ISSOOIDCCreateTokenWithIAMRequest
Interface in AWS.SSOOIDC
Interface for CreateTokenWithIAMRequest requests.
Ancestors
Properties
assertion
property assertion: string
Optionally, specify the JSON Web Token (JWT) issued by a trusted token issuer.
Used only when calling this API for the JWT Bearer grant type.
clientId
property clientId: string
Specify the unique identifier for each client.
This value should be the persisted value returned from RegisterClient.
code
property code: string
Specify the authorization code received from the authorization service.
codeVerifier
property codeVerifier: string
A value generated by the client and presented to validate the original code challenge value the client passed at authorization time.
Only used when calling this API for the Device code grant type.
grantType
property grantType: string
Specify the grant type.
Supports grant types:
- authorization_code
- refresh_token
- device code
For device code requests, specify the value:
urn:ietf:params:oauth:grant-type:device_code.
redirectUri
property redirectUri: string
Specify the location of the application that will receive the authorization code.
refreshToken
property refreshToken: string
Specify a refresh token.
requestedTokenType
property requestedTokenType: string
The type of token that the client wants to receive in the response. This is used in OAuth 2.0 token exchange flows to indicate the desired token format.
This property is optional. If not specified, the default is urn:ietf:params:oauth:token-type:access_token. Supported values:
urn:ietf:params:oauth:token-type:access_token- An OAuth 2.0 access token. This is the most common and default type.urn:amazon:webservices:token- An AWS-specific token that can be used with services requiring AWS identity context (e.g., for STS AssumeRoleWithWebIdentity).
scope
property scope: TList<string>
Specify a list of scope that is defined by the client.
Upon authorization, this list is used to restrict permissions when granting an access token.
subjectToken
property subjectToken: string
The security token representing the identity of the subject (e.g., user or role) for which the client is requesting a new token.
The token must be issued by a trusted identity provider, such as AWS IAM. This is a required field when using the urn:ietf:params:oauth:grant-type:token-exchange grant type. The token's format and usage must be compatible with the specified subjectTokenType.
subjectTokenType
property subjectTokenType: string
The type of the subjectToken being exchanged. This informs the authorization server how to interpret and validate the incoming token.
This field is required when using the token_exchange grant type. Supported values:
urn:ietf:params:oauth:token-type:access_token– The subject token is an OAuth 2.0 access token (e.g., issued by AWS IAM).urn:amazon:webservices:token– The subject token is an AWS-specific identity token used in federated AWS access scenarios.
Methods
AddScope
function AddScope(const AScope: string): NativeInt;
Add scope to scope.
Parameters
| Name | Description |
|---|---|
AScope | Specify a scope defined by the client. |
Returns
Returns the index of the scope added to scope.