2023/11/17 - AWS Single Sign-On Admin - 3 updated api methods
Changes Improves support for configuring RefreshToken and TokenExchange grants on applications.
{'Grant': {'RefreshToken': {}, 'TokenExchange': {}}}
Retrieves details about an application grant.
See also: AWS API Documentation
Request Syntax
client.get_application_grant(
ApplicationArn='string',
GrantType='authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
)
string
[REQUIRED]
Specifies the ARN of the application that contains the grant.
string
[REQUIRED]
Specifies the type of grant.
dict
Response Syntax
{
'Grant': {
'AuthorizationCode': {
'RedirectUris': [
'string',
]
},
'JwtBearer': {
'AuthorizedTokenIssuers': [
{
'AuthorizedAudiences': [
'string',
],
'TrustedTokenIssuerArn': 'string'
},
]
},
'RefreshToken': {},
'TokenExchange': {}
}
}
Response Structure
(dict) --
Grant (dict) --
A structure that describes the requested grant.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: AuthorizationCode, JwtBearer, RefreshToken, TokenExchange. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
AuthorizationCode (dict) --
Configuration options for the authorization_code grant type.
RedirectUris (list) --
A list of URIs that are valid locations to redirect a user's browser after the user is authorized.
(string) --
JwtBearer (dict) --
Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
AuthorizedTokenIssuers (list) --
A list of allowed token issuers trusted by the Identity Center instances for this application.
(dict) --
A structure that describes a trusted token issuer and associates it with a set of authorized audiences.
AuthorizedAudiences (list) --
An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.
(string) --
TrustedTokenIssuerArn (string) --
The ARN of the trusted token issuer.
RefreshToken (dict) --
Configuration options for the refresh_token grant type.
TokenExchange (dict) --
Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.
{'Grants': {'Grant': {'RefreshToken': {}, 'TokenExchange': {}}}}
List the grants associated with an application.
See also: AWS API Documentation
Request Syntax
client.list_application_grants(
ApplicationArn='string',
NextToken='string'
)
string
[REQUIRED]
Specifies the ARN of the application whose grants you want to list.
string
Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
dict
Response Syntax
{
'Grants': [
{
'Grant': {
'AuthorizationCode': {
'RedirectUris': [
'string',
]
},
'JwtBearer': {
'AuthorizedTokenIssuers': [
{
'AuthorizedAudiences': [
'string',
],
'TrustedTokenIssuerArn': 'string'
},
]
},
'RefreshToken': {},
'TokenExchange': {}
},
'GrantType': 'authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Grants (list) --
An array list of structures that describe the requested grants.
(dict) --
A structure that defines a single grant and its configuration.
Grant (dict) --
The configuration structure for the selected grant.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: AuthorizationCode, JwtBearer, RefreshToken, TokenExchange. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
AuthorizationCode (dict) --
Configuration options for the authorization_code grant type.
RedirectUris (list) --
A list of URIs that are valid locations to redirect a user's browser after the user is authorized.
(string) --
JwtBearer (dict) --
Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
AuthorizedTokenIssuers (list) --
A list of allowed token issuers trusted by the Identity Center instances for this application.
(dict) --
A structure that describes a trusted token issuer and associates it with a set of authorized audiences.
AuthorizedAudiences (list) --
An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.
(string) --
TrustedTokenIssuerArn (string) --
The ARN of the trusted token issuer.
RefreshToken (dict) --
Configuration options for the refresh_token grant type.
TokenExchange (dict) --
Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.
GrantType (string) --
The type of the selected grant.
NextToken (string) --
If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null . This indicates that this is the last page of results.
{'Grant': {'RefreshToken': {}, 'TokenExchange': {}}}
Adds a grant to an application.
See also: AWS API Documentation
Request Syntax
client.put_application_grant(
ApplicationArn='string',
Grant={
'AuthorizationCode': {
'RedirectUris': [
'string',
]
},
'JwtBearer': {
'AuthorizedTokenIssuers': [
{
'AuthorizedAudiences': [
'string',
],
'TrustedTokenIssuerArn': 'string'
},
]
},
'RefreshToken': {}
,
'TokenExchange': {}
},
GrantType='authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
)
string
[REQUIRED]
Specifies the ARN of the application to update.
dict
[REQUIRED]
Specifies a structure that describes the grant to update.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AuthorizationCode, JwtBearer, RefreshToken, TokenExchange.
AuthorizationCode (dict) --
Configuration options for the authorization_code grant type.
RedirectUris (list) --
A list of URIs that are valid locations to redirect a user's browser after the user is authorized.
(string) --
JwtBearer (dict) --
Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
AuthorizedTokenIssuers (list) --
A list of allowed token issuers trusted by the Identity Center instances for this application.
(dict) --
A structure that describes a trusted token issuer and associates it with a set of authorized audiences.
AuthorizedAudiences (list) --
An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.
(string) --
TrustedTokenIssuerArn (string) --
The ARN of the trusted token issuer.
RefreshToken (dict) --
Configuration options for the refresh_token grant type.
TokenExchange (dict) --
Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.
string
[REQUIRED]
Specifies the type of grant to update.
None