diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon SSO OIDC SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-sso-oidc)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.SSOOIDC](http://hackage.haskell.org/package/amazonka-sso-oidc/docs/Amazonka-SSOOIDC.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-sso-oidc` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-sso-oidc.cabal b/amazonka-sso-oidc.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-sso-oidc.cabal
@@ -0,0 +1,86 @@
+cabal-version:      2.2
+name:               amazonka-sso-oidc
+version:            2.0
+synopsis:           Amazon SSO OIDC SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.SSOOIDC.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.SSOOIDC" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-sso-oidc
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.SSOOIDC
+    Amazonka.SSOOIDC.CreateToken
+    Amazonka.SSOOIDC.Lens
+    Amazonka.SSOOIDC.RegisterClient
+    Amazonka.SSOOIDC.StartDeviceAuthorization
+    Amazonka.SSOOIDC.Types
+    Amazonka.SSOOIDC.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-sso-oidc-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.SSOOIDC
+    Test.Amazonka.SSOOIDC
+    Test.Amazonka.SSOOIDC.Internal
+
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-sso-oidc
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/CreateToken.yaml b/fixture/CreateToken.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateToken.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  oidc.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateTokenResponse.proto b/fixture/CreateTokenResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateTokenResponse.proto
diff --git a/fixture/RegisterClient.yaml b/fixture/RegisterClient.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/RegisterClient.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  oidc.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/RegisterClientResponse.proto b/fixture/RegisterClientResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/RegisterClientResponse.proto
diff --git a/fixture/StartDeviceAuthorization.yaml b/fixture/StartDeviceAuthorization.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/StartDeviceAuthorization.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/oidc/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  oidc.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/StartDeviceAuthorizationResponse.proto b/fixture/StartDeviceAuthorizationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/StartDeviceAuthorizationResponse.proto
diff --git a/gen/Amazonka/SSOOIDC.hs b/gen/Amazonka/SSOOIDC.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC.hs
@@ -0,0 +1,159 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.SSOOIDC
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect
+-- (OIDC) is a web service that enables a client (such as AWS CLI or a
+-- native application) to register with IAM Identity Center. The service
+-- also enables the client to fetch the user’s access token upon successful
+-- authentication and authorization with IAM Identity Center.
+--
+-- Although AWS Single Sign-On was renamed, the @sso@ and @identitystore@
+-- API namespaces will continue to retain their original name for backward
+-- compatibility purposes. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed IAM Identity Center rename>.
+--
+-- __Considerations for Using This Guide__
+--
+-- Before you begin using this guide, we recommend that you first review
+-- the following important information about how the IAM Identity Center
+-- OIDC service works.
+--
+-- -   The IAM Identity Center OIDC service currently implements only the
+--     portions of the OAuth 2.0 Device Authorization Grant standard
+--     (<https://tools.ietf.org/html/rfc8628>) that are necessary to enable
+--     single sign-on authentication with the AWS CLI. Support for other
+--     OIDC flows frequently needed for native applications, such as
+--     Authorization Code Flow (+ PKCE), will be addressed in future
+--     releases.
+--
+-- -   The service emits only OIDC access tokens, such that obtaining a new
+--     token (For example, token refresh) requires explicit user
+--     re-authentication.
+--
+-- -   The access tokens provided by this service grant access to all AWS
+--     account entitlements assigned to an IAM Identity Center user, not
+--     just a particular application.
+--
+-- -   The documentation in this guide does not describe the mechanism to
+--     convert the access token into AWS Auth (“sigv4”) credentials for use
+--     with IAM-protected AWS service endpoints. For more information, see
+--     <https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html GetRoleCredentials>
+--     in the /IAM Identity Center Portal API Reference Guide/.
+--
+-- For general information about IAM Identity Center, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html What is IAM Identity Center?>
+-- in the /IAM Identity Center User Guide/.
+module Amazonka.SSOOIDC
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** AuthorizationPendingException
+    _AuthorizationPendingException,
+
+    -- ** ExpiredTokenException
+    _ExpiredTokenException,
+
+    -- ** InternalServerException
+    _InternalServerException,
+
+    -- ** InvalidClientException
+    _InvalidClientException,
+
+    -- ** InvalidClientMetadataException
+    _InvalidClientMetadataException,
+
+    -- ** InvalidGrantException
+    _InvalidGrantException,
+
+    -- ** InvalidRequestException
+    _InvalidRequestException,
+
+    -- ** InvalidScopeException
+    _InvalidScopeException,
+
+    -- ** SlowDownException
+    _SlowDownException,
+
+    -- ** UnauthorizedClientException
+    _UnauthorizedClientException,
+
+    -- ** UnsupportedGrantTypeException
+    _UnsupportedGrantTypeException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** CreateToken
+    CreateToken (CreateToken'),
+    newCreateToken,
+    CreateTokenResponse (CreateTokenResponse'),
+    newCreateTokenResponse,
+
+    -- ** RegisterClient
+    RegisterClient (RegisterClient'),
+    newRegisterClient,
+    RegisterClientResponse (RegisterClientResponse'),
+    newRegisterClientResponse,
+
+    -- ** StartDeviceAuthorization
+    StartDeviceAuthorization (StartDeviceAuthorization'),
+    newStartDeviceAuthorization,
+    StartDeviceAuthorizationResponse (StartDeviceAuthorizationResponse'),
+    newStartDeviceAuthorizationResponse,
+
+    -- * Types
+  )
+where
+
+import Amazonka.SSOOIDC.CreateToken
+import Amazonka.SSOOIDC.Lens
+import Amazonka.SSOOIDC.RegisterClient
+import Amazonka.SSOOIDC.StartDeviceAuthorization
+import Amazonka.SSOOIDC.Types
+import Amazonka.SSOOIDC.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'SSOOIDC'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/SSOOIDC/CreateToken.hs b/gen/Amazonka/SSOOIDC/CreateToken.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC/CreateToken.hs
@@ -0,0 +1,428 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOOIDC.CreateToken
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates and returns an access token for the authorized client. The
+-- access token issued will be used to fetch short-term credentials for the
+-- assigned roles in the AWS account.
+module Amazonka.SSOOIDC.CreateToken
+  ( -- * Creating a Request
+    CreateToken (..),
+    newCreateToken,
+
+    -- * Request Lenses
+    createToken_code,
+    createToken_deviceCode,
+    createToken_redirectUri,
+    createToken_refreshToken,
+    createToken_scope,
+    createToken_clientId,
+    createToken_clientSecret,
+    createToken_grantType,
+
+    -- * Destructuring the Response
+    CreateTokenResponse (..),
+    newCreateTokenResponse,
+
+    -- * Response Lenses
+    createTokenResponse_accessToken,
+    createTokenResponse_expiresIn,
+    createTokenResponse_idToken,
+    createTokenResponse_refreshToken,
+    createTokenResponse_tokenType,
+    createTokenResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOOIDC.Types
+
+-- | /See:/ 'newCreateToken' smart constructor.
+data CreateToken = CreateToken'
+  { -- | The authorization code received from the authorization service. This
+    -- parameter is required to perform an authorization grant request to get
+    -- access to a token.
+    code :: Prelude.Maybe Prelude.Text,
+    -- | Used only when calling this API for the device code grant type. This
+    -- short-term code is used to identify this authentication attempt. This
+    -- should come from an in-memory reference to the result of the
+    -- StartDeviceAuthorization API.
+    deviceCode :: Prelude.Maybe Prelude.Text,
+    -- | The location of the application that will receive the authorization
+    -- code. Users authorize the service to send the request to this location.
+    redirectUri :: Prelude.Maybe Prelude.Text,
+    -- | Currently, @refreshToken@ is not yet implemented and is not supported.
+    -- For more information about the features and limitations of the current
+    -- IAM Identity Center OIDC implementation, see /Considerations for Using
+    -- this Guide/ in the
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+    --
+    -- The token used to obtain an access token in the event that the access
+    -- token is invalid or expired.
+    refreshToken :: Prelude.Maybe Prelude.Text,
+    -- | The list of scopes that is defined by the client. Upon authorization,
+    -- this list is used to restrict permissions when granting an access token.
+    scope :: Prelude.Maybe [Prelude.Text],
+    -- | The unique identifier string for each client. This value should come
+    -- from the persisted result of the RegisterClient API.
+    clientId :: Prelude.Text,
+    -- | A secret string generated for the client. This value should come from
+    -- the persisted result of the RegisterClient API.
+    clientSecret :: Prelude.Text,
+    -- | Supports grant types for the authorization code, refresh token, and
+    -- device code request. For device code requests, specify the following
+    -- value:
+    --
+    -- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @
+    --
+    -- For information about how to obtain the device code, see the
+    -- StartDeviceAuthorization topic.
+    grantType :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateToken' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'createToken_code' - The authorization code received from the authorization service. This
+-- parameter is required to perform an authorization grant request to get
+-- access to a token.
+--
+-- 'deviceCode', 'createToken_deviceCode' - Used only when calling this API for the device code grant type. This
+-- short-term code is used to identify this authentication attempt. This
+-- should come from an in-memory reference to the result of the
+-- StartDeviceAuthorization API.
+--
+-- 'redirectUri', 'createToken_redirectUri' - The location of the application that will receive the authorization
+-- code. Users authorize the service to send the request to this location.
+--
+-- 'refreshToken', 'createToken_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.
+-- For more information about the features and limitations of the current
+-- IAM Identity Center OIDC implementation, see /Considerations for Using
+-- this Guide/ in the
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+--
+-- The token used to obtain an access token in the event that the access
+-- token is invalid or expired.
+--
+-- 'scope', 'createToken_scope' - The list of scopes that is defined by the client. Upon authorization,
+-- this list is used to restrict permissions when granting an access token.
+--
+-- 'clientId', 'createToken_clientId' - The unique identifier string for each client. This value should come
+-- from the persisted result of the RegisterClient API.
+--
+-- 'clientSecret', 'createToken_clientSecret' - A secret string generated for the client. This value should come from
+-- the persisted result of the RegisterClient API.
+--
+-- 'grantType', 'createToken_grantType' - Supports grant types for the authorization code, refresh token, and
+-- device code request. For device code requests, specify the following
+-- value:
+--
+-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @
+--
+-- For information about how to obtain the device code, see the
+-- StartDeviceAuthorization topic.
+newCreateToken ::
+  -- | 'clientId'
+  Prelude.Text ->
+  -- | 'clientSecret'
+  Prelude.Text ->
+  -- | 'grantType'
+  Prelude.Text ->
+  CreateToken
+newCreateToken pClientId_ pClientSecret_ pGrantType_ =
+  CreateToken'
+    { code = Prelude.Nothing,
+      deviceCode = Prelude.Nothing,
+      redirectUri = Prelude.Nothing,
+      refreshToken = Prelude.Nothing,
+      scope = Prelude.Nothing,
+      clientId = pClientId_,
+      clientSecret = pClientSecret_,
+      grantType = pGrantType_
+    }
+
+-- | The authorization code received from the authorization service. This
+-- parameter is required to perform an authorization grant request to get
+-- access to a token.
+createToken_code :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
+createToken_code = Lens.lens (\CreateToken' {code} -> code) (\s@CreateToken' {} a -> s {code = a} :: CreateToken)
+
+-- | Used only when calling this API for the device code grant type. This
+-- short-term code is used to identify this authentication attempt. This
+-- should come from an in-memory reference to the result of the
+-- StartDeviceAuthorization API.
+createToken_deviceCode :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
+createToken_deviceCode = Lens.lens (\CreateToken' {deviceCode} -> deviceCode) (\s@CreateToken' {} a -> s {deviceCode = a} :: CreateToken)
+
+-- | The location of the application that will receive the authorization
+-- code. Users authorize the service to send the request to this location.
+createToken_redirectUri :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
+createToken_redirectUri = Lens.lens (\CreateToken' {redirectUri} -> redirectUri) (\s@CreateToken' {} a -> s {redirectUri = a} :: CreateToken)
+
+-- | Currently, @refreshToken@ is not yet implemented and is not supported.
+-- For more information about the features and limitations of the current
+-- IAM Identity Center OIDC implementation, see /Considerations for Using
+-- this Guide/ in the
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+--
+-- The token used to obtain an access token in the event that the access
+-- token is invalid or expired.
+createToken_refreshToken :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
+createToken_refreshToken = Lens.lens (\CreateToken' {refreshToken} -> refreshToken) (\s@CreateToken' {} a -> s {refreshToken = a} :: CreateToken)
+
+-- | The list of scopes that is defined by the client. Upon authorization,
+-- this list is used to restrict permissions when granting an access token.
+createToken_scope :: Lens.Lens' CreateToken (Prelude.Maybe [Prelude.Text])
+createToken_scope = Lens.lens (\CreateToken' {scope} -> scope) (\s@CreateToken' {} a -> s {scope = a} :: CreateToken) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique identifier string for each client. This value should come
+-- from the persisted result of the RegisterClient API.
+createToken_clientId :: Lens.Lens' CreateToken Prelude.Text
+createToken_clientId = Lens.lens (\CreateToken' {clientId} -> clientId) (\s@CreateToken' {} a -> s {clientId = a} :: CreateToken)
+
+-- | A secret string generated for the client. This value should come from
+-- the persisted result of the RegisterClient API.
+createToken_clientSecret :: Lens.Lens' CreateToken Prelude.Text
+createToken_clientSecret = Lens.lens (\CreateToken' {clientSecret} -> clientSecret) (\s@CreateToken' {} a -> s {clientSecret = a} :: CreateToken)
+
+-- | Supports grant types for the authorization code, refresh token, and
+-- device code request. For device code requests, specify the following
+-- value:
+--
+-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @
+--
+-- For information about how to obtain the device code, see the
+-- StartDeviceAuthorization topic.
+createToken_grantType :: Lens.Lens' CreateToken Prelude.Text
+createToken_grantType = Lens.lens (\CreateToken' {grantType} -> grantType) (\s@CreateToken' {} a -> s {grantType = a} :: CreateToken)
+
+instance Core.AWSRequest CreateToken where
+  type AWSResponse CreateToken = CreateTokenResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateTokenResponse'
+            Prelude.<$> (x Data..?> "accessToken")
+            Prelude.<*> (x Data..?> "expiresIn")
+            Prelude.<*> (x Data..?> "idToken")
+            Prelude.<*> (x Data..?> "refreshToken")
+            Prelude.<*> (x Data..?> "tokenType")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateToken where
+  hashWithSalt _salt CreateToken' {..} =
+    _salt
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` deviceCode
+      `Prelude.hashWithSalt` redirectUri
+      `Prelude.hashWithSalt` refreshToken
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` clientId
+      `Prelude.hashWithSalt` clientSecret
+      `Prelude.hashWithSalt` grantType
+
+instance Prelude.NFData CreateToken where
+  rnf CreateToken' {..} =
+    Prelude.rnf code
+      `Prelude.seq` Prelude.rnf deviceCode
+      `Prelude.seq` Prelude.rnf redirectUri
+      `Prelude.seq` Prelude.rnf refreshToken
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf clientId
+      `Prelude.seq` Prelude.rnf clientSecret
+      `Prelude.seq` Prelude.rnf grantType
+
+instance Data.ToHeaders CreateToken where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateToken where
+  toJSON CreateToken' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("code" Data..=) Prelude.<$> code,
+            ("deviceCode" Data..=) Prelude.<$> deviceCode,
+            ("redirectUri" Data..=) Prelude.<$> redirectUri,
+            ("refreshToken" Data..=) Prelude.<$> refreshToken,
+            ("scope" Data..=) Prelude.<$> scope,
+            Prelude.Just ("clientId" Data..= clientId),
+            Prelude.Just ("clientSecret" Data..= clientSecret),
+            Prelude.Just ("grantType" Data..= grantType)
+          ]
+      )
+
+instance Data.ToPath CreateToken where
+  toPath = Prelude.const "/token"
+
+instance Data.ToQuery CreateToken where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateTokenResponse' smart constructor.
+data CreateTokenResponse = CreateTokenResponse'
+  { -- | An opaque token to access IAM Identity Center resources assigned to a
+    -- user.
+    accessToken :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the time in seconds when an access token will expire.
+    expiresIn :: Prelude.Maybe Prelude.Int,
+    -- | Currently, @idToken@ is not yet implemented and is not supported. For
+    -- more information about the features and limitations of the current IAM
+    -- Identity Center OIDC implementation, see /Considerations for Using this
+    -- Guide/ in the
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+    --
+    -- The identifier of the user that associated with the access token, if
+    -- present.
+    idToken :: Prelude.Maybe Prelude.Text,
+    -- | Currently, @refreshToken@ is not yet implemented and is not supported.
+    -- For more information about the features and limitations of the current
+    -- IAM Identity Center OIDC implementation, see /Considerations for Using
+    -- this Guide/ in the
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+    --
+    -- A token that, if present, can be used to refresh a previously issued
+    -- access token that might have expired.
+    refreshToken :: Prelude.Maybe Prelude.Text,
+    -- | Used to notify the client that the returned token is an access token.
+    -- The supported type is @BearerToken@.
+    tokenType :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateTokenResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessToken', 'createTokenResponse_accessToken' - An opaque token to access IAM Identity Center resources assigned to a
+-- user.
+--
+-- 'expiresIn', 'createTokenResponse_expiresIn' - Indicates the time in seconds when an access token will expire.
+--
+-- 'idToken', 'createTokenResponse_idToken' - Currently, @idToken@ is not yet implemented and is not supported. For
+-- more information about the features and limitations of the current IAM
+-- Identity Center OIDC implementation, see /Considerations for Using this
+-- Guide/ in the
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+--
+-- The identifier of the user that associated with the access token, if
+-- present.
+--
+-- 'refreshToken', 'createTokenResponse_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.
+-- For more information about the features and limitations of the current
+-- IAM Identity Center OIDC implementation, see /Considerations for Using
+-- this Guide/ in the
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+--
+-- A token that, if present, can be used to refresh a previously issued
+-- access token that might have expired.
+--
+-- 'tokenType', 'createTokenResponse_tokenType' - Used to notify the client that the returned token is an access token.
+-- The supported type is @BearerToken@.
+--
+-- 'httpStatus', 'createTokenResponse_httpStatus' - The response's http status code.
+newCreateTokenResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateTokenResponse
+newCreateTokenResponse pHttpStatus_ =
+  CreateTokenResponse'
+    { accessToken = Prelude.Nothing,
+      expiresIn = Prelude.Nothing,
+      idToken = Prelude.Nothing,
+      refreshToken = Prelude.Nothing,
+      tokenType = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | An opaque token to access IAM Identity Center resources assigned to a
+-- user.
+createTokenResponse_accessToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
+createTokenResponse_accessToken = Lens.lens (\CreateTokenResponse' {accessToken} -> accessToken) (\s@CreateTokenResponse' {} a -> s {accessToken = a} :: CreateTokenResponse)
+
+-- | Indicates the time in seconds when an access token will expire.
+createTokenResponse_expiresIn :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Int)
+createTokenResponse_expiresIn = Lens.lens (\CreateTokenResponse' {expiresIn} -> expiresIn) (\s@CreateTokenResponse' {} a -> s {expiresIn = a} :: CreateTokenResponse)
+
+-- | Currently, @idToken@ is not yet implemented and is not supported. For
+-- more information about the features and limitations of the current IAM
+-- Identity Center OIDC implementation, see /Considerations for Using this
+-- Guide/ in the
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+--
+-- The identifier of the user that associated with the access token, if
+-- present.
+createTokenResponse_idToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
+createTokenResponse_idToken = Lens.lens (\CreateTokenResponse' {idToken} -> idToken) (\s@CreateTokenResponse' {} a -> s {idToken = a} :: CreateTokenResponse)
+
+-- | Currently, @refreshToken@ is not yet implemented and is not supported.
+-- For more information about the features and limitations of the current
+-- IAM Identity Center OIDC implementation, see /Considerations for Using
+-- this Guide/ in the
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
+--
+-- A token that, if present, can be used to refresh a previously issued
+-- access token that might have expired.
+createTokenResponse_refreshToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
+createTokenResponse_refreshToken = Lens.lens (\CreateTokenResponse' {refreshToken} -> refreshToken) (\s@CreateTokenResponse' {} a -> s {refreshToken = a} :: CreateTokenResponse)
+
+-- | Used to notify the client that the returned token is an access token.
+-- The supported type is @BearerToken@.
+createTokenResponse_tokenType :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
+createTokenResponse_tokenType = Lens.lens (\CreateTokenResponse' {tokenType} -> tokenType) (\s@CreateTokenResponse' {} a -> s {tokenType = a} :: CreateTokenResponse)
+
+-- | The response's http status code.
+createTokenResponse_httpStatus :: Lens.Lens' CreateTokenResponse Prelude.Int
+createTokenResponse_httpStatus = Lens.lens (\CreateTokenResponse' {httpStatus} -> httpStatus) (\s@CreateTokenResponse' {} a -> s {httpStatus = a} :: CreateTokenResponse)
+
+instance Prelude.NFData CreateTokenResponse where
+  rnf CreateTokenResponse' {..} =
+    Prelude.rnf accessToken
+      `Prelude.seq` Prelude.rnf expiresIn
+      `Prelude.seq` Prelude.rnf idToken
+      `Prelude.seq` Prelude.rnf refreshToken
+      `Prelude.seq` Prelude.rnf tokenType
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOOIDC/Lens.hs b/gen/Amazonka/SSOOIDC/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC/Lens.hs
@@ -0,0 +1,63 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOOIDC.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOOIDC.Lens
+  ( -- * Operations
+
+    -- ** CreateToken
+    createToken_code,
+    createToken_deviceCode,
+    createToken_redirectUri,
+    createToken_refreshToken,
+    createToken_scope,
+    createToken_clientId,
+    createToken_clientSecret,
+    createToken_grantType,
+    createTokenResponse_accessToken,
+    createTokenResponse_expiresIn,
+    createTokenResponse_idToken,
+    createTokenResponse_refreshToken,
+    createTokenResponse_tokenType,
+    createTokenResponse_httpStatus,
+
+    -- ** RegisterClient
+    registerClient_scopes,
+    registerClient_clientName,
+    registerClient_clientType,
+    registerClientResponse_authorizationEndpoint,
+    registerClientResponse_clientId,
+    registerClientResponse_clientIdIssuedAt,
+    registerClientResponse_clientSecret,
+    registerClientResponse_clientSecretExpiresAt,
+    registerClientResponse_tokenEndpoint,
+    registerClientResponse_httpStatus,
+
+    -- ** StartDeviceAuthorization
+    startDeviceAuthorization_clientId,
+    startDeviceAuthorization_clientSecret,
+    startDeviceAuthorization_startUrl,
+    startDeviceAuthorizationResponse_deviceCode,
+    startDeviceAuthorizationResponse_expiresIn,
+    startDeviceAuthorizationResponse_interval,
+    startDeviceAuthorizationResponse_userCode,
+    startDeviceAuthorizationResponse_verificationUri,
+    startDeviceAuthorizationResponse_verificationUriComplete,
+    startDeviceAuthorizationResponse_httpStatus,
+
+    -- * Types
+  )
+where
+
+import Amazonka.SSOOIDC.CreateToken
+import Amazonka.SSOOIDC.RegisterClient
+import Amazonka.SSOOIDC.StartDeviceAuthorization
diff --git a/gen/Amazonka/SSOOIDC/RegisterClient.hs b/gen/Amazonka/SSOOIDC/RegisterClient.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC/RegisterClient.hs
@@ -0,0 +1,277 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOOIDC.RegisterClient
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Registers a client with IAM Identity Center. This allows clients to
+-- initiate device authorization. The output should be persisted for reuse
+-- through many authentication requests.
+module Amazonka.SSOOIDC.RegisterClient
+  ( -- * Creating a Request
+    RegisterClient (..),
+    newRegisterClient,
+
+    -- * Request Lenses
+    registerClient_scopes,
+    registerClient_clientName,
+    registerClient_clientType,
+
+    -- * Destructuring the Response
+    RegisterClientResponse (..),
+    newRegisterClientResponse,
+
+    -- * Response Lenses
+    registerClientResponse_authorizationEndpoint,
+    registerClientResponse_clientId,
+    registerClientResponse_clientIdIssuedAt,
+    registerClientResponse_clientSecret,
+    registerClientResponse_clientSecretExpiresAt,
+    registerClientResponse_tokenEndpoint,
+    registerClientResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOOIDC.Types
+
+-- | /See:/ 'newRegisterClient' smart constructor.
+data RegisterClient = RegisterClient'
+  { -- | The list of scopes that are defined by the client. Upon authorization,
+    -- this list is used to restrict permissions when granting an access token.
+    scopes :: Prelude.Maybe [Prelude.Text],
+    -- | The friendly name of the client.
+    clientName :: Prelude.Text,
+    -- | The type of client. The service supports only @public@ as a client type.
+    -- Anything other than public will be rejected by the service.
+    clientType :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RegisterClient' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scopes', 'registerClient_scopes' - The list of scopes that are defined by the client. Upon authorization,
+-- this list is used to restrict permissions when granting an access token.
+--
+-- 'clientName', 'registerClient_clientName' - The friendly name of the client.
+--
+-- 'clientType', 'registerClient_clientType' - The type of client. The service supports only @public@ as a client type.
+-- Anything other than public will be rejected by the service.
+newRegisterClient ::
+  -- | 'clientName'
+  Prelude.Text ->
+  -- | 'clientType'
+  Prelude.Text ->
+  RegisterClient
+newRegisterClient pClientName_ pClientType_ =
+  RegisterClient'
+    { scopes = Prelude.Nothing,
+      clientName = pClientName_,
+      clientType = pClientType_
+    }
+
+-- | The list of scopes that are defined by the client. Upon authorization,
+-- this list is used to restrict permissions when granting an access token.
+registerClient_scopes :: Lens.Lens' RegisterClient (Prelude.Maybe [Prelude.Text])
+registerClient_scopes = Lens.lens (\RegisterClient' {scopes} -> scopes) (\s@RegisterClient' {} a -> s {scopes = a} :: RegisterClient) Prelude.. Lens.mapping Lens.coerced
+
+-- | The friendly name of the client.
+registerClient_clientName :: Lens.Lens' RegisterClient Prelude.Text
+registerClient_clientName = Lens.lens (\RegisterClient' {clientName} -> clientName) (\s@RegisterClient' {} a -> s {clientName = a} :: RegisterClient)
+
+-- | The type of client. The service supports only @public@ as a client type.
+-- Anything other than public will be rejected by the service.
+registerClient_clientType :: Lens.Lens' RegisterClient Prelude.Text
+registerClient_clientType = Lens.lens (\RegisterClient' {clientType} -> clientType) (\s@RegisterClient' {} a -> s {clientType = a} :: RegisterClient)
+
+instance Core.AWSRequest RegisterClient where
+  type
+    AWSResponse RegisterClient =
+      RegisterClientResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          RegisterClientResponse'
+            Prelude.<$> (x Data..?> "authorizationEndpoint")
+            Prelude.<*> (x Data..?> "clientId")
+            Prelude.<*> (x Data..?> "clientIdIssuedAt")
+            Prelude.<*> (x Data..?> "clientSecret")
+            Prelude.<*> (x Data..?> "clientSecretExpiresAt")
+            Prelude.<*> (x Data..?> "tokenEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable RegisterClient where
+  hashWithSalt _salt RegisterClient' {..} =
+    _salt
+      `Prelude.hashWithSalt` scopes
+      `Prelude.hashWithSalt` clientName
+      `Prelude.hashWithSalt` clientType
+
+instance Prelude.NFData RegisterClient where
+  rnf RegisterClient' {..} =
+    Prelude.rnf scopes
+      `Prelude.seq` Prelude.rnf clientName
+      `Prelude.seq` Prelude.rnf clientType
+
+instance Data.ToHeaders RegisterClient where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON RegisterClient where
+  toJSON RegisterClient' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("scopes" Data..=) Prelude.<$> scopes,
+            Prelude.Just ("clientName" Data..= clientName),
+            Prelude.Just ("clientType" Data..= clientType)
+          ]
+      )
+
+instance Data.ToPath RegisterClient where
+  toPath = Prelude.const "/client/register"
+
+instance Data.ToQuery RegisterClient where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newRegisterClientResponse' smart constructor.
+data RegisterClientResponse = RegisterClientResponse'
+  { -- | The endpoint where the client can request authorization.
+    authorizationEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier string for each client. This client uses this
+    -- identifier to get authenticated by the service in subsequent calls.
+    clientId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the time at which the @clientId@ and @clientSecret@ were
+    -- issued.
+    clientIdIssuedAt :: Prelude.Maybe Prelude.Integer,
+    -- | A secret string generated for the client. The client will use this
+    -- string to get authenticated by the service in subsequent calls.
+    clientSecret :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the time at which the @clientId@ and @clientSecret@ will
+    -- become invalid.
+    clientSecretExpiresAt :: Prelude.Maybe Prelude.Integer,
+    -- | The endpoint where the client can get an access token.
+    tokenEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RegisterClientResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'authorizationEndpoint', 'registerClientResponse_authorizationEndpoint' - The endpoint where the client can request authorization.
+--
+-- 'clientId', 'registerClientResponse_clientId' - The unique identifier string for each client. This client uses this
+-- identifier to get authenticated by the service in subsequent calls.
+--
+-- 'clientIdIssuedAt', 'registerClientResponse_clientIdIssuedAt' - Indicates the time at which the @clientId@ and @clientSecret@ were
+-- issued.
+--
+-- 'clientSecret', 'registerClientResponse_clientSecret' - A secret string generated for the client. The client will use this
+-- string to get authenticated by the service in subsequent calls.
+--
+-- 'clientSecretExpiresAt', 'registerClientResponse_clientSecretExpiresAt' - Indicates the time at which the @clientId@ and @clientSecret@ will
+-- become invalid.
+--
+-- 'tokenEndpoint', 'registerClientResponse_tokenEndpoint' - The endpoint where the client can get an access token.
+--
+-- 'httpStatus', 'registerClientResponse_httpStatus' - The response's http status code.
+newRegisterClientResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  RegisterClientResponse
+newRegisterClientResponse pHttpStatus_ =
+  RegisterClientResponse'
+    { authorizationEndpoint =
+        Prelude.Nothing,
+      clientId = Prelude.Nothing,
+      clientIdIssuedAt = Prelude.Nothing,
+      clientSecret = Prelude.Nothing,
+      clientSecretExpiresAt = Prelude.Nothing,
+      tokenEndpoint = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The endpoint where the client can request authorization.
+registerClientResponse_authorizationEndpoint :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)
+registerClientResponse_authorizationEndpoint = Lens.lens (\RegisterClientResponse' {authorizationEndpoint} -> authorizationEndpoint) (\s@RegisterClientResponse' {} a -> s {authorizationEndpoint = a} :: RegisterClientResponse)
+
+-- | The unique identifier string for each client. This client uses this
+-- identifier to get authenticated by the service in subsequent calls.
+registerClientResponse_clientId :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)
+registerClientResponse_clientId = Lens.lens (\RegisterClientResponse' {clientId} -> clientId) (\s@RegisterClientResponse' {} a -> s {clientId = a} :: RegisterClientResponse)
+
+-- | Indicates the time at which the @clientId@ and @clientSecret@ were
+-- issued.
+registerClientResponse_clientIdIssuedAt :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Integer)
+registerClientResponse_clientIdIssuedAt = Lens.lens (\RegisterClientResponse' {clientIdIssuedAt} -> clientIdIssuedAt) (\s@RegisterClientResponse' {} a -> s {clientIdIssuedAt = a} :: RegisterClientResponse)
+
+-- | A secret string generated for the client. The client will use this
+-- string to get authenticated by the service in subsequent calls.
+registerClientResponse_clientSecret :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)
+registerClientResponse_clientSecret = Lens.lens (\RegisterClientResponse' {clientSecret} -> clientSecret) (\s@RegisterClientResponse' {} a -> s {clientSecret = a} :: RegisterClientResponse)
+
+-- | Indicates the time at which the @clientId@ and @clientSecret@ will
+-- become invalid.
+registerClientResponse_clientSecretExpiresAt :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Integer)
+registerClientResponse_clientSecretExpiresAt = Lens.lens (\RegisterClientResponse' {clientSecretExpiresAt} -> clientSecretExpiresAt) (\s@RegisterClientResponse' {} a -> s {clientSecretExpiresAt = a} :: RegisterClientResponse)
+
+-- | The endpoint where the client can get an access token.
+registerClientResponse_tokenEndpoint :: Lens.Lens' RegisterClientResponse (Prelude.Maybe Prelude.Text)
+registerClientResponse_tokenEndpoint = Lens.lens (\RegisterClientResponse' {tokenEndpoint} -> tokenEndpoint) (\s@RegisterClientResponse' {} a -> s {tokenEndpoint = a} :: RegisterClientResponse)
+
+-- | The response's http status code.
+registerClientResponse_httpStatus :: Lens.Lens' RegisterClientResponse Prelude.Int
+registerClientResponse_httpStatus = Lens.lens (\RegisterClientResponse' {httpStatus} -> httpStatus) (\s@RegisterClientResponse' {} a -> s {httpStatus = a} :: RegisterClientResponse)
+
+instance Prelude.NFData RegisterClientResponse where
+  rnf RegisterClientResponse' {..} =
+    Prelude.rnf authorizationEndpoint
+      `Prelude.seq` Prelude.rnf clientId
+      `Prelude.seq` Prelude.rnf clientIdIssuedAt
+      `Prelude.seq` Prelude.rnf clientSecret
+      `Prelude.seq` Prelude.rnf clientSecretExpiresAt
+      `Prelude.seq` Prelude.rnf tokenEndpoint
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOOIDC/StartDeviceAuthorization.hs b/gen/Amazonka/SSOOIDC/StartDeviceAuthorization.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC/StartDeviceAuthorization.hs
@@ -0,0 +1,302 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOOIDC.StartDeviceAuthorization
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Initiates device authorization by requesting a pair of verification
+-- codes from the authorization service.
+module Amazonka.SSOOIDC.StartDeviceAuthorization
+  ( -- * Creating a Request
+    StartDeviceAuthorization (..),
+    newStartDeviceAuthorization,
+
+    -- * Request Lenses
+    startDeviceAuthorization_clientId,
+    startDeviceAuthorization_clientSecret,
+    startDeviceAuthorization_startUrl,
+
+    -- * Destructuring the Response
+    StartDeviceAuthorizationResponse (..),
+    newStartDeviceAuthorizationResponse,
+
+    -- * Response Lenses
+    startDeviceAuthorizationResponse_deviceCode,
+    startDeviceAuthorizationResponse_expiresIn,
+    startDeviceAuthorizationResponse_interval,
+    startDeviceAuthorizationResponse_userCode,
+    startDeviceAuthorizationResponse_verificationUri,
+    startDeviceAuthorizationResponse_verificationUriComplete,
+    startDeviceAuthorizationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOOIDC.Types
+
+-- | /See:/ 'newStartDeviceAuthorization' smart constructor.
+data StartDeviceAuthorization = StartDeviceAuthorization'
+  { -- | The unique identifier string for the client that is registered with IAM
+    -- Identity Center. This value should come from the persisted result of the
+    -- RegisterClient API operation.
+    clientId :: Prelude.Text,
+    -- | A secret string that is generated for the client. This value should come
+    -- from the persisted result of the RegisterClient API operation.
+    clientSecret :: Prelude.Text,
+    -- | The URL for the AWS access portal. For more information, see
+    -- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>
+    -- in the /IAM Identity Center User Guide/.
+    startUrl :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartDeviceAuthorization' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientId', 'startDeviceAuthorization_clientId' - The unique identifier string for the client that is registered with IAM
+-- Identity Center. This value should come from the persisted result of the
+-- RegisterClient API operation.
+--
+-- 'clientSecret', 'startDeviceAuthorization_clientSecret' - A secret string that is generated for the client. This value should come
+-- from the persisted result of the RegisterClient API operation.
+--
+-- 'startUrl', 'startDeviceAuthorization_startUrl' - The URL for the AWS access portal. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>
+-- in the /IAM Identity Center User Guide/.
+newStartDeviceAuthorization ::
+  -- | 'clientId'
+  Prelude.Text ->
+  -- | 'clientSecret'
+  Prelude.Text ->
+  -- | 'startUrl'
+  Prelude.Text ->
+  StartDeviceAuthorization
+newStartDeviceAuthorization
+  pClientId_
+  pClientSecret_
+  pStartUrl_ =
+    StartDeviceAuthorization'
+      { clientId = pClientId_,
+        clientSecret = pClientSecret_,
+        startUrl = pStartUrl_
+      }
+
+-- | The unique identifier string for the client that is registered with IAM
+-- Identity Center. This value should come from the persisted result of the
+-- RegisterClient API operation.
+startDeviceAuthorization_clientId :: Lens.Lens' StartDeviceAuthorization Prelude.Text
+startDeviceAuthorization_clientId = Lens.lens (\StartDeviceAuthorization' {clientId} -> clientId) (\s@StartDeviceAuthorization' {} a -> s {clientId = a} :: StartDeviceAuthorization)
+
+-- | A secret string that is generated for the client. This value should come
+-- from the persisted result of the RegisterClient API operation.
+startDeviceAuthorization_clientSecret :: Lens.Lens' StartDeviceAuthorization Prelude.Text
+startDeviceAuthorization_clientSecret = Lens.lens (\StartDeviceAuthorization' {clientSecret} -> clientSecret) (\s@StartDeviceAuthorization' {} a -> s {clientSecret = a} :: StartDeviceAuthorization)
+
+-- | The URL for the AWS access portal. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html Using the AWS access portal>
+-- in the /IAM Identity Center User Guide/.
+startDeviceAuthorization_startUrl :: Lens.Lens' StartDeviceAuthorization Prelude.Text
+startDeviceAuthorization_startUrl = Lens.lens (\StartDeviceAuthorization' {startUrl} -> startUrl) (\s@StartDeviceAuthorization' {} a -> s {startUrl = a} :: StartDeviceAuthorization)
+
+instance Core.AWSRequest StartDeviceAuthorization where
+  type
+    AWSResponse StartDeviceAuthorization =
+      StartDeviceAuthorizationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          StartDeviceAuthorizationResponse'
+            Prelude.<$> (x Data..?> "deviceCode")
+            Prelude.<*> (x Data..?> "expiresIn")
+            Prelude.<*> (x Data..?> "interval")
+            Prelude.<*> (x Data..?> "userCode")
+            Prelude.<*> (x Data..?> "verificationUri")
+            Prelude.<*> (x Data..?> "verificationUriComplete")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable StartDeviceAuthorization where
+  hashWithSalt _salt StartDeviceAuthorization' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientId
+      `Prelude.hashWithSalt` clientSecret
+      `Prelude.hashWithSalt` startUrl
+
+instance Prelude.NFData StartDeviceAuthorization where
+  rnf StartDeviceAuthorization' {..} =
+    Prelude.rnf clientId
+      `Prelude.seq` Prelude.rnf clientSecret
+      `Prelude.seq` Prelude.rnf startUrl
+
+instance Data.ToHeaders StartDeviceAuthorization where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON StartDeviceAuthorization where
+  toJSON StartDeviceAuthorization' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("clientId" Data..= clientId),
+            Prelude.Just ("clientSecret" Data..= clientSecret),
+            Prelude.Just ("startUrl" Data..= startUrl)
+          ]
+      )
+
+instance Data.ToPath StartDeviceAuthorization where
+  toPath = Prelude.const "/device_authorization"
+
+instance Data.ToQuery StartDeviceAuthorization where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newStartDeviceAuthorizationResponse' smart constructor.
+data StartDeviceAuthorizationResponse = StartDeviceAuthorizationResponse'
+  { -- | The short-lived code that is used by the device when polling for a
+    -- session token.
+    deviceCode :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the number of seconds in which the verification code will
+    -- become invalid.
+    expiresIn :: Prelude.Maybe Prelude.Int,
+    -- | Indicates the number of seconds the client must wait between attempts
+    -- when polling for a session.
+    interval :: Prelude.Maybe Prelude.Int,
+    -- | A one-time user verification code. This is needed to authorize an in-use
+    -- device.
+    userCode :: Prelude.Maybe Prelude.Text,
+    -- | The URI of the verification page that takes the @userCode@ to authorize
+    -- the device.
+    verificationUri :: Prelude.Maybe Prelude.Text,
+    -- | An alternate URL that the client can use to automatically launch a
+    -- browser. This process skips the manual step in which the user visits the
+    -- verification page and enters their code.
+    verificationUriComplete :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartDeviceAuthorizationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deviceCode', 'startDeviceAuthorizationResponse_deviceCode' - The short-lived code that is used by the device when polling for a
+-- session token.
+--
+-- 'expiresIn', 'startDeviceAuthorizationResponse_expiresIn' - Indicates the number of seconds in which the verification code will
+-- become invalid.
+--
+-- 'interval', 'startDeviceAuthorizationResponse_interval' - Indicates the number of seconds the client must wait between attempts
+-- when polling for a session.
+--
+-- 'userCode', 'startDeviceAuthorizationResponse_userCode' - A one-time user verification code. This is needed to authorize an in-use
+-- device.
+--
+-- 'verificationUri', 'startDeviceAuthorizationResponse_verificationUri' - The URI of the verification page that takes the @userCode@ to authorize
+-- the device.
+--
+-- 'verificationUriComplete', 'startDeviceAuthorizationResponse_verificationUriComplete' - An alternate URL that the client can use to automatically launch a
+-- browser. This process skips the manual step in which the user visits the
+-- verification page and enters their code.
+--
+-- 'httpStatus', 'startDeviceAuthorizationResponse_httpStatus' - The response's http status code.
+newStartDeviceAuthorizationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  StartDeviceAuthorizationResponse
+newStartDeviceAuthorizationResponse pHttpStatus_ =
+  StartDeviceAuthorizationResponse'
+    { deviceCode =
+        Prelude.Nothing,
+      expiresIn = Prelude.Nothing,
+      interval = Prelude.Nothing,
+      userCode = Prelude.Nothing,
+      verificationUri = Prelude.Nothing,
+      verificationUriComplete = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The short-lived code that is used by the device when polling for a
+-- session token.
+startDeviceAuthorizationResponse_deviceCode :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)
+startDeviceAuthorizationResponse_deviceCode = Lens.lens (\StartDeviceAuthorizationResponse' {deviceCode} -> deviceCode) (\s@StartDeviceAuthorizationResponse' {} a -> s {deviceCode = a} :: StartDeviceAuthorizationResponse)
+
+-- | Indicates the number of seconds in which the verification code will
+-- become invalid.
+startDeviceAuthorizationResponse_expiresIn :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Int)
+startDeviceAuthorizationResponse_expiresIn = Lens.lens (\StartDeviceAuthorizationResponse' {expiresIn} -> expiresIn) (\s@StartDeviceAuthorizationResponse' {} a -> s {expiresIn = a} :: StartDeviceAuthorizationResponse)
+
+-- | Indicates the number of seconds the client must wait between attempts
+-- when polling for a session.
+startDeviceAuthorizationResponse_interval :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Int)
+startDeviceAuthorizationResponse_interval = Lens.lens (\StartDeviceAuthorizationResponse' {interval} -> interval) (\s@StartDeviceAuthorizationResponse' {} a -> s {interval = a} :: StartDeviceAuthorizationResponse)
+
+-- | A one-time user verification code. This is needed to authorize an in-use
+-- device.
+startDeviceAuthorizationResponse_userCode :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)
+startDeviceAuthorizationResponse_userCode = Lens.lens (\StartDeviceAuthorizationResponse' {userCode} -> userCode) (\s@StartDeviceAuthorizationResponse' {} a -> s {userCode = a} :: StartDeviceAuthorizationResponse)
+
+-- | The URI of the verification page that takes the @userCode@ to authorize
+-- the device.
+startDeviceAuthorizationResponse_verificationUri :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)
+startDeviceAuthorizationResponse_verificationUri = Lens.lens (\StartDeviceAuthorizationResponse' {verificationUri} -> verificationUri) (\s@StartDeviceAuthorizationResponse' {} a -> s {verificationUri = a} :: StartDeviceAuthorizationResponse)
+
+-- | An alternate URL that the client can use to automatically launch a
+-- browser. This process skips the manual step in which the user visits the
+-- verification page and enters their code.
+startDeviceAuthorizationResponse_verificationUriComplete :: Lens.Lens' StartDeviceAuthorizationResponse (Prelude.Maybe Prelude.Text)
+startDeviceAuthorizationResponse_verificationUriComplete = Lens.lens (\StartDeviceAuthorizationResponse' {verificationUriComplete} -> verificationUriComplete) (\s@StartDeviceAuthorizationResponse' {} a -> s {verificationUriComplete = a} :: StartDeviceAuthorizationResponse)
+
+-- | The response's http status code.
+startDeviceAuthorizationResponse_httpStatus :: Lens.Lens' StartDeviceAuthorizationResponse Prelude.Int
+startDeviceAuthorizationResponse_httpStatus = Lens.lens (\StartDeviceAuthorizationResponse' {httpStatus} -> httpStatus) (\s@StartDeviceAuthorizationResponse' {} a -> s {httpStatus = a} :: StartDeviceAuthorizationResponse)
+
+instance
+  Prelude.NFData
+    StartDeviceAuthorizationResponse
+  where
+  rnf StartDeviceAuthorizationResponse' {..} =
+    Prelude.rnf deviceCode
+      `Prelude.seq` Prelude.rnf expiresIn
+      `Prelude.seq` Prelude.rnf interval
+      `Prelude.seq` Prelude.rnf userCode
+      `Prelude.seq` Prelude.rnf verificationUri
+      `Prelude.seq` Prelude.rnf verificationUriComplete
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOOIDC/Types.hs b/gen/Amazonka/SSOOIDC/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC/Types.hs
@@ -0,0 +1,217 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOOIDC.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOOIDC.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _AuthorizationPendingException,
+    _ExpiredTokenException,
+    _InternalServerException,
+    _InvalidClientException,
+    _InvalidClientMetadataException,
+    _InvalidGrantException,
+    _InvalidRequestException,
+    _InvalidScopeException,
+    _SlowDownException,
+    _UnauthorizedClientException,
+    _UnsupportedGrantTypeException,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2019-06-10@ of the Amazon SSO OIDC SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "SSOOIDC",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "oidc",
+      Core.signingName = "awsssooidc",
+      Core.version = "2019-06-10",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "SSOOIDC",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | You do not have sufficient access to perform this action.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that a request to authorize a client with an access user
+-- session token is pending.
+_AuthorizationPendingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AuthorizationPendingException =
+  Core._MatchServiceError
+    defaultService
+    "AuthorizationPendingException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that the token issued by the service is expired and is no
+-- longer valid.
+_ExpiredTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ExpiredTokenException =
+  Core._MatchServiceError
+    defaultService
+    "ExpiredTokenException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that an error from the service occurred while trying to
+-- process a request.
+_InternalServerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalServerException =
+  Core._MatchServiceError
+    defaultService
+    "InternalServerException"
+    Prelude.. Core.hasStatus 500
+
+-- | Indicates that the @clientId@ or @clientSecret@ in the request is
+-- invalid. For example, this can occur when a client sends an incorrect
+-- @clientId@ or an expired @clientSecret@.
+_InvalidClientException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidClientException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidClientException"
+    Prelude.. Core.hasStatus 401
+
+-- | Indicates that the client information sent in the request during
+-- registration is invalid.
+_InvalidClientMetadataException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidClientMetadataException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidClientMetadataException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that a request contains an invalid grant. This can occur if a
+-- client makes a CreateToken request with an invalid grant type.
+_InvalidGrantException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidGrantException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidGrantException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that something is wrong with the input to the request. For
+-- example, a required parameter might be missing or out of range.
+_InvalidRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidRequestException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidRequestException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that the scope provided in the request is invalid.
+_InvalidScopeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidScopeException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidScopeException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that the client is making the request too frequently and is
+-- more than the service can handle.
+_SlowDownException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_SlowDownException =
+  Core._MatchServiceError
+    defaultService
+    "SlowDownException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that the client is not currently authorized to make the
+-- request. This can happen when a @clientId@ is not issued for a public
+-- client.
+_UnauthorizedClientException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_UnauthorizedClientException =
+  Core._MatchServiceError
+    defaultService
+    "UnauthorizedClientException"
+    Prelude.. Core.hasStatus 400
+
+-- | Indicates that the grant type in the request is not supported by the
+-- service.
+_UnsupportedGrantTypeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_UnsupportedGrantTypeException =
+  Core._MatchServiceError
+    defaultService
+    "UnsupportedGrantTypeException"
+    Prelude.. Core.hasStatus 400
diff --git a/gen/Amazonka/SSOOIDC/Waiters.hs b/gen/Amazonka/SSOOIDC/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOOIDC/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOOIDC.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOOIDC.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOOIDC.Lens
+import Amazonka.SSOOIDC.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.SSOOIDC
+import Test.Amazonka.SSOOIDC.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "SSOOIDC"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/SSOOIDC.hs b/test/Test/Amazonka/Gen/SSOOIDC.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/SSOOIDC.hs
@@ -0,0 +1,98 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.SSOOIDC
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.SSOOIDC where
+
+import Amazonka.SSOOIDC
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.SSOOIDC.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestCreateToken $
+--             newCreateToken
+--
+--         , requestRegisterClient $
+--             newRegisterClient
+--
+--         , requestStartDeviceAuthorization $
+--             newStartDeviceAuthorization
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseCreateToken $
+--             newCreateTokenResponse
+--
+--         , responseRegisterClient $
+--             newRegisterClientResponse
+--
+--         , responseStartDeviceAuthorization $
+--             newStartDeviceAuthorizationResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestCreateToken :: CreateToken -> TestTree
+requestCreateToken =
+  req
+    "CreateToken"
+    "fixture/CreateToken.yaml"
+
+requestRegisterClient :: RegisterClient -> TestTree
+requestRegisterClient =
+  req
+    "RegisterClient"
+    "fixture/RegisterClient.yaml"
+
+requestStartDeviceAuthorization :: StartDeviceAuthorization -> TestTree
+requestStartDeviceAuthorization =
+  req
+    "StartDeviceAuthorization"
+    "fixture/StartDeviceAuthorization.yaml"
+
+-- Responses
+
+responseCreateToken :: CreateTokenResponse -> TestTree
+responseCreateToken =
+  res
+    "CreateTokenResponse"
+    "fixture/CreateTokenResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateToken)
+
+responseRegisterClient :: RegisterClientResponse -> TestTree
+responseRegisterClient =
+  res
+    "RegisterClientResponse"
+    "fixture/RegisterClientResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy RegisterClient)
+
+responseStartDeviceAuthorization :: StartDeviceAuthorizationResponse -> TestTree
+responseStartDeviceAuthorization =
+  res
+    "StartDeviceAuthorizationResponse"
+    "fixture/StartDeviceAuthorizationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy StartDeviceAuthorization)
diff --git a/test/Test/Amazonka/SSOOIDC.hs b/test/Test/Amazonka/SSOOIDC.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SSOOIDC.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.SSOOIDC
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SSOOIDC
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/SSOOIDC/Internal.hs b/test/Test/Amazonka/SSOOIDC/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SSOOIDC/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.SSOOIDC.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SSOOIDC.Internal where
