ISSOClient
Interface in AWS.SSO
Interface for AWS IAM SSO service client.
Methods
GetRoleCredentials
function GetRoleCredentials( const ARequest: ISSOGetRoleCredentialsRequest): ISSOGetRoleCredentialsResponse; overload;
ISSOGetRoleCredentialsRequest → ISSOGetRoleCredentialsResponse
Retrieves temporary AWS credentials for the specified IAM Identity Center role.
This operation exchanges a valid accessToken for a role-specific set of temporary AWS credentials. The credentials returned can be used to authenticate with AWS services using that role’s permissions. The caller must specify the roleName and accountId associated with the role the user intends to assume. The accessToken must be issued by the same IAM Identity Center instance that manages those roles.
Parameters
| Name | Description |
|---|---|
ARequest | A request object containing the access token, AWS account ID, and role name associated with the federated identity role to assume. |
Returns
A response object containing temporary AWS credentials including access key ID, secret access key, and session token.
function GetRoleCredentials(const AAccessToken, AAccountId, ARoleName: string): ISSOGetRoleCredentialsResponse; overload;
ISSOGetRoleCredentialsResponse
Retrieves temporary AWS credentials for the specified IAM Identity Center role.
This overload simplifies credential retrieval by accepting raw parameters instead of a request object. It exchanges the provided accessToken for role-based credentials valid for the specified accountId and roleName.
Parameters
| Name | Description |
|---|---|
AAccessToken | The access token issued by IAM Identity Center, representing the federated user. |
AAccountId | The AWS account identifier that contains the role to be assumed. |
ARoleName | The name of the IAM Identity Center role to assume. |
Returns
A response object containing temporary AWS credentials including access key ID, secret access key, and session token.
ListAccountRoles
function ListAccountRoles( const ARequest: ISSOListAccountRolesRequest): ISSOListAccountRolesResponse; overload;
ISSOListAccountRolesRequest → ISSOListAccountRolesResponse
Lists the IAM Identity Center roles available to the user for a specified AWS account.
This operation returns a paginated list of roles that the user is authorized to assume within the specified AWS account. The roles are provisioned through IAM Identity Center. The caller must supply a valid accessToken and the target accountId.
Parameters
| Name | Description |
|---|---|
ARequest | A request object containing the access token and AWS account ID for which to list available roles. |
Returns
A response object containing a list of available roles and pagination metadata.
function ListAccountRoles( const AAccessToken, AAccountId: string): ISSOListAccountRolesResponse; overload;
Lists the IAM Identity Center roles available to the user for a specified AWS account.
This overload simplifies role listing by accepting an access token and account ID directly. It returns the first page of results, which may be truncated if the user has access to many roles. Use the paginated form for full control over pagination tokens.
Parameters
| Name | Description |
|---|---|
AAccessToken | The access token issued by IAM Identity Center, representing the federated user. |
AAccountId | The AWS account identifier for which to list available IAM Identity Center roles. |
Returns
A response object containing a list of available roles and pagination metadata.
ListAccounts
function ListAccounts( const ARequest: ISSOListAccountsRequest): ISSOListAccountsResponse; overload;
ISSOListAccountsRequest → ISSOListAccountsResponse
Lists the AWS accounts available to the authenticated IAM Identity Center user.
This operation returns a paginated list of AWS accounts for which the user has access permissions via IAM Identity Center. These accounts represent organizations or environments the user can assume roles within. A valid accessToken must be provided to authenticate the user session.
Parameters
| Name | Description |
|---|---|
ARequest | A request object containing the access token used to retrieve the list of accessible AWS accounts. |
Returns
A response object containing a list of AWS accounts and pagination metadata.
function ListAccounts( const AAccessToken: string): ISSOListAccountsResponse; overload;
Lists the AWS accounts available to the authenticated IAM Identity Center user.
This overload simplifies account listing by accepting the access token directly. It returns the first page of AWS accounts the user is authorized to access. Use the paginated form if additional results are expected beyond the first page.
Parameters
| Name | Description |
|---|---|
AAccessToken | The access token issued by IAM Identity Center, representing the federated user session. |
Returns
A response object containing a list of AWS accounts and pagination metadata.
Logout
function Logout( const ARequest: ISSOLogoutRequest): ISSOLogoutResponse; overload;
ISSOLogoutRequest → ISSOLogoutResponse
Signs the user out by invalidating the access token and ending the session.
This operation terminates the session associated with the provided accessToken. After calling this operation, the token becomes invalid and can no longer be used to retrieve AWS credentials or perform authorized operations. Logging out does not revoke any temporary AWS credentials already issued; it only prevents future token usage.
Parameters
| Name | Description |
|---|---|
ARequest | A request object containing the access token to revoke. |
Returns
A response object confirming that the logout operation was successful. The response is empty on success.
function Logout(const AAccessToken: string): ISSOLogoutResponse; overload;
Signs the user out by invalidating the access token and ending the session.
This overload simplifies logout by accepting the access token directly. It invalidates the token and ends the user's IAM Identity Center session.
Parameters
| Name | Description |
|---|---|
AAccessToken | The access token issued by IAM Identity Center, representing the user session to terminate. |
Returns
A response object confirming that the logout operation was successful. The response is empty on success.