AWS SSO OIDC
<p>AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with IAM Identity Center
COMMUNITYAPI KEY0 INSTALLS
OpenAPI Specificationv3.0
{
"openapi": "3.0.0",
"info": {
"version": "2019-06-10",
"x-release": "v4",
"title": "AWS SSO OIDC",
"description": "<p>AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC) is a web service that enables a client (such as AWS CLI or a native application) to register with IAM Identity Center. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with IAM Identity Center.</p> <note> <p>Although AWS Single Sign-On was renamed, the <code>sso</code> and <code>identitystore</code> API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed\">IAM Identity Center rename</a>.</p> </note> <p> <b>Considerations for Using This Guide</b> </p> <p>Before you begin using this guide, we recommend that you first review the following important information about how the IAM Identity Center OIDC service works.</p> <ul> <li> <p>The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (<a href=\"https://tools.ietf.org/html/rfc8628\">https://tools.ietf.org/html/rfc8628</a>) that are necessary to enable single sign-on authentication with the AWS CLI. Support for other OIDC flows frequently needed for native applications, such as Authorization Code Flow (+ PKCE), will be addressed in future releases.</p> </li> <li> <p>The service emits only OIDC access tokens, such that obtaining a new token (For example, token refresh) requires explicit user re-authentication.</p> </li> <li> <p>The access tokens provided by this service grant access to all AWS account entitlements assigned to an IAM Identity Center user, not just a particular application.</p> </li> <li> <p>The documentation in this guide does not describe the mechanism to convert the access token into AWS Auth (“sigv4”) credentials for use with IAM-protected AWS service endpoints. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html\">GetRoleCredentials</a> in the <i>IAM Identity Center Portal API Reference Guide</i>.</p> </li> </ul> <p>For general information about IAM Identity Center, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html\">What is IAM Identity Center?</a> in the <i>IAM Identity Center User Guide</i>.</p>",
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_twitter.com_awscloud_profile_image.png",
"backgroundColor": "#FFFFFF"
},
"termsOfService": "https://aws.amazon.com/service-terms/",
"contact": {
"name": "Mike Ralphson",
"email": "mike.ralphson@gmail.com",
"url": "https://github.com/mermade/aws2openapi",
"x-twitter": "PermittedSoc"
},
"license": {
"name": "Apache 2.0 License",
"url": "http://www.apache.org/licenses/"
},
"x-providerName": "amazonaws.com",
"x-serviceName": "sso-oidc",
"x-aws-signingName": "awsssooidc",
"x-origin": [
{
"contentType": "application/json",
"url": "https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/sso-oidc-2019-06-10.normal.json",
"converter": {
"url": "https://github.com/mermade/aws2openapi",
"version": "1.0.0"
},
"x-apisguru-driver": "external"
}
],
"x-apiClientRegistration": {
"url": "https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct"
},
"x-apisguru-categories": [
"cloud"
],
"x-preferred": true
},
"externalDocs": {
"description": "Amazon Web Services documentation",
"url": "https://docs.aws.amazon.com/oidc/"
},
"servers": [
{
"url": "http://oidc.{region}.amazonaws.com",
"variables": {
"region": {
"description": "The AWS region",
"enum": [
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
"us-gov-west-1",
"us-gov-east-1",
"ca-central-1",
"eu-north-1",
"eu-west-1",
"eu-west-2",
"eu-west-3",
"eu-central-1",
"eu-south-1",
"af-south-1",
"ap-northeast-1",
"ap-northeast-2",
"ap-northeast-3",
"ap-southeast-1",
"ap-southeast-2",
"ap-east-1",
"ap-south-1",
"sa-east-1",
"me-south-1"
],
"default": "us-east-1"
}
},
"description": "The SSO OIDC multi-region endpoint"
},
{
"url": "https://oidc.{region}.amazonaws.com",
"variables": {
"region": {
"description": "The AWS region",
"enum": [
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
"us-gov-west-1",
"us-gov-east-1",
"ca-central-1",
"eu-north-1",
"eu-west-1",
"eu-west-2",
"eu-west-3",
"eu-central-1",
"eu-south-1",
"af-south-1",
"ap-northeast-1",
"ap-northeast-2",
"ap-northeast-3",
"ap-southeast-1",
"ap-southeast-2",
"ap-east-1",
"ap-south-1",
"sa-east-1",
"me-south-1"
],
"default": "us-east-1"
}
},
"description": "The SSO OIDC multi-region endpoint"
},
{
"url": "http://oidc.{region}.amazonaws.com.cn",
"variables": {
"region": {
"description": "The AWS region",
"enum": [
"cn-north-1",
"cn-northwest-1"
],
"default": "cn-north-1"
}
},
"description": "The SSO OIDC endpoint for China (Beijing) and China (Ningxia)"
},
{
"url": "https://oidc.{region}.amazonaws.com.cn",
"variables": {
"region": {
"description": "The AWS region",
"enum": [
"cn-north-1",
"cn-northwest-1"
],
"default": "cn-north-1"
}
},
"description": "The SSO OIDC endpoint for China (Beijing) and China (Ningxia)"
}
],
"paths": {
"/token": {
"post": {
"operationId": "CreateToken",
"description": "Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateTokenResponse"
}
}
}
},
"480": {
"description": "InvalidRequestException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidRequestException"
}
}
}
},
"481": {
"description": "InvalidClientException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidClientException"
}
}
}
},
"482": {
"description": "InvalidGrantException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidGrantException"
}
}
}
},
"483": {
"description": "UnauthorizedClientException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnauthorizedClientException"
}
}
}
},
"484": {
"description": "UnsupportedGrantTypeException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnsupportedGrantTypeException"
}
}
}
},
"485": {
"description": "InvalidScopeException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidScopeException"
}
}
}
},
"486": {
"description": "AuthorizationPendingException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthorizationPendingException"
}
}
}
},
"487": {
"description": "SlowDownException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SlowDownException"
}
}
}
},
"488": {
"description": "AccessDeniedException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AccessDeniedException"
}
}
}
},
"489": {
"description": "ExpiredTokenException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ExpiredTokenException"
}
}
}
},
"490": {
"description": "InternalServerException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InternalServerException"
}
}
}
}
},
"parameters": [],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"clientId",
"clientSecret",
"grantType"
],
"properties": {
"clientId": {
"description": "The unique identifier string for each client. This value should come from the persisted result of the <a>RegisterClient</a> API.",
"type": "string"
},
"clientSecret": {
"description": "A secret string generated for the client. This value should come from the persisted result of the <a>RegisterClient</a> API.",
"type": "string"
},
"grantType": {
"description": "<p>Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:</p> <p> <code>urn:ietf:params:oauth:grant-type:<i>device_code</i> </code> </p> <p>For information about how to obtain the device code, see the <a>StartDeviceAuthorization</a> topic.</p>",
"type": "string"
},
"deviceCode": {
"description": "Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the <a>StartDeviceAuthorization</a> API.",
"type": "string"
},
"code": {
"description": "The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.",
"type": "string"
},
"refreshToken": {
"description": "<p>Currently, <code>refreshToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">IAM Identity Center OIDC API Reference</a>.</p> <p>The token used to obtain an access token in the event that the access token is invalid or expired.</p>",
"type": "string"
},
"scope": {
"description": "The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.",
"type": "array",
"items": {
"$ref": "#/components/schemas/Scope"
}
},
"redirectUri": {
"description": "The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.",
"type": "string"
}
}
}
}
}
}
},
"parameters": [
{
"$ref": "#/components/parameters/X-Amz-Content-Sha256"
},
{
"$ref": "#/components/parameters/X-Amz-Date"
},
{
"$ref": "#/components/parameters/X-Amz-Algorithm"
},
{
"$ref": "#/components/parameters/X-Amz-Credential"
},
{
"$ref": "#/components/parameters/X-Amz-Security-Token"
},
{
"$ref": "#/components/parameters/X-Amz-Signature"
},
{
"$ref": "#/components/parameters/X-Amz-SignedHeaders"
}
]
},
"/client/register": {
"post": {
"operationId": "RegisterClient",
"description": "Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterClientResponse"
}
}
}
},
"480": {
"description": "InvalidRequestException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidRequestException"
}
}
}
},
"481": {
"description": "InvalidScopeException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidScopeException"
}
}
}
},
"482": {
"description": "InvalidClientMetadataException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidClientMetadataException"
}
}
}
},
"483": {
"description": "InternalServerException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InternalServerException"
}
}
}
}
},
"parameters": [],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"clientName",
"clientType"
],
"properties": {
"clientName": {
"description": "The friendly name of the client.",
"type": "string"
},
"clientType": {
"description": "The type of client. The service supports only <code>public</code> as a client type. Anything other than public will be rejected by the service.",
"type": "string"
},
"scopes": {
"description": "The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.",
"type": "array",
"items": {
"$ref": "#/components/schemas/Scope"
}
}
}
}
}
}
}
},
"parameters": [
{
"$ref": "#/components/parameters/X-Amz-Content-Sha256"
},
{
"$ref": "#/components/parameters/X-Amz-Date"
},
{
"$ref": "#/components/parameters/X-Amz-Algorithm"
},
{
"$ref": "#/components/parameters/X-Amz-Credential"
},
{
"$ref": "#/components/parameters/X-Amz-Security-Token"
},
{
"$ref": "#/components/parameters/X-Amz-Signature"
},
{
"$ref": "#/components/parameters/X-Amz-SignedHeaders"
}
]
},
"/device_authorization": {
"post": {
"operationId": "StartDeviceAuthorization",
"description": "Initiates device authorization by requesting a pair of verification codes from the authorization service.",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/StartDeviceAuthorizationResponse"
}
}
}
},
"480": {
"description": "InvalidRequestException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidRequestException"
}
}
}
},
"481": {
"description": "InvalidClientException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InvalidClientException"
}
}
}
},
"482": {
"description": "UnauthorizedClientException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnauthorizedClientException"
}
}
}
},
"483": {
"description": "SlowDownException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SlowDownException"
}
}
}
},
"484": {
"description": "InternalServerException",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InternalServerException"
}
}
}
}
},
"parameters": [],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"clientId",
"clientSecret",
"startUrl"
],
"properties": {
"clientId": {
"description": "The unique identifier string for the client that is registered with IAM Identity Center. This value should come from the persisted result of the <a>RegisterClient</a> API operation.",
"type": "string"
},
"clientSecret": {
"description": "A secret string that is generated for the client. This value should come from the persisted result of the <a>RegisterClient</a> API operation.",
"type": "string"
},
"startUrl": {
"description": "The URL for the AWS access portal. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html\">Using the AWS access portal</a> in the <i>IAM Identity Center User Guide</i>.",
"type": "string"
}
}
}
}
}
}
},
"parameters": [
{
"$ref": "#/components/parameters/X-Amz-Content-Sha256"
},
{
"$ref": "#/components/parameters/X-Amz-Date"
},
{
"$ref": "#/components/parameters/X-Amz-Algorithm"
},
{
"$ref": "#/components/parameters/X-Amz-Credential"
},
{
"$ref": "#/components/parameters/X-Amz-Security-Token"
},
{
"$ref": "#/components/parameters/X-Amz-Signature"
},
{
"$ref": "#/components/parameters/X-Amz-SignedHeaders"
}
]
}
},
"components": {
"parameters": {
"X-Amz-Content-Sha256": {
"name": "X-Amz-Content-Sha256",
"in": "header",
"schema": {
"type": "string"
},
"required": false
},
"X-Amz-Date": {
"name": "X-Amz-Date",
"in": "header",
"schema": {
"type": "string"
},
"required": false
},
"X-Amz-Algorithm": {
"name": "X-Amz-Algorithm",
"in": "header",
"schema": {
"type": "string"
},
"required": false
},
"X-Amz-Credential": {
"name": "X-Amz-Credential",
"in": "header",
"schema": {
"type": "string"
},
"required": false
},
"X-Amz-Security-Token": {
"name": "X-Amz-Security-Token",
"in": "header",
"schema": {
"type": "string"
},
"required": false
},
"X-Amz-Signature": {
"name": "X-Amz-Signature",
"in": "header",
"schema": {
"type": "string"
},
"required": false
},
"X-Amz-SignedHeaders": {
"name": "X-Amz-SignedHeaders",
"in": "header",
"schema": {
"type": "string"
},
"required": false
}
},
"securitySchemes": {
"hmac": {
"type": "apiKey",
"name": "Authorization",
"in": "header",
"description": "Amazon Signature authorization v4",
"x-amazon-apigateway-authtype": "awsSigv4"
}
},
"schemas": {
"CreateTokenResponse": {
"type": "object",
"properties": {
"accessToken": {
"allOf": [
{
"$ref": "#/components/schemas/AccessToken"
},
{
"description": "An opaque token to access IAM Identity Center resources assigned to a user."
}
]
},
"tokenType": {
"allOf": [
{
"$ref": "#/components/schemas/TokenType"
},
{
"description": "Used to notify the client that the returned token is an access token. The supported type is <code>BearerToken</code>."
}
]
},
"expiresIn": {
"allOf": [
{
"$ref": "#/components/schemas/ExpirationInSeconds"
},
{
"description": "Indicates the time in seconds when an access token will expire."
}
]
},
"refreshToken": {
"allOf": [
{
"$ref": "#/components/schemas/RefreshToken"
},
{
"description": "<p>Currently, <code>refreshToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">IAM Identity Center OIDC API Reference</a>.</p> <p>A token that, if present, can be used to refresh a previously issued access token that might have expired.</p>"
}
]
},
"idToken": {
"allOf": [
{
"$ref": "#/components/schemas/IdToken"
},
{
"description": "<p>Currently, <code>idToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">IAM Identity Center OIDC API Reference</a>.</p> <p>The identifier of the user that associated with the access token, if present.</p>"
}
]
}
}
},
"Scope": {
"type": "string"
},
"InvalidRequestException": {},
"InvalidClientException": {},
"InvalidGrantException": {},
"UnauthorizedClientException": {},
"UnsupportedGrantTypeException": {},
"InvalidScopeException": {},
"AuthorizationPendingException": {},
"SlowDownException": {},
"AccessDeniedException": {},
"ExpiredTokenException": {},
"InternalServerException": {},
"RegisterClientResponse": {
"type": "object",
"properties": {
"clientId": {
"allOf": [
{
"$ref": "#/components/schemas/ClientId"
},
{
"description": "The unique identifier string for each client. This client uses this identifier to get authenticated by the service in subsequent calls."
}
]
},
"clientSecret": {
"allOf": [
{
"$ref": "#/components/schemas/ClientSecret"
},
{
"description": "A secret string generated for the client. The client will use this string to get authenticated by the service in subsequent calls."
}
]
},
"clientIdIssuedAt": {
"allOf": [
{
"$ref": "#/components/schemas/LongTimeStampType"
},
{
"description": "Indicates the time at which the <code>clientId</code> and <code>clientSecret</code> were issued."
}
]
},
"clientSecretExpiresAt": {
"allOf": [
{
"$ref": "#/components/schemas/LongTimeStampType"
},
{
"description": "Indicates the time at which the <code>clientId</code> and <code>clientSecret</code> will become invalid."
}
]
},
"authorizationEndpoint": {
"allOf": [
{
"$ref": "#/components/schemas/URI"
},
{
"description": "The endpoint where the client can request authorization."
}
]
},
"tokenEndpoint": {
"allOf": [
{
"$ref": "#/components/schemas/URI"
},
{
"description": "The endpoint where the client can get an access token."
}
]
}
}
},
"InvalidClientMetadataException": {},
"StartDeviceAuthorizationResponse": {
"type": "object",
"properties": {
"deviceCode": {
"allOf": [
{
"$ref": "#/components/schemas/DeviceCode"
},
{
"description": "The short-lived code that is used by the device when polling for a session token."
}
]
},
"userCode": {
"allOf": [
{
"$ref": "#/components/schemas/UserCode"
},
{
"description": "A one-time user verification code. This is needed to authorize an in-use device."
}
]
},
"verificationUri": {
"allOf": [
{
"$ref": "#/components/schemas/URI"
},
{
"description": "The URI of the verification page that takes the <code>userCode</code> to authorize the device."
}
]
},
"verificationUriComplete": {
"allOf": [
{
"$ref": "#/components/schemas/URI"
},
{
"description": "An alternate URL that the client can use to automatically launch a browser. This process skips the manual step in which the user visits the verification page and enters their code."
}
]
},
"expiresIn": {
"allOf": [
{
"$ref": "#/components/schemas/ExpirationInSeconds"
},
{
"description": "Indicates the number of seconds in which the verification code will become invalid."
}
]
},
"interval": {
"allOf": [
{
"$ref": "#/components/schemas/IntervalInSeconds"
},
{
"description": "Indicates the number of seconds the client must wait between attempts when polling for a session."
}
]
}
}
},
"AccessToken": {
"type": "string"
},
"AuthCode": {
"type": "string"
},
"ClientId": {
"type": "string"
},
"ClientName": {
"type": "string"
},
"ClientSecret": {
"type": "string"
},
"ClientType": {
"type": "string"
},
"GrantType": {
"type": "string"
},
"DeviceCode": {
"type": "string"
},
"RefreshToken": {
"type": "string"
},
"Scopes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Scope"
}
},
"URI": {
"type": "string"
},
"CreateTokenRequest": {
"type": "object",
"required": [
"clientId",
"clientSecret",
"grantType"
],
"title": "CreateTokenRequest",
"properties": {
"clientId": {
"allOf": [
{
"$ref": "#/components/schemas/ClientId"
},
{
"description": "The unique identifier string for each client. This value should come from the persisted result of the <a>RegisterClient</a> API."
}
]
},
"clientSecret": {
"allOf": [
{
"$ref": "#/components/schemas/ClientSecret"
},
{
"description": "A secret string generated for the client. This value should come from the persisted result of the <a>RegisterClient</a> API."
}
]
},
"grantType": {
"allOf": [
{
"$ref": "#/components/schemas/GrantType"
},
{
"description": "<p>Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:</p> <p> <code>urn:ietf:params:oauth:grant-type:<i>device_code</i> </code> </p> <p>For information about how to obtain the device code, see the <a>StartDeviceAuthorization</a> topic.</p>"
}
]
},
"deviceCode": {
"allOf": [
{
"$ref": "#/components/schemas/DeviceCode"
},
{
"description": "Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the <a>StartDeviceAuthorization</a> API."
}
]
},
"code": {
"allOf": [
{
"$ref": "#/components/schemas/AuthCode"
},
{
"description": "The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token."
}
]
},
"refreshToken": {
"allOf": [
{
"$ref": "#/components/schemas/RefreshToken"
},
{
"description": "<p>Currently, <code>refreshToken</code> is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see <i>Considerations for Using this Guide</i> in the <a href=\"https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html\">IAM Identity Center OIDC API Reference</a>.</p> <p>The token used to obtain an access token in the event that the access token is invalid or expired.</p>"
}
]
},
"scope": {
"allOf": [
{
"$ref": "#/components/schemas/Scopes"
},
{
"description": "The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token."
}
]
},
"redirectUri": {
"allOf": [
{
"$ref": "#/components/schemas/URI"
},
{
"description": "The location of the application that will receive the authorization code. Users authorize the service to send the request to this location."
}
]
}
}
},
"TokenType": {
"type": "string"
},
"ExpirationInSeconds": {
"type": "integer"
},
"IdToken": {
"type": "string"
},
"IntervalInSeconds": {
"type": "integer"
},
"LongTimeStampType": {
"type": "integer"
},
"RegisterClientRequest": {
"type": "object",
"required": [
"clientName",
"clientType"
],
"title": "RegisterClientRequest",
"properties": {
"clientName": {
"allOf": [
{
"$ref": "#/components/schemas/ClientName"
},
{
"description": "The friendly name of the client."
}
]
},
"clientType": {
"allOf": [
{
"$ref": "#/components/schemas/ClientType"
},
{
"description": "The type of client. The service supports only <code>public</code> as a client type. Anything other than public will be rejected by the service."
}
]
},
"scopes": {
"allOf": [
{
"$ref": "#/components/schemas/Scopes"
},
{
"description": "The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token."
}
]
}
}
},
"StartDeviceAuthorizationRequest": {
"type": "object",
"required": [
"clientId",
"clientSecret",
"startUrl"
],
"title": "StartDeviceAuthorizationRequest",
"properties": {
"clientId": {
"allOf": [
{
"$ref": "#/components/schemas/ClientId"
},
{
"description": "The unique identifier string for the client that is registered with IAM Identity Center. This value should come from the persisted result of the <a>RegisterClient</a> API operation."
}
]
},
"clientSecret": {
"allOf": [
{
"$ref": "#/components/schemas/ClientSecret"
},
{
"description": "A secret string that is generated for the client. This value should come from the persisted result of the <a>RegisterClient</a> API operation."
}
]
},
"startUrl": {
"allOf": [
{
"$ref": "#/components/schemas/URI"
},
{
"description": "The URL for the AWS access portal. For more information, see <a href=\"https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html\">Using the AWS access portal</a> in the <i>IAM Identity Center User Guide</i>."
}
]
}
}
},
"UserCode": {
"type": "string"
}
}
},
"security": [
{
"hmac": []
}
]
}