1 // Code generated by smithy-go-codegen DO NOT EDIT.
2 3 package ssooidc
4 5 import (
6 "context"
7 "fmt"
8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9 "github.com/aws/smithy-go/middleware"
10 smithyhttp "github.com/aws/smithy-go/transport/http"
11 )
12 13 // Creates and returns access and refresh tokens for clients that are
14 // authenticated using client secrets. The access token can be used to fetch
15 // short-lived credentials for the assigned AWS accounts or to access application
16 // APIs using bearer authentication.
17 func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error) {
18 if params == nil {
19 params = &CreateTokenInput{}
20 }
21 22 result, metadata, err := c.invokeOperation(ctx, "CreateToken", params, optFns, c.addOperationCreateTokenMiddlewares)
23 if err != nil {
24 return nil, err
25 }
26 27 out := result.(*CreateTokenOutput)
28 out.ResultMetadata = metadata
29 return out, nil
30 }
31 32 type CreateTokenInput struct {
33 34 // The unique identifier string for the client or application. This value comes
35 // from the result of the RegisterClientAPI.
36 //
37 // This member is required.
38 ClientId *string
39 40 // A secret string generated for the client. This value should come from the
41 // persisted result of the RegisterClientAPI.
42 //
43 // This member is required.
44 ClientSecret *string
45 46 // Supports the following OAuth grant types: Authorization Code, Device Code, and
47 // Refresh Token. Specify one of the following values, depending on the grant type
48 // that you want:
49 //
50 // * Authorization Code - authorization_code
51 //
52 // * Device Code - urn:ietf:params:oauth:grant-type:device_code
53 //
54 // * Refresh Token - refresh_token
55 //
56 // This member is required.
57 GrantType *string
58 59 // Used only when calling this API for the Authorization Code grant type. The
60 // short-lived code is used to identify this authorization request.
61 Code *string
62 63 // Used only when calling this API for the Authorization Code grant type. This
64 // value is generated by the client and presented to validate the original code
65 // challenge value the client passed at authorization time.
66 CodeVerifier *string
67 68 // Used only when calling this API for the Device Code grant type. This
69 // short-lived code is used to identify this authorization request. This comes from
70 // the result of the StartDeviceAuthorizationAPI.
71 DeviceCode *string
72 73 // Used only when calling this API for the Authorization Code grant type. This
74 // value specifies the location of the client or application that has registered to
75 // receive the authorization code.
76 RedirectUri *string
77 78 // Used only when calling this API for the Refresh Token grant type. This token is
79 // used to refresh short-lived tokens, such as the access token, that might expire.
80 //
81 // For more information about the features and limitations of the current IAM
82 // Identity Center OIDC implementation, see Considerations for Using this Guide in
83 // the [IAM Identity Center OIDC API Reference].
84 //
85 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
86 RefreshToken *string
87 88 // The list of scopes for which authorization is requested. This parameter has no
89 // effect; the access token will always include all scopes configured during client
90 // registration.
91 Scope []string
92 93 noSmithyDocumentSerde
94 }
95 96 type CreateTokenOutput struct {
97 98 // A bearer token to access Amazon Web Services accounts and applications assigned
99 // to a user.
100 AccessToken *string
101 102 // Indicates the time in seconds when an access token will expire.
103 ExpiresIn int32
104 105 // The idToken is not implemented or supported. For more information about the
106 // features and limitations of the current IAM Identity Center OIDC implementation,
107 // see Considerations for Using this Guide in the [IAM Identity Center OIDC API Reference].
108 //
109 // A JSON Web Token (JWT) that identifies who is associated with the issued access
110 // token.
111 //
112 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
113 IdToken *string
114 115 // A token that, if present, can be used to refresh a previously issued access
116 // token that might have expired.
117 //
118 // For more information about the features and limitations of the current IAM
119 // Identity Center OIDC implementation, see Considerations for Using this Guide in
120 // the [IAM Identity Center OIDC API Reference].
121 //
122 // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
123 RefreshToken *string
124 125 // Used to notify the client that the returned token is an access token. The
126 // supported token type is Bearer .
127 TokenType *string
128 129 // Metadata pertaining to the operation's result.
130 ResultMetadata middleware.Metadata
131 132 noSmithyDocumentSerde
133 }
134 135 func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
136 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
137 return err
138 }
139 err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateToken{}, middleware.After)
140 if err != nil {
141 return err
142 }
143 err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateToken{}, middleware.After)
144 if err != nil {
145 return err
146 }
147 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateToken"); err != nil {
148 return fmt.Errorf("add protocol finalizers: %v", err)
149 }
150 151 if err = addlegacyEndpointContextSetter(stack, options); err != nil {
152 return err
153 }
154 if err = addSetLoggerMiddleware(stack, options); err != nil {
155 return err
156 }
157 if err = addClientRequestID(stack); err != nil {
158 return err
159 }
160 if err = addComputeContentLength(stack); err != nil {
161 return err
162 }
163 if err = addResolveEndpointMiddleware(stack, options); err != nil {
164 return err
165 }
166 if err = addRetry(stack, options); err != nil {
167 return err
168 }
169 if err = addRawResponseToMetadata(stack); err != nil {
170 return err
171 }
172 if err = addRecordResponseTiming(stack); err != nil {
173 return err
174 }
175 if err = addSpanRetryLoop(stack, options); err != nil {
176 return err
177 }
178 if err = addClientUserAgent(stack, options); err != nil {
179 return err
180 }
181 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
182 return err
183 }
184 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
185 return err
186 }
187 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
188 return err
189 }
190 if err = addTimeOffsetBuild(stack, c); err != nil {
191 return err
192 }
193 if err = addUserAgentRetryMode(stack, options); err != nil {
194 return err
195 }
196 if err = addCredentialSource(stack, options); err != nil {
197 return err
198 }
199 if err = addOpCreateTokenValidationMiddleware(stack); err != nil {
200 return err
201 }
202 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil {
203 return err
204 }
205 if err = addRecursionDetection(stack); err != nil {
206 return err
207 }
208 if err = addRequestIDRetrieverMiddleware(stack); err != nil {
209 return err
210 }
211 if err = addResponseErrorMiddleware(stack); err != nil {
212 return err
213 }
214 if err = addRequestResponseLogging(stack, options); err != nil {
215 return err
216 }
217 if err = addDisableHTTPSMiddleware(stack, options); err != nil {
218 return err
219 }
220 if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
221 return err
222 }
223 if err = addInterceptAttempt(stack, options); err != nil {
224 return err
225 }
226 if err = addInterceptors(stack, options); err != nil {
227 return err
228 }
229 return nil
230 }
231 232 func newServiceMetadataMiddleware_opCreateToken(region string) *awsmiddleware.RegisterServiceMetadata {
233 return &awsmiddleware.RegisterServiceMetadata{
234 Region: region,
235 ServiceID: ServiceID,
236 OperationName: "CreateToken",
237 }
238 }
239