feat(client-sso-admin): Improves support for configuring RefreshToken…

… and TokenExchange grants on applications.
aws · Nov 17, 2023 · f53e68f · f53e68f
1 parent fe08f6f
commit f53e68f
Show file tree

Hide file tree

Showing 6 changed files with 116 additions and 23 deletions.
diff --git a/clients/client-sso-admin/src/commands/GetApplicationGrantCommand.ts b/clients/client-sso-admin/src/commands/GetApplicationGrantCommand.ts
@@ -67,6 +67,8 @@ export interface GetApplicationGrantCommandOutput extends GetApplicationGrantRes
  * //         },
  * //       ],
  * //     },
+ * //     RefreshToken: {},
+ * //     TokenExchange: {},
  * //   },
  * // };
  *

diff --git a/clients/client-sso-admin/src/commands/ListApplicationGrantsCommand.ts b/clients/client-sso-admin/src/commands/ListApplicationGrantsCommand.ts
@@ -70,6 +70,8 @@ export interface ListApplicationGrantsCommandOutput extends ListApplicationGrant
  * //             },
  * //           ],
  * //         },
+ * //         RefreshToken: {},
+ * //         TokenExchange: {},
  * //       },
  * //     },
  * //   ],

diff --git a/clients/client-sso-admin/src/commands/PutApplicationGrantCommand.ts b/clients/client-sso-admin/src/commands/PutApplicationGrantCommand.ts
@@ -63,6 +63,8 @@ export interface PutApplicationGrantCommandOutput extends __MetadataBearer {}
  *         },
  *       ],
  *     },
+ *     RefreshToken: {},
+ *     TokenExchange: {},
  *   },
  * };
  * const command = new PutApplicationGrantCommand(input);

diff --git a/clients/client-sso-admin/src/models/models_0.ts b/clients/client-sso-admin/src/models/models_0.ts
@@ -986,12 +986,12 @@ export interface GetApplicationGrantRequest {
 
 /**
  * @public
- * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+ * <p>A structure that defines configuration settings for an application that supports the OAuth 2.0 Authorization Code Grant.</p>
  */
 export interface AuthorizationCodeGrant {
   /**
    * @public
-   * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+   * <p>A list of URIs that are valid locations to redirect a user's browser after the user is authorized.</p>
    */
   RedirectUris?: string[];
 }
@@ -1018,43 +1018,88 @@ export interface AuthorizedTokenIssuer {
 
 /**
  * @public
- * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+ * <p>A structure that defines configuration settings for an application that supports the JWT Bearer Token Authorization Grant.</p>
  */
 export interface JwtBearerGrant {
   /**
    * @public
-   * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+   * <p>A list of allowed token issuers trusted by the Identity Center instances for this application.</p>
    */
   AuthorizedTokenIssuers?: AuthorizedTokenIssuer[];
 }
 
 /**
  * @public
- * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+ * <p>A structure that defines configuration settings for an application that supports the OAuth 2.0 Refresh Token Grant.</p>
  */
-export type Grant = Grant.AuthorizationCodeMember | Grant.JwtBearerMember | Grant.$UnknownMember;
+export interface RefreshTokenGrant {}
+
+/**
+ * @public
+ * <p>A structure that defines configuration settings for an application that supports the OAuth 2.0 Token Exchange Grant.</p>
+ */
+export interface TokenExchangeGrant {}
+
+/**
+ * @public
+ * <p>The Grant union represents the set of possible configuration options for the selected grant type. Exactly one member of the union must be specified, and must match the grant type selected.</p>
+ */
+export type Grant =
+  | Grant.AuthorizationCodeMember
+  | Grant.JwtBearerMember
+  | Grant.RefreshTokenMember
+  | Grant.TokenExchangeMember
+  | Grant.$UnknownMember;
 
 /**
  * @public
  */
 export namespace Grant {
   /**
    * @public
-   * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+   * <p>Configuration options for the <code>authorization_code</code> grant type.</p>
    */
   export interface AuthorizationCodeMember {
     AuthorizationCode: AuthorizationCodeGrant;
     JwtBearer?: never;
+    RefreshToken?: never;
+    TokenExchange?: never;
     $unknown?: never;
   }
 
   /**
    * @public
-   * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+   * <p>Configuration options for the <code>urn:ietf:params:oauth:grant-type:jwt-bearer</code> grant type.</p>
    */
   export interface JwtBearerMember {
     AuthorizationCode?: never;
     JwtBearer: JwtBearerGrant;
+    RefreshToken?: never;
+    TokenExchange?: never;
+    $unknown?: never;
+  }
+
+  /**
+   * @public
+   * <p>Configuration options for the <code>refresh_token</code> grant type.</p>
+   */
+  export interface RefreshTokenMember {
+    AuthorizationCode?: never;
+    JwtBearer?: never;
+    RefreshToken: RefreshTokenGrant;
+    TokenExchange?: never;
+    $unknown?: never;
+  }
+
+  /**
+   * @public
+   * <p>Configuration options for the <code>urn:ietf:params:oauth:grant-type:token-exchange</code> grant type.</p>
+   */
+  export interface TokenExchangeMember {
+    AuthorizationCode?: never;
+    JwtBearer?: never;
+    RefreshToken?: never;
+    TokenExchange: TokenExchangeGrant;
     $unknown?: never;
   }
 
@@ -1064,18 +1109,24 @@ export namespace Grant {
   export interface $UnknownMember {
     AuthorizationCode?: never;
     JwtBearer?: never;
+    RefreshToken?: never;
+    TokenExchange?: never;
     $unknown: [string, any];
   }
 
   export interface Visitor<T> {
     AuthorizationCode: (value: AuthorizationCodeGrant) => T;
     JwtBearer: (value: JwtBearerGrant) => T;
+    RefreshToken: (value: RefreshTokenGrant) => T;
+    TokenExchange: (value: TokenExchangeGrant) => T;
     _: (name: string, value: any) => T;
   }
 
   export const visit = <T>(value: Grant, visitor: Visitor<T>): T => {
     if (value.AuthorizationCode !== undefined) return visitor.AuthorizationCode(value.AuthorizationCode);
     if (value.JwtBearer !== undefined) return visitor.JwtBearer(value.JwtBearer);
+    if (value.RefreshToken !== undefined) return visitor.RefreshToken(value.RefreshToken);
+    if (value.TokenExchange !== undefined) return visitor.TokenExchange(value.TokenExchange);
     return visitor._(value.$unknown[0], value.$unknown[1]);
   };
 }
@@ -1114,18 +1165,18 @@ export interface ListApplicationGrantsRequest {
 
 /**
  * @public
- * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+ * <p>A structure that defines a single grant and its configuration.</p>
  */
 export interface GrantItem {
   /**
    * @public
-   * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+   * <p>The type of the selected grant.</p>
    */
   GrantType: GrantType | undefined;
 
   /**
    * @public
-   * <p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>
+   * <p>The configuration structure for the selected grant.</p>
    */
   Grant: Grant | undefined;
 }
@@ -4102,7 +4153,7 @@ export interface UntagResourceResponse {}
 
 /**
  * @public
- * <p/>
+ * <p>A structure that describes the options for the access portal associated with an application that can be updated.</p>
  */
 export interface UpdateApplicationPortalOptions {
   /**

diff --git a/clients/client-sso-admin/src/protocols/Aws_json1_1.ts b/clients/client-sso-admin/src/protocols/Aws_json1_1.ts
@@ -390,12 +390,14 @@ import {
   PutApplicationGrantRequest,
   PutInlinePolicyToPermissionSetRequest,
   PutPermissionsBoundaryToPermissionSetRequest,
+  RefreshTokenGrant,
   ResourceNotFoundException,
   ServiceQuotaExceededException,
   SignInOptions,
   Tag,
   TagResourceRequest,
   ThrottlingException,
+  TokenExchangeGrant,
   TrustedTokenIssuerConfiguration,
   TrustedTokenIssuerUpdateConfiguration,
   UntagResourceRequest,
@@ -6036,6 +6038,8 @@ const se_PutApplicationAuthenticationMethodRequest = (
 
 // se_RedirectUris omitted.
 
+// se_RefreshTokenGrant omitted.
+
 // se_ScopeTargets omitted.
 
 // se_SignInOptions omitted.
@@ -6048,6 +6052,8 @@ const se_PutApplicationAuthenticationMethodRequest = (
 
 // se_TagResourceRequest omitted.
 
+// se_TokenExchangeGrant omitted.
+
 // se_TokenIssuerAudiences omitted.
 
 // se_TrustedTokenIssuerConfiguration omitted.
@@ -6633,6 +6639,8 @@ const de_ProvisionPermissionSetResponse = (output: any, context: __SerdeContext)
 
 // de_RedirectUris omitted.
 
+// de_RefreshTokenGrant omitted.
+
 // de_ResourceNotFoundException omitted.
 
 // de_ResourceServerConfig omitted.
@@ -6659,6 +6667,8 @@ const de_ProvisionPermissionSetResponse = (output: any, context: __SerdeContext)
 
 // de_ThrottlingException omitted.
 
+// de_TokenExchangeGrant omitted.
+
 // de_TokenIssuerAudiences omitted.
 
 // de_TrustedTokenIssuerConfiguration omitted.

diff --git a/codegen/sdk-codegen/aws-models/sso-admin.json b/codegen/sdk-codegen/aws-models/sso-admin.json
@@ -834,12 +834,12 @@
         "RedirectUris": {
           "target": "com.amazonaws.ssoadmin#RedirectUris",
           "traits": {
-            "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+            "smithy.api#documentation": "<p>A list of URIs that are valid locations to redirect a user's browser after the user is authorized.</p>"
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+        "smithy.api#documentation": "<p>A structure that defines configuration settings for an application that supports the OAuth 2.0 Authorization Code Grant.</p>"
       }
     },
     "com.amazonaws.ssoadmin#AuthorizedTokenIssuer": {
@@ -3628,18 +3628,30 @@
         "AuthorizationCode": {
           "target": "com.amazonaws.ssoadmin#AuthorizationCodeGrant",
           "traits": {
-            "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+            "smithy.api#documentation": "<p>Configuration options for the <code>authorization_code</code> grant type.</p>"
           }
         },
         "JwtBearer": {
           "target": "com.amazonaws.ssoadmin#JwtBearerGrant",
           "traits": {
-            "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+            "smithy.api#documentation": "<p>Configuration options for the <code>urn:ietf:params:oauth:grant-type:jwt-bearer</code> grant type.</p>"
+          }
+        },
+        "RefreshToken": {
+          "target": "com.amazonaws.ssoadmin#RefreshTokenGrant",
+          "traits": {
+            "smithy.api#documentation": "<p>Configuration options for the <code>refresh_token</code> grant type.</p>"
+          }
+        },
+        "TokenExchange": {
+          "target": "com.amazonaws.ssoadmin#TokenExchangeGrant",
+          "traits": {
+            "smithy.api#documentation": "<p>Configuration options for the <code>urn:ietf:params:oauth:grant-type:token-exchange</code> grant type.</p>"
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+        "smithy.api#documentation": "<p>The Grant union represents the set of possible configuration options for the selected grant type. Exactly one member of the union must be specified, and must match the grant type selected.</p>"
       }
     },
     "com.amazonaws.ssoadmin#GrantItem": {
@@ -3648,20 +3660,20 @@
         "GrantType": {
           "target": "com.amazonaws.ssoadmin#GrantType",
           "traits": {
-            "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>",
+            "smithy.api#documentation": "<p>The type of the selected grant.</p>",
             "smithy.api#required": {}
           }
         },
         "Grant": {
           "target": "com.amazonaws.ssoadmin#Grant",
           "traits": {
-            "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>",
+            "smithy.api#documentation": "<p>The configuration structure for the selected grant.</p>",
             "smithy.api#required": {}
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+        "smithy.api#documentation": "<p>A structure that defines a single grant and its configuration.</p>"
       }
     },
     "com.amazonaws.ssoadmin#GrantType": {
@@ -3907,12 +3919,12 @@
         "AuthorizedTokenIssuers": {
           "target": "com.amazonaws.ssoadmin#AuthorizedTokenIssuers",
           "traits": {
-            "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+            "smithy.api#documentation": "<p>A list of allowed token issuers trusted by the Identity Center instances for this application.</p>"
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>~~~[ TODO: ADD DESCRIPTION HERE ]~~~</p>"
+        "smithy.api#documentation": "<p>A structure that defines configuration settings for an application that supports the JWT Bearer Token Authorization Grant.</p>"
       }
     },
     "com.amazonaws.ssoadmin#ListAccountAssignmentCreationStatus": {
@@ -6582,6 +6594,13 @@
         }
       }
     },
+    "com.amazonaws.ssoadmin#RefreshTokenGrant": {
+      "type": "structure",
+      "members": {},
+      "traits": {
+        "smithy.api#documentation": "<p>A structure that defines configuration settings for an application that supports the OAuth 2.0 Refresh Token Grant.</p>"
+      }
+    },
     "com.amazonaws.ssoadmin#RelayState": {
       "type": "string",
       "traits": {
@@ -8121,6 +8140,13 @@
         "smithy.api#pattern": "^[-a-zA-Z0-9+=/_]*$"
       }
     },
+    "com.amazonaws.ssoadmin#TokenExchangeGrant": {
+      "type": "structure",
+      "members": {},
+      "traits": {
+        "smithy.api#documentation": "<p>A structure that defines configuration settings for an application that supports the OAuth 2.0 Token Exchange Grant.</p>"
+      }
+    },
     "com.amazonaws.ssoadmin#TokenIssuerAudience": {
       "type": "string",
       "traits": {
@@ -8363,7 +8389,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p/>"
+        "smithy.api#documentation": "<p>A structure that describes the options for the access portal associated with an application that can be updated.</p>"
       }
     },
     "com.amazonaws.ssoadmin#UpdateApplicationRequest": {