/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the sso-oidc-2019-06-10.normal.json service model. */ using System; using System.Runtime.ExceptionServices; using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; using System.Net; using Amazon.SSOOIDC.Model; using Amazon.SSOOIDC.Model.Internal.MarshallTransformations; using Amazon.SSOOIDC.Internal; using Amazon.Runtime; using Amazon.Runtime.Internal; using Amazon.Runtime.Internal.Auth; using Amazon.Runtime.Internal.Transform; namespace Amazon.SSOOIDC { ///

/// Implementation for accessing SSOOIDC /// /// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC) is /// a web service that enables a client (such as AWS CLI or a native application) to register /// with IAM Identity Center. The service also enables the client to fetch the user’s /// access token upon successful authentication and authorization with IAM Identity Center. /// /// /// /// Although AWS Single Sign-On was renamed, the sso and identitystore /// API namespaces will continue to retain their original name for backward compatibility /// purposes. For more information, see IAM /// Identity Center rename. /// /// /// /// Considerations for Using This Guide /// /// /// /// Before you begin using this guide, we recommend that you first review the following /// important information about how the IAM Identity Center OIDC service works. /// ///

/// /// The IAM Identity Center OIDC service currently implements only the portions of the /// OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628) /// that are necessary to enable single sign-on authentication with the AWS CLI. Support /// for other OIDC flows frequently needed for native applications, such as Authorization /// Code Flow (+ PKCE), will be addressed in future releases. /// ///
/// /// The service emits only OIDC access tokens, such that obtaining a new token (For example, /// token refresh) requires explicit user re-authentication. /// ///
/// /// The access tokens provided by this service grant access to all AWS account entitlements /// assigned to an IAM Identity Center user, not just a particular application. /// ///
/// /// The documentation in this guide does not describe the mechanism to convert the access /// token into AWS Auth (“sigv4”) credentials for use with IAM-protected AWS service endpoints. /// For more information, see GetRoleCredentials /// in the IAM Identity Center Portal API Reference Guide. /// ///

/// /// For general information about IAM Identity Center, see What /// is IAM Identity Center? in the IAM Identity Center User Guide. /// ///

public partial class AmazonSSOOIDCClient : AmazonServiceClient, IAmazonSSOOIDC { private static IServiceMetadata serviceMetadata = new AmazonSSOOIDCMetadata(); #region Constructors ///

/// Constructs AmazonSSOOIDCClient with the credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. ///


        /// <?xml version="1.0" encoding="utf-8" ?>
        /// <configuration>
        ///     <appSettings>
        ///         <add key="AWSProfileName" value="AWS Default"/>
        ///     </appSettings>
        /// </configuration>
        ///

/// ///

public AmazonSSOOIDCClient() : base(FallbackCredentialsFactory.GetCredentials(), new AmazonSSOOIDCConfig()) { } ///


        /// <?xml version="1.0" encoding="utf-8" ?>
        /// <configuration>
        ///     <appSettings>
        ///         <add key="AWSProfileName" value="AWS Default"/>
        ///     </appSettings>
        /// </configuration>
        ///

/// ///

/// The region to connect. public AmazonSSOOIDCClient(RegionEndpoint region) : base(FallbackCredentialsFactory.GetCredentials(), new AmazonSSOOIDCConfig{RegionEndpoint = region}) { } ///


        /// <?xml version="1.0" encoding="utf-8" ?>
        /// <configuration>
        ///     <appSettings>
        ///         <add key="AWSProfileName" value="AWS Default"/>
        ///     </appSettings>
        /// </configuration>
        ///

/// ///

/// The AmazonSSOOIDCClient Configuration Object public AmazonSSOOIDCClient(AmazonSSOOIDCConfig config) : base(FallbackCredentialsFactory.GetCredentials(config), config){} ///

/// Constructs AmazonSSOOIDCClient with AWS Credentials ///

/// AWS Credentials public AmazonSSOOIDCClient(AWSCredentials credentials) : this(credentials, new AmazonSSOOIDCConfig()) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Credentials ///

/// AWS Credentials /// The region to connect. public AmazonSSOOIDCClient(AWSCredentials credentials, RegionEndpoint region) : this(credentials, new AmazonSSOOIDCConfig{RegionEndpoint = region}) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Credentials and an /// AmazonSSOOIDCClient Configuration object. ///

/// AWS Credentials /// The AmazonSSOOIDCClient Configuration Object public AmazonSSOOIDCClient(AWSCredentials credentials, AmazonSSOOIDCConfig clientConfig) : base(credentials, clientConfig) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Access Key ID and AWS Secret Key ///

/// AWS Access Key ID /// AWS Secret Access Key public AmazonSSOOIDCClient(string awsAccessKeyId, string awsSecretAccessKey) : this(awsAccessKeyId, awsSecretAccessKey, new AmazonSSOOIDCConfig()) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Access Key ID and AWS Secret Key ///

/// AWS Access Key ID /// AWS Secret Access Key /// The region to connect. public AmazonSSOOIDCClient(string awsAccessKeyId, string awsSecretAccessKey, RegionEndpoint region) : this(awsAccessKeyId, awsSecretAccessKey, new AmazonSSOOIDCConfig() {RegionEndpoint=region}) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Access Key ID, AWS Secret Key and an /// AmazonSSOOIDCClient Configuration object. ///

/// AWS Access Key ID /// AWS Secret Access Key /// The AmazonSSOOIDCClient Configuration Object public AmazonSSOOIDCClient(string awsAccessKeyId, string awsSecretAccessKey, AmazonSSOOIDCConfig clientConfig) : base(awsAccessKeyId, awsSecretAccessKey, clientConfig) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Access Key ID and AWS Secret Key ///

/// AWS Access Key ID /// AWS Secret Access Key /// AWS Session Token public AmazonSSOOIDCClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken) : this(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, new AmazonSSOOIDCConfig()) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Access Key ID and AWS Secret Key ///

/// AWS Access Key ID /// AWS Secret Access Key /// AWS Session Token /// The region to connect. public AmazonSSOOIDCClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region) : this(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, new AmazonSSOOIDCConfig{RegionEndpoint = region}) { } ///

/// Constructs AmazonSSOOIDCClient with AWS Access Key ID, AWS Secret Key and an /// AmazonSSOOIDCClient Configuration object. ///

/// AWS Access Key ID /// AWS Secret Access Key /// AWS Session Token /// The AmazonSSOOIDCClient Configuration Object public AmazonSSOOIDCClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonSSOOIDCConfig clientConfig) : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, clientConfig) { } #endregion #region Overrides ///

/// Creates the signer for the service. ///

protected override AbstractAWSSigner CreateSigner() { return new AWS4Signer(); } ///

/// Customizes the runtime pipeline. ///

/// Runtime pipeline for the current client. protected override void CustomizeRuntimePipeline(RuntimePipeline pipeline) { pipeline.RemoveHandler(); pipeline.AddHandlerAfter(new AmazonSSOOIDCEndpointResolver()); } ///

/// Capture metadata for the service. ///

protected override IServiceMetadata ServiceMetadata { get { return serviceMetadata; } } #endregion #region Dispose ///

/// Disposes the service client. ///

protected override void Dispose(bool disposing) { base.Dispose(disposing); } #endregion #region CreateToken internal virtual CreateTokenResponse CreateToken(CreateTokenRequest request) { var options = new InvokeOptions(); options.RequestMarshaller = CreateTokenRequestMarshaller.Instance; options.ResponseUnmarshaller = CreateTokenResponseUnmarshaller.Instance; return Invoke(request, options); } ///

/// Creates and returns an access token for the authorized client. The access token issued /// will be used to fetch short-term credentials for the assigned roles in the AWS account. ///

/// Container for the necessary parameters to execute the CreateToken service method. /// /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// /// /// The response from the CreateToken service method, as returned by SSOOIDC. /// /// You do not have sufficient access to perform this action. /// /// /// Indicates that a request to authorize a client with an access user session token is /// pending. /// /// /// Indicates that the token issued by the service is expired and is no longer valid. /// /// /// Indicates that an error from the service occurred while trying to process a request. /// /// /// Indicates that the clientId or clientSecret in the request /// is invalid. For example, this can occur when a client sends an incorrect clientId /// or an expired clientSecret. /// /// /// Indicates that a request contains an invalid grant. This can occur if a client makes /// a CreateToken request with an invalid grant type. /// /// /// Indicates that something is wrong with the input to the request. For example, a required /// parameter might be missing or out of range. /// /// /// Indicates that the scope provided in the request is invalid. /// /// /// Indicates that the client is making the request too frequently and is more than the /// service can handle. /// /// /// Indicates that the client is not currently authorized to make the request. This can /// happen when a clientId is not issued for a public client. /// /// /// Indicates that the grant type in the request is not supported by the service. /// /// REST API Reference for CreateToken Operation public virtual Task CreateTokenAsync(CreateTokenRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var options = new InvokeOptions(); options.RequestMarshaller = CreateTokenRequestMarshaller.Instance; options.ResponseUnmarshaller = CreateTokenResponseUnmarshaller.Instance; return InvokeAsync(request, options, cancellationToken); } #endregion #region RegisterClient internal virtual RegisterClientResponse RegisterClient(RegisterClientRequest request) { var options = new InvokeOptions(); options.RequestMarshaller = RegisterClientRequestMarshaller.Instance; options.ResponseUnmarshaller = RegisterClientResponseUnmarshaller.Instance; return Invoke(request, options); } ///

/// Registers a client with IAM Identity Center. This allows clients to initiate device /// authorization. The output should be persisted for reuse through many authentication /// requests. ///

/// Container for the necessary parameters to execute the RegisterClient service method. /// /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// /// /// The response from the RegisterClient service method, as returned by SSOOIDC. /// /// Indicates that an error from the service occurred while trying to process a request. /// /// /// Indicates that the client information sent in the request during registration is invalid. /// /// /// Indicates that something is wrong with the input to the request. For example, a required /// parameter might be missing or out of range. /// /// /// Indicates that the scope provided in the request is invalid. /// /// REST API Reference for RegisterClient Operation public virtual Task RegisterClientAsync(RegisterClientRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var options = new InvokeOptions(); options.RequestMarshaller = RegisterClientRequestMarshaller.Instance; options.ResponseUnmarshaller = RegisterClientResponseUnmarshaller.Instance; return InvokeAsync(request, options, cancellationToken); } #endregion #region StartDeviceAuthorization internal virtual StartDeviceAuthorizationResponse StartDeviceAuthorization(StartDeviceAuthorizationRequest request) { var options = new InvokeOptions(); options.RequestMarshaller = StartDeviceAuthorizationRequestMarshaller.Instance; options.ResponseUnmarshaller = StartDeviceAuthorizationResponseUnmarshaller.Instance; return Invoke(request, options); } ///

/// Initiates device authorization by requesting a pair of verification codes from the /// authorization service. ///

/// Container for the necessary parameters to execute the StartDeviceAuthorization service method. /// /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// /// /// The response from the StartDeviceAuthorization service method, as returned by SSOOIDC. /// /// Indicates that an error from the service occurred while trying to process a request. /// /// /// Indicates that the clientId or clientSecret in the request /// is invalid. For example, this can occur when a client sends an incorrect clientId /// or an expired clientSecret. /// /// /// Indicates that something is wrong with the input to the request. For example, a required /// parameter might be missing or out of range. /// /// /// Indicates that the client is making the request too frequently and is more than the /// service can handle. /// /// /// Indicates that the client is not currently authorized to make the request. This can /// happen when a clientId is not issued for a public client. /// /// REST API Reference for StartDeviceAuthorization Operation public virtual Task StartDeviceAuthorizationAsync(StartDeviceAuthorizationRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var options = new InvokeOptions(); options.RequestMarshaller = StartDeviceAuthorizationRequestMarshaller.Instance; options.ResponseUnmarshaller = StartDeviceAuthorizationResponseUnmarshaller.Instance; return InvokeAsync(request, options, cancellationToken); } #endregion } }