ISSOOIDCCreateTokenWithIAMResponse

Interface in AWS.SSOOIDC

Interface for CreateTokenWithIAMRequest responses.

Ancestors

ISSOOIDCResponse

Properties

accessToken

property accessToken: string

An opaque token to access IAM Identity Center resources assigned to a user.

awsAdditionalDetails

property awsAdditionalDetails: ISSOOIDCAwsAdditionalDetails

Type: ISSOOIDCAwsAdditionalDetails

AWS-specific metadata returned alongside the access token in a CreateTokenWithIAM response. This metadata includes additional identity information intended for use with AWS services that support federated identity propagation.

The awsAdditionalDetails block supplements the standard OAuth 2.0 token fields with AWS-specific tokens and context. Currently, this includes the identityContext token, which represents the federated identity session and can be used with downstream services such as AWS STS AssumeRoleWithWebIdentity. This property is present only in responses from CreateTokenWithIAM; it does not appear in responses from CreateToken.

expiresIn

property expiresIn: Integer

Specifies the time in seconds when the accessToken will expire.

idToken

property idToken: string

Provides an identifier for the user associated with the access token.

Not currently implemented/supported.

issuedTokenType

property issuedTokenType: string

The type of token that was issued by the server in response to the token request. This confirms the format and semantics of the returned accessToken.

This value may reflect the type requested in the requestedTokenType parameter of the request, or it may differ if the server determined that a different token type was appropriate. Common values include:

urn:ietf:params:oauth:token-type:access_token – Indicates that an OAuth 2.0-compliant access token was issued. This is the default and most common token type.
urn:amazon:webservices:token – Indicates that an AWS-specific token was issued. This may be used to call AWS services such as STS for federated identity operations.

refreshToken

property refreshToken: string

A token that can be used to refresh a previously issued access token once it has expired.

scope

property scope: TList<string>

A list of scopes for which authorization is granted.

tokenType

property tokenType: string

Specifies the type of the access token.

The only supported type is BearerToken.

Ancestors​

Properties​

accessToken​

awsAdditionalDetails​

expiresIn​

idToken​

issuedTokenType​

refreshToken​

scope​

tokenType​