Source file values.ml

(* generated by: awso-codegen generate-all --botocore-data vendor/botocore/botocore/data -o aws --runtime-dir lib/runtime/awso --cli-dir awso-cli *)
open Awso
open! Import
[@@@warning "-32"]
let service = Service.signin
let apiVersion = "2023-01-01"
let endpointPrefix = "signin"
let serviceFullName = "AWS Sign-In Service"
let signatureVersion = "v4"
let protocol = "rest_json"
let globalEndpoint = endpointPrefix ^ ".amazonaws.com"
let simple_to_json to_value x =
  Botodata.Json.value_to_json_scalar (to_value x)
let composed_to_json to_value x = Botodata.Json.value_to_json (to_value x)
let to_query to_value x = Client.Query.of_value (to_value x)
let structure_to_value_aux st ~f =
  let filter = function | (k, Some v) -> Some (k, v) | _ -> None in
  let pair k v = (k, v) in
  let defer_value (k, dv) = pair k dv in
  ((List.filter_map st ~f:filter) |> (List.map ~f:defer_value)) |>
    (fun x -> `Structure (f x))
let structure_to_value = structure_to_value_aux ~f:Fn.id
let structure_to_wrapped_value ~wrapper ~response =
  structure_to_value_aux
    ~f:(fun x -> [(wrapper, (`Structure x)); (response, (`Structure []))])
module String_ =
  struct
    type nonrec t = string
    let context_ = "String"
    let make i = i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"String" j
    let to_json = simple_to_json to_value
  end
module OAuth2ErrorCode =
  struct
    type nonrec t =
      | TOKEN_EXPIRED 
      | USER_CREDENTIALS_CHANGED 
      | INSUFFICIENT_PERMISSIONS 
      | AUTHCODE_EXPIRED 
      | Server_error 
      | INVALID_REQUEST 
      | Non_static_id of string 
    let make i = i
    let to_string =
      function
      | TOKEN_EXPIRED -> "TOKEN_EXPIRED"
      | USER_CREDENTIALS_CHANGED -> "USER_CREDENTIALS_CHANGED"
      | INSUFFICIENT_PERMISSIONS -> "INSUFFICIENT_PERMISSIONS"
      | AUTHCODE_EXPIRED -> "AUTHCODE_EXPIRED"
      | Server_error -> "server_error"
      | INVALID_REQUEST -> "INVALID_REQUEST"
      | Non_static_id s -> s
    let of_string =
      function
      | "TOKEN_EXPIRED" -> TOKEN_EXPIRED
      | "USER_CREDENTIALS_CHANGED" -> USER_CREDENTIALS_CHANGED
      | "INSUFFICIENT_PERMISSIONS" -> INSUFFICIENT_PERMISSIONS
      | "AUTHCODE_EXPIRED" -> AUTHCODE_EXPIRED
      | "server_error" -> Server_error
      | "INVALID_REQUEST" -> INVALID_REQUEST
      | x -> Non_static_id x
    let to_value x = `Enum (to_string x)
    let to_query v = to_query to_value v
    let to_header x = to_string x
    let of_xml xml_arg0 =
      of_string (string_of_xml ~kind:"enumeration OAuth2ErrorCode" xml_arg0)
    let of_json j = of_string (string_of_json ~kind:"OAuth2ErrorCode" j)
    let to_json = simple_to_json to_value
  end
module AccessToken =
  struct
    type nonrec t =
      {
      accessKeyId: String_.t option
        [@ocaml.doc "AWS access key ID for temporary credentials"];
      secretAccessKey: String_.t option
        [@ocaml.doc "AWS secret access key for temporary credentials"];
      sessionToken: String_.t option
        [@ocaml.doc "AWS session token for temporary credentials"]}
    let make ?accessKeyId =
      fun ?secretAccessKey ->
        fun ?sessionToken ->
          fun () -> { accessKeyId; secretAccessKey; sessionToken }
    let to_value x =
      structure_to_value
        [("accessKeyId", (Option.map x.accessKeyId ~f:String_.to_value));
        ("secretAccessKey",
          (Option.map x.secretAccessKey ~f:String_.to_value));
        ("sessionToken", (Option.map x.sessionToken ~f:String_.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let sessionToken =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "sessionToken") in
      let secretAccessKey =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "secretAccessKey") in
      let accessKeyId =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "accessKeyId") in
      make ?sessionToken ?secretAccessKey ?accessKeyId ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let sessionToken = field_map json__ "sessionToken" String_.of_json in
      let secretAccessKey =
        field_map json__ "secretAccessKey" String_.of_json in
      let accessKeyId = field_map json__ "accessKeyId" String_.of_json in
      make ?sessionToken ?secretAccessKey ?accessKeyId ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "AWS credentials structure containing temporary access credentials The scoped-down, 15 minute duration AWS credentials. Scoping down will be based on CLI policy (CLI team needs to create it). Similar to cloud shell implementation."]
module ExpiresIn =
  struct
    type nonrec t = int[@@ocaml.doc
                         "Time to expiry in seconds The time to expiry in seconds, for these purposes will be at most 900 (15 minutes)."]
    let make i =
      let open Result in
        ok_or_failwith
          ((check_int_max i ~max:900) >>= (fun () -> check_int_min i ~min:1));
        i
    let of_string = Int.of_string
    let to_value x = `Integer x
    let to_query v = to_query to_value v
    let to_header x = Int.to_string x
    let of_xml xml_arg0 =
      Int.of_string (string_of_xml ~kind:"an integer for ExpiresIn" xml_arg0)
    let of_json j = Int.of_float (float_of_json ~kind:"an integer" j)
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "Time to expiry in seconds The time to expiry in seconds, for these purposes will be at most 900 (15 minutes)."]
module IdToken =
  struct
    type nonrec t = string[@@ocaml.doc
                            "ID token containing user identity information Encoded JWT token containing user identity claims and authentication context. Returned only in authorization code redemption responses (grant_type=authorization_code). Contains user identity information such as ARN and other identity claims."]
    let context_ = "IdToken"
    let make i =
      let open Result in
        ok_or_failwith
          ((check_string_max i ~max:4096) >>=
             (fun () -> check_string_min i ~min:1));
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"IdToken" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "ID token containing user identity information Encoded JWT token containing user identity claims and authentication context. Returned only in authorization code redemption responses (grant_type=authorization_code). Contains user identity information such as ARN and other identity claims."]
module RefreshToken =
  struct
    type nonrec t = string[@@ocaml.doc
                            "Encrypted refresh token with cnf.jkt This is the encrypted refresh token returned from auth code redemption. The token content includes cnf.jkt (SHA-256 thumbprint of the presented jwk). Used in subsequent token refresh requests."]
    let context_ = "RefreshToken"
    let make i =
      let open Result in
        ok_or_failwith
          ((check_string_max i ~max:2048) >>=
             (fun () -> check_string_min i ~min:1));
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"RefreshToken" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "Encrypted refresh token with cnf.jkt This is the encrypted refresh token returned from auth code redemption. The token content includes cnf.jkt (SHA-256 thumbprint of the presented jwk). Used in subsequent token refresh requests."]
module TokenType =
  struct
    type nonrec t = string[@@ocaml.doc
                            "Token type parameter indicating credential usage A parameter which indicates to the client how the token must be used. Value is \"aws_sigv4\" (instead of typical \"Bearer\" for other OAuth systems) to indicate that the client must de-serialize the token and use it to generate a signature."]
    let context_ = "TokenType"
    let make i =
      let open Result in
        ok_or_failwith (check_pattern i ~pattern:"aws_sigv4"); i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"TokenType" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "Token type parameter indicating credential usage A parameter which indicates to the client how the token must be used. Value is \"aws_sigv4\" (instead of typical \"Bearer\" for other OAuth systems) to indicate that the client must de-serialize the token and use it to generate a signature."]
module AuthorizationCode =
  struct
    type nonrec t = string[@@ocaml.doc
                            "Authorization code received from AWS Sign-In /v1/authorize endpoint The authorization code received from AWS Sign-In from /v1/authorize. Used in auth code redemption flow only."]
    let context_ = "AuthorizationCode"
    let make i =
      let open Result in
        ok_or_failwith
          ((check_string_max i ~max:512) >>=
             (fun () -> check_string_min i ~min:1));
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"AuthorizationCode" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "Authorization code received from AWS Sign-In /v1/authorize endpoint The authorization code received from AWS Sign-In from /v1/authorize. Used in auth code redemption flow only."]
module ClientId =
  struct
    type nonrec t = string[@@ocaml.doc
                            "Client identifier pattern for AWS Sign-In devtools clients The ARN used by client as part of Sign-In onboarding. Expected values: arn:aws:signin:::devtools/cross-device (for cross-device devtools login) arn:aws:signin:::devtools/same-device (for same-device devtools login) This will be finalized after consulting with UX as this is visible to end customer."]
    let context_ = "ClientId"
    let make i =
      let open Result in
        ok_or_failwith
          (check_pattern i
             ~pattern:"arn:aws:signin:::devtools/(cross-device|same-device)");
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"ClientId" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "Client identifier pattern for AWS Sign-In devtools clients The ARN used by client as part of Sign-In onboarding. Expected values: arn:aws:signin:::devtools/cross-device (for cross-device devtools login) arn:aws:signin:::devtools/same-device (for same-device devtools login) This will be finalized after consulting with UX as this is visible to end customer."]
module CodeVerifier =
  struct
    type nonrec t = string[@@ocaml.doc
                            "PKCE code verifier for OAuth 2.0 security PKCE code verifier to prove possession of the original code challenge. Used to prevent authorization code interception attacks in public clients. Must be 43-128 characters using unreserved characters \\[A-Z\\] / \\[a-z\\] / \\[0-9\\] / \"-\" / \".\" / \"_\" / \"~\""]
    let context_ = "CodeVerifier"
    let make i =
      let open Result in
        ok_or_failwith
          ((check_string_min i ~min:43) >>=
             (fun () ->
                (check_string_max i ~max:128) >>=
                  (fun () -> check_pattern i ~pattern:"[A-Za-z0-9\\-._~]+")));
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"CodeVerifier" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "PKCE code verifier for OAuth 2.0 security PKCE code verifier to prove possession of the original code challenge. Used to prevent authorization code interception attacks in public clients. Must be 43-128 characters using unreserved characters \\[A-Z\\] / \\[a-z\\] / \\[0-9\\] / \"-\" / \".\" / \"_\" / \"~\""]
module GrantType =
  struct
    type nonrec t = string[@@ocaml.doc
                            "OAuth 2.0 grant type parameter For auth code redemption: Must be \"authorization_code\" For token refresh: Must be \"refresh_token\" Based on client_id & grant_type, authn/authz is skipped for CLI endpoints."]
    let context_ = "GrantType"
    let make i =
      let open Result in
        ok_or_failwith
          (check_pattern i ~pattern:"(authorization_code|refresh_token)");
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"GrantType" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "OAuth 2.0 grant type parameter For auth code redemption: Must be \"authorization_code\" For token refresh: Must be \"refresh_token\" Based on client_id & grant_type, authn/authz is skipped for CLI endpoints."]
module RedirectUri =
  struct
    type nonrec t = string[@@ocaml.doc
                            "Redirect URI for OAuth 2.0 flow validation The same redirect URI used in the authorization request. This must match exactly what was sent in the original authorization request for security validation."]
    let context_ = "RedirectUri"
    let make i =
      let open Result in
        ok_or_failwith
          ((check_string_max i ~max:2048) >>=
             (fun () -> check_string_min i ~min:1));
        i
    let of_string x = x
    let to_value x = `String x
    let to_query v = to_query to_value v
    let to_header x = x
    let of_xml = Xml.string_data_exn ~context:context_
    let of_json j = string_of_json ~kind:"RedirectUri" j
    let to_json = simple_to_json to_value
  end[@@ocaml.doc
       "Redirect URI for OAuth 2.0 flow validation The same redirect URI used in the authorization request. This must match exactly what was sent in the original authorization request for security validation."]
module AccessDeniedException =
  struct
    type nonrec t =
      {
      error: OAuth2ErrorCode.t option
        [@ocaml.doc
          "OAuth 2.0 error code indicating the specific type of access denial Can be TOKEN_EXPIRED, AUTHCODE_EXPIRED, USER_CREDENTIALS_CHANGED, or INSUFFICIENT_PERMISSIONS"];
      message: String_.t option
        [@ocaml.doc
          "Detailed message explaining the access denial Provides specific information about why access was denied"]}
    let make ?error = fun ?message -> fun () -> { error; message }
    let to_value x =
      structure_to_value
        [("error", (Option.map x.error ~f:OAuth2ErrorCode.to_value));
        ("message", (Option.map x.message ~f:String_.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let message =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "message") in
      let error =
        (Option.map ~f:OAuth2ErrorCode.of_xml) (Xml.child xml_arg0 "error") in
      make ?message ?error ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let message = field_map json__ "message" String_.of_json in
      let error = field_map json__ "error" OAuth2ErrorCode.of_json in
      make ?message ?error ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Error thrown for access denied scenarios with flexible HTTP status mapping Runtime HTTP Status Code Mapping: HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS The specific HTTP status code is determined at runtime based on the error enum value. Consumers should use the error field to determine the specific access denial reason."]
module CreateOAuth2TokenResponseBody =
  struct
    type nonrec t =
      {
      accessToken: AccessToken.t option
        [@ocaml.doc
          "Scoped-down AWS credentials (15 minute duration) Present for both authorization code redemption and token refresh"];
      tokenType: TokenType.t option
        [@ocaml.doc
          "Token type indicating this is AWS SigV4 credentials Value is \"aws_sigv4\" for both flows"];
      expiresIn: ExpiresIn.t option
        [@ocaml.doc
          "Time to expiry in seconds (maximum 900) Present for both authorization code redemption and token refresh"];
      refreshToken: RefreshToken.t option
        [@ocaml.doc
          "Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of presented jwk) Always present in responses (required for both flows)"];
      idToken: IdToken.t option
        [@ocaml.doc
          "ID token containing user identity information Present only in authorization code redemption response (grant_type=authorization_code) Not included in token refresh responses"]}
    let make ?accessToken =
      fun ?tokenType ->
        fun ?expiresIn ->
          fun ?refreshToken ->
            fun ?idToken ->
              fun () ->
                { accessToken; tokenType; expiresIn; refreshToken; idToken }
    let to_value x =
      structure_to_value
        [("accessToken", (Option.map x.accessToken ~f:AccessToken.to_value));
        ("tokenType", (Option.map x.tokenType ~f:TokenType.to_value));
        ("expiresIn", (Option.map x.expiresIn ~f:ExpiresIn.to_value));
        ("refreshToken",
          (Option.map x.refreshToken ~f:RefreshToken.to_value));
        ("idToken", (Option.map x.idToken ~f:IdToken.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let idToken =
        (Option.map ~f:IdToken.of_xml) (Xml.child xml_arg0 "idToken") in
      let refreshToken =
        (Option.map ~f:RefreshToken.of_xml)
          (Xml.child xml_arg0 "refreshToken") in
      let expiresIn =
        (Option.map ~f:ExpiresIn.of_xml) (Xml.child xml_arg0 "expiresIn") in
      let tokenType =
        (Option.map ~f:TokenType.of_xml) (Xml.child xml_arg0 "tokenType") in
      let accessToken =
        (Option.map ~f:AccessToken.of_xml) (Xml.child xml_arg0 "accessToken") in
      make ?idToken ?refreshToken ?expiresIn ?tokenType ?accessToken ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let idToken = field_map json__ "idToken" IdToken.of_json in
      let refreshToken = field_map json__ "refreshToken" RefreshToken.of_json in
      let expiresIn = field_map json__ "expiresIn" ExpiresIn.of_json in
      let tokenType = field_map json__ "tokenType" TokenType.of_json in
      let accessToken = field_map json__ "accessToken" AccessToken.of_json in
      make ?idToken ?refreshToken ?expiresIn ?tokenType ?accessToken ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Response body payload for CreateOAuth2Token operation The response content depends on the grant_type from the request: grant_type=authorization_code: Returns all fields including refresh_token and id_token grant_type=refresh_token: Returns access_token, token_type, expires_in, refresh_token (no id_token)"]
module InternalServerException =
  struct
    type nonrec t =
      {
      error: OAuth2ErrorCode.t option
        [@ocaml.doc
          "OAuth 2.0 error code indicating server error Will be SERVER_ERROR for internal server errors"];
      message: String_.t option
        [@ocaml.doc
          "Detailed message explaining the server error May include error details for debugging purposes"]}
    let make ?error = fun ?message -> fun () -> { error; message }
    let to_value x =
      structure_to_value
        [("error", (Option.map x.error ~f:OAuth2ErrorCode.to_value));
        ("message", (Option.map x.message ~f:String_.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let message =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "message") in
      let error =
        (Option.map ~f:OAuth2ErrorCode.of_xml) (Xml.child xml_arg0 "error") in
      make ?message ?error ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let message = field_map json__ "message" String_.of_json in
      let error = field_map json__ "error" OAuth2ErrorCode.of_json in
      make ?message ?error ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Error thrown when an internal server error occurs HTTP Status Code: 500 Internal Server Error Used for unexpected server-side errors that prevent request processing."]
module TooManyRequestsError =
  struct
    type nonrec t =
      {
      error: OAuth2ErrorCode.t option
        [@ocaml.doc
          "OAuth 2.0 error code indicating the specific type of error Will be INVALID_REQUEST for rate limiting scenarios"];
      message: String_.t option
        [@ocaml.doc
          "Detailed message about the rate limiting May include retry-after information or rate limit details"]}
    let make ?error = fun ?message -> fun () -> { error; message }
    let to_value x =
      structure_to_value
        [("error", (Option.map x.error ~f:OAuth2ErrorCode.to_value));
        ("message", (Option.map x.message ~f:String_.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let message =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "message") in
      let error =
        (Option.map ~f:OAuth2ErrorCode.of_xml) (Xml.child xml_arg0 "error") in
      make ?message ?error ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let message = field_map json__ "message" String_.of_json in
      let error = field_map json__ "error" OAuth2ErrorCode.of_json in
      make ?message ?error ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Error thrown when rate limit is exceeded HTTP Status Code: 429 Too Many Requests Possible OAuth2ErrorCode values: INVALID_REQUEST: Rate limiting, too many requests, abuse prevention Possible causes: Too many token requests from the same client Rate limiting based on client_id or IP address Abuse prevention mechanisms triggered Service protection against excessive token generation"]
module ValidationException =
  struct
    type nonrec t =
      {
      error: OAuth2ErrorCode.t option
        [@ocaml.doc
          "OAuth 2.0 error code indicating validation failure Will be INVALID_REQUEST for validation errors"];
      message: String_.t option
        [@ocaml.doc
          "Detailed message explaining the validation failure Provides specific information about which validation failed"]}
    let make ?error = fun ?message -> fun () -> { error; message }
    let to_value x =
      structure_to_value
        [("error", (Option.map x.error ~f:OAuth2ErrorCode.to_value));
        ("message", (Option.map x.message ~f:String_.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let message =
        (Option.map ~f:String_.of_xml) (Xml.child xml_arg0 "message") in
      let error =
        (Option.map ~f:OAuth2ErrorCode.of_xml) (Xml.child xml_arg0 "error") in
      make ?message ?error ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let message = field_map json__ "message" String_.of_json in
      let error = field_map json__ "error" OAuth2ErrorCode.of_json in
      make ?message ?error ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Error thrown when request validation fails HTTP Status Code: 400 Bad Request Used for request validation errors such as malformed parameters, missing required fields, or invalid parameter values."]
module CreateOAuth2TokenRequestBody =
  struct
    type nonrec t =
      {
      clientId: ClientId.t
        [@ocaml.doc
          "The client identifier (ARN) used during Sign-In onboarding Required for both authorization code and refresh token flows"];
      grantType: GrantType.t
        [@ocaml.doc
          "OAuth 2.0 grant type - determines which flow is used Must be \"authorization_code\" or \"refresh_token\""];
      code: AuthorizationCode.t option
        [@ocaml.doc
          "The authorization code received from /v1/authorize Required only when grant_type=authorization_code"];
      redirectUri: RedirectUri.t option
        [@ocaml.doc
          "The redirect URI that must match the original authorization request Required only when grant_type=authorization_code"];
      codeVerifier: CodeVerifier.t option
        [@ocaml.doc
          "PKCE code verifier to prove possession of the original code challenge Required only when grant_type=authorization_code"];
      refreshToken: RefreshToken.t option
        [@ocaml.doc
          "The refresh token returned from auth_code redemption Required only when grant_type=refresh_token"]}
    let context_ = "CreateOAuth2TokenRequestBody"
    let make ?code =
      fun ?redirectUri ->
        fun ?codeVerifier ->
          fun ?refreshToken ->
            fun ~clientId ->
              fun ~grantType ->
                fun () ->
                  {
                    code;
                    redirectUri;
                    codeVerifier;
                    refreshToken;
                    clientId;
                    grantType
                  }
    let to_value x =
      structure_to_value
        [("clientId", (Some (ClientId.to_value x.clientId)));
        ("grantType", (Some (GrantType.to_value x.grantType)));
        ("code", (Option.map x.code ~f:AuthorizationCode.to_value));
        ("redirectUri", (Option.map x.redirectUri ~f:RedirectUri.to_value));
        ("codeVerifier",
          (Option.map x.codeVerifier ~f:CodeVerifier.to_value));
        ("refreshToken",
          (Option.map x.refreshToken ~f:RefreshToken.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let refreshToken =
        (Option.map ~f:RefreshToken.of_xml)
          (Xml.child xml_arg0 "refreshToken") in
      let codeVerifier =
        (Option.map ~f:CodeVerifier.of_xml)
          (Xml.child xml_arg0 "codeVerifier") in
      let redirectUri =
        (Option.map ~f:RedirectUri.of_xml) (Xml.child xml_arg0 "redirectUri") in
      let code =
        (Option.map ~f:AuthorizationCode.of_xml) (Xml.child xml_arg0 "code") in
      let grantType =
        GrantType.of_xml
          (Xml.child_exn ~context:context_ xml_arg0 "grantType") in
      let clientId =
        ClientId.of_xml (Xml.child_exn ~context:context_ xml_arg0 "clientId") in
      make ?refreshToken ?codeVerifier ?redirectUri ?code ~grantType
        ~clientId ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let refreshToken = field_map json__ "refreshToken" RefreshToken.of_json in
      let codeVerifier = field_map json__ "codeVerifier" CodeVerifier.of_json in
      let redirectUri = field_map json__ "redirectUri" RedirectUri.of_json in
      let code = field_map json__ "code" AuthorizationCode.of_json in
      let grantType = field_map_exn json__ "grantType" GrantType.of_json in
      let clientId = field_map_exn json__ "clientId" ClientId.of_json in
      make ?refreshToken ?codeVerifier ?redirectUri ?code ~grantType
        ~clientId ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Request body payload for CreateOAuth2Token operation The operation type is determined by the grant_type parameter: grant_type=authorization_code: Requires code, redirect_uri, code_verifier grant_type=refresh_token: Requires refresh_token"]
module CreateOAuth2TokenResponse =
  struct
    type nonrec t =
      {
      tokenOutput: CreateOAuth2TokenResponseBody.t option
        [@ocaml.doc
          "Flattened token operation outputs The specific response fields depend on the grant_type used in the request"]}
    type nonrec error =
      [ `AccessDeniedException of AccessDeniedException.t 
      | `InternalServerException of InternalServerException.t 
      | `TooManyRequestsError of TooManyRequestsError.t 
      | `ValidationException of ValidationException.t 
      | `Unknown_operation_error of (string * string option) ]
    let make ?tokenOutput = fun () -> { tokenOutput }
    let error_of_json name json =
      match name with
      | "AccessDeniedException" ->
          `AccessDeniedException (AccessDeniedException.of_json json)
      | "InternalServerException" ->
          `InternalServerException (InternalServerException.of_json json)
      | "TooManyRequestsError" ->
          `TooManyRequestsError (TooManyRequestsError.of_json json)
      | "ValidationException" ->
          `ValidationException (ValidationException.of_json json)
      | name ->
          `Unknown_operation_error
            (name, (Some (Yojson.Safe.to_string json)))
    let error_of_xml name xml =
      match name with
      | "AccessDeniedException" ->
          `AccessDeniedException (AccessDeniedException.of_xml xml)
      | "InternalServerException" ->
          `InternalServerException (InternalServerException.of_xml xml)
      | "TooManyRequestsError" ->
          `TooManyRequestsError (TooManyRequestsError.of_xml xml)
      | "ValidationException" ->
          `ValidationException (ValidationException.of_xml xml)
      | name ->
          `Unknown_operation_error (name, (Some (Awso.Xml.to_string xml)))
    let error_to_json : error -> Yojson.Safe.t =
      function
      | `AccessDeniedException e ->
          `Assoc
            [("error", (`String "AccessDeniedException"));
            ("details", (AccessDeniedException.to_json e))]
      | `InternalServerException e ->
          `Assoc
            [("error", (`String "InternalServerException"));
            ("details", (InternalServerException.to_json e))]
      | `TooManyRequestsError e ->
          `Assoc
            [("error", (`String "TooManyRequestsError"));
            ("details", (TooManyRequestsError.to_json e))]
      | `ValidationException e ->
          `Assoc
            [("error", (`String "ValidationException"));
            ("details", (ValidationException.to_json e))]
      | `Unknown_operation_error (code, msg) ->
          `Assoc (("error", (`String code)) ::
            ((match msg with
              | None -> []
              | Some m -> [("message", (`String m))])))
    let of_header_and_body =
      ((fun (xs, pipe) -> make ?tokenOutput:(Some pipe) ())[@warning "-27"])
    let to_value x =
      structure_to_value
        [("tokenOutput",
           (Option.map x.tokenOutput
              ~f:CreateOAuth2TokenResponseBody.to_value))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let tokenOutput =
        (Option.map ~f:CreateOAuth2TokenResponseBody.of_xml)
          (Xml.child xml_arg0 "tokenOutput") in
      make ?tokenOutput ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let tokenOutput =
        field_map json__ "tokenOutput" CreateOAuth2TokenResponseBody.of_json in
      make ?tokenOutput ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Output structure for CreateOAuth2Token operation Contains flattened token operation outputs for both authorization code and refresh token flows. The response content depends on the grant_type from the original request."]
module CreateOAuth2TokenRequest =
  struct
    type nonrec t =
      {
      tokenInput: CreateOAuth2TokenRequestBody.t
        [@ocaml.doc
          "Flattened token operation inputs The specific operation is determined by grant_type in the request body"]}
    let context_ = "CreateOAuth2TokenRequest"
    let make ~tokenInput = fun () -> { tokenInput }
    let of_header_and_body = ((fun (xs, pipe) -> make ~tokenInput:pipe ())
      [@warning "-27"])
    let to_value x =
      structure_to_value
        [("tokenInput",
           (Some (CreateOAuth2TokenRequestBody.to_value x.tokenInput)))]
    let to_query v = to_query to_value v
    let of_xml xml_arg0 =
      let tokenInput =
        CreateOAuth2TokenRequestBody.of_xml
          (Xml.child_exn ~context:context_ xml_arg0 "tokenInput") in
      make ~tokenInput ()
    let of_string s = of_xml (Awso.Xml.parse_response s)[@@warning "-32"]
    let of_json json__ =
      let tokenInput =
        field_map_exn json__ "tokenInput"
          CreateOAuth2TokenRequestBody.of_json in
      make ~tokenInput ()
    let to_json v = composed_to_json to_value v
  end[@@ocaml.doc
       "Input structure for CreateOAuth2Token operation Contains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body."]