packages feed

amazonka-sso-oidc (empty) → 2.0

raw patch · 21 files changed

+2146/−0 lines, 21 filesdep +amazonka-coredep +amazonka-sso-oidcdep +amazonka-test

Dependencies added: amazonka-core, amazonka-sso-oidc, amazonka-test, base, bytestring, case-insensitive, tasty, tasty-hunit, text, time, unordered-containers

Files

+ LICENSE view
@@ -0,0 +1,367 @@+Mozilla Public License Version 2.0+==================================++1. Definitions+--------------++1.1. "Contributor"+    means each individual or legal entity that creates, contributes to+    the creation of, or owns Covered Software.++1.2. "Contributor Version"+    means the combination of the Contributions of others (if any) used+    by a Contributor and that particular Contributor's Contribution.++1.3. "Contribution"+    means Covered Software of a particular Contributor.++1.4. "Covered Software"+    means Source Code Form to which the initial Contributor has attached+    the notice in Exhibit A, the Executable Form of such Source Code+    Form, and Modifications of such Source Code Form, in each case+    including portions thereof.++1.5. "Incompatible With Secondary Licenses"+    means++    (a) that the initial Contributor has attached the notice described+        in Exhibit B to the Covered Software; or++    (b) that the Covered Software was made available under the terms of+        version 1.1 or earlier of the License, but not also under the+        terms of a Secondary License.++1.6. "Executable Form"+    means any form of the work other than Source Code Form.++1.7. "Larger Work"+    means a work that combines Covered Software with other material, in+    a separate file or files, that is not Covered Software.++1.8. "License"+    means this document.++1.9. "Licensable"+    means having the right to grant, to the maximum extent possible,+    whether at the time of the initial grant or subsequently, any and+    all of the rights conveyed by this License.++1.10. "Modifications"+    means any of the following:++    (a) any file in Source Code Form that results from an addition to,+        deletion from, or modification of the contents of Covered+        Software; or++    (b) any new file in Source Code Form that contains any Covered+        Software.++1.11. "Patent Claims" of a Contributor+    means any patent claim(s), including without limitation, method,+    process, and apparatus claims, in any patent Licensable by such+    Contributor that would be infringed, but for the grant of the+    License, by the making, using, selling, offering for sale, having+    made, import, or transfer of either its Contributions or its+    Contributor Version.++1.12. "Secondary License"+    means either the GNU General Public License, Version 2.0, the GNU+    Lesser General Public License, Version 2.1, the GNU Affero General+    Public License, Version 3.0, or any later versions of those+    licenses.++1.13. "Source Code Form"+    means the form of the work preferred for making modifications.++1.14. "You" (or "Your")+    means an individual or a legal entity exercising rights under this+    License. For legal entities, "You" includes any entity that+    controls, is controlled by, or is under common control with You. For+    purposes of this definition, "control" means (a) the power, direct+    or indirect, to cause the direction or management of such entity,+    whether by contract or otherwise, or (b) ownership of more than+    fifty percent (50%) of the outstanding shares or beneficial+    ownership of such entity.++2. License Grants and Conditions+--------------------------------++2.1. Grants++Each Contributor hereby grants You a world-wide, royalty-free,+non-exclusive license:++(a) under intellectual property rights (other than patent or trademark)+    Licensable by such Contributor to use, reproduce, make available,+    modify, display, perform, distribute, and otherwise exploit its+    Contributions, either on an unmodified basis, with Modifications, or+    as part of a Larger Work; and++(b) under Patent Claims of such Contributor to make, use, sell, offer+    for sale, have made, import, and otherwise transfer either its+    Contributions or its Contributor Version.++2.2. Effective Date++The licenses granted in Section 2.1 with respect to any Contribution+become effective for each Contribution on the date the Contributor first+distributes such Contribution.++2.3. Limitations on Grant Scope++The licenses granted in this Section 2 are the only rights granted under+this License. No additional rights or licenses will be implied from the+distribution or licensing of Covered Software under this License.+Notwithstanding Section 2.1(b) above, no patent license is granted by a+Contributor:++(a) for any code that a Contributor has removed from Covered Software;+    or++(b) for infringements caused by: (i) Your and any other third party's+    modifications of Covered Software, or (ii) the combination of its+    Contributions with other software (except as part of its Contributor+    Version); or++(c) under Patent Claims infringed by Covered Software in the absence of+    its Contributions.++This License does not grant any rights in the trademarks, service marks,+or logos of any Contributor (except as may be necessary to comply with+the notice requirements in Section 3.4).++2.4. Subsequent Licenses++No Contributor makes additional grants as a result of Your choice to+distribute the Covered Software under a subsequent version of this+License (see Section 10.2) or under the terms of a Secondary License (if+permitted under the terms of Section 3.3).++2.5. Representation++Each Contributor represents that the Contributor believes its+Contributions are its original creation(s) or it has sufficient rights+to grant the rights to its Contributions conveyed by this License.++2.6. Fair Use++This License is not intended to limit any rights You have under+applicable copyright doctrines of fair use, fair dealing, or other+equivalents.++2.7. Conditions++Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted+in Section 2.1.++3. Responsibilities+-------------------++3.1. Distribution of Source Form++All distribution of Covered Software in Source Code Form, including any+Modifications that You create or to which You contribute, must be under+the terms of this License. You must inform recipients that the Source+Code Form of the Covered Software is governed by the terms of this+License, and how they can obtain a copy of this License. You may not+attempt to alter or restrict the recipients' rights in the Source Code+Form.++3.2. Distribution of Executable Form++If You distribute Covered Software in Executable Form then:++(a) such Covered Software must also be made available in Source Code+    Form, as described in Section 3.1, and You must inform recipients of+    the Executable Form how they can obtain a copy of such Source Code+    Form by reasonable means in a timely manner, at a charge no more+    than the cost of distribution to the recipient; and++(b) You may distribute such Executable Form under the terms of this+    License, or sublicense it under different terms, provided that the+    license for the Executable Form does not attempt to limit or alter+    the recipients' rights in the Source Code Form under this License.++3.3. Distribution of a Larger Work++You may create and distribute a Larger Work under terms of Your choice,+provided that You also comply with the requirements of this License for+the Covered Software. If the Larger Work is a combination of Covered+Software with a work governed by one or more Secondary Licenses, and the+Covered Software is not Incompatible With Secondary Licenses, this+License permits You to additionally distribute such Covered Software+under the terms of such Secondary License(s), so that the recipient of+the Larger Work may, at their option, further distribute the Covered+Software under the terms of either this License or such Secondary+License(s).++3.4. Notices++You may not remove or alter the substance of any license notices+(including copyright notices, patent notices, disclaimers of warranty,+or limitations of liability) contained within the Source Code Form of+the Covered Software, except that You may alter any license notices to+the extent required to remedy known factual inaccuracies.++3.5. Application of Additional Terms++You may choose to offer, and to charge a fee for, warranty, support,+indemnity or liability obligations to one or more recipients of Covered+Software. However, You may do so only on Your own behalf, and not on+behalf of any Contributor. You must make it absolutely clear that any+such warranty, support, indemnity, or liability obligation is offered by+You alone, and You hereby agree to indemnify every Contributor for any+liability incurred by such Contributor as a result of warranty, support,+indemnity or liability terms You offer. You may include additional+disclaimers of warranty and limitations of liability specific to any+jurisdiction.++4. Inability to Comply Due to Statute or Regulation+---------------------------------------------------++If it is impossible for You to comply with any of the terms of this+License with respect to some or all of the Covered Software due to+statute, judicial order, or regulation then You must: (a) comply with+the terms of this License to the maximum extent possible; and (b)+describe the limitations and the code they affect. Such description must+be placed in a text file included with all distributions of the Covered+Software under this License. Except to the extent prohibited by statute+or regulation, such description must be sufficiently detailed for a+recipient of ordinary skill to be able to understand it.++5. Termination+--------------++5.1. The rights granted under this License will terminate automatically+if You fail to comply with any of its terms. However, if You become+compliant, then the rights granted under this License from a particular+Contributor are reinstated (a) provisionally, unless and until such+Contributor explicitly and finally terminates Your grants, and (b) on an+ongoing basis, if such Contributor fails to notify You of the+non-compliance by some reasonable means prior to 60 days after You have+come back into compliance. Moreover, Your grants from a particular+Contributor are reinstated on an ongoing basis if such Contributor+notifies You of the non-compliance by some reasonable means, this is the+first time You have received notice of non-compliance with this License+from such Contributor, and You become compliant prior to 30 days after+Your receipt of the notice.++5.2. If You initiate litigation against any entity by asserting a patent+infringement claim (excluding declaratory judgment actions,+counter-claims, and cross-claims) alleging that a Contributor Version+directly or indirectly infringes any patent, then the rights granted to+You by any and all Contributors for the Covered Software under Section+2.1 of this License shall terminate.++5.3. In the event of termination under Sections 5.1 or 5.2 above, all+end user license agreements (excluding distributors and resellers) which+have been validly granted by You or Your distributors under this License+prior to termination shall survive termination.++************************************************************************+*                                                                      *+*  6. Disclaimer of Warranty                                           *+*  -------------------------                                           *+*                                                                      *+*  Covered Software is provided under this License on an "as is"       *+*  basis, without warranty of any kind, either expressed, implied, or  *+*  statutory, including, without limitation, warranties that the       *+*  Covered Software is free of defects, merchantable, fit for a        *+*  particular purpose or non-infringing. The entire risk as to the     *+*  quality and performance of the Covered Software is with You.        *+*  Should any Covered Software prove defective in any respect, You     *+*  (not any Contributor) assume the cost of any necessary servicing,   *+*  repair, or correction. This disclaimer of warranty constitutes an   *+*  essential part of this License. No use of any Covered Software is   *+*  authorized under this License except under this disclaimer.         *+*                                                                      *+************************************************************************++************************************************************************+*                                                                      *+*  7. Limitation of Liability                                          *+*  --------------------------                                          *+*                                                                      *+*  Under no circumstances and under no legal theory, whether tort      *+*  (including negligence), contract, or otherwise, shall any           *+*  Contributor, or anyone who distributes Covered Software as          *+*  permitted above, be liable to You for any direct, indirect,         *+*  special, incidental, or consequential damages of any character      *+*  including, without limitation, damages for lost profits, loss of    *+*  goodwill, work stoppage, computer failure or malfunction, or any    *+*  and all other commercial damages or losses, even if such party      *+*  shall have been informed of the possibility of such damages. This   *+*  limitation of liability shall not apply to liability for death or   *+*  personal injury resulting from such party's negligence to the       *+*  extent applicable law prohibits such limitation. Some               *+*  jurisdictions do not allow the exclusion or limitation of           *+*  incidental or consequential damages, so this exclusion and          *+*  limitation may not apply to You.                                    *+*                                                                      *+************************************************************************++8. Litigation+-------------++Any litigation relating to this License may be brought only in the+courts of a jurisdiction where the defendant maintains its principal+place of business and such litigation shall be governed by laws of that+jurisdiction, without reference to its conflict-of-law provisions.+Nothing in this Section shall prevent a party's ability to bring+cross-claims or counter-claims.++9. Miscellaneous+----------------++This License represents the complete agreement concerning the subject+matter hereof. If any provision of this License is held to be+unenforceable, such provision shall be reformed only to the extent+necessary to make it enforceable. Any law or regulation which provides+that the language of a contract shall be construed against the drafter+shall not be used to construe this License against a Contributor.++10. Versions of the License+---------------------------++10.1. New Versions++Mozilla Foundation is the license steward. Except as provided in Section+10.3, no one other than the license steward has the right to modify or+publish new versions of this License. Each version will be given a+distinguishing version number.++10.2. Effect of New Versions++You may distribute the Covered Software under the terms of the version+of the License under which You originally received the Covered Software,+or under the terms of any subsequent version published by the license+steward.++10.3. Modified Versions++If you create software not governed by this License, and you want to+create a new license for such software, you may create and use a+modified version of this License if you rename the license and remove+any references to the name of the license steward (except to note that+such modified license differs from this License).++10.4. Distributing Source Code Form that is Incompatible With Secondary+Licenses++If You choose to distribute Source Code Form that is Incompatible With+Secondary Licenses under the terms of this version of the License, the+notice described in Exhibit B of this License must be attached.++Exhibit A - Source Code Form License Notice+-------------------------------------------++  This Source Code Form is subject to the terms of the Mozilla Public+  License, v. 2.0. If a copy of the MPL was not distributed with this+  file, You can obtain one at http://mozilla.org/MPL/2.0/.++If it is not possible or desirable to put the notice in a particular+file, then You may include the notice in a location (such as a LICENSE+file in a relevant directory) where a recipient would be likely to look+for such a notice.++You may add additional accurate notices of copyright ownership.
+ README.md view
@@ -0,0 +1,44 @@+# Amazon SSO OIDC SDK++* [Version](#version)+* [Description](#description)+* [Contribute](#contribute)+* [Licence](#licence)+++## Version+ +`2.0` - Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.++## Description++Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-sso-oidc)+and the [AWS API Reference](https://aws.amazon.com/documentation/).++The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,+and receiving responses.++Lenses are used for constructing and manipulating types,+due to the depth of nesting of AWS types and transparency regarding+de/serialisation into more palatable Haskell values.+The provided lenses should be compatible with any of the major lens libraries+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).++See [Amazonka.SSOOIDC](http://hackage.haskell.org/package/amazonka-sso-oidc/docs/Amazonka-SSOOIDC.html)+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.+++## Contribute++For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).++> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.+++## Licence++`amazonka-sso-oidc` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).++Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.+Source files subject to this contain an additional licensing clause in their header.
+ amazonka-sso-oidc.cabal view
@@ -0,0 +1,86 @@+cabal-version:      2.2+name:               amazonka-sso-oidc+version:            2.0+synopsis:           Amazon SSO OIDC SDK.+homepage:           https://github.com/brendanhay/amazonka+bug-reports:        https://github.com/brendanhay/amazonka/issues+license:            MPL-2.0+license-file:       LICENSE+author:             Brendan Hay+maintainer:+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>++copyright:          Copyright (c) 2013-2023 Brendan Hay+category:           AWS+build-type:         Simple+extra-source-files:+  fixture/*.proto+  fixture/*.yaml+  README.md+  src/.gitkeep++description:+  Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.+  .+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.+  .+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.+  .+  Generated lenses can be found in "Amazonka.SSOOIDC.Lens" and are+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.+  .+  See "Amazonka.SSOOIDC" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.++source-repository head+  type:     git+  location: git://github.com/brendanhay/amazonka.git+  subdir:   amazonka-sso-oidc++library+  default-language: Haskell2010+  hs-source-dirs:   src gen+  ghc-options:+    -Wall -fwarn-incomplete-uni-patterns+    -fwarn-incomplete-record-updates -funbox-strict-fields++  exposed-modules:+    Amazonka.SSOOIDC+    Amazonka.SSOOIDC.CreateToken+    Amazonka.SSOOIDC.Lens+    Amazonka.SSOOIDC.RegisterClient+    Amazonka.SSOOIDC.StartDeviceAuthorization+    Amazonka.SSOOIDC.Types+    Amazonka.SSOOIDC.Waiters++  build-depends:+    , amazonka-core  >=2.0  && <2.1+    , base           >=4.12 && <5++test-suite amazonka-sso-oidc-test+  type:             exitcode-stdio-1.0+  default-language: Haskell2010+  hs-source-dirs:   test+  main-is:          Main.hs+  ghc-options:      -Wall -threaded++  -- This section is encoded by the template and any modules added by+  -- hand outside these namespaces will not correctly be added to the+  -- distribution package.+  other-modules:+    Test.Amazonka.Gen.SSOOIDC+    Test.Amazonka.SSOOIDC+    Test.Amazonka.SSOOIDC.Internal++  build-depends:+    , amazonka-core         >=2.0 && <2.1+    , amazonka-sso-oidc+    , amazonka-test         >=2.0 && <2.1+    , base+    , bytestring+    , case-insensitive+    , tasty+    , tasty-hunit+    , text+    , time+    , unordered-containers
+ fixture/CreateToken.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  oidc.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/CreateTokenResponse.proto view
+ fixture/RegisterClient.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  oidc.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/RegisterClientResponse.proto view
+ fixture/StartDeviceAuthorization.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  oidc.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/StartDeviceAuthorizationResponse.proto view
+ gen/Amazonka/SSOOIDC.hs view
@@ -0,0 +1,159 @@+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module      : Amazonka.SSOOIDC+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.+--+-- AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect+-- (OIDC) is a web service that enables a client (such as AWS CLI or a+-- native application) to register with IAM Identity Center. The service+-- also enables the client to fetch the user’s access token upon successful+-- authentication and authorization with IAM Identity Center.+--+-- Although AWS Single Sign-On was renamed, the @sso@ and @identitystore@+-- API namespaces will continue to retain their original name for backward+-- compatibility purposes. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed IAM Identity Center rename>.+--+-- __Considerations for Using This Guide__+--+-- Before you begin using this guide, we recommend that you first review+-- the following important information about how the IAM Identity Center+-- OIDC service works.+--+-- -   The IAM Identity Center OIDC service currently implements only the+--     portions of the OAuth 2.0 Device Authorization Grant standard+--     (<https://tools.ietf.org/html/rfc8628>) that are necessary to enable+--     single sign-on authentication with the AWS CLI. Support for other+--     OIDC flows frequently needed for native applications, such as+--     Authorization Code Flow (+ PKCE), will be addressed in future+--     releases.+--+-- -   The service emits only OIDC access tokens, such that obtaining a new+--     token (For example, token refresh) requires explicit user+--     re-authentication.+--+-- -   The access tokens provided by this service grant access to all AWS+--     account entitlements assigned to an IAM Identity Center user, not+--     just a particular application.+--+-- -   The documentation in this guide does not describe the mechanism to+--     convert the access token into AWS Auth (“sigv4”) credentials for use+--     with IAM-protected AWS service endpoints. For more information, see+--     <https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html GetRoleCredentials>+--     in the /IAM Identity Center Portal API Reference Guide/.+--+-- For general information about IAM Identity Center, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html What is IAM Identity Center?>+-- in the /IAM Identity Center User Guide/.+module Amazonka.SSOOIDC+  ( -- * Service Configuration+    defaultService,++    -- * Errors+    -- $errors++    -- ** AccessDeniedException+    _AccessDeniedException,++    -- ** AuthorizationPendingException+    _AuthorizationPendingException,++    -- ** ExpiredTokenException+    _ExpiredTokenException,++    -- ** InternalServerException+    _InternalServerException,++    -- ** InvalidClientException+    _InvalidClientException,++    -- ** InvalidClientMetadataException+    _InvalidClientMetadataException,++    -- ** InvalidGrantException+    _InvalidGrantException,++    -- ** InvalidRequestException+    _InvalidRequestException,++    -- ** InvalidScopeException+    _InvalidScopeException,++    -- ** SlowDownException+    _SlowDownException,++    -- ** UnauthorizedClientException+    _UnauthorizedClientException,++    -- ** UnsupportedGrantTypeException+    _UnsupportedGrantTypeException,++    -- * Waiters+    -- $waiters++    -- * Operations+    -- $operations++    -- ** CreateToken+    CreateToken (CreateToken'),+    newCreateToken,+    CreateTokenResponse (CreateTokenResponse'),+    newCreateTokenResponse,++    -- ** RegisterClient+    RegisterClient (RegisterClient'),+    newRegisterClient,+    RegisterClientResponse (RegisterClientResponse'),+    newRegisterClientResponse,++    -- ** StartDeviceAuthorization+    StartDeviceAuthorization (StartDeviceAuthorization'),+    newStartDeviceAuthorization,+    StartDeviceAuthorizationResponse (StartDeviceAuthorizationResponse'),+    newStartDeviceAuthorizationResponse,++    -- * Types+  )+where++import Amazonka.SSOOIDC.CreateToken+import Amazonka.SSOOIDC.Lens+import Amazonka.SSOOIDC.RegisterClient+import Amazonka.SSOOIDC.StartDeviceAuthorization+import Amazonka.SSOOIDC.Types+import Amazonka.SSOOIDC.Waiters++-- $errors+-- Error matchers are designed for use with the functions provided by+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.+-- This allows catching (and rethrowing) service specific errors returned+-- by 'SSOOIDC'.++-- $operations+-- Some AWS operations return results that are incomplete and require subsequent+-- requests in order to obtain the entire result set. The process of sending+-- subsequent requests to continue where a previous request left off is called+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to+-- 1000 objects at a time, and you must send subsequent requests with the+-- appropriate Marker in order to retrieve the next page of results.+--+-- Operations that have an 'AWSPager' instance can transparently perform subsequent+-- requests, correctly setting Markers and other request facets to iterate through+-- the entire result set of a truncated API operation. Operations which support+-- this have an additional note in the documentation.+--+-- Many operations have the ability to filter results on the server side. See the+-- individual operation parameters for details.++-- $waiters+-- Waiters poll by repeatedly sending a request until some remote success condition+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification+-- determines how many attempts should be made, in addition to delay and retry strategies.
+ gen/Amazonka/SSOOIDC/CreateToken.hs view
@@ -0,0 +1,428 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.SSOOIDC.CreateToken+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates and returns an access token for the authorized client. The+-- access token issued will be used to fetch short-term credentials for the+-- assigned roles in the AWS account.+module Amazonka.SSOOIDC.CreateToken+  ( -- * Creating a Request+    CreateToken (..),+    newCreateToken,++    -- * Request Lenses+    createToken_code,+    createToken_deviceCode,+    createToken_redirectUri,+    createToken_refreshToken,+    createToken_scope,+    createToken_clientId,+    createToken_clientSecret,+    createToken_grantType,++    -- * Destructuring the Response+    CreateTokenResponse (..),+    newCreateTokenResponse,++    -- * Response Lenses+    createTokenResponse_accessToken,+    createTokenResponse_expiresIn,+    createTokenResponse_idToken,+    createTokenResponse_refreshToken,+    createTokenResponse_tokenType,+    createTokenResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response+import Amazonka.SSOOIDC.Types++-- | /See:/ 'newCreateToken' smart constructor.+data CreateToken = CreateToken'+  { -- | The authorization code received from the authorization service. This+    -- parameter is required to perform an authorization grant request to get+    -- access to a token.+    code :: Prelude.Maybe Prelude.Text,+    -- | Used only when calling this API for the device code grant type. This+    -- short-term code is used to identify this authentication attempt. This+    -- should come from an in-memory reference to the result of the+    -- StartDeviceAuthorization API.+    deviceCode :: Prelude.Maybe Prelude.Text,+    -- | The location of the application that will receive the authorization+    -- code. Users authorize the service to send the request to this location.+    redirectUri :: Prelude.Maybe Prelude.Text,+    -- | Currently, @refreshToken@ is not yet implemented and is not supported.+    -- For more information about the features and limitations of the current+    -- IAM Identity Center OIDC implementation, see /Considerations for Using+    -- this Guide/ in the+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+    --+    -- The token used to obtain an access token in the event that the access+    -- token is invalid or expired.+    refreshToken :: Prelude.Maybe Prelude.Text,+    -- | The list of scopes that is defined by the client. Upon authorization,+    -- this list is used to restrict permissions when granting an access token.+    scope :: Prelude.Maybe [Prelude.Text],+    -- | The unique identifier string for each client. This value should come+    -- from the persisted result of the RegisterClient API.+    clientId :: Prelude.Text,+    -- | A secret string generated for the client. This value should come from+    -- the persisted result of the RegisterClient API.+    clientSecret :: Prelude.Text,+    -- | Supports grant types for the authorization code, refresh token, and+    -- device code request. For device code requests, specify the following+    -- value:+    --+    -- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @+    --+    -- For information about how to obtain the device code, see the+    -- StartDeviceAuthorization topic.+    grantType :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateToken' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'code', 'createToken_code' - The authorization code received from the authorization service. This+-- parameter is required to perform an authorization grant request to get+-- access to a token.+--+-- 'deviceCode', 'createToken_deviceCode' - Used only when calling this API for the device code grant type. This+-- short-term code is used to identify this authentication attempt. This+-- should come from an in-memory reference to the result of the+-- StartDeviceAuthorization API.+--+-- 'redirectUri', 'createToken_redirectUri' - The location of the application that will receive the authorization+-- code. Users authorize the service to send the request to this location.+--+-- 'refreshToken', 'createToken_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The token used to obtain an access token in the event that the access+-- token is invalid or expired.+--+-- 'scope', 'createToken_scope' - The list of scopes that is defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+--+-- 'clientId', 'createToken_clientId' - The unique identifier string for each client. This value should come+-- from the persisted result of the RegisterClient API.+--+-- 'clientSecret', 'createToken_clientSecret' - A secret string generated for the client. This value should come from+-- the persisted result of the RegisterClient API.+--+-- 'grantType', 'createToken_grantType' - Supports grant types for the authorization code, refresh token, and+-- device code request. For device code requests, specify the following+-- value:+--+-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @+--+-- For information about how to obtain the device code, see the+-- StartDeviceAuthorization topic.+newCreateToken ::+  -- | 'clientId'+  Prelude.Text ->+  -- | 'clientSecret'+  Prelude.Text ->+  -- | 'grantType'+  Prelude.Text ->+  CreateToken+newCreateToken pClientId_ pClientSecret_ pGrantType_ =+  CreateToken'+    { code = Prelude.Nothing,+      deviceCode = Prelude.Nothing,+      redirectUri = Prelude.Nothing,+      refreshToken = Prelude.Nothing,+      scope = Prelude.Nothing,+      clientId = pClientId_,+      clientSecret = pClientSecret_,+      grantType = pGrantType_+    }++-- | The authorization code received from the authorization service. This+-- parameter is required to perform an authorization grant request to get+-- access to a token.+createToken_code :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_code = Lens.lens (\CreateToken' {code} -> code) (\s@CreateToken' {} a -> s {code = a} :: CreateToken)++-- | Used only when calling this API for the device code grant type. This+-- short-term code is used to identify this authentication attempt. This+-- should come from an in-memory reference to the result of the+-- StartDeviceAuthorization API.+createToken_deviceCode :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_deviceCode = Lens.lens (\CreateToken' {deviceCode} -> deviceCode) (\s@CreateToken' {} a -> s {deviceCode = a} :: CreateToken)++-- | The location of the application that will receive the authorization+-- code. Users authorize the service to send the request to this location.+createToken_redirectUri :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_redirectUri = Lens.lens (\CreateToken' {redirectUri} -> redirectUri) (\s@CreateToken' {} a -> s {redirectUri = a} :: CreateToken)++-- | Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The token used to obtain an access token in the event that the access+-- token is invalid or expired.+createToken_refreshToken :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)+createToken_refreshToken = Lens.lens (\CreateToken' {refreshToken} -> refreshToken) (\s@CreateToken' {} a -> s {refreshToken = a} :: CreateToken)++-- | The list of scopes that is defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+createToken_scope :: Lens.Lens' CreateToken (Prelude.Maybe [Prelude.Text])+createToken_scope = Lens.lens (\CreateToken' {scope} -> scope) (\s@CreateToken' {} a -> s {scope = a} :: CreateToken) Prelude.. Lens.mapping Lens.coerced++-- | The unique identifier string for each client. This value should come+-- from the persisted result of the RegisterClient API.+createToken_clientId :: Lens.Lens' CreateToken Prelude.Text+createToken_clientId = Lens.lens (\CreateToken' {clientId} -> clientId) (\s@CreateToken' {} a -> s {clientId = a} :: CreateToken)++-- | A secret string generated for the client. This value should come from+-- the persisted result of the RegisterClient API.+createToken_clientSecret :: Lens.Lens' CreateToken Prelude.Text+createToken_clientSecret = Lens.lens (\CreateToken' {clientSecret} -> clientSecret) (\s@CreateToken' {} a -> s {clientSecret = a} :: CreateToken)++-- | Supports grant types for the authorization code, refresh token, and+-- device code request. For device code requests, specify the following+-- value:+--+-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @+--+-- For information about how to obtain the device code, see the+-- StartDeviceAuthorization topic.+createToken_grantType :: Lens.Lens' CreateToken Prelude.Text+createToken_grantType = Lens.lens (\CreateToken' {grantType} -> grantType) (\s@CreateToken' {} a -> s {grantType = a} :: CreateToken)++instance Core.AWSRequest CreateToken where+  type AWSResponse CreateToken = CreateTokenResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          CreateTokenResponse'+            Prelude.<$> (x Data..?> "accessToken")+            Prelude.<*> (x Data..?> "expiresIn")+            Prelude.<*> (x Data..?> "idToken")+            Prelude.<*> (x Data..?> "refreshToken")+            Prelude.<*> (x Data..?> "tokenType")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable CreateToken where+  hashWithSalt _salt CreateToken' {..} =+    _salt+      `Prelude.hashWithSalt` code+      `Prelude.hashWithSalt` deviceCode+      `Prelude.hashWithSalt` redirectUri+      `Prelude.hashWithSalt` refreshToken+      `Prelude.hashWithSalt` scope+      `Prelude.hashWithSalt` clientId+      `Prelude.hashWithSalt` clientSecret+      `Prelude.hashWithSalt` grantType++instance Prelude.NFData CreateToken where+  rnf CreateToken' {..} =+    Prelude.rnf code+      `Prelude.seq` Prelude.rnf deviceCode+      `Prelude.seq` Prelude.rnf redirectUri+      `Prelude.seq` Prelude.rnf refreshToken+      `Prelude.seq` Prelude.rnf scope+      `Prelude.seq` Prelude.rnf clientId+      `Prelude.seq` Prelude.rnf clientSecret+      `Prelude.seq` Prelude.rnf grantType++instance Data.ToHeaders CreateToken where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "Content-Type"+              Data.=# ( "application/x-amz-json-1.1" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON CreateToken where+  toJSON CreateToken' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("code" Data..=) Prelude.<$> code,+            ("deviceCode" Data..=) Prelude.<$> deviceCode,+            ("redirectUri" Data..=) Prelude.<$> redirectUri,+            ("refreshToken" Data..=) Prelude.<$> refreshToken,+            ("scope" Data..=) Prelude.<$> scope,+            Prelude.Just ("clientId" Data..= clientId),+            Prelude.Just ("clientSecret" Data..= clientSecret),+            Prelude.Just ("grantType" Data..= grantType)+          ]+      )++instance Data.ToPath CreateToken where+  toPath = Prelude.const "/token"++instance Data.ToQuery CreateToken where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateTokenResponse' smart constructor.+data CreateTokenResponse = CreateTokenResponse'+  { -- | An opaque token to access IAM Identity Center resources assigned to a+    -- user.+    accessToken :: Prelude.Maybe Prelude.Text,+    -- | Indicates the time in seconds when an access token will expire.+    expiresIn :: Prelude.Maybe Prelude.Int,+    -- | Currently, @idToken@ is not yet implemented and is not supported. For+    -- more information about the features and limitations of the current IAM+    -- Identity Center OIDC implementation, see /Considerations for Using this+    -- Guide/ in the+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+    --+    -- The identifier of the user that associated with the access token, if+    -- present.+    idToken :: Prelude.Maybe Prelude.Text,+    -- | Currently, @refreshToken@ is not yet implemented and is not supported.+    -- For more information about the features and limitations of the current+    -- IAM Identity Center OIDC implementation, see /Considerations for Using+    -- this Guide/ in the+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+    --+    -- A token that, if present, can be used to refresh a previously issued+    -- access token that might have expired.+    refreshToken :: Prelude.Maybe Prelude.Text,+    -- | Used to notify the client that the returned token is an access token.+    -- The supported type is @BearerToken@.+    tokenType :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateTokenResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'accessToken', 'createTokenResponse_accessToken' - An opaque token to access IAM Identity Center resources assigned to a+-- user.+--+-- 'expiresIn', 'createTokenResponse_expiresIn' - Indicates the time in seconds when an access token will expire.+--+-- 'idToken', 'createTokenResponse_idToken' - Currently, @idToken@ is not yet implemented and is not supported. For+-- more information about the features and limitations of the current IAM+-- Identity Center OIDC implementation, see /Considerations for Using this+-- Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The identifier of the user that associated with the access token, if+-- present.+--+-- 'refreshToken', 'createTokenResponse_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- A token that, if present, can be used to refresh a previously issued+-- access token that might have expired.+--+-- 'tokenType', 'createTokenResponse_tokenType' - Used to notify the client that the returned token is an access token.+-- The supported type is @BearerToken@.+--+-- 'httpStatus', 'createTokenResponse_httpStatus' - The response's http status code.+newCreateTokenResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  CreateTokenResponse+newCreateTokenResponse pHttpStatus_ =+  CreateTokenResponse'+    { accessToken = Prelude.Nothing,+      expiresIn = Prelude.Nothing,+      idToken = Prelude.Nothing,+      refreshToken = Prelude.Nothing,+      tokenType = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | An opaque token to access IAM Identity Center resources assigned to a+-- user.+createTokenResponse_accessToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_accessToken = Lens.lens (\CreateTokenResponse' {accessToken} -> accessToken) (\s@CreateTokenResponse' {} a -> s {accessToken = a} :: CreateTokenResponse)++-- | Indicates the time in seconds when an access token will expire.+createTokenResponse_expiresIn :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Int)+createTokenResponse_expiresIn = Lens.lens (\CreateTokenResponse' {expiresIn} -> expiresIn) (\s@CreateTokenResponse' {} a -> s {expiresIn = a} :: CreateTokenResponse)++-- | Currently, @idToken@ is not yet implemented and is not supported. For+-- more information about the features and limitations of the current IAM+-- Identity Center OIDC implementation, see /Considerations for Using this+-- Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- The identifier of the user that associated with the access token, if+-- present.+createTokenResponse_idToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_idToken = Lens.lens (\CreateTokenResponse' {idToken} -> idToken) (\s@CreateTokenResponse' {} a -> s {idToken = a} :: CreateTokenResponse)++-- | Currently, @refreshToken@ is not yet implemented and is not supported.+-- For more information about the features and limitations of the current+-- IAM Identity Center OIDC implementation, see /Considerations for Using+-- this Guide/ in the+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.+--+-- A token that, if present, can be used to refresh a previously issued+-- access token that might have expired.+createTokenResponse_refreshToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_refreshToken = Lens.lens (\CreateTokenResponse' {refreshToken} -> refreshToken) (\s@CreateTokenResponse' {} a -> s {refreshToken = a} :: CreateTokenResponse)++-- | Used to notify the client that the returned token is an access token.+-- The supported type is @BearerToken@.+createTokenResponse_tokenType :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)+createTokenResponse_tokenType = Lens.lens (\CreateTokenResponse' {tokenType} -> tokenType) (\s@CreateTokenResponse' {} a -> s {tokenType = a} :: CreateTokenResponse)++-- | The response's http status code.+createTokenResponse_httpStatus :: Lens.Lens' CreateTokenResponse Prelude.Int+createTokenResponse_httpStatus = Lens.lens (\CreateTokenResponse' {httpStatus} -> httpStatus) (\s@CreateTokenResponse' {} a -> s {httpStatus = a} :: CreateTokenResponse)++instance Prelude.NFData CreateTokenResponse where+  rnf CreateTokenResponse' {..} =+    Prelude.rnf accessToken+      `Prelude.seq` Prelude.rnf expiresIn+      `Prelude.seq` Prelude.rnf idToken+      `Prelude.seq` Prelude.rnf refreshToken+      `Prelude.seq` Prelude.rnf tokenType+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/SSOOIDC/Lens.hs view
@@ -0,0 +1,63 @@+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.SSOOIDC.Lens+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.SSOOIDC.Lens+  ( -- * Operations++    -- ** CreateToken+    createToken_code,+    createToken_deviceCode,+    createToken_redirectUri,+    createToken_refreshToken,+    createToken_scope,+    createToken_clientId,+    createToken_clientSecret,+    createToken_grantType,+    createTokenResponse_accessToken,+    createTokenResponse_expiresIn,+    createTokenResponse_idToken,+    createTokenResponse_refreshToken,+    createTokenResponse_tokenType,+    createTokenResponse_httpStatus,++    -- ** RegisterClient+    registerClient_scopes,+    registerClient_clientName,+    registerClient_clientType,+    registerClientResponse_authorizationEndpoint,+    registerClientResponse_clientId,+    registerClientResponse_clientIdIssuedAt,+    registerClientResponse_clientSecret,+    registerClientResponse_clientSecretExpiresAt,+    registerClientResponse_tokenEndpoint,+    registerClientResponse_httpStatus,++    -- ** StartDeviceAuthorization+    startDeviceAuthorization_clientId,+    startDeviceAuthorization_clientSecret,+    startDeviceAuthorization_startUrl,+    startDeviceAuthorizationResponse_deviceCode,+    startDeviceAuthorizationResponse_expiresIn,+    startDeviceAuthorizationResponse_interval,+    startDeviceAuthorizationResponse_userCode,+    startDeviceAuthorizationResponse_verificationUri,+    startDeviceAuthorizationResponse_verificationUriComplete,+    startDeviceAuthorizationResponse_httpStatus,++    -- * Types+  )+where++import Amazonka.SSOOIDC.CreateToken+import Amazonka.SSOOIDC.RegisterClient+import Amazonka.SSOOIDC.StartDeviceAuthorization
+ gen/Amazonka/SSOOIDC/RegisterClient.hs view
@@ -0,0 +1,277 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.SSOOIDC.RegisterClient+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Registers a client with IAM Identity Center. This allows clients to+-- initiate device authorization. The output should be persisted for reuse+-- through many authentication requests.+module Amazonka.SSOOIDC.RegisterClient+  ( -- * Creating a Request+    RegisterClient (..),+    newRegisterClient,++    -- * Request Lenses+    registerClient_scopes,+    registerClient_clientName,+    registerClient_clientType,++    -- * Destructuring the Response+    RegisterClientResponse (..),+    newRegisterClientResponse,++    -- * Response Lenses+    registerClientResponse_authorizationEndpoint,+    registerClientResponse_clientId,+    registerClientResponse_clientIdIssuedAt,+    registerClientResponse_clientSecret,+    registerClientResponse_clientSecretExpiresAt,+    registerClientResponse_tokenEndpoint,+    registerClientResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response+import Amazonka.SSOOIDC.Types++-- | /See:/ 'newRegisterClient' smart constructor.+data RegisterClient = RegisterClient'+  { -- | The list of scopes that are defined by the client. Upon authorization,+    -- this list is used to restrict permissions when granting an access token.+    scopes :: Prelude.Maybe [Prelude.Text],+    -- | The friendly name of the client.+    clientName :: Prelude.Text,+    -- | The type of client. The service supports only @public@ as a client type.+    -- Anything other than public will be rejected by the service.+    clientType :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RegisterClient' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'scopes', 'registerClient_scopes' - The list of scopes that are defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+--+-- 'clientName', 'registerClient_clientName' - The friendly name of the client.+--+-- 'clientType', 'registerClient_clientType' - The type of client. The service supports only @public@ as a client type.+-- Anything other than public will be rejected by the service.+newRegisterClient ::+  -- | 'clientName'+  Prelude.Text ->+  -- | 'clientType'+  Prelude.Text ->+  RegisterClient+newRegisterClient pClientName_ pClientType_ =+  RegisterClient'+    { scopes = Prelude.Nothing,+      clientName = pClientName_,+      clientType = pClientType_+    }++-- | The list of scopes that are defined by the client. Upon authorization,+-- this list is used to restrict permissions when granting an access token.+registerClient_scopes :: Lens.Lens' RegisterClient (Prelude.Maybe [Prelude.Text])+registerClient_scopes = Lens.lens (\RegisterClient' {scopes} -> scopes) (\s@RegisterClient' {} a -> s {scopes = a} :: RegisterClient) Prelude.. Lens.mapping Lens.coerced++-- | The friendly name of the client.+registerClient_clientName :: Lens.Lens' RegisterClient Prelude.Text+registerClient_clientName = Lens.lens (\RegisterClient' {clientName} -> clientName) (\s@RegisterClient' {} a -> s {clientName = a} :: RegisterClient)++-- | The type of client. The service supports only @public@ as a client type.+-- Anything other than public will be rejected by the service.+registerClient_clientType :: Lens.Lens' RegisterClient Prelude.Text+registerClient_clientType = Lens.lens (\RegisterClient' {clientType} -> clientType) (\s@RegisterClient' {} a -> s {clientType = a} :: RegisterClient)++instance Core.AWSRequest RegisterClient where+  type+    AWSResponse RegisterClient =+      RegisterClientResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          RegisterClientResponse'+            Prelude.<$> (x Data..?> "authorizationEndpoint")+            Prelude.<*> (x Data..?> "clientId")+            Prelude.<*> (x Data..?> "clientIdIssuedAt")+            Prelude.<*> (x Data..?> "clientSecret")+            Prelude.<*> (x Data..?> "clientSecretExpiresAt")+            Prelude.<*> (x Data..?> "tokenEndpoint")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable RegisterClient where+  hashWithSalt _salt RegisterClient' {..} =+    _salt+      `Prelude.hashWithSalt` scopes+      `Prelude.hashWithSalt` clientName+      `Prelude.hashWithSalt` clientType++instance Prelude.NFData RegisterClient where+  rnf RegisterClient' {..} =+    Prelude.rnf scopes+      `Prelude.seq` Prelude.rnf clientName+      `Prelude.seq` Prelude.rnf clientType++instance Data.ToHeaders RegisterClient where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "Content-Type"+              Data.=# ( "application/x-amz-json-1.1" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON RegisterClient where+  toJSON RegisterClient' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("scopes" Data..=) Prelude.<$> scopes,+            Prelude.Just ("clientName" Data..= clientName),+            Prelude.Just ("clientType" Data..= clientType)+          ]+      )++instance Data.ToPath RegisterClient where+  toPath = Prelude.const "/client/register"++instance Data.ToQuery RegisterClient where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newRegisterClientResponse' smart constructor.+data RegisterClientResponse = RegisterClientResponse'+  { -- | The endpoint where the client can request authorization.+    authorizationEndpoint :: Prelude.Maybe Prelude.Text,+    -- | The unique identifier string for each client. This client uses this+    -- identifier to get authenticated by the service in subsequent calls.+    clientId :: Prelude.Maybe Prelude.Text,+    -- | Indicates the time at which the @clientId@ and @clientSecret@ were+    -- issued.+    clientIdIssuedAt :: Prelude.Maybe Prelude.Integer,+    -- | A secret string generated for the client. The client will use this+    -- string to get authenticated by the service in subsequent calls.+    clientSecret :: Prelude.Maybe Prelude.Text,+    -- | Indicates the time at which the @clientId@ and @clientSecret@ will+    -- become invalid.+    clientSecretExpiresAt :: Prelude.Maybe Prelude.Integer,+    -- | The endpoint where the client can get an access token.+    tokenEndpoint :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RegisterClientResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'authorizationEndpoint', 'registerClientResponse_authorizationEndpoint' - The endpoint where the client can request authorization.+--+-- 'clientId', 'registerClientResponse_clientId' - The unique identifier string for each client. This client uses this+-- identifier to get authenticated by the service in subsequent calls.+--+-- 'clientIdIssuedAt', 'registerClientResponse_clientIdIssuedAt' - Indicates the time at which the @clientId@ and @clientSecret@ were+-- issued.+--+-- 'clientSecret', 'registerClientResponse_clientSecret' - A secret string generated for the client. The client will use this+-- string to get authenticated by the service in subsequent calls.+--+-- 'clientSecretExpiresAt', 'registerClientResponse_clientSecretExpiresAt' - Indicates the time at which the @clientId@ and @clientSecret@ will+-- become invalid.+--+-- 'tokenEndpoint', 'registerClientResponse_tokenEndpoint' - The endpoint where the client can get an access token.+--+-- 'httpStatus', 'registerClientResponse_httpStatus' - The response's http status code.+newRegisterClientResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  RegisterClientResponse+newRegisterClientResponse pHttpStatus_ =+  RegisterClientResponse'+    { authorizationEndpoint =+        Prelude.Nothing,+      clientId = Prelude.Nothing,+      clientIdIssuedAt = Prelude.Nothing,+      clientSecret = Prelude.Nothing,+      clientSecretExpiresAt = Prelude.Nothing,+      tokenEndpoint = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The endpoint where the client can request authorization.+registerClientResponse_authorizationEndpoint :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_authorizationEndpoint = Lens.lens (\RegisterClientResponse' {authorizationEndpoint} -> authorizationEndpoint) (\s@RegisterClientResponse' {} a -> s {authorizationEndpoint = a} :: RegisterClientResponse)++-- | The unique identifier string for each client. This client uses this+-- identifier to get authenticated by the service in subsequent calls.+registerClientResponse_clientId :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_clientId = Lens.lens (\RegisterClientResponse' {clientId} -> clientId) (\s@RegisterClientResponse' {} a -> s {clientId = a} :: RegisterClientResponse)++-- | Indicates the time at which the @clientId@ and @clientSecret@ were+-- issued.+registerClientResponse_clientIdIssuedAt :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Integer)+registerClientResponse_clientIdIssuedAt = Lens.lens (\RegisterClientResponse' {clientIdIssuedAt} -> clientIdIssuedAt) (\s@RegisterClientResponse' {} a -> s {clientIdIssuedAt = a} :: RegisterClientResponse)++-- | A secret string generated for the client. The client will use this+-- string to get authenticated by the service in subsequent calls.+registerClientResponse_clientSecret :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_clientSecret = Lens.lens (\RegisterClientResponse' {clientSecret} -> clientSecret) (\s@RegisterClientResponse' {} a -> s {clientSecret = a} :: RegisterClientResponse)++-- | Indicates the time at which the @clientId@ and @clientSecret@ will+-- become invalid.+registerClientResponse_clientSecretExpiresAt :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Integer)+registerClientResponse_clientSecretExpiresAt = Lens.lens (\RegisterClientResponse' {clientSecretExpiresAt} -> clientSecretExpiresAt) (\s@RegisterClientResponse' {} a -> s {clientSecretExpiresAt = a} :: RegisterClientResponse)++-- | The endpoint where the client can get an access token.+registerClientResponse_tokenEndpoint :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)+registerClientResponse_tokenEndpoint = Lens.lens (\RegisterClientResponse' {tokenEndpoint} -> tokenEndpoint) (\s@RegisterClientResponse' {} a -> s {tokenEndpoint = a} :: RegisterClientResponse)++-- | The response's http status code.+registerClientResponse_httpStatus :: Lens.Lens' RegisterClientResponse Prelude.Int+registerClientResponse_httpStatus = Lens.lens (\RegisterClientResponse' {httpStatus} -> httpStatus) (\s@RegisterClientResponse' {} a -> s {httpStatus = a} :: RegisterClientResponse)++instance Prelude.NFData RegisterClientResponse where+  rnf RegisterClientResponse' {..} =+    Prelude.rnf authorizationEndpoint+      `Prelude.seq` Prelude.rnf clientId+      `Prelude.seq` Prelude.rnf clientIdIssuedAt+      `Prelude.seq` Prelude.rnf clientSecret+      `Prelude.seq` Prelude.rnf clientSecretExpiresAt+      `Prelude.seq` Prelude.rnf tokenEndpoint+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/SSOOIDC/StartDeviceAuthorization.hs view
@@ -0,0 +1,302 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.SSOOIDC.StartDeviceAuthorization+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Initiates device authorization by requesting a pair of verification+-- codes from the authorization service.+module Amazonka.SSOOIDC.StartDeviceAuthorization+  ( -- * Creating a Request+    StartDeviceAuthorization (..),+    newStartDeviceAuthorization,++    -- * Request Lenses+    startDeviceAuthorization_clientId,+    startDeviceAuthorization_clientSecret,+    startDeviceAuthorization_startUrl,++    -- * Destructuring the Response+    StartDeviceAuthorizationResponse (..),+    newStartDeviceAuthorizationResponse,++    -- * Response Lenses+    startDeviceAuthorizationResponse_deviceCode,+    startDeviceAuthorizationResponse_expiresIn,+    startDeviceAuthorizationResponse_interval,+    startDeviceAuthorizationResponse_userCode,+    startDeviceAuthorizationResponse_verificationUri,+    startDeviceAuthorizationResponse_verificationUriComplete,+    startDeviceAuthorizationResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response+import Amazonka.SSOOIDC.Types++-- | /See:/ 'newStartDeviceAuthorization' smart constructor.+data StartDeviceAuthorization = StartDeviceAuthorization'+  { -- | The unique identifier string for the client that is registered with IAM+    -- Identity Center. This value should come from the persisted result of the+    -- RegisterClient API operation.+    clientId :: Prelude.Text,+    -- | A secret string that is generated for the client. This value should come+    -- from the persisted result of the RegisterClient API operation.+    clientSecret :: Prelude.Text,+    -- | The URL for the AWS access portal. For more information, see+    -- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>+    -- in the /IAM Identity Center User Guide/.+    startUrl :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StartDeviceAuthorization' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'clientId', 'startDeviceAuthorization_clientId' - The unique identifier string for the client that is registered with IAM+-- Identity Center. This value should come from the persisted result of the+-- RegisterClient API operation.+--+-- 'clientSecret', 'startDeviceAuthorization_clientSecret' - A secret string that is generated for the client. This value should come+-- from the persisted result of the RegisterClient API operation.+--+-- 'startUrl', 'startDeviceAuthorization_startUrl' - The URL for the AWS access portal. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>+-- in the /IAM Identity Center User Guide/.+newStartDeviceAuthorization ::+  -- | 'clientId'+  Prelude.Text ->+  -- | 'clientSecret'+  Prelude.Text ->+  -- | 'startUrl'+  Prelude.Text ->+  StartDeviceAuthorization+newStartDeviceAuthorization+  pClientId_+  pClientSecret_+  pStartUrl_ =+    StartDeviceAuthorization'+      { clientId = pClientId_,+        clientSecret = pClientSecret_,+        startUrl = pStartUrl_+      }++-- | The unique identifier string for the client that is registered with IAM+-- Identity Center. This value should come from the persisted result of the+-- RegisterClient API operation.+startDeviceAuthorization_clientId :: Lens.Lens' StartDeviceAuthorization Prelude.Text+startDeviceAuthorization_clientId = Lens.lens (\StartDeviceAuthorization' {clientId} -> clientId) (\s@StartDeviceAuthorization' {} a -> s {clientId = a} :: StartDeviceAuthorization)++-- | A secret string that is generated for the client. This value should come+-- from the persisted result of the RegisterClient API operation.+startDeviceAuthorization_clientSecret :: Lens.Lens' StartDeviceAuthorization Prelude.Text+startDeviceAuthorization_clientSecret = Lens.lens (\StartDeviceAuthorization' {clientSecret} -> clientSecret) (\s@StartDeviceAuthorization' {} a -> s {clientSecret = a} :: StartDeviceAuthorization)++-- | The URL for the AWS access portal. For more information, see+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>+-- in the /IAM Identity Center User Guide/.+startDeviceAuthorization_startUrl :: Lens.Lens' StartDeviceAuthorization Prelude.Text+startDeviceAuthorization_startUrl = Lens.lens (\StartDeviceAuthorization' {startUrl} -> startUrl) (\s@StartDeviceAuthorization' {} a -> s {startUrl = a} :: StartDeviceAuthorization)++instance Core.AWSRequest StartDeviceAuthorization where+  type+    AWSResponse StartDeviceAuthorization =+      StartDeviceAuthorizationResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          StartDeviceAuthorizationResponse'+            Prelude.<$> (x Data..?> "deviceCode")+            Prelude.<*> (x Data..?> "expiresIn")+            Prelude.<*> (x Data..?> "interval")+            Prelude.<*> (x Data..?> "userCode")+            Prelude.<*> (x Data..?> "verificationUri")+            Prelude.<*> (x Data..?> "verificationUriComplete")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable StartDeviceAuthorization where+  hashWithSalt _salt StartDeviceAuthorization' {..} =+    _salt+      `Prelude.hashWithSalt` clientId+      `Prelude.hashWithSalt` clientSecret+      `Prelude.hashWithSalt` startUrl++instance Prelude.NFData StartDeviceAuthorization where+  rnf StartDeviceAuthorization' {..} =+    Prelude.rnf clientId+      `Prelude.seq` Prelude.rnf clientSecret+      `Prelude.seq` Prelude.rnf startUrl++instance Data.ToHeaders StartDeviceAuthorization where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "Content-Type"+              Data.=# ( "application/x-amz-json-1.1" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON StartDeviceAuthorization where+  toJSON StartDeviceAuthorization' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("clientId" Data..= clientId),+            Prelude.Just ("clientSecret" Data..= clientSecret),+            Prelude.Just ("startUrl" Data..= startUrl)+          ]+      )++instance Data.ToPath StartDeviceAuthorization where+  toPath = Prelude.const "/device_authorization"++instance Data.ToQuery StartDeviceAuthorization where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newStartDeviceAuthorizationResponse' smart constructor.+data StartDeviceAuthorizationResponse = StartDeviceAuthorizationResponse'+  { -- | The short-lived code that is used by the device when polling for a+    -- session token.+    deviceCode :: Prelude.Maybe Prelude.Text,+    -- | Indicates the number of seconds in which the verification code will+    -- become invalid.+    expiresIn :: Prelude.Maybe Prelude.Int,+    -- | Indicates the number of seconds the client must wait between attempts+    -- when polling for a session.+    interval :: Prelude.Maybe Prelude.Int,+    -- | A one-time user verification code. This is needed to authorize an in-use+    -- device.+    userCode :: Prelude.Maybe Prelude.Text,+    -- | The URI of the verification page that takes the @userCode@ to authorize+    -- the device.+    verificationUri :: Prelude.Maybe Prelude.Text,+    -- | An alternate URL that the client can use to automatically launch a+    -- browser. This process skips the manual step in which the user visits the+    -- verification page and enters their code.+    verificationUriComplete :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StartDeviceAuthorizationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'deviceCode', 'startDeviceAuthorizationResponse_deviceCode' - The short-lived code that is used by the device when polling for a+-- session token.+--+-- 'expiresIn', 'startDeviceAuthorizationResponse_expiresIn' - Indicates the number of seconds in which the verification code will+-- become invalid.+--+-- 'interval', 'startDeviceAuthorizationResponse_interval' - Indicates the number of seconds the client must wait between attempts+-- when polling for a session.+--+-- 'userCode', 'startDeviceAuthorizationResponse_userCode' - A one-time user verification code. This is needed to authorize an in-use+-- device.+--+-- 'verificationUri', 'startDeviceAuthorizationResponse_verificationUri' - The URI of the verification page that takes the @userCode@ to authorize+-- the device.+--+-- 'verificationUriComplete', 'startDeviceAuthorizationResponse_verificationUriComplete' - An alternate URL that the client can use to automatically launch a+-- browser. This process skips the manual step in which the user visits the+-- verification page and enters their code.+--+-- 'httpStatus', 'startDeviceAuthorizationResponse_httpStatus' - The response's http status code.+newStartDeviceAuthorizationResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  StartDeviceAuthorizationResponse+newStartDeviceAuthorizationResponse pHttpStatus_ =+  StartDeviceAuthorizationResponse'+    { deviceCode =+        Prelude.Nothing,+      expiresIn = Prelude.Nothing,+      interval = Prelude.Nothing,+      userCode = Prelude.Nothing,+      verificationUri = Prelude.Nothing,+      verificationUriComplete = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The short-lived code that is used by the device when polling for a+-- session token.+startDeviceAuthorizationResponse_deviceCode :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_deviceCode = Lens.lens (\StartDeviceAuthorizationResponse' {deviceCode} -> deviceCode) (\s@StartDeviceAuthorizationResponse' {} a -> s {deviceCode = a} :: StartDeviceAuthorizationResponse)++-- | Indicates the number of seconds in which the verification code will+-- become invalid.+startDeviceAuthorizationResponse_expiresIn :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Int)+startDeviceAuthorizationResponse_expiresIn = Lens.lens (\StartDeviceAuthorizationResponse' {expiresIn} -> expiresIn) (\s@StartDeviceAuthorizationResponse' {} a -> s {expiresIn = a} :: StartDeviceAuthorizationResponse)++-- | Indicates the number of seconds the client must wait between attempts+-- when polling for a session.+startDeviceAuthorizationResponse_interval :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Int)+startDeviceAuthorizationResponse_interval = Lens.lens (\StartDeviceAuthorizationResponse' {interval} -> interval) (\s@StartDeviceAuthorizationResponse' {} a -> s {interval = a} :: StartDeviceAuthorizationResponse)++-- | A one-time user verification code. This is needed to authorize an in-use+-- device.+startDeviceAuthorizationResponse_userCode :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_userCode = Lens.lens (\StartDeviceAuthorizationResponse' {userCode} -> userCode) (\s@StartDeviceAuthorizationResponse' {} a -> s {userCode = a} :: StartDeviceAuthorizationResponse)++-- | The URI of the verification page that takes the @userCode@ to authorize+-- the device.+startDeviceAuthorizationResponse_verificationUri :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_verificationUri = Lens.lens (\StartDeviceAuthorizationResponse' {verificationUri} -> verificationUri) (\s@StartDeviceAuthorizationResponse' {} a -> s {verificationUri = a} :: StartDeviceAuthorizationResponse)++-- | An alternate URL that the client can use to automatically launch a+-- browser. This process skips the manual step in which the user visits the+-- verification page and enters their code.+startDeviceAuthorizationResponse_verificationUriComplete :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)+startDeviceAuthorizationResponse_verificationUriComplete = Lens.lens (\StartDeviceAuthorizationResponse' {verificationUriComplete} -> verificationUriComplete) (\s@StartDeviceAuthorizationResponse' {} a -> s {verificationUriComplete = a} :: StartDeviceAuthorizationResponse)++-- | The response's http status code.+startDeviceAuthorizationResponse_httpStatus :: Lens.Lens' StartDeviceAuthorizationResponse Prelude.Int+startDeviceAuthorizationResponse_httpStatus = Lens.lens (\StartDeviceAuthorizationResponse' {httpStatus} -> httpStatus) (\s@StartDeviceAuthorizationResponse' {} a -> s {httpStatus = a} :: StartDeviceAuthorizationResponse)++instance+  Prelude.NFData+    StartDeviceAuthorizationResponse+  where+  rnf StartDeviceAuthorizationResponse' {..} =+    Prelude.rnf deviceCode+      `Prelude.seq` Prelude.rnf expiresIn+      `Prelude.seq` Prelude.rnf interval+      `Prelude.seq` Prelude.rnf userCode+      `Prelude.seq` Prelude.rnf verificationUri+      `Prelude.seq` Prelude.rnf verificationUriComplete+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/SSOOIDC/Types.hs view
@@ -0,0 +1,217 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.SSOOIDC.Types+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.SSOOIDC.Types+  ( -- * Service Configuration+    defaultService,++    -- * Errors+    _AccessDeniedException,+    _AuthorizationPendingException,+    _ExpiredTokenException,+    _InternalServerException,+    _InvalidClientException,+    _InvalidClientMetadataException,+    _InvalidGrantException,+    _InvalidRequestException,+    _InvalidScopeException,+    _SlowDownException,+    _UnauthorizedClientException,+    _UnsupportedGrantTypeException,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Sign.V4 as Sign++-- | API version @2019-06-10@ of the Amazon SSO OIDC SDK configuration.+defaultService :: Core.Service+defaultService =+  Core.Service+    { Core.abbrev = "SSOOIDC",+      Core.signer = Sign.v4,+      Core.endpointPrefix = "oidc",+      Core.signingName = "awsssooidc",+      Core.version = "2019-06-10",+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,+      Core.endpoint = Core.defaultEndpoint defaultService,+      Core.timeout = Prelude.Just 70,+      Core.check = Core.statusSuccess,+      Core.error = Core.parseJSONError "SSOOIDC",+      Core.retry = retry+    }+  where+    retry =+      Core.Exponential+        { Core.base = 5.0e-2,+          Core.growth = 2,+          Core.attempts = 5,+          Core.check = check+        }+    check e+      | Lens.has (Core.hasStatus 502) e =+          Prelude.Just "bad_gateway"+      | Lens.has (Core.hasStatus 504) e =+          Prelude.Just "gateway_timeout"+      | Lens.has (Core.hasStatus 500) e =+          Prelude.Just "general_server_error"+      | Lens.has (Core.hasStatus 509) e =+          Prelude.Just "limit_exceeded"+      | Lens.has+          ( Core.hasCode "RequestThrottledException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "request_throttled_exception"+      | Lens.has (Core.hasStatus 503) e =+          Prelude.Just "service_unavailable"+      | Lens.has+          ( Core.hasCode "ThrottledException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throttled_exception"+      | Lens.has+          ( Core.hasCode "Throttling"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throttling"+      | Lens.has+          ( Core.hasCode "ThrottlingException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throttling_exception"+      | Lens.has+          ( Core.hasCode+              "ProvisionedThroughputExceededException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throughput_exceeded"+      | Lens.has (Core.hasStatus 429) e =+          Prelude.Just "too_many_requests"+      | Prelude.otherwise = Prelude.Nothing++-- | You do not have sufficient access to perform this action.+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_AccessDeniedException =+  Core._MatchServiceError+    defaultService+    "AccessDeniedException"+    Prelude.. Core.hasStatus 400++-- | Indicates that a request to authorize a client with an access user+-- session token is pending.+_AuthorizationPendingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_AuthorizationPendingException =+  Core._MatchServiceError+    defaultService+    "AuthorizationPendingException"+    Prelude.. Core.hasStatus 400++-- | Indicates that the token issued by the service is expired and is no+-- longer valid.+_ExpiredTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_ExpiredTokenException =+  Core._MatchServiceError+    defaultService+    "ExpiredTokenException"+    Prelude.. Core.hasStatus 400++-- | Indicates that an error from the service occurred while trying to+-- process a request.+_InternalServerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InternalServerException =+  Core._MatchServiceError+    defaultService+    "InternalServerException"+    Prelude.. Core.hasStatus 500++-- | Indicates that the @clientId@ or @clientSecret@ in the request is+-- invalid. For example, this can occur when a client sends an incorrect+-- @clientId@ or an expired @clientSecret@.+_InvalidClientException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidClientException =+  Core._MatchServiceError+    defaultService+    "InvalidClientException"+    Prelude.. Core.hasStatus 401++-- | Indicates that the client information sent in the request during+-- registration is invalid.+_InvalidClientMetadataException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidClientMetadataException =+  Core._MatchServiceError+    defaultService+    "InvalidClientMetadataException"+    Prelude.. Core.hasStatus 400++-- | Indicates that a request contains an invalid grant. This can occur if a+-- client makes a CreateToken request with an invalid grant type.+_InvalidGrantException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidGrantException =+  Core._MatchServiceError+    defaultService+    "InvalidGrantException"+    Prelude.. Core.hasStatus 400++-- | Indicates that something is wrong with the input to the request. For+-- example, a required parameter might be missing or out of range.+_InvalidRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidRequestException =+  Core._MatchServiceError+    defaultService+    "InvalidRequestException"+    Prelude.. Core.hasStatus 400++-- | Indicates that the scope provided in the request is invalid.+_InvalidScopeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidScopeException =+  Core._MatchServiceError+    defaultService+    "InvalidScopeException"+    Prelude.. Core.hasStatus 400++-- | Indicates that the client is making the request too frequently and is+-- more than the service can handle.+_SlowDownException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_SlowDownException =+  Core._MatchServiceError+    defaultService+    "SlowDownException"+    Prelude.. Core.hasStatus 400++-- | Indicates that the client is not currently authorized to make the+-- request. This can happen when a @clientId@ is not issued for a public+-- client.+_UnauthorizedClientException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_UnauthorizedClientException =+  Core._MatchServiceError+    defaultService+    "UnauthorizedClientException"+    Prelude.. Core.hasStatus 400++-- | Indicates that the grant type in the request is not supported by the+-- service.+_UnsupportedGrantTypeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_UnsupportedGrantTypeException =+  Core._MatchServiceError+    defaultService+    "UnsupportedGrantTypeException"+    Prelude.. Core.hasStatus 400
+ gen/Amazonka/SSOOIDC/Waiters.hs view
@@ -0,0 +1,24 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.SSOOIDC.Waiters+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.SSOOIDC.Waiters where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude+import Amazonka.SSOOIDC.Lens+import Amazonka.SSOOIDC.Types
+ src/.gitkeep view
+ test/Main.hs view
@@ -0,0 +1,23 @@+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module      : Main+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Main (main) where++import Test.Amazonka.SSOOIDC+import Test.Amazonka.SSOOIDC.Internal+import Test.Tasty++main :: IO ()+main =+  defaultMain $+    testGroup+      "SSOOIDC"+      [ testGroup "tests" tests,+        testGroup "fixtures" fixtures+      ]
+ test/Test/Amazonka/Gen/SSOOIDC.hs view
@@ -0,0 +1,98 @@+{-# OPTIONS_GHC -fno-warn-orphans #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Test.Amazonka.Gen.SSOOIDC+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.Gen.SSOOIDC where++import Amazonka.SSOOIDC+import qualified Data.Proxy as Proxy+import Test.Amazonka.Fixture+import Test.Amazonka.Prelude+import Test.Amazonka.SSOOIDC.Internal+import Test.Tasty++-- Auto-generated: the actual test selection needs to be manually placed into+-- the top-level so that real test data can be incrementally added.+--+-- This commented snippet is what the entire set should look like:++-- fixtures :: TestTree+-- fixtures =+--     [ testGroup "request"+--         [ requestCreateToken $+--             newCreateToken+--+--         , requestRegisterClient $+--             newRegisterClient+--+--         , requestStartDeviceAuthorization $+--             newStartDeviceAuthorization+--+--           ]++--     , testGroup "response"+--         [ responseCreateToken $+--             newCreateTokenResponse+--+--         , responseRegisterClient $+--             newRegisterClientResponse+--+--         , responseStartDeviceAuthorization $+--             newStartDeviceAuthorizationResponse+--+--           ]+--     ]++-- Requests++requestCreateToken :: CreateToken -> TestTree+requestCreateToken =+  req+    "CreateToken"+    "fixture/CreateToken.yaml"++requestRegisterClient :: RegisterClient -> TestTree+requestRegisterClient =+  req+    "RegisterClient"+    "fixture/RegisterClient.yaml"++requestStartDeviceAuthorization :: StartDeviceAuthorization -> TestTree+requestStartDeviceAuthorization =+  req+    "StartDeviceAuthorization"+    "fixture/StartDeviceAuthorization.yaml"++-- Responses++responseCreateToken :: CreateTokenResponse -> TestTree+responseCreateToken =+  res+    "CreateTokenResponse"+    "fixture/CreateTokenResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy CreateToken)++responseRegisterClient :: RegisterClientResponse -> TestTree+responseRegisterClient =+  res+    "RegisterClientResponse"+    "fixture/RegisterClientResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy RegisterClient)++responseStartDeviceAuthorization :: StartDeviceAuthorizationResponse -> TestTree+responseStartDeviceAuthorization =+  res+    "StartDeviceAuthorizationResponse"+    "fixture/StartDeviceAuthorizationResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy StartDeviceAuthorization)
+ test/Test/Amazonka/SSOOIDC.hs view
@@ -0,0 +1,20 @@+-- |+-- Module      : Test.Amazonka.SSOOIDC+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.SSOOIDC+  ( tests,+    fixtures,+  )+where++import Test.Tasty (TestTree)++tests :: [TestTree]+tests = []++fixtures :: [TestTree]+fixtures = []
+ test/Test/Amazonka/SSOOIDC/Internal.hs view
@@ -0,0 +1,8 @@+-- |+-- Module      : Test.Amazonka.SSOOIDC.Internal+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.SSOOIDC.Internal where