Interface SsoClient

All Superinterfaces:

AutoCloseable, AwsClient, SdkAutoCloseable, SdkClient

@Generated("software.amazon.awssdk:codegen")
@ThreadSafe
public interface SsoClient
extends AwsClient

Service client for accessing SSO. This can be created using the static builder() method.

AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web service that makes it easy for you to assign user access to IAM Identity Center resources such as the AWS access portal. Users can get AWS account applications and roles assigned to them and get federated into the application.

Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.

This reference guide describes the IAM Identity Center Portal operations that you can call programatically and includes detailed information on data types and errors.

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SERVICE_METADATA_ID	Value for looking up the service's metadata from the ServiceMetadataProvider.
static final String	SERVICE_NAME

Method Summary

Modifier and Type	Method	Description
static SsoClientBuilder	builder()	Create a builder that can be used to configure and create a SsoClient.
static SsoClient	create()	Create a SsoClient with the region loaded from the DefaultAwsRegionProviderChain and credentials loaded from the DefaultCredentialsProvider.
default GetRoleCredentialsResponse	getRoleCredentials(Consumer<GetRoleCredentialsRequest.Builder> getRoleCredentialsRequest)	Returns the STS short-term credentials for a given role name that is assigned to the user.
default GetRoleCredentialsResponse	getRoleCredentials(GetRoleCredentialsRequest getRoleCredentialsRequest)	Returns the STS short-term credentials for a given role name that is assigned to the user.
default ListAccountRolesResponse	listAccountRoles(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest)	Lists all roles that are assigned to the user for a given AWS account.
default ListAccountRolesResponse	listAccountRoles(ListAccountRolesRequest listAccountRolesRequest)	Lists all roles that are assigned to the user for a given AWS account.
default ListAccountRolesIterable	listAccountRolesPaginator(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest)	This is a variant of listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest) operation.
default ListAccountRolesIterable	listAccountRolesPaginator(ListAccountRolesRequest listAccountRolesRequest)	This is a variant of listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest) operation.
default ListAccountsResponse	listAccounts(Consumer<ListAccountsRequest.Builder> listAccountsRequest)	Lists all AWS accounts assigned to the user.
default ListAccountsResponse	listAccounts(ListAccountsRequest listAccountsRequest)	Lists all AWS accounts assigned to the user.
default ListAccountsIterable	listAccountsPaginator(Consumer<ListAccountsRequest.Builder> listAccountsRequest)	This is a variant of listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest) operation.
default ListAccountsIterable	listAccountsPaginator(ListAccountsRequest listAccountsRequest)	This is a variant of listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest) operation.
default LogoutResponse	logout(Consumer<LogoutRequest.Builder> logoutRequest)	Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.
default LogoutResponse	logout(LogoutRequest logoutRequest)	Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.
default SsoServiceClientConfiguration	serviceClientConfiguration()	The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration
static ServiceMetadata	serviceMetadata()

Methods inherited from interface software.amazon.awssdk.utils.SdkAutoCloseable

close

Methods inherited from interface software.amazon.awssdk.core.SdkClient

serviceName

Field Details

SERVICE_NAME

static final String SERVICE_NAME

See Also:

• Constant Field Values

SERVICE_METADATA_ID

static final String SERVICE_METADATA_ID

Value for looking up the service's metadata from the ServiceMetadataProvider.

See Also:

• Constant Field Values

Method Details

getRoleCredentials

default GetRoleCredentialsResponse getRoleCredentials(GetRoleCredentialsRequest getRoleCredentialsRequest)
                                               throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

Returns the STS short-term credentials for a given role name that is assigned to the user.

Parameters:

getRoleCredentialsRequest -

Returns:

Result of the GetRoleCredentials operation returned by the service.

See Also:

• AWS API Documentation

getRoleCredentials

default GetRoleCredentialsResponse getRoleCredentials(Consumer<GetRoleCredentialsRequest.Builder> getRoleCredentialsRequest)
                                               throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

Returns the STS short-term credentials for a given role name that is assigned to the user.

This is a convenience which creates an instance of the GetRoleCredentialsRequest.Builder avoiding the need to create one manually via GetRoleCredentialsRequest.builder()

Parameters:

getRoleCredentialsRequest - A Consumer that will call methods on GetRoleCredentialsRequest.Builder to create a request.

Returns:

Result of the GetRoleCredentials operation returned by the service.

See Also:

• AWS API Documentation

listAccountRoles

default ListAccountRolesResponse listAccountRoles(ListAccountRolesRequest listAccountRolesRequest)
                                           throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

Lists all roles that are assigned to the user for a given AWS account.

Parameters:

listAccountRolesRequest -

Returns:

Result of the ListAccountRoles operation returned by the service.

See Also:

• AWS API Documentation

listAccountRoles

default ListAccountRolesResponse listAccountRoles(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest)
                                           throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

Lists all roles that are assigned to the user for a given AWS account.

This is a convenience which creates an instance of the ListAccountRolesRequest.Builder avoiding the need to create one manually via ListAccountRolesRequest.builder()

Parameters:

listAccountRolesRequest - A Consumer that will call methods on ListAccountRolesRequest.Builder to create a request.

Returns:

Result of the ListAccountRoles operation returned by the service.

See Also:

• AWS API Documentation

listAccountRolesPaginator

default ListAccountRolesIterable listAccountRolesPaginator(ListAccountRolesRequest listAccountRolesRequest)
                                                    throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

This is a variant of listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request);
     for (software.amazon.awssdk.services.sso.model.ListAccountRolesResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest) operation.

Parameters:

listAccountRolesRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listAccountRolesPaginator

default ListAccountRolesIterable listAccountRolesPaginator(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest)
                                                    throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

This is a variant of listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request);
     for (software.amazon.awssdk.services.sso.model.ListAccountRolesResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest) operation.

This is a convenience which creates an instance of the ListAccountRolesRequest.Builder avoiding the need to create one manually via ListAccountRolesRequest.builder()

Parameters:

listAccountRolesRequest - A Consumer that will call methods on ListAccountRolesRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listAccounts

default ListAccountsResponse listAccounts(ListAccountsRequest listAccountsRequest)
                                   throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access in the IAM Identity Center User Guide. This operation returns a paginated response.

Parameters:

listAccountsRequest -

Returns:

Result of the ListAccounts operation returned by the service.

See Also:

• AWS API Documentation

listAccounts

default ListAccountsResponse listAccounts(Consumer<ListAccountsRequest.Builder> listAccountsRequest)
                                   throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access in the IAM Identity Center User Guide. This operation returns a paginated response.

This is a convenience which creates an instance of the ListAccountsRequest.Builder avoiding the need to create one manually via ListAccountsRequest.builder()

Parameters:

listAccountsRequest - A Consumer that will call methods on ListAccountsRequest.Builder to create a request.

Returns:

Result of the ListAccounts operation returned by the service.

See Also:

• AWS API Documentation

listAccountsPaginator

default ListAccountsIterable listAccountsPaginator(ListAccountsRequest listAccountsRequest)
                                            throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

This is a variant of listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
     for (software.amazon.awssdk.services.sso.model.ListAccountsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest) operation.

Parameters:

listAccountsRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listAccountsPaginator

default ListAccountsIterable listAccountsPaginator(Consumer<ListAccountsRequest.Builder> listAccountsRequest)
                                            throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
SsoException

This is a variant of listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
     for (software.amazon.awssdk.services.sso.model.ListAccountsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest) operation.

This is a convenience which creates an instance of the ListAccountsRequest.Builder avoiding the need to create one manually via ListAccountsRequest.builder()

Parameters:

listAccountsRequest - A Consumer that will call methods on ListAccountsRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

logout

default LogoutResponse logout(LogoutRequest logoutRequest)
                       throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
AwsServiceException,
SdkClientException,
SsoException

Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.

If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the corresponding temporary AWS credentials are returned to the client.

After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the IAM Identity Center User Guide.

Parameters:

logoutRequest -

Returns:

Result of the Logout operation returned by the service.

See Also:

• AWS API Documentation

logout

default LogoutResponse logout(Consumer<LogoutRequest.Builder> logoutRequest)
                       throws InvalidRequestException,
UnauthorizedException,
TooManyRequestsException,
AwsServiceException,
SdkClientException,
SsoException

Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.

If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the corresponding temporary AWS credentials are returned to the client.

After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the IAM Identity Center User Guide.

This is a convenience which creates an instance of the LogoutRequest.Builder avoiding the need to create one manually via LogoutRequest.builder()

Parameters:

logoutRequest - A Consumer that will call methods on LogoutRequest.Builder to create a request.

Returns:

Result of the Logout operation returned by the service.

See Also:

• AWS API Documentation

create

static SsoClient create()

Create a SsoClient with the region loaded from the DefaultAwsRegionProviderChain and credentials loaded from the DefaultCredentialsProvider.

builder

static SsoClientBuilder builder()

Create a builder that can be used to configure and create a SsoClient.

serviceMetadata

static ServiceMetadata serviceMetadata()

serviceClientConfiguration

default SsoServiceClientConfiguration serviceClientConfiguration()

Description copied from interface: SdkClient

The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration

Specified by:

serviceClientConfiguration in interface AwsClient

Specified by:

serviceClientConfiguration in interface SdkClient

Returns:

SdkServiceClientConfiguration