amazonka-sso-oidc (empty) → 2.0
raw patch · 21 files changed
+2146/−0 lines, 21 filesdep +amazonka-coredep +amazonka-sso-oidcdep +amazonka-test
Dependencies added: amazonka-core, amazonka-sso-oidc, amazonka-test, base, bytestring, case-insensitive, tasty, tasty-hunit, text, time, unordered-containers
Files
- LICENSE +367/−0
- README.md +44/−0
- amazonka-sso-oidc.cabal +86/−0
- fixture/CreateToken.yaml +10/−0
- fixture/CreateTokenResponse.proto +0/−0
- fixture/RegisterClient.yaml +10/−0
- fixture/RegisterClientResponse.proto +0/−0
- fixture/StartDeviceAuthorization.yaml +10/−0
- fixture/StartDeviceAuthorizationResponse.proto +0/−0
- gen/Amazonka/SSOOIDC.hs +159/−0
- gen/Amazonka/SSOOIDC/CreateToken.hs +428/−0
- gen/Amazonka/SSOOIDC/Lens.hs +63/−0
- gen/Amazonka/SSOOIDC/RegisterClient.hs +277/−0
- gen/Amazonka/SSOOIDC/StartDeviceAuthorization.hs +302/−0
- gen/Amazonka/SSOOIDC/Types.hs +217/−0
- gen/Amazonka/SSOOIDC/Waiters.hs +24/−0
- src/.gitkeep +0/−0
- test/Main.hs +23/−0
- test/Test/Amazonka/Gen/SSOOIDC.hs +98/−0
- test/Test/Amazonka/SSOOIDC.hs +20/−0
- test/Test/Amazonka/SSOOIDC/Internal.hs +8/−0
+ LICENSE view
@@ -0,0 +1,367 @@+Mozilla Public License Version 2.0+==================================++1. Definitions+--------------++1.1. "Contributor"+ means each individual or legal entity that creates, contributes to+ the creation of, or owns Covered Software.++1.2. "Contributor Version"+ means the combination of the Contributions of others (if any) used+ by a Contributor and that particular Contributor's Contribution.++1.3. "Contribution"+ means Covered Software of a particular Contributor.++1.4. "Covered Software"+ means Source Code Form to which the initial Contributor has attached+ the notice in Exhibit A, the Executable Form of such Source Code+ Form, and Modifications of such Source Code Form, in each case+ including portions thereof.++1.5. "Incompatible With Secondary Licenses"+ means++ (a) that the initial Contributor has attached the notice described+ in Exhibit B to the Covered Software; or++ (b) that the Covered Software was made available under the terms of+ version 1.1 or earlier of the License, but not also under the+ terms of a Secondary License.++1.6. "Executable Form"+ means any form of the work other than Source Code Form.++1.7. "Larger Work"+ means a work that combines Covered Software with other material, in+ a separate file or files, that is not Covered Software.++1.8. "License"+ means this document.++1.9. "Licensable"+ means having the right to grant, to the maximum extent possible,+ whether at the time of the initial grant or subsequently, any and+ all of the rights conveyed by this License.++1.10. "Modifications"+ means any of the following:++ (a) any file in Source Code Form that results from an addition to,+ deletion from, or modification of the contents of Covered+ Software; or++ (b) any new file in Source Code Form that contains any Covered+ Software.++1.11. "Patent Claims" of a Contributor+ means any patent claim(s), including without limitation, method,+ process, and apparatus claims, in any patent Licensable by such+ Contributor that would be infringed, but for the grant of the+ License, by the making, using, selling, offering for sale, having+ made, import, or transfer of either its Contributions or its+ Contributor Version.++1.12. "Secondary License"+ means either the GNU General Public License, Version 2.0, the GNU+ Lesser General Public License, Version 2.1, the GNU Affero General+ Public License, Version 3.0, or any later versions of those+ licenses.++1.13. "Source Code Form"+ means the form of the work preferred for making modifications.++1.14. "You" (or "Your")+ means an individual or a legal entity exercising rights under this+ License. For legal entities, "You" includes any entity that+ controls, is controlled by, or is under common control with You. For+ purposes of this definition, "control" means (a) the power, direct+ or indirect, to cause the direction or management of such entity,+ whether by contract or otherwise, or (b) ownership of more than+ fifty percent (50%) of the outstanding shares or beneficial+ ownership of such entity.++2. License Grants and Conditions+--------------------------------++2.1. Grants++Each Contributor hereby grants You a world-wide, royalty-free,+non-exclusive license:++(a) under intellectual property rights (other than patent or trademark)+ Licensable by such Contributor to use, reproduce, make available,+ modify, display, perform, distribute, and otherwise exploit its+ Contributions, either on an unmodified basis, with Modifications, or+ as part of a Larger Work; and++(b) under Patent Claims of such Contributor to make, use, sell, offer+ for sale, have made, import, and otherwise transfer either its+ Contributions or its Contributor Version.++2.2. Effective Date++The licenses granted in Section 2.1 with respect to any Contribution+become effective for each Contribution on the date the Contributor first+distributes such Contribution.++2.3. Limitations on Grant Scope++The licenses granted in this Section 2 are the only rights granted under+this License. No additional rights or licenses will be implied from the+distribution or licensing of Covered Software under this License.+Notwithstanding Section 2.1(b) above, no patent license is granted by a+Contributor:++(a) for any code that a Contributor has removed from Covered Software;+ or++(b) for infringements caused by: (i) Your and any other third party's+ modifications of Covered Software, or (ii) the combination of its+ Contributions with other software (except as part of its Contributor+ Version); or++(c) under Patent Claims infringed by Covered Software in the absence of+ its Contributions.++This License does not grant any rights in the trademarks, service marks,+or logos of any Contributor (except as may be necessary to comply with+the notice requirements in Section 3.4).++2.4. Subsequent Licenses++No Contributor makes additional grants as a result of Your choice to+distribute the Covered Software under a subsequent version of this+License (see Section 10.2) or under the terms of a Secondary License (if+permitted under the terms of Section 3.3).++2.5. Representation++Each Contributor represents that the Contributor believes its+Contributions are its original creation(s) or it has sufficient rights+to grant the rights to its Contributions conveyed by this License.++2.6. Fair Use++This License is not intended to limit any rights You have under+applicable copyright doctrines of fair use, fair dealing, or other+equivalents.++2.7. Conditions++Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted+in Section 2.1.++3. Responsibilities+-------------------++3.1. Distribution of Source Form++All distribution of Covered Software in Source Code Form, including any+Modifications that You create or to which You contribute, must be under+the terms of this License. You must inform recipients that the Source+Code Form of the Covered Software is governed by the terms of this+License, and how they can obtain a copy of this License. You may not+attempt to alter or restrict the recipients' rights in the Source Code+Form.++3.2. Distribution of Executable Form++If You distribute Covered Software in Executable Form then:++(a) such Covered Software must also be made available in Source Code+ Form, as described in Section 3.1, and You must inform recipients of+ the Executable Form how they can obtain a copy of such Source Code+ Form by reasonable means in a timely manner, at a charge no more+ than the cost of distribution to the recipient; and++(b) You may distribute such Executable Form under the terms of this+ License, or sublicense it under different terms, provided that the+ license for the Executable Form does not attempt to limit or alter+ the recipients' rights in the Source Code Form under this License.++3.3. Distribution of a Larger Work++You may create and distribute a Larger Work under terms of Your choice,+provided that You also comply with the requirements of this License for+the Covered Software. If the Larger Work is a combination of Covered+Software with a work governed by one or more Secondary Licenses, and the+Covered Software is not Incompatible With Secondary Licenses, this+License permits You to additionally distribute such Covered Software+under the terms of such Secondary License(s), so that the recipient of+the Larger Work may, at their option, further distribute the Covered+Software under the terms of either this License or such Secondary+License(s).++3.4. Notices++You may not remove or alter the substance of any license notices+(including copyright notices, patent notices, disclaimers of warranty,+or limitations of liability) contained within the Source Code Form of+the Covered Software, except that You may alter any license notices to+the extent required to remedy known factual inaccuracies.++3.5. Application of Additional Terms++You may choose to offer, and to charge a fee for, warranty, support,+indemnity or liability obligations to one or more recipients of Covered+Software. However, You may do so only on Your own behalf, and not on+behalf of any Contributor. You must make it absolutely clear that any+such warranty, support, indemnity, or liability obligation is offered by+You alone, and You hereby agree to indemnify every Contributor for any+liability incurred by such Contributor as a result of warranty, support,+indemnity or liability terms You offer. You may include additional+disclaimers of warranty and limitations of liability specific to any+jurisdiction.++4. Inability to Comply Due to Statute or Regulation+---------------------------------------------------++If it is impossible for You to comply with any of the terms of this+License with respect to some or all of the Covered Software due to+statute, judicial order, or regulation then You must: (a) comply with+the terms of this License to the maximum extent possible; and (b)+describe the limitations and the code they affect. Such description must+be placed in a text file included with all distributions of the Covered+Software under this License. Except to the extent prohibited by statute+or regulation, such description must be sufficiently detailed for a+recipient of ordinary skill to be able to understand it.++5. Termination+--------------++5.1. The rights granted under this License will terminate automatically+if You fail to comply with any of its terms. However, if You become+compliant, then the rights granted under this License from a particular+Contributor are reinstated (a) provisionally, unless and until such+Contributor explicitly and finally terminates Your grants, and (b) on an+ongoing basis, if such Contributor fails to notify You of the+non-compliance by some reasonable means prior to 60 days after You have+come back into compliance. Moreover, Your grants from a particular+Contributor are reinstated on an ongoing basis if such Contributor+notifies You of the non-compliance by some reasonable means, this is the+first time You have received notice of non-compliance with this License+from such Contributor, and You become compliant prior to 30 days after+Your receipt of the notice.++5.2. If You initiate litigation against any entity by asserting a patent+infringement claim (excluding declaratory judgment actions,+counter-claims, and cross-claims) alleging that a Contributor Version+directly or indirectly infringes any patent, then the rights granted to+You by any and all Contributors for the Covered Software under Section+2.1 of this License shall terminate.++5.3. In the event of termination under Sections 5.1 or 5.2 above, all+end user license agreements (excluding distributors and resellers) which+have been validly granted by You or Your distributors under this License+prior to termination shall survive termination.++************************************************************************+* *+* 6. Disclaimer of Warranty *+* ------------------------- *+* *+* Covered Software is provided under this License on an "as is" *+* basis, without warranty of any kind, either expressed, implied, or *+* statutory, including, without limitation, warranties that the *+* Covered Software is free of defects, merchantable, fit for a *+* particular purpose or non-infringing. The entire risk as to the *+* quality and performance of the Covered Software is with You. *+* Should any Covered Software prove defective in any respect, You *+* (not any Contributor) assume the cost of any necessary servicing, *+* repair, or correction. This disclaimer of warranty constitutes an *+* essential part of this License. No use of any Covered Software is *+* authorized under this License except under this disclaimer. *+* *+************************************************************************++************************************************************************+* *+* 7. Limitation of Liability *+* -------------------------- *+* *+* Under no circumstances and under no legal theory, whether tort *+* (including negligence), contract, or otherwise, shall any *+* Contributor, or anyone who distributes Covered Software as *+* permitted above, be liable to You for any direct, indirect, *+* special, incidental, or consequential damages of any character *+* including, without limitation, damages for lost profits, loss of *+* goodwill, work stoppage, computer failure or malfunction, or any *+* and all other commercial damages or losses, even if such party *+* shall have been informed of the possibility of such damages. This *+* limitation of liability shall not apply to liability for death or *+* personal injury resulting from such party's negligence to the *+* extent applicable law prohibits such limitation. Some *+* jurisdictions do not allow the exclusion or limitation of *+* incidental or consequential damages, so this exclusion and *+* limitation may not apply to You. *+* *+************************************************************************++8. Litigation+-------------++Any litigation relating to this License may be brought only in the+courts of a jurisdiction where the defendant maintains its principal+place of business and such litigation shall be governed by laws of that+jurisdiction, without reference to its conflict-of-law provisions.+Nothing in this Section shall prevent a party's ability to bring+cross-claims or counter-claims.++9. Miscellaneous+----------------++This License represents the complete agreement concerning the subject+matter hereof. If any provision of this License is held to be+unenforceable, such provision shall be reformed only to the extent+necessary to make it enforceable. Any law or regulation which provides+that the language of a contract shall be construed against the drafter+shall not be used to construe this License against a Contributor.++10. Versions of the License+---------------------------++10.1. New Versions++Mozilla Foundation is the license steward. Except as provided in Section+10.3, no one other than the license steward has the right to modify or+publish new versions of this License. Each version will be given a+distinguishing version number.++10.2. Effect of New Versions++You may distribute the Covered Software under the terms of the version+of the License under which You originally received the Covered Software,+or under the terms of any subsequent version published by the license+steward.++10.3. Modified Versions++If you create software not governed by this License, and you want to+create a new license for such software, you may create and use a+modified version of this License if you rename the license and remove+any references to the name of the license steward (except to note that+such modified license differs from this License).++10.4. Distributing Source Code Form that is Incompatible With Secondary+Licenses++If You choose to distribute Source Code Form that is Incompatible With+Secondary Licenses under the terms of this version of the License, the+notice described in Exhibit B of this License must be attached.++Exhibit A - Source Code Form License Notice+-------------------------------------------++ This Source Code Form is subject to the terms of the Mozilla Public+ License, v. 2.0. If a copy of the MPL was not distributed with this+ file, You can obtain one at http://mozilla.org/MPL/2.0/.++If it is not possible or desirable to put the notice in a particular+file, then You may include the notice in a location (such as a LICENSE+file in a relevant directory) where a recipient would be likely to look+for such a notice.++You may add additional accurate notices of copyright ownership.
+ README.md view
@@ -0,0 +1,44 @@+# Amazon SSO OIDC SDK++* [Version](#version)+* [Description](#description)+* [Contribute](#contribute)+* [Licence](#licence)+++## Version+ +`2.0` - Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.++## Description++Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-sso-oidc)+and the [AWS API Reference](https://aws.amazon.com/documentation/).++The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,+and receiving responses.++Lenses are used for constructing and manipulating types,+due to the depth of nesting of AWS types and transparency regarding+de/serialisation into more palatable Haskell values.+The provided lenses should be compatible with any of the major lens libraries+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).++See [Amazonka.SSOOIDC](http://hackage.haskell.org/package/amazonka-sso-oidc/docs/Amazonka-SSOOIDC.html)+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.+++## Contribute++For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).++> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.+++## Licence++`amazonka-sso-oidc` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).++Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.+Source files subject to this contain an additional licensing clause in their header.
+ amazonka-sso-oidc.cabal view
@@ -0,0 +1,86 @@+cabal-version: 2.2+name: amazonka-sso-oidc+version: 2.0+synopsis: Amazon SSO OIDC SDK.+homepage: https://github.com/brendanhay/amazonka+bug-reports: https://github.com/brendanhay/amazonka/issues+license: MPL-2.0+license-file: LICENSE+author: Brendan Hay+maintainer:+ Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>++copyright: Copyright (c) 2013-2023 Brendan Hay+category: AWS+build-type: Simple+extra-source-files:+ fixture/*.proto+ fixture/*.yaml+ README.md+ src/.gitkeep++description:+ Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.+ .+ The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,+ which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.+ .+ It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.+ .+ Generated lenses can be found in "Amazonka.SSOOIDC.Lens" and are+ suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.+ .+ See "Amazonka.SSOOIDC" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.++source-repository head+ type: git+ location: git://github.com/brendanhay/amazonka.git+ subdir: amazonka-sso-oidc++library+ default-language: Haskell2010+ hs-source-dirs: src gen+ ghc-options:+ -Wall -fwarn-incomplete-uni-patterns+ -fwarn-incomplete-record-updates -funbox-strict-fields++ exposed-modules:+ Amazonka.SSOOIDC+ Amazonka.SSOOIDC.CreateToken+ Amazonka.SSOOIDC.Lens+ Amazonka.SSOOIDC.RegisterClient+ Amazonka.SSOOIDC.StartDeviceAuthorization+ Amazonka.SSOOIDC.Types+ Amazonka.SSOOIDC.Waiters++ build-depends:+ , amazonka-core >=2.0 && <2.1+ , base >=4.12 && <5++test-suite amazonka-sso-oidc-test+ type: exitcode-stdio-1.0+ default-language: Haskell2010+ hs-source-dirs: test+ main-is: Main.hs+ ghc-options: -Wall -threaded++ -- This section is encoded by the template and any modules added by+ -- hand outside these namespaces will not correctly be added to the+ -- distribution package.+ other-modules:+ Test.Amazonka.Gen.SSOOIDC+ Test.Amazonka.SSOOIDC+ Test.Amazonka.SSOOIDC.Internal++ build-depends:+ , amazonka-core >=2.0 && <2.1+ , amazonka-sso-oidc+ , amazonka-test >=2.0 && <2.1+ , base+ , bytestring+ , case-insensitive+ , tasty+ , tasty-hunit+ , text+ , time+ , unordered-containers
+ fixture/CreateToken.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: oidc.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/CreateTokenResponse.proto view
+ fixture/RegisterClient.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: oidc.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/RegisterClientResponse.proto view
+ fixture/StartDeviceAuthorization.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: oidc.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/StartDeviceAuthorizationResponse.proto view
+ gen/Amazonka/SSOOIDC.hs view
@@ -0,0 +1,159 @@+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module : Amazonka.SSOOIDC+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.+--+-- AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect+-- (OIDC) is a web service that enables a client (such as AWS CLI or a+-- native application) to register with IAM Identity Center. The service+-- also enables the client to fetch the user’s access token upon successful+-- authentication and authorization with IAM Identity Center.+--+-- Although AWS Single Sign-On was renamed, the @sso@ and @identitystore@+-- API namespaces will continue to retain their original name for backward+-- compatibility purposes. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed IAM Identity Center rename>.+--+-- __Considerations for Using This Guide__+--+-- Before you begin using this guide, we recommend that you first review+-- the following important information about how the IAM Identity Center+-- OIDC service works.+--+-- - The IAM Identity Center OIDC service currently implements only the+-- portions of the OAuth 2.0 Device Authorization Grant standard+-- (<https://tools.ietf.org/html/rfc8628>) that are necessary to enable+-- single sign-on authentication with the AWS CLI. Support for other+-- OIDC flows frequently needed for native applications, such as+-- Authorization Code Flow (+ PKCE), will be addressed in future+-- releases.+--+-- - The service emits only OIDC access tokens, such that obtaining a new+-- token (For example, token refresh) requires explicit user+-- re-authentication.+--+-- - The access tokens provided by this service grant access to all AWS+-- account entitlements assigned to an IAM Identity Center user, not+-- just a particular application.+--+-- - The documentation in this guide does not describe the mechanism to+-- convert the access token into AWS Auth (“sigv4”) credentials for use+-- with IAM-protected AWS service endpoints. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html GetRoleCredentials>+-- in the /IAM Identity Center Portal API Reference Guide/.+--+-- For general information about IAM Identity Center, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html What is IAM Identity Center?>+-- in the /IAM Identity Center User Guide/.+module Amazonka.SSOOIDC+ ( -- * Service Configuration+ defaultService,++ -- * Errors+ -- $errors++ -- ** AccessDeniedException+ _AccessDeniedException,++ -- ** AuthorizationPendingException+ _AuthorizationPendingException,++ -- ** ExpiredTokenException+ _ExpiredTokenException,++ -- ** InternalServerException+ _InternalServerException,++ -- ** InvalidClientException+ _InvalidClientException,++ -- ** InvalidClientMetadataException+ _InvalidClientMetadataException,++ -- ** InvalidGrantException+ _InvalidGrantException,++ -- ** InvalidRequestException+ _InvalidRequestException,++ -- ** InvalidScopeException+ _InvalidScopeException,++ -- ** SlowDownException+ _SlowDownException,++ -- ** UnauthorizedClientException+ _UnauthorizedClientException,++ -- ** UnsupportedGrantTypeException+ _UnsupportedGrantTypeException,++ -- * Waiters+ -- $waiters++ -- * Operations+ -- $operations++ -- ** CreateToken+ CreateToken (CreateToken'),+ newCreateToken,+ CreateTokenResponse (CreateTokenResponse'),+ newCreateTokenResponse,++ -- ** RegisterClient+ RegisterClient (RegisterClient'),+ newRegisterClient,+ RegisterClientResponse (RegisterClientResponse'),+ newRegisterClientResponse,++ -- ** StartDeviceAuthorization+ StartDeviceAuthorization (StartDeviceAuthorization'),+ newStartDeviceAuthorization,+ StartDeviceAuthorizationResponse (StartDeviceAuthorizationResponse'),+ newStartDeviceAuthorizationResponse,++ -- * Types+ )+where++import Amazonka.SSOOIDC.CreateToken+import Amazonka.SSOOIDC.Lens+import Amazonka.SSOOIDC.RegisterClient+import Amazonka.SSOOIDC.StartDeviceAuthorization+import Amazonka.SSOOIDC.Types+import Amazonka.SSOOIDC.Waiters++-- $errors+-- Error matchers are designed for use with the functions provided by+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.+-- This allows catching (and rethrowing) service specific errors returned+-- by 'SSOOIDC'.++-- $operations+-- Some AWS operations return results that are incomplete and require subsequent+-- requests in order to obtain the entire result set. The process of sending+-- subsequent requests to continue where a previous request left off is called+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to+-- 1000 objects at a time, and you must send subsequent requests with the+-- appropriate Marker in order to retrieve the next page of results.+--+-- Operations that have an 'AWSPager' instance can transparently perform subsequent+-- requests, correctly setting Markers and other request facets to iterate through+-- the entire result set of a truncated API operation. Operations which support+-- this have an additional note in the documentation.+--+-- Many operations have the ability to filter results on the server side. See the+-- individual operation parameters for details.++-- $waiters+-- Waiters poll by repeatedly sending a request until some remote success condition+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification+-- determines how many attempts should be made, in addition to delay and retry strategies.
+ gen/Amazonka/SSOOIDC/CreateToken.hs view
@@ -0,0 +1,428 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.SSOOIDC.CreateToken+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates and returns an access token for the authorized client. The+-- access token issued will be used to fetch short-term credentials for the+-- assigned roles in the AWS account.+module Amazonka.SSOOIDC.CreateToken+ ( -- * Creating a Request+ CreateToken (..),+ newCreateToken,++ -- * Request Lenses+ createToken_code,+ createToken_deviceCode,+ createToken_redirectUri,+ createToken_refreshToken,+ createToken_scope,+ createToken_clientId,+ createToken_clientSecret,+ createToken_grantType,++ -- * Destructuring the Response+ CreateTokenResponse (..),+ newCreateTokenResponse,++ -- * Response Lenses+ createTokenResponse_accessToken,+ createTokenResponse_expiresIn,+ createTokenResponse_idToken,+ createTokenResponse_refreshToken,+ createTokenResponse_tokenType,+ createTokenResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response+import Amazonka.SSOOIDC.Types++-- | /See:/ 'newCreateToken' smart constructor.+data CreateToken = CreateToken'+ { -- | The authorization code received from the authorization service. This+ -- parameter is required to perform an authorization grant request to get+ -- access to a token.+ code :: Prelude.Maybe Prelude.Text,+ -- | Used only when calling this API for the device code grant type. This+ -- short-term code is used to identify this authentication attempt. This+ -- should come from an in-memory reference to the result of the+ -- StartDeviceAuthorization API.+ deviceCode :: Prelude.Maybe Prelude.Text,+ -- | The location of the application that will receive the authorization+ -- code. Users authorize the service to send the request to this location.+ redirectUri :: Prelude.Maybe Prelude.Text,+ -- | Currently, @refreshToken@ is not yet implemented and is not supported.+ -- For more information about the features and limitations of the current+ -- IAM Identity Center OIDC implementation, see /Considerations for Using+ -- this Guide/ in the+ -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+ --+ -- The token used to obtain an access token in the event that the access+ -- token is invalid or expired.+ refreshToken :: Prelude.Maybe Prelude.Text,+ -- | The list of scopes that is defined by the client. Upon authorization,+ -- this list is used to restrict permissions when granting an access token.+ scope :: Prelude.Maybe [Prelude.Text],+ -- | The unique identifier string for each client. This value should come+ -- from the persisted result of the RegisterClient API.+ clientId :: Prelude.Text,+ -- | A secret string generated for the client. This value should come from+ -- the persisted result of the RegisterClient API.+ clientSecret :: Prelude.Text,+ -- | Supports grant types for the authorization code, refresh token, and+ -- device code request. For device code requests, specify the following+ -- value:+ --+ -- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @+ --+ -- For information about how to obtain the device code, see the+ -- StartDeviceAuthorization topic.+ grantType :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateToken' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'code', 'createToken_code' - The authorization code received from the authorization service. This+-- parameter is required to perform an authorization grant request to get+-- access to a token.+--+-- 'deviceCode', 'createToken_deviceCode' - Used only when calling this API for the device code grant type. This+-- short-term code is used to identify this authentication attempt. This+-- should come from an in-memory reference to the result of the+-- StartDeviceAuthorization API.+--+-- 'redirectUri', 'createToken_redirectUri' - The location of the application that will receive the authorization+-- code. Users authorize the service to send the request to this location.+--+-- 'refreshToken', 'createToken_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The token used to obtain an access token in the event that the access+-- token is invalid or expired.+--+-- 'scope', 'createToken_scope' - The list of scopes that is defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+--+-- 'clientId', 'createToken_clientId' - The unique identifier string for each client. This value should come+-- from the persisted result of the RegisterClient API.+--+-- 'clientSecret', 'createToken_clientSecret' - A secret string generated for the client. This value should come from+-- the persisted result of the RegisterClient API.+--+-- 'grantType', 'createToken_grantType' - Supports grant types for the authorization code, refresh token, and+-- device code request. For device code requests, specify the following+-- value:+--+-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @+--+-- For information about how to obtain the device code, see the+-- StartDeviceAuthorization topic.+newCreateToken ::+ -- | 'clientId'+ Prelude.Text ->+ -- | 'clientSecret'+ Prelude.Text ->+ -- | 'grantType'+ Prelude.Text ->+ CreateToken+newCreateToken pClientId_ pClientSecret_ pGrantType_ =+ CreateToken'+ { code = Prelude.Nothing,+ deviceCode = Prelude.Nothing,+ redirectUri = Prelude.Nothing,+ refreshToken = Prelude.Nothing,+ scope = Prelude.Nothing,+ clientId = pClientId_,+ clientSecret = pClientSecret_,+ grantType = pGrantType_+ }++-- | The authorization code received from the authorization service. This+-- parameter is required to perform an authorization grant request to get+-- access to a token.+createToken_code :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_code = Lens.lens (\CreateToken' {code} -> code) (\s@CreateToken' {} a -> s {code = a} :: CreateToken)++-- | Used only when calling this API for the device code grant type. This+-- short-term code is used to identify this authentication attempt. This+-- should come from an in-memory reference to the result of the+-- StartDeviceAuthorization API.+createToken_deviceCode :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_deviceCode = Lens.lens (\CreateToken' {deviceCode} -> deviceCode) (\s@CreateToken' {} a -> s {deviceCode = a} :: CreateToken)++-- | The location of the application that will receive the authorization+-- code. Users authorize the service to send the request to this location.+createToken_redirectUri :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_redirectUri = Lens.lens (\CreateToken' {redirectUri} -> redirectUri) (\s@CreateToken' {} a -> s {redirectUri = a} :: CreateToken)++-- | Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The token used to obtain an access token in the event that the access+-- token is invalid or expired.+createToken_refreshToken :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_refreshToken = Lens.lens (\CreateToken' {refreshToken} -> refreshToken) (\s@CreateToken' {} a -> s {refreshToken = a} :: CreateToken)++-- | The list of scopes that is defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+createToken_scope :: Lens.Lens' CreateToken (Prelude.Maybe [Prelude.Text])+createToken_scope = Lens.lens (\CreateToken' {scope} -> scope) (\s@CreateToken' {} a -> s {scope = a} :: CreateToken) Prelude.. Lens.mapping Lens.coerced++-- | The unique identifier string for each client. This value should come+-- from the persisted result of the RegisterClient API.+createToken_clientId :: Lens.Lens' CreateToken Prelude.Text+createToken_clientId = Lens.lens (\CreateToken' {clientId} -> clientId) (\s@CreateToken' {} a -> s {clientId = a} :: CreateToken)++-- | A secret string generated for the client. This value should come from+-- the persisted result of the RegisterClient API.+createToken_clientSecret :: Lens.Lens' CreateToken Prelude.Text+createToken_clientSecret = Lens.lens (\CreateToken' {clientSecret} -> clientSecret) (\s@CreateToken' {} a -> s {clientSecret = a} :: CreateToken)++-- | Supports grant types for the authorization code, refresh token, and+-- device code request. For device code requests, specify the following+-- value:+--+-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @+--+-- For information about how to obtain the device code, see the+-- StartDeviceAuthorization topic.+createToken_grantType :: Lens.Lens' CreateToken Prelude.Text+createToken_grantType = Lens.lens (\CreateToken' {grantType} -> grantType) (\s@CreateToken' {} a -> s {grantType = a} :: CreateToken)++instance Core.AWSRequest CreateToken where+ type AWSResponse CreateToken = CreateTokenResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ CreateTokenResponse'+ Prelude.<$> (x Data..?> "accessToken")+ Prelude.<*> (x Data..?> "expiresIn")+ Prelude.<*> (x Data..?> "idToken")+ Prelude.<*> (x Data..?> "refreshToken")+ Prelude.<*> (x Data..?> "tokenType")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable CreateToken where+ hashWithSalt _salt CreateToken' {..} =+ _salt+ `Prelude.hashWithSalt` code+ `Prelude.hashWithSalt` deviceCode+ `Prelude.hashWithSalt` redirectUri+ `Prelude.hashWithSalt` refreshToken+ `Prelude.hashWithSalt` scope+ `Prelude.hashWithSalt` clientId+ `Prelude.hashWithSalt` clientSecret+ `Prelude.hashWithSalt` grantType++instance Prelude.NFData CreateToken where+ rnf CreateToken' {..} =+ Prelude.rnf code+ `Prelude.seq` Prelude.rnf deviceCode+ `Prelude.seq` Prelude.rnf redirectUri+ `Prelude.seq` Prelude.rnf refreshToken+ `Prelude.seq` Prelude.rnf scope+ `Prelude.seq` Prelude.rnf clientId+ `Prelude.seq` Prelude.rnf clientSecret+ `Prelude.seq` Prelude.rnf grantType++instance Data.ToHeaders CreateToken where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON CreateToken where+ toJSON CreateToken' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("code" Data..=) Prelude.<$> code,+ ("deviceCode" Data..=) Prelude.<$> deviceCode,+ ("redirectUri" Data..=) Prelude.<$> redirectUri,+ ("refreshToken" Data..=) Prelude.<$> refreshToken,+ ("scope" Data..=) Prelude.<$> scope,+ Prelude.Just ("clientId" Data..= clientId),+ Prelude.Just ("clientSecret" Data..= clientSecret),+ Prelude.Just ("grantType" Data..= grantType)+ ]+ )++instance Data.ToPath CreateToken where+ toPath = Prelude.const "/token"++instance Data.ToQuery CreateToken where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateTokenResponse' smart constructor.+data CreateTokenResponse = CreateTokenResponse'+ { -- | An opaque token to access IAM Identity Center resources assigned to a+ -- user.+ accessToken :: Prelude.Maybe Prelude.Text,+ -- | Indicates the time in seconds when an access token will expire.+ expiresIn :: Prelude.Maybe Prelude.Int,+ -- | Currently, @idToken@ is not yet implemented and is not supported. For+ -- more information about the features and limitations of the current IAM+ -- Identity Center OIDC implementation, see /Considerations for Using this+ -- Guide/ in the+ -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+ --+ -- The identifier of the user that associated with the access token, if+ -- present.+ idToken :: Prelude.Maybe Prelude.Text,+ -- | Currently, @refreshToken@ is not yet implemented and is not supported.+ -- For more information about the features and limitations of the current+ -- IAM Identity Center OIDC implementation, see /Considerations for Using+ -- this Guide/ in the+ -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+ --+ -- A token that, if present, can be used to refresh a previously issued+ -- access token that might have expired.+ refreshToken :: Prelude.Maybe Prelude.Text,+ -- | Used to notify the client that the returned token is an access token.+ -- The supported type is @BearerToken@.+ tokenType :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateTokenResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'accessToken', 'createTokenResponse_accessToken' - An opaque token to access IAM Identity Center resources assigned to a+-- user.+--+-- 'expiresIn', 'createTokenResponse_expiresIn' - Indicates the time in seconds when an access token will expire.+--+-- 'idToken', 'createTokenResponse_idToken' - Currently, @idToken@ is not yet implemented and is not supported. For+-- more information about the features and limitations of the current IAM+-- Identity Center OIDC implementation, see /Considerations for Using this+-- Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The identifier of the user that associated with the access token, if+-- present.+--+-- 'refreshToken', 'createTokenResponse_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- A token that, if present, can be used to refresh a previously issued+-- access token that might have expired.+--+-- 'tokenType', 'createTokenResponse_tokenType' - Used to notify the client that the returned token is an access token.+-- The supported type is @BearerToken@.+--+-- 'httpStatus', 'createTokenResponse_httpStatus' - The response's http status code.+newCreateTokenResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ CreateTokenResponse+newCreateTokenResponse pHttpStatus_ =+ CreateTokenResponse'+ { accessToken = Prelude.Nothing,+ expiresIn = Prelude.Nothing,+ idToken = Prelude.Nothing,+ refreshToken = Prelude.Nothing,+ tokenType = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | An opaque token to access IAM Identity Center resources assigned to a+-- user.+createTokenResponse_accessToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_accessToken = Lens.lens (\CreateTokenResponse' {accessToken} -> accessToken) (\s@CreateTokenResponse' {} a -> s {accessToken = a} :: CreateTokenResponse)++-- | Indicates the time in seconds when an access token will expire.+createTokenResponse_expiresIn :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Int)+createTokenResponse_expiresIn = Lens.lens (\CreateTokenResponse' {expiresIn} -> expiresIn) (\s@CreateTokenResponse' {} a -> s {expiresIn = a} :: CreateTokenResponse)++-- | Currently, @idToken@ is not yet implemented and is not supported. For+-- more information about the features and limitations of the current IAM+-- Identity Center OIDC implementation, see /Considerations for Using this+-- Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The identifier of the user that associated with the access token, if+-- present.+createTokenResponse_idToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_idToken = Lens.lens (\CreateTokenResponse' {idToken} -> idToken) (\s@CreateTokenResponse' {} a -> s {idToken = a} :: CreateTokenResponse)++-- | Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- A token that, if present, can be used to refresh a previously issued+-- access token that might have expired.+createTokenResponse_refreshToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_refreshToken = Lens.lens (\CreateTokenResponse' {refreshToken} -> refreshToken) (\s@CreateTokenResponse' {} a -> s {refreshToken = a} :: CreateTokenResponse)++-- | Used to notify the client that the returned token is an access token.+-- The supported type is @BearerToken@.+createTokenResponse_tokenType :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_tokenType = Lens.lens (\CreateTokenResponse' {tokenType} -> tokenType) (\s@CreateTokenResponse' {} a -> s {tokenType = a} :: CreateTokenResponse)++-- | The response's http status code.+createTokenResponse_httpStatus :: Lens.Lens' CreateTokenResponse Prelude.Int+createTokenResponse_httpStatus = Lens.lens (\CreateTokenResponse' {httpStatus} -> httpStatus) (\s@CreateTokenResponse' {} a -> s {httpStatus = a} :: CreateTokenResponse)++instance Prelude.NFData CreateTokenResponse where+ rnf CreateTokenResponse' {..} =+ Prelude.rnf accessToken+ `Prelude.seq` Prelude.rnf expiresIn+ `Prelude.seq` Prelude.rnf idToken+ `Prelude.seq` Prelude.rnf refreshToken+ `Prelude.seq` Prelude.rnf tokenType+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/SSOOIDC/Lens.hs view
@@ -0,0 +1,63 @@+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.SSOOIDC.Lens+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.SSOOIDC.Lens+ ( -- * Operations++ -- ** CreateToken+ createToken_code,+ createToken_deviceCode,+ createToken_redirectUri,+ createToken_refreshToken,+ createToken_scope,+ createToken_clientId,+ createToken_clientSecret,+ createToken_grantType,+ createTokenResponse_accessToken,+ createTokenResponse_expiresIn,+ createTokenResponse_idToken,+ createTokenResponse_refreshToken,+ createTokenResponse_tokenType,+ createTokenResponse_httpStatus,++ -- ** RegisterClient+ registerClient_scopes,+ registerClient_clientName,+ registerClient_clientType,+ registerClientResponse_authorizationEndpoint,+ registerClientResponse_clientId,+ registerClientResponse_clientIdIssuedAt,+ registerClientResponse_clientSecret,+ registerClientResponse_clientSecretExpiresAt,+ registerClientResponse_tokenEndpoint,+ registerClientResponse_httpStatus,++ -- ** StartDeviceAuthorization+ startDeviceAuthorization_clientId,+ startDeviceAuthorization_clientSecret,+ startDeviceAuthorization_startUrl,+ startDeviceAuthorizationResponse_deviceCode,+ startDeviceAuthorizationResponse_expiresIn,+ startDeviceAuthorizationResponse_interval,+ startDeviceAuthorizationResponse_userCode,+ startDeviceAuthorizationResponse_verificationUri,+ startDeviceAuthorizationResponse_verificationUriComplete,+ startDeviceAuthorizationResponse_httpStatus,++ -- * Types+ )+where++import Amazonka.SSOOIDC.CreateToken+import Amazonka.SSOOIDC.RegisterClient+import Amazonka.SSOOIDC.StartDeviceAuthorization
+ gen/Amazonka/SSOOIDC/RegisterClient.hs view
@@ -0,0 +1,277 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.SSOOIDC.RegisterClient+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Registers a client with IAM Identity Center. This allows clients to+-- initiate device authorization. The output should be persisted for reuse+-- through many authentication requests.+module Amazonka.SSOOIDC.RegisterClient+ ( -- * Creating a Request+ RegisterClient (..),+ newRegisterClient,++ -- * Request Lenses+ registerClient_scopes,+ registerClient_clientName,+ registerClient_clientType,++ -- * Destructuring the Response+ RegisterClientResponse (..),+ newRegisterClientResponse,++ -- * Response Lenses+ registerClientResponse_authorizationEndpoint,+ registerClientResponse_clientId,+ registerClientResponse_clientIdIssuedAt,+ registerClientResponse_clientSecret,+ registerClientResponse_clientSecretExpiresAt,+ registerClientResponse_tokenEndpoint,+ registerClientResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response+import Amazonka.SSOOIDC.Types++-- | /See:/ 'newRegisterClient' smart constructor.+data RegisterClient = RegisterClient'+ { -- | The list of scopes that are defined by the client. Upon authorization,+ -- this list is used to restrict permissions when granting an access token.+ scopes :: Prelude.Maybe [Prelude.Text],+ -- | The friendly name of the client.+ clientName :: Prelude.Text,+ -- | The type of client. The service supports only @public@ as a client type.+ -- Anything other than public will be rejected by the service.+ clientType :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RegisterClient' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'scopes', 'registerClient_scopes' - The list of scopes that are defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+--+-- 'clientName', 'registerClient_clientName' - The friendly name of the client.+--+-- 'clientType', 'registerClient_clientType' - The type of client. The service supports only @public@ as a client type.+-- Anything other than public will be rejected by the service.+newRegisterClient ::+ -- | 'clientName'+ Prelude.Text ->+ -- | 'clientType'+ Prelude.Text ->+ RegisterClient+newRegisterClient pClientName_ pClientType_ =+ RegisterClient'+ { scopes = Prelude.Nothing,+ clientName = pClientName_,+ clientType = pClientType_+ }++-- | The list of scopes that are defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+registerClient_scopes :: Lens.Lens' RegisterClient (Prelude.Maybe [Prelude.Text])+registerClient_scopes = Lens.lens (\RegisterClient' {scopes} -> scopes) (\s@RegisterClient' {} a -> s {scopes = a} :: RegisterClient) Prelude.. Lens.mapping Lens.coerced++-- | The friendly name of the client.+registerClient_clientName :: Lens.Lens' RegisterClient Prelude.Text+registerClient_clientName = Lens.lens (\RegisterClient' {clientName} -> clientName) (\s@RegisterClient' {} a -> s {clientName = a} :: RegisterClient)++-- | The type of client. The service supports only @public@ as a client type.+-- Anything other than public will be rejected by the service.+registerClient_clientType :: Lens.Lens' RegisterClient Prelude.Text+registerClient_clientType = Lens.lens (\RegisterClient' {clientType} -> clientType) (\s@RegisterClient' {} a -> s {clientType = a} :: RegisterClient)++instance Core.AWSRequest RegisterClient where+ type+ AWSResponse RegisterClient =+ RegisterClientResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ RegisterClientResponse'+ Prelude.<$> (x Data..?> "authorizationEndpoint")+ Prelude.<*> (x Data..?> "clientId")+ Prelude.<*> (x Data..?> "clientIdIssuedAt")+ Prelude.<*> (x Data..?> "clientSecret")+ Prelude.<*> (x Data..?> "clientSecretExpiresAt")+ Prelude.<*> (x Data..?> "tokenEndpoint")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable RegisterClient where+ hashWithSalt _salt RegisterClient' {..} =+ _salt+ `Prelude.hashWithSalt` scopes+ `Prelude.hashWithSalt` clientName+ `Prelude.hashWithSalt` clientType++instance Prelude.NFData RegisterClient where+ rnf RegisterClient' {..} =+ Prelude.rnf scopes+ `Prelude.seq` Prelude.rnf clientName+ `Prelude.seq` Prelude.rnf clientType++instance Data.ToHeaders RegisterClient where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON RegisterClient where+ toJSON RegisterClient' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("scopes" Data..=) Prelude.<$> scopes,+ Prelude.Just ("clientName" Data..= clientName),+ Prelude.Just ("clientType" Data..= clientType)+ ]+ )++instance Data.ToPath RegisterClient where+ toPath = Prelude.const "/client/register"++instance Data.ToQuery RegisterClient where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newRegisterClientResponse' smart constructor.+data RegisterClientResponse = RegisterClientResponse'+ { -- | The endpoint where the client can request authorization.+ authorizationEndpoint :: Prelude.Maybe Prelude.Text,+ -- | The unique identifier string for each client. This client uses this+ -- identifier to get authenticated by the service in subsequent calls.+ clientId :: Prelude.Maybe Prelude.Text,+ -- | Indicates the time at which the @clientId@ and @clientSecret@ were+ -- issued.+ clientIdIssuedAt :: Prelude.Maybe Prelude.Integer,+ -- | A secret string generated for the client. The client will use this+ -- string to get authenticated by the service in subsequent calls.+ clientSecret :: Prelude.Maybe Prelude.Text,+ -- | Indicates the time at which the @clientId@ and @clientSecret@ will+ -- become invalid.+ clientSecretExpiresAt :: Prelude.Maybe Prelude.Integer,+ -- | The endpoint where the client can get an access token.+ tokenEndpoint :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RegisterClientResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'authorizationEndpoint', 'registerClientResponse_authorizationEndpoint' - The endpoint where the client can request authorization.+--+-- 'clientId', 'registerClientResponse_clientId' - The unique identifier string for each client. This client uses this+-- identifier to get authenticated by the service in subsequent calls.+--+-- 'clientIdIssuedAt', 'registerClientResponse_clientIdIssuedAt' - Indicates the time at which the @clientId@ and @clientSecret@ were+-- issued.+--+-- 'clientSecret', 'registerClientResponse_clientSecret' - A secret string generated for the client. The client will use this+-- string to get authenticated by the service in subsequent calls.+--+-- 'clientSecretExpiresAt', 'registerClientResponse_clientSecretExpiresAt' - Indicates the time at which the @clientId@ and @clientSecret@ will+-- become invalid.+--+-- 'tokenEndpoint', 'registerClientResponse_tokenEndpoint' - The endpoint where the client can get an access token.+--+-- 'httpStatus', 'registerClientResponse_httpStatus' - The response's http status code.+newRegisterClientResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ RegisterClientResponse+newRegisterClientResponse pHttpStatus_ =+ RegisterClientResponse'+ { authorizationEndpoint =+ Prelude.Nothing,+ clientId = Prelude.Nothing,+ clientIdIssuedAt = Prelude.Nothing,+ clientSecret = Prelude.Nothing,+ clientSecretExpiresAt = Prelude.Nothing,+ tokenEndpoint = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The endpoint where the client can request authorization.+registerClientResponse_authorizationEndpoint :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_authorizationEndpoint = Lens.lens (\RegisterClientResponse' {authorizationEndpoint} -> authorizationEndpoint) (\s@RegisterClientResponse' {} a -> s {authorizationEndpoint = a} :: RegisterClientResponse)++-- | The unique identifier string for each client. This client uses this+-- identifier to get authenticated by the service in subsequent calls.+registerClientResponse_clientId :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_clientId = Lens.lens (\RegisterClientResponse' {clientId} -> clientId) (\s@RegisterClientResponse' {} a -> s {clientId = a} :: RegisterClientResponse)++-- | Indicates the time at which the @clientId@ and @clientSecret@ were+-- issued.+registerClientResponse_clientIdIssuedAt :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Integer)+registerClientResponse_clientIdIssuedAt = Lens.lens (\RegisterClientResponse' {clientIdIssuedAt} -> clientIdIssuedAt) (\s@RegisterClientResponse' {} a -> s {clientIdIssuedAt = a} :: RegisterClientResponse)++-- | A secret string generated for the client. The client will use this+-- string to get authenticated by the service in subsequent calls.+registerClientResponse_clientSecret :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_clientSecret = Lens.lens (\RegisterClientResponse' {clientSecret} -> clientSecret) (\s@RegisterClientResponse' {} a -> s {clientSecret = a} :: RegisterClientResponse)++-- | Indicates the time at which the @clientId@ and @clientSecret@ will+-- become invalid.+registerClientResponse_clientSecretExpiresAt :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Integer)+registerClientResponse_clientSecretExpiresAt = Lens.lens (\RegisterClientResponse' {clientSecretExpiresAt} -> clientSecretExpiresAt) (\s@RegisterClientResponse' {} a -> s {clientSecretExpiresAt = a} :: RegisterClientResponse)++-- | The endpoint where the client can get an access token.+registerClientResponse_tokenEndpoint :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_tokenEndpoint = Lens.lens (\RegisterClientResponse' {tokenEndpoint} -> tokenEndpoint) (\s@RegisterClientResponse' {} a -> s {tokenEndpoint = a} :: RegisterClientResponse)++-- | The response's http status code.+registerClientResponse_httpStatus :: Lens.Lens' RegisterClientResponse Prelude.Int+registerClientResponse_httpStatus = Lens.lens (\RegisterClientResponse' {httpStatus} -> httpStatus) (\s@RegisterClientResponse' {} a -> s {httpStatus = a} :: RegisterClientResponse)++instance Prelude.NFData RegisterClientResponse where+ rnf RegisterClientResponse' {..} =+ Prelude.rnf authorizationEndpoint+ `Prelude.seq` Prelude.rnf clientId+ `Prelude.seq` Prelude.rnf clientIdIssuedAt+ `Prelude.seq` Prelude.rnf clientSecret+ `Prelude.seq` Prelude.rnf clientSecretExpiresAt+ `Prelude.seq` Prelude.rnf tokenEndpoint+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/SSOOIDC/StartDeviceAuthorization.hs view
@@ -0,0 +1,302 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.SSOOIDC.StartDeviceAuthorization+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Initiates device authorization by requesting a pair of verification+-- codes from the authorization service.+module Amazonka.SSOOIDC.StartDeviceAuthorization+ ( -- * Creating a Request+ StartDeviceAuthorization (..),+ newStartDeviceAuthorization,++ -- * Request Lenses+ startDeviceAuthorization_clientId,+ startDeviceAuthorization_clientSecret,+ startDeviceAuthorization_startUrl,++ -- * Destructuring the Response+ StartDeviceAuthorizationResponse (..),+ newStartDeviceAuthorizationResponse,++ -- * Response Lenses+ startDeviceAuthorizationResponse_deviceCode,+ startDeviceAuthorizationResponse_expiresIn,+ startDeviceAuthorizationResponse_interval,+ startDeviceAuthorizationResponse_userCode,+ startDeviceAuthorizationResponse_verificationUri,+ startDeviceAuthorizationResponse_verificationUriComplete,+ startDeviceAuthorizationResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response+import Amazonka.SSOOIDC.Types++-- | /See:/ 'newStartDeviceAuthorization' smart constructor.+data StartDeviceAuthorization = StartDeviceAuthorization'+ { -- | The unique identifier string for the client that is registered with IAM+ -- Identity Center. This value should come from the persisted result of the+ -- RegisterClient API operation.+ clientId :: Prelude.Text,+ -- | A secret string that is generated for the client. This value should come+ -- from the persisted result of the RegisterClient API operation.+ clientSecret :: Prelude.Text,+ -- | The URL for the AWS access portal. For more information, see+ -- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>+ -- in the /IAM Identity Center User Guide/.+ startUrl :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StartDeviceAuthorization' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'clientId', 'startDeviceAuthorization_clientId' - The unique identifier string for the client that is registered with IAM+-- Identity Center. This value should come from the persisted result of the+-- RegisterClient API operation.+--+-- 'clientSecret', 'startDeviceAuthorization_clientSecret' - A secret string that is generated for the client. This value should come+-- from the persisted result of the RegisterClient API operation.+--+-- 'startUrl', 'startDeviceAuthorization_startUrl' - The URL for the AWS access portal. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>+-- in the /IAM Identity Center User Guide/.+newStartDeviceAuthorization ::+ -- | 'clientId'+ Prelude.Text ->+ -- | 'clientSecret'+ Prelude.Text ->+ -- | 'startUrl'+ Prelude.Text ->+ StartDeviceAuthorization+newStartDeviceAuthorization+ pClientId_+ pClientSecret_+ pStartUrl_ =+ StartDeviceAuthorization'+ { clientId = pClientId_,+ clientSecret = pClientSecret_,+ startUrl = pStartUrl_+ }++-- | The unique identifier string for the client that is registered with IAM+-- Identity Center. This value should come from the persisted result of the+-- RegisterClient API operation.+startDeviceAuthorization_clientId :: Lens.Lens' StartDeviceAuthorization Prelude.Text+startDeviceAuthorization_clientId = Lens.lens (\StartDeviceAuthorization' {clientId} -> clientId) (\s@StartDeviceAuthorization' {} a -> s {clientId = a} :: StartDeviceAuthorization)++-- | A secret string that is generated for the client. This value should come+-- from the persisted result of the RegisterClient API operation.+startDeviceAuthorization_clientSecret :: Lens.Lens' StartDeviceAuthorization Prelude.Text+startDeviceAuthorization_clientSecret = Lens.lens (\StartDeviceAuthorization' {clientSecret} -> clientSecret) (\s@StartDeviceAuthorization' {} a -> s {clientSecret = a} :: StartDeviceAuthorization)++-- | The URL for the AWS access portal. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>+-- in the /IAM Identity Center User Guide/.+startDeviceAuthorization_startUrl :: Lens.Lens' StartDeviceAuthorization Prelude.Text+startDeviceAuthorization_startUrl = Lens.lens (\StartDeviceAuthorization' {startUrl} -> startUrl) (\s@StartDeviceAuthorization' {} a -> s {startUrl = a} :: StartDeviceAuthorization)++instance Core.AWSRequest StartDeviceAuthorization where+ type+ AWSResponse StartDeviceAuthorization =+ StartDeviceAuthorizationResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ StartDeviceAuthorizationResponse'+ Prelude.<$> (x Data..?> "deviceCode")+ Prelude.<*> (x Data..?> "expiresIn")+ Prelude.<*> (x Data..?> "interval")+ Prelude.<*> (x Data..?> "userCode")+ Prelude.<*> (x Data..?> "verificationUri")+ Prelude.<*> (x Data..?> "verificationUriComplete")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable StartDeviceAuthorization where+ hashWithSalt _salt StartDeviceAuthorization' {..} =+ _salt+ `Prelude.hashWithSalt` clientId+ `Prelude.hashWithSalt` clientSecret+ `Prelude.hashWithSalt` startUrl++instance Prelude.NFData StartDeviceAuthorization where+ rnf StartDeviceAuthorization' {..} =+ Prelude.rnf clientId+ `Prelude.seq` Prelude.rnf clientSecret+ `Prelude.seq` Prelude.rnf startUrl++instance Data.ToHeaders StartDeviceAuthorization where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON StartDeviceAuthorization where+ toJSON StartDeviceAuthorization' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("clientId" Data..= clientId),+ Prelude.Just ("clientSecret" Data..= clientSecret),+ Prelude.Just ("startUrl" Data..= startUrl)+ ]+ )++instance Data.ToPath StartDeviceAuthorization where+ toPath = Prelude.const "/device_authorization"++instance Data.ToQuery StartDeviceAuthorization where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newStartDeviceAuthorizationResponse' smart constructor.+data StartDeviceAuthorizationResponse = StartDeviceAuthorizationResponse'+ { -- | The short-lived code that is used by the device when polling for a+ -- session token.+ deviceCode :: Prelude.Maybe Prelude.Text,+ -- | Indicates the number of seconds in which the verification code will+ -- become invalid.+ expiresIn :: Prelude.Maybe Prelude.Int,+ -- | Indicates the number of seconds the client must wait between attempts+ -- when polling for a session.+ interval :: Prelude.Maybe Prelude.Int,+ -- | A one-time user verification code. This is needed to authorize an in-use+ -- device.+ userCode :: Prelude.Maybe Prelude.Text,+ -- | The URI of the verification page that takes the @userCode@ to authorize+ -- the device.+ verificationUri :: Prelude.Maybe Prelude.Text,+ -- | An alternate URL that the client can use to automatically launch a+ -- browser. This process skips the manual step in which the user visits the+ -- verification page and enters their code.+ verificationUriComplete :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StartDeviceAuthorizationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'deviceCode', 'startDeviceAuthorizationResponse_deviceCode' - The short-lived code that is used by the device when polling for a+-- session token.+--+-- 'expiresIn', 'startDeviceAuthorizationResponse_expiresIn' - Indicates the number of seconds in which the verification code will+-- become invalid.+--+-- 'interval', 'startDeviceAuthorizationResponse_interval' - Indicates the number of seconds the client must wait between attempts+-- when polling for a session.+--+-- 'userCode', 'startDeviceAuthorizationResponse_userCode' - A one-time user verification code. This is needed to authorize an in-use+-- device.+--+-- 'verificationUri', 'startDeviceAuthorizationResponse_verificationUri' - The URI of the verification page that takes the @userCode@ to authorize+-- the device.+--+-- 'verificationUriComplete', 'startDeviceAuthorizationResponse_verificationUriComplete' - An alternate URL that the client can use to automatically launch a+-- browser. This process skips the manual step in which the user visits the+-- verification page and enters their code.+--+-- 'httpStatus', 'startDeviceAuthorizationResponse_httpStatus' - The response's http status code.+newStartDeviceAuthorizationResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ StartDeviceAuthorizationResponse+newStartDeviceAuthorizationResponse pHttpStatus_ =+ StartDeviceAuthorizationResponse'+ { deviceCode =+ Prelude.Nothing,+ expiresIn = Prelude.Nothing,+ interval = Prelude.Nothing,+ userCode = Prelude.Nothing,+ verificationUri = Prelude.Nothing,+ verificationUriComplete = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The short-lived code that is used by the device when polling for a+-- session token.+startDeviceAuthorizationResponse_deviceCode :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_deviceCode = Lens.lens (\StartDeviceAuthorizationResponse' {deviceCode} -> deviceCode) (\s@StartDeviceAuthorizationResponse' {} a -> s {deviceCode = a} :: StartDeviceAuthorizationResponse)++-- | Indicates the number of seconds in which the verification code will+-- become invalid.+startDeviceAuthorizationResponse_expiresIn :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Int)+startDeviceAuthorizationResponse_expiresIn = Lens.lens (\StartDeviceAuthorizationResponse' {expiresIn} -> expiresIn) (\s@StartDeviceAuthorizationResponse' {} a -> s {expiresIn = a} :: StartDeviceAuthorizationResponse)++-- | Indicates the number of seconds the client must wait between attempts+-- when polling for a session.+startDeviceAuthorizationResponse_interval :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Int)+startDeviceAuthorizationResponse_interval = Lens.lens (\StartDeviceAuthorizationResponse' {interval} -> interval) (\s@StartDeviceAuthorizationResponse' {} a -> s {interval = a} :: StartDeviceAuthorizationResponse)++-- | A one-time user verification code. This is needed to authorize an in-use+-- device.+startDeviceAuthorizationResponse_userCode :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_userCode = Lens.lens (\StartDeviceAuthorizationResponse' {userCode} -> userCode) (\s@StartDeviceAuthorizationResponse' {} a -> s {userCode = a} :: StartDeviceAuthorizationResponse)++-- | The URI of the verification page that takes the @userCode@ to authorize+-- the device.+startDeviceAuthorizationResponse_verificationUri :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_verificationUri = Lens.lens (\StartDeviceAuthorizationResponse' {verificationUri} -> verificationUri) (\s@StartDeviceAuthorizationResponse' {} a -> s {verificationUri = a} :: StartDeviceAuthorizationResponse)++-- | An alternate URL that the client can use to automatically launch a+-- browser. This process skips the manual step in which the user visits the+-- verification page and enters their code.+startDeviceAuthorizationResponse_verificationUriComplete :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_verificationUriComplete = Lens.lens (\StartDeviceAuthorizationResponse' {verificationUriComplete} -> verificationUriComplete) (\s@StartDeviceAuthorizationResponse' {} a -> s {verificationUriComplete = a} :: StartDeviceAuthorizationResponse)++-- | The response's http status code.+startDeviceAuthorizationResponse_httpStatus :: Lens.Lens' StartDeviceAuthorizationResponse Prelude.Int+startDeviceAuthorizationResponse_httpStatus = Lens.lens (\StartDeviceAuthorizationResponse' {httpStatus} -> httpStatus) (\s@StartDeviceAuthorizationResponse' {} a -> s {httpStatus = a} :: StartDeviceAuthorizationResponse)++instance+ Prelude.NFData+ StartDeviceAuthorizationResponse+ where+ rnf StartDeviceAuthorizationResponse' {..} =+ Prelude.rnf deviceCode+ `Prelude.seq` Prelude.rnf expiresIn+ `Prelude.seq` Prelude.rnf interval+ `Prelude.seq` Prelude.rnf userCode+ `Prelude.seq` Prelude.rnf verificationUri+ `Prelude.seq` Prelude.rnf verificationUriComplete+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/SSOOIDC/Types.hs view
@@ -0,0 +1,217 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.SSOOIDC.Types+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.SSOOIDC.Types+ ( -- * Service Configuration+ defaultService,++ -- * Errors+ _AccessDeniedException,+ _AuthorizationPendingException,+ _ExpiredTokenException,+ _InternalServerException,+ _InvalidClientException,+ _InvalidClientMetadataException,+ _InvalidGrantException,+ _InvalidRequestException,+ _InvalidScopeException,+ _SlowDownException,+ _UnauthorizedClientException,+ _UnsupportedGrantTypeException,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Sign.V4 as Sign++-- | API version @2019-06-10@ of the Amazon SSO OIDC SDK configuration.+defaultService :: Core.Service+defaultService =+ Core.Service+ { Core.abbrev = "SSOOIDC",+ Core.signer = Sign.v4,+ Core.endpointPrefix = "oidc",+ Core.signingName = "awsssooidc",+ Core.version = "2019-06-10",+ Core.s3AddressingStyle = Core.S3AddressingStyleAuto,+ Core.endpoint = Core.defaultEndpoint defaultService,+ Core.timeout = Prelude.Just 70,+ Core.check = Core.statusSuccess,+ Core.error = Core.parseJSONError "SSOOIDC",+ Core.retry = retry+ }+ where+ retry =+ Core.Exponential+ { Core.base = 5.0e-2,+ Core.growth = 2,+ Core.attempts = 5,+ Core.check = check+ }+ check e+ | Lens.has (Core.hasStatus 502) e =+ Prelude.Just "bad_gateway"+ | Lens.has (Core.hasStatus 504) e =+ Prelude.Just "gateway_timeout"+ | Lens.has (Core.hasStatus 500) e =+ Prelude.Just "general_server_error"+ | Lens.has (Core.hasStatus 509) e =+ Prelude.Just "limit_exceeded"+ | Lens.has+ ( Core.hasCode "RequestThrottledException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "request_throttled_exception"+ | Lens.has (Core.hasStatus 503) e =+ Prelude.Just "service_unavailable"+ | Lens.has+ ( Core.hasCode "ThrottledException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throttled_exception"+ | Lens.has+ ( Core.hasCode "Throttling"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throttling"+ | Lens.has+ ( Core.hasCode "ThrottlingException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throttling_exception"+ | Lens.has+ ( Core.hasCode+ "ProvisionedThroughputExceededException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throughput_exceeded"+ | Lens.has (Core.hasStatus 429) e =+ Prelude.Just "too_many_requests"+ | Prelude.otherwise = Prelude.Nothing++-- | You do not have sufficient access to perform this action.+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_AccessDeniedException =+ Core._MatchServiceError+ defaultService+ "AccessDeniedException"+ Prelude.. Core.hasStatus 400++-- | Indicates that a request to authorize a client with an access user+-- session token is pending.+_AuthorizationPendingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_AuthorizationPendingException =+ Core._MatchServiceError+ defaultService+ "AuthorizationPendingException"+ Prelude.. Core.hasStatus 400++-- | Indicates that the token issued by the service is expired and is no+-- longer valid.+_ExpiredTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_ExpiredTokenException =+ Core._MatchServiceError+ defaultService+ "ExpiredTokenException"+ Prelude.. Core.hasStatus 400++-- | Indicates that an error from the service occurred while trying to+-- process a request.+_InternalServerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InternalServerException =+ Core._MatchServiceError+ defaultService+ "InternalServerException"+ Prelude.. Core.hasStatus 500++-- | Indicates that the @clientId@ or @clientSecret@ in the request is+-- invalid. For example, this can occur when a client sends an incorrect+-- @clientId@ or an expired @clientSecret@.+_InvalidClientException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidClientException =+ Core._MatchServiceError+ defaultService+ "InvalidClientException"+ Prelude.. Core.hasStatus 401++-- | Indicates that the client information sent in the request during+-- registration is invalid.+_InvalidClientMetadataException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidClientMetadataException =+ Core._MatchServiceError+ defaultService+ "InvalidClientMetadataException"+ Prelude.. Core.hasStatus 400++-- | Indicates that a request contains an invalid grant. This can occur if a+-- client makes a CreateToken request with an invalid grant type.+_InvalidGrantException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidGrantException =+ Core._MatchServiceError+ defaultService+ "InvalidGrantException"+ Prelude.. Core.hasStatus 400++-- | Indicates that something is wrong with the input to the request. For+-- example, a required parameter might be missing or out of range.+_InvalidRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidRequestException =+ Core._MatchServiceError+ defaultService+ "InvalidRequestException"+ Prelude.. Core.hasStatus 400++-- | Indicates that the scope provided in the request is invalid.+_InvalidScopeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidScopeException =+ Core._MatchServiceError+ defaultService+ "InvalidScopeException"+ Prelude.. Core.hasStatus 400++-- | Indicates that the client is making the request too frequently and is+-- more than the service can handle.+_SlowDownException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_SlowDownException =+ Core._MatchServiceError+ defaultService+ "SlowDownException"+ Prelude.. Core.hasStatus 400++-- | Indicates that the client is not currently authorized to make the+-- request. This can happen when a @clientId@ is not issued for a public+-- client.+_UnauthorizedClientException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_UnauthorizedClientException =+ Core._MatchServiceError+ defaultService+ "UnauthorizedClientException"+ Prelude.. Core.hasStatus 400++-- | Indicates that the grant type in the request is not supported by the+-- service.+_UnsupportedGrantTypeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_UnsupportedGrantTypeException =+ Core._MatchServiceError+ defaultService+ "UnsupportedGrantTypeException"+ Prelude.. Core.hasStatus 400
+ gen/Amazonka/SSOOIDC/Waiters.hs view
@@ -0,0 +1,24 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.SSOOIDC.Waiters+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.SSOOIDC.Waiters where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import Amazonka.SSOOIDC.Lens+import Amazonka.SSOOIDC.Types
+ src/.gitkeep view
+ test/Main.hs view
@@ -0,0 +1,23 @@+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module : Main+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Main (main) where++import Test.Amazonka.SSOOIDC+import Test.Amazonka.SSOOIDC.Internal+import Test.Tasty++main :: IO ()+main =+ defaultMain $+ testGroup+ "SSOOIDC"+ [ testGroup "tests" tests,+ testGroup "fixtures" fixtures+ ]
+ test/Test/Amazonka/Gen/SSOOIDC.hs view
@@ -0,0 +1,98 @@+{-# OPTIONS_GHC -fno-warn-orphans #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Test.Amazonka.Gen.SSOOIDC+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.Gen.SSOOIDC where++import Amazonka.SSOOIDC+import qualified Data.Proxy as Proxy+import Test.Amazonka.Fixture+import Test.Amazonka.Prelude+import Test.Amazonka.SSOOIDC.Internal+import Test.Tasty++-- Auto-generated: the actual test selection needs to be manually placed into+-- the top-level so that real test data can be incrementally added.+--+-- This commented snippet is what the entire set should look like:++-- fixtures :: TestTree+-- fixtures =+-- [ testGroup "request"+-- [ requestCreateToken $+-- newCreateToken+--+-- , requestRegisterClient $+-- newRegisterClient+--+-- , requestStartDeviceAuthorization $+-- newStartDeviceAuthorization+--+-- ]++-- , testGroup "response"+-- [ responseCreateToken $+-- newCreateTokenResponse+--+-- , responseRegisterClient $+-- newRegisterClientResponse+--+-- , responseStartDeviceAuthorization $+-- newStartDeviceAuthorizationResponse+--+-- ]+-- ]++-- Requests++requestCreateToken :: CreateToken -> TestTree+requestCreateToken =+ req+ "CreateToken"+ "fixture/CreateToken.yaml"++requestRegisterClient :: RegisterClient -> TestTree+requestRegisterClient =+ req+ "RegisterClient"+ "fixture/RegisterClient.yaml"++requestStartDeviceAuthorization :: StartDeviceAuthorization -> TestTree+requestStartDeviceAuthorization =+ req+ "StartDeviceAuthorization"+ "fixture/StartDeviceAuthorization.yaml"++-- Responses++responseCreateToken :: CreateTokenResponse -> TestTree+responseCreateToken =+ res+ "CreateTokenResponse"+ "fixture/CreateTokenResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy CreateToken)++responseRegisterClient :: RegisterClientResponse -> TestTree+responseRegisterClient =+ res+ "RegisterClientResponse"+ "fixture/RegisterClientResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy RegisterClient)++responseStartDeviceAuthorization :: StartDeviceAuthorizationResponse -> TestTree+responseStartDeviceAuthorization =+ res+ "StartDeviceAuthorizationResponse"+ "fixture/StartDeviceAuthorizationResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy StartDeviceAuthorization)
+ test/Test/Amazonka/SSOOIDC.hs view
@@ -0,0 +1,20 @@+-- |+-- Module : Test.Amazonka.SSOOIDC+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.SSOOIDC+ ( tests,+ fixtures,+ )+where++import Test.Tasty (TestTree)++tests :: [TestTree]+tests = []++fixtures :: [TestTree]+fixtures = []
+ test/Test/Amazonka/SSOOIDC/Internal.hs view
@@ -0,0 +1,8 @@+-- |+-- Module : Test.Amazonka.SSOOIDC.Internal+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.SSOOIDC.Internal where