You do not have sufficient access to perform this action.
*/ export declare class AccessDeniedException extends __BaseException { readonly name: "AccessDeniedException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that a request to authorize a client with an access user session token is * pending.
*/ export declare class AuthorizationPendingException extends __BaseException { readonly name: "AuthorizationPendingException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe unique identifier string for each client. This value should come from the persisted * result of the RegisterClient API.
*/ clientId: string | undefined; /** *A secret string generated for the client. This value should come from the persisted result * of the RegisterClient API.
*/ clientSecret: string | undefined; /** *Supports grant types for the authorization code, refresh token, and device code request. * For device code requests, specify the following value:
* *
* urn:ietf:params:oauth:grant-type:device_code
*
*
For information about how to obtain the device code, see the StartDeviceAuthorization topic.
*/ grantType: string | undefined; /** *Used only when calling this API for the device code grant type. This short-term code is * used to identify this authentication attempt. This should come from an in-memory reference to * the result of the StartDeviceAuthorization API.
*/ deviceCode?: string; /** *The authorization code received from the authorization service. This parameter is required * to perform an authorization grant request to get access to a token.
*/ code?: string; /** *Currently, refreshToken is not yet implemented and is not supported. For more
* information about the features and limitations of the current IAM Identity Center OIDC implementation,
* see Considerations for Using this Guide in the IAM Identity Center
* OIDC API Reference.
The token used to obtain an access token in the event that the access token is invalid or * expired.
*/ refreshToken?: string; /** *The list of scopes that is defined by the client. Upon authorization, this list is used to * restrict permissions when granting an access token.
*/ scope?: string[]; /** *The location of the application that will receive the authorization code. Users authorize * the service to send the request to this location.
*/ redirectUri?: string; } /** * @public */ export interface CreateTokenResponse { /** *An opaque token to access IAM Identity Center resources assigned to a user.
*/ accessToken?: string; /** *Used to notify the client that the returned token is an access token. The supported type
* is BearerToken.
Indicates the time in seconds when an access token will expire.
*/ expiresIn?: number; /** *Currently, refreshToken is not yet implemented and is not supported. For more
* information about the features and limitations of the current IAM Identity Center OIDC implementation,
* see Considerations for Using this Guide in the IAM Identity Center
* OIDC API Reference.
A token that, if present, can be used to refresh a previously issued access token that * might have expired.
*/ refreshToken?: string; /** *Currently, idToken is not yet implemented and is not supported. For more
* information about the features and limitations of the current IAM Identity Center OIDC implementation,
* see Considerations for Using this Guide in the IAM Identity Center
* OIDC API Reference.
The identifier of the user that associated with the access token, if present.
*/ idToken?: string; } /** * @public *Indicates that the token issued by the service is expired and is no longer valid.
*/ export declare class ExpiredTokenException extends __BaseException { readonly name: "ExpiredTokenException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that an error from the service occurred while trying to process a * request.
*/ export declare class InternalServerException extends __BaseException { readonly name: "InternalServerException"; readonly $fault: "server"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that the clientId or clientSecret in the request is
* invalid. For example, this can occur when a client sends an incorrect clientId or
* an expired clientSecret.
Indicates that a request contains an invalid grant. This can occur if a client makes a * CreateToken request with an invalid grant type.
*/ export declare class InvalidGrantException extends __BaseException { readonly name: "InvalidGrantException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that something is wrong with the input to the request. For example, a required * parameter might be missing or out of range.
*/ export declare class InvalidRequestException extends __BaseException { readonly name: "InvalidRequestException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that the scope provided in the request is invalid.
*/ export declare class InvalidScopeException extends __BaseException { readonly name: "InvalidScopeException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that the client is making the request too frequently and is more than the * service can handle.
*/ export declare class SlowDownException extends __BaseException { readonly name: "SlowDownException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that the client is not currently authorized to make the request. This can happen
* when a clientId is not issued for a public client.
Indicates that the grant type in the request is not supported by the service.
*/ export declare class UnsupportedGrantTypeException extends __BaseException { readonly name: "UnsupportedGrantTypeException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeIndicates that the client information sent in the request during registration is * invalid.
*/ export declare class InvalidClientMetadataException extends __BaseException { readonly name: "InvalidClientMetadataException"; readonly $fault: "client"; error?: string; error_description?: string; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe friendly name of the client.
*/ clientName: string | undefined; /** *The type of client. The service supports only public as a client type.
* Anything other than public will be rejected by the service.
The list of scopes that are defined by the client. Upon authorization, this list is used * to restrict permissions when granting an access token.
*/ scopes?: string[]; } /** * @public */ export interface RegisterClientResponse { /** *The unique identifier string for each client. This client uses this identifier to get * authenticated by the service in subsequent calls.
*/ clientId?: string; /** *A secret string generated for the client. The client will use this string to get * authenticated by the service in subsequent calls.
*/ clientSecret?: string; /** *Indicates the time at which the clientId and clientSecret were
* issued.
Indicates the time at which the clientId and clientSecret will
* become invalid.
The endpoint where the client can request authorization.
*/ authorizationEndpoint?: string; /** *The endpoint where the client can get an access token.
*/ tokenEndpoint?: string; } /** * @public */ export interface StartDeviceAuthorizationRequest { /** *The unique identifier string for the client that is registered with IAM Identity Center. This value * should come from the persisted result of the RegisterClient API * operation.
*/ clientId: string | undefined; /** *A secret string that is generated for the client. This value should come from the * persisted result of the RegisterClient API operation.
*/ clientSecret: string | undefined; /** *The URL for the AWS access portal. For more information, see Using * the AWS access portal in the IAM Identity Center User Guide.
*/ startUrl: string | undefined; } /** * @public */ export interface StartDeviceAuthorizationResponse { /** *The short-lived code that is used by the device when polling for a session token.
*/ deviceCode?: string; /** *A one-time user verification code. This is needed to authorize an in-use device.
*/ userCode?: string; /** *The URI of the verification page that takes the userCode to authorize the
* device.
An alternate URL that the client can use to automatically launch a browser. This process * skips the manual step in which the user visits the verification page and enters their * code.
*/ verificationUriComplete?: string; /** *Indicates the number of seconds in which the verification code will become invalid.
*/ expiresIn?: number; /** *Indicates the number of seconds the client must wait between attempts when polling for a * session.
*/ interval?: number; }