AWS Single Sign-On Admin

2023/11/17 - AWS Single Sign-On Admin - 3 updated api methods

Changes  Improves support for configuring RefreshToken and TokenExchange grants on applications.

GetApplicationGrant (updated) Link ¶
Changes (response)
{'Grant': {'RefreshToken': {}, 'TokenExchange': {}}}

Retrieves details about an application grant.

See also: AWS API Documentation

Request Syntax

client.get_application_grant(
    ApplicationArn='string',
    GrantType='authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
)
type ApplicationArn:

string

param ApplicationArn:

[REQUIRED]

Specifies the ARN of the application that contains the grant.

type GrantType:

string

param GrantType:

[REQUIRED]

Specifies the type of grant.

rtype:

dict

returns:

Response Syntax

{
    'Grant': {
        'AuthorizationCode': {
            'RedirectUris': [
                'string',
            ]
        },
        'JwtBearer': {
            'AuthorizedTokenIssuers': [
                {
                    'AuthorizedAudiences': [
                        'string',
                    ],
                    'TrustedTokenIssuerArn': 'string'
                },
            ]
        },
        'RefreshToken': {},
        'TokenExchange': {}
    }
}

Response Structure

  • (dict) --

    • Grant (dict) --

      A structure that describes the requested grant.

      • AuthorizationCode (dict) --

        Configuration options for the authorization_code grant type.

        • RedirectUris (list) --

          A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

          • (string) --

      • JwtBearer (dict) --

        Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.

        • AuthorizedTokenIssuers (list) --

          A list of allowed token issuers trusted by the Identity Center instances for this application.

          • (dict) --

            A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

            • AuthorizedAudiences (list) --

              An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

              • (string) --

            • TrustedTokenIssuerArn (string) --

              The ARN of the trusted token issuer.

      • RefreshToken (dict) --

        Configuration options for the refresh_token grant type.

      • TokenExchange (dict) --

        Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.

ListApplicationGrants (updated) Link ¶
Changes (response)
{'Grants': {'Grant': {'RefreshToken': {}, 'TokenExchange': {}}}}

List the grants associated with an application.

See also: AWS API Documentation

Request Syntax

client.list_application_grants(
    ApplicationArn='string',
    NextToken='string'
)
type ApplicationArn:

string

param ApplicationArn:

[REQUIRED]

Specifies the ARN of the application whose grants you want to list.

type NextToken:

string

param NextToken:

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

rtype:

dict

returns:

Response Syntax

{
    'Grants': [
        {
            'Grant': {
                'AuthorizationCode': {
                    'RedirectUris': [
                        'string',
                    ]
                },
                'JwtBearer': {
                    'AuthorizedTokenIssuers': [
                        {
                            'AuthorizedAudiences': [
                                'string',
                            ],
                            'TrustedTokenIssuerArn': 'string'
                        },
                    ]
                },
                'RefreshToken': {},
                'TokenExchange': {}
            },
            'GrantType': 'authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Grants (list) --

      An array list of structures that describe the requested grants.

      • (dict) --

        A structure that defines a single grant and its configuration.

        • Grant (dict) --

          The configuration structure for the selected grant.

          • AuthorizationCode (dict) --

            Configuration options for the authorization_code grant type.

            • RedirectUris (list) --

              A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

              • (string) --

          • JwtBearer (dict) --

            Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.

            • AuthorizedTokenIssuers (list) --

              A list of allowed token issuers trusted by the Identity Center instances for this application.

              • (dict) --

                A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

                • AuthorizedAudiences (list) --

                  An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

                  • (string) --

                • TrustedTokenIssuerArn (string) --

                  The ARN of the trusted token issuer.

          • RefreshToken (dict) --

            Configuration options for the refresh_token grant type.

          • TokenExchange (dict) --

            Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.

        • GrantType (string) --

          The type of the selected grant.

    • NextToken (string) --

      If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

PutApplicationGrant (updated) Link ¶
Changes (request)
{'Grant': {'RefreshToken': {}, 'TokenExchange': {}}}

Adds a grant to an application.

See also: AWS API Documentation

Request Syntax

client.put_application_grant(
    ApplicationArn='string',
    Grant={
        'AuthorizationCode': {
            'RedirectUris': [
                'string',
            ]
        },
        'JwtBearer': {
            'AuthorizedTokenIssuers': [
                {
                    'AuthorizedAudiences': [
                        'string',
                    ],
                    'TrustedTokenIssuerArn': 'string'
                },
            ]
        },
        'RefreshToken': {}
        ,
        'TokenExchange': {}

    },
    GrantType='authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
)
type ApplicationArn:

string

param ApplicationArn:

[REQUIRED]

Specifies the ARN of the application to update.

type Grant:

dict

param Grant:

[REQUIRED]

Specifies a structure that describes the grant to update.

  • AuthorizationCode (dict) --

    Configuration options for the authorization_code grant type.

    • RedirectUris (list) --

      A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

      • (string) --

  • JwtBearer (dict) --

    Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.

    • AuthorizedTokenIssuers (list) --

      A list of allowed token issuers trusted by the Identity Center instances for this application.

      • (dict) --

        A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

        • AuthorizedAudiences (list) --

          An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

          • (string) --

        • TrustedTokenIssuerArn (string) --

          The ARN of the trusted token issuer.

  • RefreshToken (dict) --

    Configuration options for the refresh_token grant type.

  • TokenExchange (dict) --

    Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.

type GrantType:

string

param GrantType:

[REQUIRED]

Specifies the type of grant to update.

returns:

None