ssooidc_create_token_with_iam: Creates and returns access and refresh tokens for clients and...
In paws.security.identity: 'Amazon Web Services' Security, Identity, & Compliance Services
View source: R/ssooidc_operations.R
ssooidc_create_token_with_iam R Documentation
Creates and returns access and refresh tokens for clients and
applications that are authenticated using IAM entities
Description
Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
See https://www.paws-r-sdk.com/docs/ssooidc_create_token_with_iam/ for full documentation.
Usage
ssooidc_create_token_with_iam(
clientId,
grantType,
code = NULL,
refreshToken = NULL,
assertion = NULL,
scope = NULL,
redirectUri = NULL,
subjectToken = NULL,
subjectTokenType = NULL,
requestedTokenType = NULL
)
Arguments
clientId
[required] The unique identifier string for the client or application. This value
is an application ARN that has OAuth grants configured.
grantType
[required] Supports the following OAuth grant types: Authorization Code, Refresh
Token, JWT Bearer, and Token Exchange. Specify one of the following
values, depending on the grant type that you want:
Authorization Code - authorization_code
Refresh Token - refresh_token
JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
code
Used only when calling this API for the Authorization Code grant type.
This short-term code is used to identify this authorization request. The
code is obtained through a redirect from IAM Identity Center to a
redirect URI persisted in the Authorization Code GrantOptions for the
application.
refreshToken
Used only when calling this API for the Refresh Token grant type. This
token is used to refresh short-term tokens, such as the access token,
that might expire.
For more information about the features and limitations of the current
IAM Identity Center OIDC implementation, see Considerations for Using
this Guide in the IAM Identity Center OIDC API Reference.
assertion
Used only when calling this API for the JWT Bearer grant type. This
value specifies the JSON Web Token (JWT) issued by a trusted token
issuer. To authorize a trusted token issuer, configure the JWT Bearer
GrantOptions for the application.
scope
The list of scopes for which authorization is requested. The access
token that is issued is limited to the scopes that are granted. If the
value is not specified, IAM Identity Center authorizes all scopes
configured for the application, including the following default scopes:
openid, aws, sts:identity_context.
redirectUri
Used only when calling this API for the Authorization Code grant type.
This value specifies the location of the client or application that has
registered to receive the authorization code.
subjectToken
Used only when calling this API for the Token Exchange grant type. This
value specifies the subject of the exchange. The value of the subject
token must be an access token issued by IAM Identity Center to a
different client or application. The access token must have authorized
scopes that indicate the requested application as a target audience.
subjectTokenType
Used only when calling this API for the Token Exchange grant type. This
value specifies the type of token that is passed as the subject of the
exchange. The following value is supported:
Access Token - urn:ietf:params:oauth:token-type:access_token
requestedTokenType
Used only when calling this API for the Token Exchange grant type. This
value specifies the type of token that the requester can receive. The
following values are supported:
Access Token - urn:ietf:params:oauth:token-type:access_token
Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
paws.security.identity documentation built on May 29, 2024, 10:51 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
View source: R/ssooidc_operations.R
| ssooidc_create_token_with_iam | R Documentation |
Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities
Description
Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
See https://www.paws-r-sdk.com/docs/ssooidc_create_token_with_iam/ for full documentation.
Usage
ssooidc_create_token_with_iam(
clientId,
grantType,
code = NULL,
refreshToken = NULL,
assertion = NULL,
scope = NULL,
redirectUri = NULL,
subjectToken = NULL,
subjectTokenType = NULL,
requestedTokenType = NULL
)
Arguments
clientId |
[required] The unique identifier string for the client or application. This value is an application ARN that has OAuth grants configured. |
grantType |
[required] Supports the following OAuth grant types: Authorization Code, Refresh Token, JWT Bearer, and Token Exchange. Specify one of the following values, depending on the grant type that you want:
|
code |
Used only when calling this API for the Authorization Code grant type. This short-term code is used to identify this authorization request. The code is obtained through a redirect from IAM Identity Center to a redirect URI persisted in the Authorization Code GrantOptions for the application. |
refreshToken |
Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-term tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. |
assertion |
Used only when calling this API for the JWT Bearer grant type. This value specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the application. |
scope |
The list of scopes for which authorization is requested. The access
token that is issued is limited to the scopes that are granted. If the
value is not specified, IAM Identity Center authorizes all scopes
configured for the application, including the following default scopes:
|
redirectUri |
Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code. |
subjectToken |
Used only when calling this API for the Token Exchange grant type. This value specifies the subject of the exchange. The value of the subject token must be an access token issued by IAM Identity Center to a different client or application. The access token must have authorized scopes that indicate the requested application as a target audience. |
subjectTokenType |
Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that is passed as the subject of the exchange. The following value is supported:
|
requestedTokenType |
Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that the requester can receive. The following values are supported:
|
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.