libZSservicesZSamazonka-sso-oidcZSamazonka-sso-oidc
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.SSOOIDC.CreateToken

Description

Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.

Synopsis

Creating a Request

data CreateToken Source #

See: newCreateToken smart constructor.

Constructors

CreateToken' 

Fields

  • redirectUri :: Maybe Text

    The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.

  • refreshToken :: Maybe Text

    The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service.

  • scope :: Maybe [Text]

    The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

  • code :: Maybe Text

    The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.

  • clientId :: Text

    The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.

  • clientSecret :: Text

    A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.

  • grantType :: Text

    Supports grant types for authorization code, refresh token, and device code request.

  • deviceCode :: Text

    Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.

Instances

Instances details
Eq CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Read CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Show CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Generic CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Associated Types

type Rep CreateToken :: Type -> Type #

NFData CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

rnf :: CreateToken -> () #

Hashable CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

ToJSON CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

AWSRequest CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Associated Types

type AWSResponse CreateToken #

ToHeaders CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

toHeaders :: CreateToken -> [Header] #

ToPath CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

ToQuery CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

type Rep CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

type AWSResponse CreateToken Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

newCreateToken Source #

Create a value of CreateToken with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:redirectUri:CreateToken', createToken_redirectUri - The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.

$sel:refreshToken:CreateToken', createToken_refreshToken - The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service.

$sel:scope:CreateToken', createToken_scope - The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

$sel:code:CreateToken', createToken_code - The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.

$sel:clientId:CreateToken', createToken_clientId - The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.

$sel:clientSecret:CreateToken', createToken_clientSecret - A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.

$sel:grantType:CreateToken', createToken_grantType - Supports grant types for authorization code, refresh token, and device code request.

$sel:deviceCode:CreateToken', createToken_deviceCode - Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.

Request Lenses

createToken_redirectUri :: Lens' CreateToken (Maybe Text) Source #

The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.

createToken_refreshToken :: Lens' CreateToken (Maybe Text) Source #

The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service.

createToken_scope :: Lens' CreateToken (Maybe [Text]) Source #

The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

createToken_code :: Lens' CreateToken (Maybe Text) Source #

The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.

createToken_clientId :: Lens' CreateToken Text Source #

The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.

createToken_clientSecret :: Lens' CreateToken Text Source #

A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.

createToken_grantType :: Lens' CreateToken Text Source #

Supports grant types for authorization code, refresh token, and device code request.

createToken_deviceCode :: Lens' CreateToken Text Source #

Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.

Destructuring the Response

data CreateTokenResponse Source #

See: newCreateTokenResponse smart constructor.

Constructors

CreateTokenResponse' 

Fields

  • accessToken :: Maybe Text

    An opaque token to access AWS SSO resources assigned to a user.

  • refreshToken :: Maybe Text

    A token that, if present, can be used to refresh a previously issued access token that might have expired.

  • expiresIn :: Maybe Int

    Indicates the time in seconds when an access token will expire.

  • tokenType :: Maybe Text

    Used to notify the client that the returned token is an access token. The supported type is BearerToken.

  • idToken :: Maybe Text

    The identifier of the user that associated with the access token, if present.

  • httpStatus :: Int

    The response's http status code.

Instances

Instances details
Eq CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Read CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Show CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Generic CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Associated Types

type Rep CreateTokenResponse :: Type -> Type #

NFData CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

Methods

rnf :: CreateTokenResponse -> () #

type Rep CreateTokenResponse Source # 
Instance details

Defined in Amazonka.SSOOIDC.CreateToken

type Rep CreateTokenResponse = D1 ('MetaData "CreateTokenResponse" "Amazonka.SSOOIDC.CreateToken" "libZSservicesZSamazonka-sso-oidcZSamazonka-sso-oidc" 'False) (C1 ('MetaCons "CreateTokenResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "accessToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "refreshToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "expiresIn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Int)))) :*: (S1 ('MetaSel ('Just "tokenType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "idToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))))

newCreateTokenResponse Source #

Create a value of CreateTokenResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:accessToken:CreateTokenResponse', createTokenResponse_accessToken - An opaque token to access AWS SSO resources assigned to a user.

$sel:refreshToken:CreateToken', createTokenResponse_refreshToken - A token that, if present, can be used to refresh a previously issued access token that might have expired.

$sel:expiresIn:CreateTokenResponse', createTokenResponse_expiresIn - Indicates the time in seconds when an access token will expire.

$sel:tokenType:CreateTokenResponse', createTokenResponse_tokenType - Used to notify the client that the returned token is an access token. The supported type is BearerToken.

$sel:idToken:CreateTokenResponse', createTokenResponse_idToken - The identifier of the user that associated with the access token, if present.

$sel:httpStatus:CreateTokenResponse', createTokenResponse_httpStatus - The response's http status code.

Response Lenses

createTokenResponse_accessToken :: Lens' CreateTokenResponse (Maybe Text) Source #

An opaque token to access AWS SSO resources assigned to a user.

createTokenResponse_refreshToken :: Lens' CreateTokenResponse (Maybe Text) Source #

A token that, if present, can be used to refresh a previously issued access token that might have expired.

createTokenResponse_expiresIn :: Lens' CreateTokenResponse (Maybe Int) Source #

Indicates the time in seconds when an access token will expire.

createTokenResponse_tokenType :: Lens' CreateTokenResponse (Maybe Text) Source #

Used to notify the client that the returned token is an access token. The supported type is BearerToken.

createTokenResponse_idToken :: Lens' CreateTokenResponse (Maybe Text) Source #

The identifier of the user that associated with the access token, if present.