Crate aws_sdk_ssooidc

source · []
Expand description

Amazon Web Services Single Sign On OpenID Connect (OIDC) is a web service that enables a client (such as Amazon Web Services CLI or a native application) to register with Amazon Web Services SSO. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with Amazon Web Services SSO.

Although Amazon Web Services Single Sign-On was renamed, the sso and identitystore API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see Amazon Web Services SSO rename.

Considerations for Using This Guide

Before you begin using this guide, we recommend that you first review the following important information about how the Amazon Web Services SSO OIDC service works.

  • The Amazon Web Services SSO OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628) that are necessary to enable single sign-on authentication with the AWS CLI. Support for other OIDC flows frequently needed for native applications, such as Authorization Code Flow (+ PKCE), will be addressed in future releases.

  • The service emits only OIDC access tokens, such that obtaining a new token (For example, token refresh) requires explicit user re-authentication.

  • The access tokens provided by this service grant access to all AWS account entitlements assigned to an Amazon Web Services SSO user, not just a particular application.

  • The documentation in this guide does not describe the mechanism to convert the access token into AWS Auth (“sigv4”) credentials for use with IAM-protected AWS service endpoints. For more information, see GetRoleCredentials in the Amazon Web Services SSO Portal API Reference Guide.

For general information about Amazon Web Services SSO, see What is Amazon Web Services SSO? in the Amazon Web Services SSO User Guide.

Crate Organization

The entry point for most customers will be Client. Client exposes one method for each API offered by the service.

Some APIs require complex or nested arguments. These exist in model.

Lastly, errors that can be returned by the service are contained within error. Error defines a meta error encompassing all possible errors that can be returned by the service.

The other modules within this crate are not required for normal usage.

Modules

client
Client and fluent builders for calling the service.
config
Configuration for the service.
customizable_operation
Wrap operations in a special type allowing for the modification of operations and the requests inside before sending them
error
Errors that can occur when calling the service.
input
Input structures for operations.
middleware
Base Middleware Stack
operation
All operations that this crate can perform.
output
Output structures for operations.
types
Re-exported types from supporting crates.

Structs

AppName
App name that can be configured with an AWS SDK client to become part of the user agent string.
Client
Client for AWS SSO OIDC
Config
Service config.
Credentials
AWS SDK Credentials
Endpoint
API Endpoint
Region
The region to send requests to.
RetryConfig
Retry configuration for requests.
TimeoutConfig
Top-level configuration for timeouts

Enums

Error
All possible error types for this service.

Statics

PKG_VERSION
Crate version number.

Traits

AsyncSleep
Async trait with a sleep function.