Module Values.CreateTokenWithIAMResponseSource

Creates and returns access and refresh tokens for authorized client applications that are authenticated using any IAM entity, such as a service role or user. These tokens might contain defined scopes that specify permissions such as read:profile or write:data. Through downscoping, you can use the scopes parameter to request tokens with reduced permissions compared to the original client application's permissions or, if applicable, the refresh token's scopes. The access token can be used to fetch short-lived credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication. This API is used with Signature Version 4. For more information, see Amazon Web Services Signature Version 4 for API Requests.

Sourcetype nonrec t = {
  1. accessToken : AccessToken.t option;
    (*

    A bearer token to access Amazon Web Services accounts and applications assigned to a user.

    *)
  2. tokenType : TokenType.t option;
    (*

    Used to notify the requester that the returned token is an access token. The supported token type is Bearer.

    *)
  3. expiresIn : ExpirationInSeconds.t option;
    (*

    Indicates the time in seconds when an access token will expire.

    *)
  4. refreshToken : RefreshToken.t option;
    (*

    A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.

    *)
  5. idToken : IdToken.t option;
    (*

    A JSON Web Token (JWT) that identifies the user associated with the issued access token.

    *)
  6. issuedTokenType : TokenTypeURI.t option;
    (*

    Indicates the type of tokens that are issued by IAM Identity Center. The following values are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token

    *)
  7. scope : Scopes.t option;
    (*

    The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.

    *)
  8. awsAdditionalDetails : AwsAdditionalDetails.t option;
    (*

    A structure containing information from IAM Identity Center managed user and group information.

    *)
}
Sourcetype nonrec error = [
  1. | `AccessDeniedException of AccessDeniedException.t
  2. | `AuthorizationPendingException of AuthorizationPendingException.t
  3. | `ExpiredTokenException of ExpiredTokenException.t
  4. | `InternalServerException of InternalServerException.t
  5. | `InvalidClientException of InvalidClientException.t
  6. | `InvalidGrantException of InvalidGrantException.t
  7. | `InvalidRequestException of InvalidRequestException.t
  8. | `InvalidRequestRegionException of InvalidRequestRegionException.t
  9. | `InvalidScopeException of InvalidScopeException.t
  10. | `SlowDownException of SlowDownException.t
  11. | `UnauthorizedClientException of UnauthorizedClientException.t
  12. | `UnsupportedGrantTypeException of UnsupportedGrantTypeException.t
  13. | `Unknown_operation_error of string * string option
]
Sourceval make : ?accessToken:??? -> ?tokenType:??? -> ?expiresIn:??? -> ?refreshToken:??? -> ?idToken:??? -> ?issuedTokenType:??? -> ?scope:??? -> ?awsAdditionalDetails:??? -> unit -> t
Sourceval error_of_json : string -> Yojson.Safe.t -> [> `AccessDeniedException of AccessDeniedException.t | `AuthorizationPendingException of AuthorizationPendingException.t | `ExpiredTokenException of ExpiredTokenException.t | `InternalServerException of InternalServerException.t | `InvalidClientException of InvalidClientException.t | `InvalidGrantException of InvalidGrantException.t | `InvalidRequestException of InvalidRequestException.t | `InvalidRequestRegionException of InvalidRequestRegionException.t | `InvalidScopeException of InvalidScopeException.t | `SlowDownException of SlowDownException.t | `UnauthorizedClientException of UnauthorizedClientException.t | `Unknown_operation_error of string * string option | `UnsupportedGrantTypeException of UnsupportedGrantTypeException.t ]
Sourceval error_of_xml : string -> Awso.Xml.t -> [> `AccessDeniedException of AccessDeniedException.t | `AuthorizationPendingException of AuthorizationPendingException.t | `ExpiredTokenException of ExpiredTokenException.t | `InternalServerException of InternalServerException.t | `InvalidClientException of InvalidClientException.t | `InvalidGrantException of InvalidGrantException.t | `InvalidRequestException of InvalidRequestException.t | `InvalidRequestRegionException of InvalidRequestRegionException.t | `InvalidScopeException of InvalidScopeException.t | `SlowDownException of SlowDownException.t | `UnauthorizedClientException of UnauthorizedClientException.t | `Unknown_operation_error of string * string option | `UnsupportedGrantTypeException of UnsupportedGrantTypeException.t ]
Sourceval error_to_json : error -> Yojson.Safe.t
Sourceval to_value : t -> [> `Structure of (string * [> `Integer of ExpirationInSeconds.t | `List of [> `String of Scope.t ] list | `String of AccessToken.t | `Structure of (string * [> `String of IdentityContext.t ]) list ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t