feat(client-sso-oidc): Updated request parameters for PKCE support.

Author: awstools

clients/client-sso-oidc/src/commands/CreateTokenCommand.ts

@@ -52,6 +52,7 @@ export interface CreateTokenCommandOutput extends CreateTokenResponse, __Metadat
  *     "STRING_VALUE",
  *   ],
  *   redirectUri: "STRING_VALUE",
+ *   codeVerifier: "STRING_VALUE",
  * };
  * const command = new CreateTokenCommand(input);
  * const response = await client.send(command);

clients/client-sso-oidc/src/commands/CreateTokenWithIAMCommand.ts

@@ -34,7 +34,7 @@ export interface CreateTokenWithIAMCommandOutput extends CreateTokenWithIAMRespo
 /**
  * <p>Creates and returns access and refresh tokens for clients and applications that are
  *       authenticated using IAM entities. The access token can be used to fetch short-term credentials
- *       for the assigned AWS accounts or to access application APIs using <code>bearer</code>
+ *       for the assigned Amazon Web Services accounts or to access application APIs using <code>bearer</code>
  *       authentication.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -55,6 +55,7 @@ export interface CreateTokenWithIAMCommandOutput extends CreateTokenWithIAMRespo
  *   subjectToken: "STRING_VALUE",
  *   subjectTokenType: "STRING_VALUE",
  *   requestedTokenType: "STRING_VALUE",
+ *   codeVerifier: "STRING_VALUE",
  * };
  * const command = new CreateTokenWithIAMCommand(input);
  * const response = await client.send(command);

clients/client-sso-oidc/src/commands/RegisterClientCommand.ts

@@ -45,6 +45,14 @@ export interface RegisterClientCommandOutput extends RegisterClientResponse, __M
  *   scopes: [ // Scopes
  *     "STRING_VALUE",
  *   ],
+ *   redirectUris: [ // RedirectUris
+ *     "STRING_VALUE",
+ *   ],
+ *   grantTypes: [ // GrantTypes
+ *     "STRING_VALUE",
+ *   ],
+ *   issuerUrl: "STRING_VALUE",
+ *   entitledApplicationArn: "STRING_VALUE",
  * };
  * const command = new RegisterClientCommand(input);
  * const response = await client.send(command);
@@ -73,13 +81,19 @@ export interface RegisterClientCommandOutput extends RegisterClientResponse, __M
  *  <p>Indicates that the client information sent in the request during registration is
  *       invalid.</p>
  *
+ * @throws {@link InvalidRedirectUriException} (client fault)
+ *  <p>Indicates that one or more redirect URI in the request is not supported for this operation.</p>
+ *
  * @throws {@link InvalidRequestException} (client fault)
  *  <p>Indicates that something is wrong with the input to the request. For example, a required
  *       parameter might be missing or out of range.</p>
  *
  * @throws {@link InvalidScopeException} (client fault)
  *  <p>Indicates that the scope provided in the request is invalid.</p>
  *
+ * @throws {@link UnsupportedGrantTypeException} (client fault)
+ *  <p>Indicates that the grant type in the request is not supported by the service.</p>
+ *
  * @throws {@link SSOOIDCServiceException}
  * <p>Base exception class for all service exceptions from SSOOIDC service.</p>
  *

clients/client-sso-oidc/src/models/models_0.ts

@@ -146,14 +146,22 @@ export interface CreateTokenRequest {
    * @public
    */
   redirectUri?: string;
+
+  /**
+   * <p>Used only when calling this API for the Authorization Code grant type. This value is generated
+   *       by the client and presented to validate the original code challenge value the client passed at
+   *       authorization time.</p>
+   * @public
+   */
+  codeVerifier?: string;
 }
 
 /**
  * @public
  */
 export interface CreateTokenResponse {
   /**
-   * <p>A bearer token to access AWS accounts and applications assigned to a user.</p>
+   * <p>A bearer token to access Amazon Web Services accounts and applications assigned to a user.</p>
    * @public
    */
   accessToken?: string;
@@ -616,14 +624,22 @@ export interface CreateTokenWithIAMRequest {
    * @public
    */
   requestedTokenType?: string;
+
+  /**
+   * <p>Used only when calling this API for the Authorization Code grant type. This value is generated
+   *       by the client and presented to validate the original code challenge value the client passed at
+   *       authorization time.</p>
+   * @public
+   */
+  codeVerifier?: string;
 }
 
 /**
  * @public
  */
 export interface CreateTokenWithIAMResponse {
   /**
-   * <p>A bearer token to access AWS accounts and applications assigned to a user.</p>
+   * <p>A bearer token to access Amazon Web Services accounts and applications assigned to a user.</p>
    * @public
    */
   accessToken?: string;
@@ -764,6 +780,41 @@ export class InvalidClientMetadataException extends __BaseException {
   }
 }
 
+/**
+ * <p>Indicates that one or more redirect URI in the request is not supported for this operation.</p>
+ * @public
+ */
+export class InvalidRedirectUriException extends __BaseException {
+  readonly name: "InvalidRedirectUriException" = "InvalidRedirectUriException";
+  readonly $fault: "client" = "client";
+  /**
+   * <p>Single error code.
+   *       For this exception the value will be <code>invalid_redirect_uri</code>.</p>
+   * @public
+   */
+  error?: string;
+
+  /**
+   * <p>Human-readable text providing additional information, used to assist the
+   *       client developer in understanding the error that occurred.</p>
+   * @public
+   */
+  error_description?: string;
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<InvalidRedirectUriException, __BaseException>) {
+    super({
+      name: "InvalidRedirectUriException",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, InvalidRedirectUriException.prototype);
+    this.error = opts.error;
+    this.error_description = opts.error_description;
+  }
+}
+
 /**
  * @public
  */
@@ -787,6 +838,33 @@ export interface RegisterClientRequest {
    * @public
    */
   scopes?: string[];
+
+  /**
+   * <p>The list of redirect URI that are defined by the client. At completion of authorization,
+   *       this list is used to restrict what locations the user agent can be redirected back to.</p>
+   * @public
+   */
+  redirectUris?: string[];
+
+  /**
+   * <p>The list of OAuth 2.0 grant types that are defined by the client. This list is used to
+   *       restrict the token granting flows available to the client.</p>
+   * @public
+   */
+  grantTypes?: string[];
+
+  /**
+   * <p>The IAM Identity Center Issuer URL associated with an instance of IAM Identity Center. This value is needed for user access to resources through the client.</p>
+   * @public
+   */
+  issuerUrl?: string;
+
+  /**
+   * <p>This IAM Identity Center application ARN is used to define administrator-managed configuration for public client access to resources. At
+   *       authorization, the scopes, grants, and redirect URI available to this client will be restricted by this application resource.</p>
+   * @public
+   */
+  entitledApplicationArn?: string;
 }
 
 /**
@@ -913,6 +991,7 @@ export const CreateTokenRequestFilterSensitiveLog = (obj: CreateTokenRequest): a
   ...obj,
   ...(obj.clientSecret && { clientSecret: SENSITIVE_STRING }),
   ...(obj.refreshToken && { refreshToken: SENSITIVE_STRING }),
+  ...(obj.codeVerifier && { codeVerifier: SENSITIVE_STRING }),
 });
 
 /**
@@ -933,6 +1012,7 @@ export const CreateTokenWithIAMRequestFilterSensitiveLog = (obj: CreateTokenWith
   ...(obj.refreshToken && { refreshToken: SENSITIVE_STRING }),
   ...(obj.assertion && { assertion: SENSITIVE_STRING }),
   ...(obj.subjectToken && { subjectToken: SENSITIVE_STRING }),
+  ...(obj.codeVerifier && { codeVerifier: SENSITIVE_STRING }),
 });
 
 /**

clients/client-sso-oidc/src/protocols/Aws_restJson1.ts

@@ -36,6 +36,7 @@ import {
   InvalidClientException,
   InvalidClientMetadataException,
   InvalidGrantException,
+  InvalidRedirectUriException,
   InvalidRequestException,
   InvalidRequestRegionException,
   InvalidScopeException,
@@ -63,6 +64,7 @@ export const se_CreateTokenCommand = async (
       clientId: [],
       clientSecret: [],
       code: [],
+      codeVerifier: [],
       deviceCode: [],
       grantType: [],
       redirectUri: [],
@@ -95,6 +97,7 @@ export const se_CreateTokenWithIAMCommand = async (
       assertion: [],
       clientId: [],
       code: [],
+      codeVerifier: [],
       grantType: [],
       redirectUri: [],
       refreshToken: [],
@@ -125,6 +128,10 @@ export const se_RegisterClientCommand = async (
     take(input, {
       clientName: [],
       clientType: [],
+      entitledApplicationArn: [],
+      grantTypes: (_) => _json(_),
+      issuerUrl: [],
+      redirectUris: (_) => _json(_),
       scopes: (_) => _json(_),
     })
   );
@@ -309,6 +316,9 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext):
     case "InvalidClientMetadataException":
     case "com.amazonaws.ssooidc#InvalidClientMetadataException":
       throw await de_InvalidClientMetadataExceptionRes(parsedOutput, context);
+    case "InvalidRedirectUriException":
+    case "com.amazonaws.ssooidc#InvalidRedirectUriException":
+      throw await de_InvalidRedirectUriExceptionRes(parsedOutput, context);
     default:
       const parsedBody = parsedOutput.body;
       return throwDefaultError({
@@ -467,6 +477,27 @@ const de_InvalidGrantExceptionRes = async (
   return __decorateServiceException(exception, parsedOutput.body);
 };
 
+/**
+ * deserializeAws_restJson1InvalidRedirectUriExceptionRes
+ */
+const de_InvalidRedirectUriExceptionRes = async (
+  parsedOutput: any,
+  context: __SerdeContext
+): Promise<InvalidRedirectUriException> => {
+  const contents: any = map({});
+  const data: any = parsedOutput.body;
+  const doc = take(data, {
+    error: __expectString,
+    error_description: __expectString,
+  });
+  Object.assign(contents, doc);
+  const exception = new InvalidRedirectUriException({
+    $metadata: deserializeMetadata(parsedOutput),
+    ...contents,
+  });
+  return __decorateServiceException(exception, parsedOutput.body);
+};
+
 /**
  * deserializeAws_restJson1InvalidRequestExceptionRes
  */
@@ -592,6 +623,10 @@ const de_UnsupportedGrantTypeExceptionRes = async (
   return __decorateServiceException(exception, parsedOutput.body);
 };
 
+// se_GrantTypes omitted.
+
+// se_RedirectUris omitted.
+
 // se_Scopes omitted.
 
 // de_Scopes omitted.