amazonka-sso-oidc-2.0: Amazon SSO OIDC SDK.
Copyright(c) 2013-2023 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellSafe-Inferred
LanguageHaskell2010

Amazonka.SSOOIDC.CreateToken

Description

Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.

Synopsis

Creating a Request

data CreateToken Source #

See: newCreateToken smart constructor.

Constructors

CreateToken' 

Fields

  • code :: Maybe Text

    The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.

  • deviceCode :: Maybe Text

    Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.

  • redirectUri :: Maybe Text

    The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.

  • refreshToken :: Maybe Text

    Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

    The token used to obtain an access token in the event that the access token is invalid or expired.

  • scope :: Maybe [Text]

    The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

  • clientId :: Text

    The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.

  • clientSecret :: Text

    A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.

  • grantType :: Text

    Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:

    urn:ietf:params:oauth:grant-type:device_code

    For information about how to obtain the device code, see the StartDeviceAuthorization topic.

Instances

Instances details
ToJSON CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

toJSON :: CreateToken -> Value #

toEncoding :: CreateToken -> Encoding #

toJSONList :: [CreateToken] -> Value #

toEncodingList :: [CreateToken] -> Encoding #

ToHeaders CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

toHeaders :: CreateToken -> [Header] #

ToPath CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

toPath :: CreateToken -> ByteString #

ToQuery CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

toQuery :: CreateToken -> QueryString #

AWSRequest CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Associated Types

type AWSResponse CreateToken #

Methods

request :: (Service -> Service) -> CreateToken -> Request CreateToken #

response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy CreateToken -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse CreateToken))) #

Generic CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Associated Types

type Rep CreateToken :: Type -> Type #

Methods

from :: CreateToken -> Rep CreateToken x #

to :: Rep CreateToken x -> CreateToken #

Read CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

readsPrec :: Int -> ReadS CreateToken #

readList :: ReadS [CreateToken] #

readPrec :: ReadPrec CreateToken #

readListPrec :: ReadPrec [CreateToken] #

Show CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

showsPrec :: Int -> CreateToken -> ShowS #

show :: CreateToken -> String #

showList :: [CreateToken] -> ShowS #

NFData CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

rnf :: CreateToken -> () #

Eq CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

(==) :: CreateToken -> CreateToken -> Bool #

(/=) :: CreateToken -> CreateToken -> Bool #

Hashable CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

hashWithSalt :: Int -> CreateToken -> Int #

hash :: CreateToken -> Int #

type AWSResponse CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

type AWSResponse CreateToken = CreateTokenResponse
type Rep CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

type Rep CreateToken = D1 ('MetaData "CreateToken" "Amazonka.SSOOIDC.CreateToken" "amazonka-sso-oidc-2.0-3eSk2Q0gyQnBlHT8MIKfRj" 'False) (C1 ('MetaCons "CreateToken'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "code") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "deviceCode") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 ('MetaSel ('Just "redirectUri") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "refreshToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))) :*: ((S1 ('MetaSel ('Just "scope") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [Text])) :*: S1 ('MetaSel ('Just "clientId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)) :*: (S1 ('MetaSel ('Just "clientSecret") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "grantType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))))

newCreateToken Source #

Arguments

:: Text

$sel:clientId:CreateToken'

-> Text

$sel:clientSecret:CreateToken'

-> Text

$sel:grantType:CreateToken'

-> CreateToken 

Create a value of CreateToken with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:code:CreateToken', createToken_code - The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.

$sel:deviceCode:CreateToken', createToken_deviceCode - Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.

$sel:redirectUri:CreateToken', createToken_redirectUri - The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.

CreateToken, createToken_refreshToken - Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

The token used to obtain an access token in the event that the access token is invalid or expired.

$sel:scope:CreateToken', createToken_scope - The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

$sel:clientId:CreateToken', createToken_clientId - The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.

$sel:clientSecret:CreateToken', createToken_clientSecret - A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.

$sel:grantType:CreateToken', createToken_grantType - Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:

urn:ietf:params:oauth:grant-type:device_code

For information about how to obtain the device code, see the StartDeviceAuthorization topic.

Request Lenses

createToken_code :: Lens' CreateToken (Maybe Text) Source #

The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.

createToken_deviceCode :: Lens' CreateToken (Maybe Text) Source #

Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.

createToken_redirectUri :: Lens' CreateToken (Maybe Text) Source #

The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.

createToken_refreshToken :: Lens' CreateToken (Maybe Text) Source #

Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

The token used to obtain an access token in the event that the access token is invalid or expired.

createToken_scope :: Lens' CreateToken (Maybe [Text]) Source #

The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

createToken_clientId :: Lens' CreateToken Text Source #

The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.

createToken_clientSecret :: Lens' CreateToken Text Source #

A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.

createToken_grantType :: Lens' CreateToken Text Source #

Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:

urn:ietf:params:oauth:grant-type:device_code

For information about how to obtain the device code, see the StartDeviceAuthorization topic.

Destructuring the Response

data CreateTokenResponse Source #

See: newCreateTokenResponse smart constructor.

Constructors

CreateTokenResponse' 

Fields

  • accessToken :: Maybe Text

    An opaque token to access IAM Identity Center resources assigned to a user.

  • expiresIn :: Maybe Int

    Indicates the time in seconds when an access token will expire.

  • idToken :: Maybe Text

    Currently, idToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

    The identifier of the user that associated with the access token, if present.

  • refreshToken :: Maybe Text

    Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

    A token that, if present, can be used to refresh a previously issued access token that might have expired.

  • tokenType :: Maybe Text

    Used to notify the client that the returned token is an access token. The supported type is BearerToken.

  • httpStatus :: Int

    The response's http status code.

Instances

Instances details
Generic CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Associated Types

type Rep CreateTokenResponse :: Type -> Type #

Methods

from :: CreateTokenResponse -> Rep CreateTokenResponse x #

to :: Rep CreateTokenResponse x -> CreateTokenResponse #

Read CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

readsPrec :: Int -> ReadS CreateTokenResponse #

readList :: ReadS [CreateTokenResponse] #

readPrec :: ReadPrec CreateTokenResponse #

readListPrec :: ReadPrec [CreateTokenResponse] #

Show CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

showsPrec :: Int -> CreateTokenResponse -> ShowS #

show :: CreateTokenResponse -> String #

showList :: [CreateTokenResponse] -> ShowS #

NFData CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

rnf :: CreateTokenResponse -> () #

Eq CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

(==) :: CreateTokenResponse -> CreateTokenResponse -> Bool #

(/=) :: CreateTokenResponse -> CreateTokenResponse -> Bool #

type Rep CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

type Rep CreateTokenResponse = D1 ('MetaData "CreateTokenResponse" "Amazonka.SSOOIDC.CreateToken" "amazonka-sso-oidc-2.0-3eSk2Q0gyQnBlHT8MIKfRj" 'False) (C1 ('MetaCons "CreateTokenResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "accessToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "expiresIn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Int)) :*: S1 ('MetaSel ('Just "idToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))) :*: (S1 ('MetaSel ('Just "refreshToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "tokenType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))))

newCreateTokenResponse Source #

Arguments

:: Int

$sel:httpStatus:CreateTokenResponse'

-> CreateTokenResponse 

Create a value of CreateTokenResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:accessToken:CreateTokenResponse', createTokenResponse_accessToken - An opaque token to access IAM Identity Center resources assigned to a user.

$sel:expiresIn:CreateTokenResponse', createTokenResponse_expiresIn - Indicates the time in seconds when an access token will expire.

$sel:idToken:CreateTokenResponse', createTokenResponse_idToken - Currently, idToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

The identifier of the user that associated with the access token, if present.

CreateToken, createTokenResponse_refreshToken - Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

A token that, if present, can be used to refresh a previously issued access token that might have expired.

$sel:tokenType:CreateTokenResponse', createTokenResponse_tokenType - Used to notify the client that the returned token is an access token. The supported type is BearerToken.

$sel:httpStatus:CreateTokenResponse', createTokenResponse_httpStatus - The response's http status code.

Response Lenses

createTokenResponse_accessToken :: Lens' CreateTokenResponse (Maybe Text) Source #

An opaque token to access IAM Identity Center resources assigned to a user.

createTokenResponse_expiresIn :: Lens' CreateTokenResponse (Maybe Int) Source #

Indicates the time in seconds when an access token will expire.

createTokenResponse_idToken :: Lens' CreateTokenResponse (Maybe Text) Source #

Currently, idToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

The identifier of the user that associated with the access token, if present.

createTokenResponse_refreshToken :: Lens' CreateTokenResponse (Maybe Text) Source #

Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see /Considerations for Using this Guide/ in the IAM Identity Center OIDC API Reference.

A token that, if present, can be used to refresh a previously issued access token that might have expired.

createTokenResponse_tokenType :: Lens' CreateTokenResponse (Maybe Text) Source #

Used to notify the client that the returned token is an access token. The supported type is BearerToken.

createTokenResponse_httpStatus :: Lens' CreateTokenResponse Int Source #

The response's http status code.