Edit on GitHub

Sso Oidc

This page documents function available when using the Sso_Oidc module, created with @service Sso_Oidc.

Index

Documentation

Main.Sso_Oidc.create_tokenMethod
create_token(client_id, client_secret, device_code, grant_type)
create_token(client_id, client_secret, device_code, grant_type, params::Dict{String,<:Any})

Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.

Arguments

  • client_id: The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.
  • client_secret: A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.
  • device_code: Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.
  • grant_type: Supports grant types for authorization code, refresh token, and device code request.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "code": The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.
  • "redirectUri": The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.
  • "refreshToken": The token used to obtain an access token in the event that the access token is invalid or expired. This token is not issued by the service.
  • "scope": The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
source
Main.Sso_Oidc.register_clientMethod
register_client(client_name, client_type)
register_client(client_name, client_type, params::Dict{String,<:Any})

Registers a client with AWS SSO. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.

Arguments

  • client_name: The friendly name of the client.
  • client_type: The type of client. The service supports only public as a client type. Anything other than public will be rejected by the service.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "scopes": The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
source
Main.Sso_Oidc.start_device_authorizationMethod
start_device_authorization(client_id, client_secret, start_url)
start_device_authorization(client_id, client_secret, start_url, params::Dict{String,<:Any})

Initiates device authorization by requesting a pair of verification codes from the authorization service.

Arguments

  • client_id: The unique identifier string for the client that is registered with AWS SSO. This value should come from the persisted result of the RegisterClient API operation.
  • client_secret: A secret string that is generated for the client. This value should come from the persisted result of the RegisterClient API operation.
  • start_url: The URL for the AWS SSO user portal. For more information, see Using the User Portal in the AWS Single Sign-On User Guide.
source