"),
    SubjectToken:       aws.String("aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN"),
    SubjectTokenType:   aws.String("urn:ietf:params:oauth:token-type:access_token"),
}

result, err := svc.CreateTokenWithIAM(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeInvalidGrantException:
            fmt.Println(ssooidc.ErrCodeInvalidGrantException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeAuthorizationPendingException:
            fmt.Println(ssooidc.ErrCodeAuthorizationPendingException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeAccessDeniedException:
            fmt.Println(ssooidc.ErrCodeAccessDeniedException, aerr.Error())
        case ssooidc.ErrCodeExpiredTokenException:
            fmt.Println(ssooidc.ErrCodeExpiredTokenException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        case ssooidc.ErrCodeInvalidRequestRegionException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestRegionException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

func (*SSOOIDC) CreateTokenWithIAMRequest ¶

func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput)

CreateTokenWithIAMRequest generates a "aws/request.Request" representing the client's request for the CreateTokenWithIAM operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See CreateTokenWithIAM for more information on using the CreateTokenWithIAM API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the CreateTokenWithIAMRequest method.
req, resp := client.CreateTokenWithIAMRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM

func (*SSOOIDC) CreateTokenWithIAMWithContext ¶

func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error)

CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of the ability to pass a context and additional request options.

See CreateTokenWithIAM for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSOOIDC) RegisterClient ¶

func (c *SSOOIDC) RegisterClient(input *RegisterClientInput) (*RegisterClientOutput, error)

RegisterClient API operation for AWS SSO OIDC.

Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation RegisterClient for usage and error information.

Returned Error Types:

• InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

• InvalidScopeException Indicates that the scope provided in the request is invalid.

• InvalidClientMetadataException Indicates that the client information sent in the request during registration is invalid.

• InternalServerException Indicates that an error from the service occurred while trying to process a request.

• InvalidRedirectUriException Indicates that one or more redirect URI in the request is not supported for this operation.

• UnsupportedGrantTypeException Indicates that the grant type in the request is not supported by the service.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient

svc := ssooidc.New(session.New())
input := &ssooidc.RegisterClientInput{
    ClientName:             aws.String("My IDE Plugin"),
    ClientType:             aws.String("public"),
    EntitledApplicationArn: aws.String("arn:aws:sso::ACCOUNTID:application/ssoins-1111111111111111/apl-1111111111111111"),
    GrantTypes: []*string{
        aws.String("authorization_code"),
        aws.String("refresh_token"),
    },
    IssuerUrl: aws.String("https://identitycenter.amazonaws.com/ssoins-1111111111111111"),
    RedirectUris: []*string{
        aws.String("127.0.0.1:PORT/oauth/callback"),
    },
    Scopes: []*string{
        aws.String("sso:account:access"),
        aws.String("codewhisperer:completions"),
    },
}

result, err := svc.RegisterClient(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidScopeException:
            fmt.Println(ssooidc.ErrCodeInvalidScopeException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientMetadataException:
            fmt.Println(ssooidc.ErrCodeInvalidClientMetadataException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        case ssooidc.ErrCodeInvalidRedirectUriException:
            fmt.Println(ssooidc.ErrCodeInvalidRedirectUriException, aerr.Error())
        case ssooidc.ErrCodeUnsupportedGrantTypeException:
            fmt.Println(ssooidc.ErrCodeUnsupportedGrantTypeException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

func (*SSOOIDC) RegisterClientRequest ¶

func (c *SSOOIDC) RegisterClientRequest(input *RegisterClientInput) (req *request.Request, output *RegisterClientOutput)

RegisterClientRequest generates a "aws/request.Request" representing the client's request for the RegisterClient operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See RegisterClient for more information on using the RegisterClient API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the RegisterClientRequest method.
req, resp := client.RegisterClientRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient

func (*SSOOIDC) RegisterClientWithContext ¶

func (c *SSOOIDC) RegisterClientWithContext(ctx aws.Context, input *RegisterClientInput, opts ...request.Option) (*RegisterClientOutput, error)

RegisterClientWithContext is the same as RegisterClient with the addition of the ability to pass a context and additional request options.

See RegisterClient for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSOOIDC) StartDeviceAuthorization ¶

func (c *SSOOIDC) StartDeviceAuthorization(input *StartDeviceAuthorizationInput) (*StartDeviceAuthorizationOutput, error)

StartDeviceAuthorization API operation for AWS SSO OIDC.

Initiates device authorization by requesting a pair of verification codes from the authorization service.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS SSO OIDC's API operation StartDeviceAuthorization for usage and error information.

Returned Error Types:

• InvalidRequestException Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

• InvalidClientException Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

• UnauthorizedClientException Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

• SlowDownException Indicates that the client is making the request too frequently and is more than the service can handle.

• InternalServerException Indicates that an error from the service occurred while trying to process a request.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization

svc := ssooidc.New(session.New())
input := &ssooidc.StartDeviceAuthorizationInput{
    ClientId:     aws.String("_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID"),
    ClientSecret: aws.String("VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0"),
    StartUrl:     aws.String("https://identitycenter.amazonaws.com/ssoins-111111111111"),
}

result, err := svc.StartDeviceAuthorization(input)
if err != nil {
    if aerr, ok := err.(awserr.Error); ok {
        switch aerr.Code() {
        case ssooidc.ErrCodeInvalidRequestException:
            fmt.Println(ssooidc.ErrCodeInvalidRequestException, aerr.Error())
        case ssooidc.ErrCodeInvalidClientException:
            fmt.Println(ssooidc.ErrCodeInvalidClientException, aerr.Error())
        case ssooidc.ErrCodeUnauthorizedClientException:
            fmt.Println(ssooidc.ErrCodeUnauthorizedClientException, aerr.Error())
        case ssooidc.ErrCodeSlowDownException:
            fmt.Println(ssooidc.ErrCodeSlowDownException, aerr.Error())
        case ssooidc.ErrCodeInternalServerException:
            fmt.Println(ssooidc.ErrCodeInternalServerException, aerr.Error())
        default:
            fmt.Println(aerr.Error())
        }
    } else {
        // Print the error, cast err to awserr.Error to get the Code and
        // Message from an error.
        fmt.Println(err.Error())
    }
    return
}

fmt.Println(result)

func (*SSOOIDC) StartDeviceAuthorizationRequest ¶

func (c *SSOOIDC) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) (req *request.Request, output *StartDeviceAuthorizationOutput)

StartDeviceAuthorizationRequest generates a "aws/request.Request" representing the client's request for the StartDeviceAuthorization operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See StartDeviceAuthorization for more information on using the StartDeviceAuthorization API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the StartDeviceAuthorizationRequest method.
req, resp := client.StartDeviceAuthorizationRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization

func (*SSOOIDC) StartDeviceAuthorizationWithContext ¶

func (c *SSOOIDC) StartDeviceAuthorizationWithContext(ctx aws.Context, input *StartDeviceAuthorizationInput, opts ...request.Option) (*StartDeviceAuthorizationOutput, error)

StartDeviceAuthorizationWithContext is the same as StartDeviceAuthorization with the addition of the ability to pass a context and additional request options.

See StartDeviceAuthorization for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

type SlowDownException ¶

type SlowDownException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be slow_down.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the client is making the request too frequently and is more than the service can handle.

func (*SlowDownException) Code ¶

func (s *SlowDownException) Code() string

Code returns the exception type name.

func (*SlowDownException) Error ¶

func (s *SlowDownException) Error() string

func (SlowDownException) GoString ¶

func (s SlowDownException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*SlowDownException) Message ¶

func (s *SlowDownException) Message() string

Message returns the exception's message.

func (*SlowDownException) OrigErr ¶

func (s *SlowDownException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*SlowDownException) RequestID ¶

func (s *SlowDownException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*SlowDownException) StatusCode ¶

func (s *SlowDownException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (SlowDownException) String ¶

func (s SlowDownException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type StartDeviceAuthorizationInput ¶

type StartDeviceAuthorizationInput struct {

    // The unique identifier string for the client that is registered with IAM Identity
    // Center. This value should come from the persisted result of the RegisterClient
    // API operation.
    //
    // ClientId is a required field
    ClientId *string `locationName:"clientId" type:"string" required:"true"`

    // A secret string that is generated for the client. This value should come
    // from the persisted result of the RegisterClient API operation.
    //
    // ClientSecret is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's
    // String and GoString methods.
    //
    // ClientSecret is a required field
    ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`

    // The URL for the Amazon Web Services access portal. For more information,
    // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
    // in the IAM Identity Center User Guide.
    //
    // StartUrl is a required field
    StartUrl *string `locationName:"startUrl" type:"string" required:"true"`
    // contains filtered or unexported fields
}

func (StartDeviceAuthorizationInput) GoString ¶

func (s StartDeviceAuthorizationInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StartDeviceAuthorizationInput) SetClientId ¶

func (s *StartDeviceAuthorizationInput) SetClientId(v string) *StartDeviceAuthorizationInput

SetClientId sets the ClientId field's value.

func (*StartDeviceAuthorizationInput) SetClientSecret ¶

func (s *StartDeviceAuthorizationInput) SetClientSecret(v string) *StartDeviceAuthorizationInput

SetClientSecret sets the ClientSecret field's value.

func (*StartDeviceAuthorizationInput) SetStartUrl ¶

func (s *StartDeviceAuthorizationInput) SetStartUrl(v string) *StartDeviceAuthorizationInput

SetStartUrl sets the StartUrl field's value.

func (StartDeviceAuthorizationInput) String ¶

func (s StartDeviceAuthorizationInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StartDeviceAuthorizationInput) Validate ¶

func (s *StartDeviceAuthorizationInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type StartDeviceAuthorizationOutput ¶

type StartDeviceAuthorizationOutput struct {

    // The short-lived code that is used by the device when polling for a session
    // token.
    DeviceCode *string `locationName:"deviceCode" type:"string"`

    // Indicates the number of seconds in which the verification code will become
    // invalid.
    ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`

    // Indicates the number of seconds the client must wait between attempts when
    // polling for a session.
    Interval *int64 `locationName:"interval" type:"integer"`

    // A one-time user verification code. This is needed to authorize an in-use
    // device.
    UserCode *string `locationName:"userCode" type:"string"`

    // The URI of the verification page that takes the userCode to authorize the
    // device.
    VerificationUri *string `locationName:"verificationUri" type:"string"`

    // An alternate URL that the client can use to automatically launch a browser.
    // This process skips the manual step in which the user visits the verification
    // page and enters their code.
    VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"`
    // contains filtered or unexported fields
}

func (StartDeviceAuthorizationOutput) GoString ¶

func (s StartDeviceAuthorizationOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StartDeviceAuthorizationOutput) SetDeviceCode ¶

func (s *StartDeviceAuthorizationOutput) SetDeviceCode(v string) *StartDeviceAuthorizationOutput

SetDeviceCode sets the DeviceCode field's value.

func (*StartDeviceAuthorizationOutput) SetExpiresIn ¶

func (s *StartDeviceAuthorizationOutput) SetExpiresIn(v int64) *StartDeviceAuthorizationOutput

SetExpiresIn sets the ExpiresIn field's value.

func (*StartDeviceAuthorizationOutput) SetInterval ¶

func (s *StartDeviceAuthorizationOutput) SetInterval(v int64) *StartDeviceAuthorizationOutput

SetInterval sets the Interval field's value.

func (*StartDeviceAuthorizationOutput) SetUserCode ¶

func (s *StartDeviceAuthorizationOutput) SetUserCode(v string) *StartDeviceAuthorizationOutput

SetUserCode sets the UserCode field's value.

func (*StartDeviceAuthorizationOutput) SetVerificationUri ¶

func (s *StartDeviceAuthorizationOutput) SetVerificationUri(v string) *StartDeviceAuthorizationOutput

SetVerificationUri sets the VerificationUri field's value.

func (*StartDeviceAuthorizationOutput) SetVerificationUriComplete ¶

func (s *StartDeviceAuthorizationOutput) SetVerificationUriComplete(v string) *StartDeviceAuthorizationOutput

SetVerificationUriComplete sets the VerificationUriComplete field's value.

func (StartDeviceAuthorizationOutput) String ¶

func (s StartDeviceAuthorizationOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UnauthorizedClientException ¶

type UnauthorizedClientException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be unauthorized_client.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

func (*UnauthorizedClientException) Code ¶

func (s *UnauthorizedClientException) Code() string

Code returns the exception type name.

func (*UnauthorizedClientException) Error ¶

func (s *UnauthorizedClientException) Error() string

func (UnauthorizedClientException) GoString ¶

func (s UnauthorizedClientException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UnauthorizedClientException) Message ¶

func (s *UnauthorizedClientException) Message() string

Message returns the exception's message.

func (*UnauthorizedClientException) OrigErr ¶

func (s *UnauthorizedClientException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*UnauthorizedClientException) RequestID ¶

func (s *UnauthorizedClientException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*UnauthorizedClientException) StatusCode ¶

func (s *UnauthorizedClientException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (UnauthorizedClientException) String ¶

func (s UnauthorizedClientException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UnsupportedGrantTypeException ¶

type UnsupportedGrantTypeException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    // Single error code. For this exception the value will be unsupported_grant_type.
    Error_ *string `locationName:"error" type:"string"`

    // Human-readable text providing additional information, used to assist the
    // client developer in understanding the error that occurred.
    Error_description *string `locationName:"error_description" type:"string"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the grant type in the request is not supported by the service.

func (*UnsupportedGrantTypeException) Code ¶

func (s *UnsupportedGrantTypeException) Code() string

Code returns the exception type name.

func (*UnsupportedGrantTypeException) Error ¶

func (s *UnsupportedGrantTypeException) Error() string

func (UnsupportedGrantTypeException) GoString ¶

func (s UnsupportedGrantTypeException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UnsupportedGrantTypeException) Message ¶

func (s *UnsupportedGrantTypeException) Message() string

Message returns the exception's message.

func (*UnsupportedGrantTypeException) OrigErr ¶

func (s *UnsupportedGrantTypeException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*UnsupportedGrantTypeException) RequestID ¶

func (s *UnsupportedGrantTypeException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*UnsupportedGrantTypeException) StatusCode ¶

func (s *UnsupportedGrantTypeException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (UnsupportedGrantTypeException) String ¶

func (s UnsupportedGrantTypeException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".