api_op_GetWebIdentityToken.go raw

   1  // Code generated by smithy-go-codegen DO NOT EDIT.
   2  
   3  package sts
   4  
   5  import (
   6  	"context"
   7  	"fmt"
   8  	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
   9  	"github.com/aws/aws-sdk-go-v2/service/sts/types"
  10  	"github.com/aws/smithy-go/middleware"
  11  	smithyhttp "github.com/aws/smithy-go/transport/http"
  12  	"time"
  13  )
  14  
  15  // Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web
  16  // Services identity. The returned JWT can be used to authenticate with external
  17  // services that support OIDC discovery. The token is signed by Amazon Web Services
  18  // STS and can be publicly verified using the verification keys published at the
  19  // issuer's JWKS endpoint.
  20  func (c *Client) GetWebIdentityToken(ctx context.Context, params *GetWebIdentityTokenInput, optFns ...func(*Options)) (*GetWebIdentityTokenOutput, error) {
  21  	if params == nil {
  22  		params = &GetWebIdentityTokenInput{}
  23  	}
  24  
  25  	result, metadata, err := c.invokeOperation(ctx, "GetWebIdentityToken", params, optFns, c.addOperationGetWebIdentityTokenMiddlewares)
  26  	if err != nil {
  27  		return nil, err
  28  	}
  29  
  30  	out := result.(*GetWebIdentityTokenOutput)
  31  	out.ResultMetadata = metadata
  32  	return out, nil
  33  }
  34  
  35  type GetWebIdentityTokenInput struct {
  36  
  37  	// The intended recipient of the web identity token. This value populates the aud
  38  	// claim in the JWT and should identify the service or application that will
  39  	// validate and use the token. The external service should verify this claim to
  40  	// ensure the token was intended for their use.
  41  	//
  42  	// This member is required.
  43  	Audience []string
  44  
  45  	// The cryptographic algorithm to use for signing the JSON Web Token (JWT). Valid
  46  	// values are RS256 (RSA with SHA-256) and ES384 (ECDSA using P-384 curve with
  47  	// SHA-384).
  48  	//
  49  	// This member is required.
  50  	SigningAlgorithm *string
  51  
  52  	// The duration, in seconds, for which the JSON Web Token (JWT) will remain valid.
  53  	// The value can range from 60 seconds (1 minute) to 3600 seconds (1 hour). If not
  54  	// specified, the default duration is 300 seconds (5 minutes). The token is
  55  	// designed to be short-lived and should be used for proof of identity, then
  56  	// exchanged for credentials or short-lived tokens in the external service.
  57  	DurationSeconds *int32
  58  
  59  	// An optional list of tags to include in the JSON Web Token (JWT). These tags are
  60  	// added as custom claims to the JWT and can be used by the downstream service for
  61  	// authorization decisions.
  62  	Tags []types.Tag
  63  
  64  	noSmithyDocumentSerde
  65  }
  66  
  67  type GetWebIdentityTokenOutput struct {
  68  
  69  	// The date and time when the web identity token expires, in UTC. The expiration
  70  	// is determined by adding the DurationSeconds value to the time the token was
  71  	// issued. After this time, the token should no longer be considered valid.
  72  	Expiration *time.Time
  73  
  74  	// A signed JSON Web Token (JWT) that represents the caller's Amazon Web Services
  75  	// identity. The token contains standard JWT claims such as subject, audience,
  76  	// expiration time, and additional identity attributes added by STS as custom
  77  	// claims. You can also add your own custom claims to the token by passing tags as
  78  	// request parameters to the GetWebIdentityToken API. The token is signed using
  79  	// the specified signing algorithm and can be verified using the verification keys
  80  	// available at the issuer's JWKS endpoint.
  81  	WebIdentityToken *string
  82  
  83  	// Metadata pertaining to the operation's result.
  84  	ResultMetadata middleware.Metadata
  85  
  86  	noSmithyDocumentSerde
  87  }
  88  
  89  func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
  90  	if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
  91  		return err
  92  	}
  93  	err = stack.Serialize.Add(&awsAwsquery_serializeOpGetWebIdentityToken{}, middleware.After)
  94  	if err != nil {
  95  		return err
  96  	}
  97  	err = stack.Deserialize.Add(&awsAwsquery_deserializeOpGetWebIdentityToken{}, middleware.After)
  98  	if err != nil {
  99  		return err
 100  	}
 101  	if err := addProtocolFinalizerMiddlewares(stack, options, "GetWebIdentityToken"); err != nil {
 102  		return fmt.Errorf("add protocol finalizers: %v", err)
 103  	}
 104  
 105  	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
 106  		return err
 107  	}
 108  	if err = addSetLoggerMiddleware(stack, options); err != nil {
 109  		return err
 110  	}
 111  	if err = addClientRequestID(stack); err != nil {
 112  		return err
 113  	}
 114  	if err = addComputeContentLength(stack); err != nil {
 115  		return err
 116  	}
 117  	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 118  		return err
 119  	}
 120  	if err = addComputePayloadSHA256(stack); err != nil {
 121  		return err
 122  	}
 123  	if err = addRetry(stack, options); err != nil {
 124  		return err
 125  	}
 126  	if err = addRawResponseToMetadata(stack); err != nil {
 127  		return err
 128  	}
 129  	if err = addRecordResponseTiming(stack); err != nil {
 130  		return err
 131  	}
 132  	if err = addSpanRetryLoop(stack, options); err != nil {
 133  		return err
 134  	}
 135  	if err = addClientUserAgent(stack, options); err != nil {
 136  		return err
 137  	}
 138  	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
 139  		return err
 140  	}
 141  	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 142  		return err
 143  	}
 144  	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 145  		return err
 146  	}
 147  	if err = addTimeOffsetBuild(stack, c); err != nil {
 148  		return err
 149  	}
 150  	if err = addUserAgentRetryMode(stack, options); err != nil {
 151  		return err
 152  	}
 153  	if err = addCredentialSource(stack, options); err != nil {
 154  		return err
 155  	}
 156  	if err = addOpGetWebIdentityTokenValidationMiddleware(stack); err != nil {
 157  		return err
 158  	}
 159  	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetWebIdentityToken(options.Region), middleware.Before); err != nil {
 160  		return err
 161  	}
 162  	if err = addRecursionDetection(stack); err != nil {
 163  		return err
 164  	}
 165  	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 166  		return err
 167  	}
 168  	if err = addResponseErrorMiddleware(stack); err != nil {
 169  		return err
 170  	}
 171  	if err = addRequestResponseLogging(stack, options); err != nil {
 172  		return err
 173  	}
 174  	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 175  		return err
 176  	}
 177  	if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
 178  		return err
 179  	}
 180  	if err = addInterceptAttempt(stack, options); err != nil {
 181  		return err
 182  	}
 183  	if err = addInterceptors(stack, options); err != nil {
 184  		return err
 185  	}
 186  	return nil
 187  }
 188  
 189  func newServiceMetadataMiddleware_opGetWebIdentityToken(region string) *awsmiddleware.RegisterServiceMetadata {
 190  	return &awsmiddleware.RegisterServiceMetadata{
 191  		Region:        region,
 192  		ServiceID:     ServiceID,
 193  		OperationName: "GetWebIdentityToken",
 194  	}
 195  }
 196