Interface SigninClient

All Superinterfaces:
AutoCloseable, AwsClient, SdkAutoCloseable, SdkClient
@Generated("software.amazon.awssdk:codegen") @SdkPublicApi @ThreadSafe public interface SigninClient extends AwsClient
Service client for accessing AWS Sign-In Service. This can be created using the static builder() method.

AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools.

  • Field Details

  • Method Details

    • createOAuth2Token

      default CreateOAuth2TokenResponse createOAuth2Token(CreateOAuth2TokenRequest createOAuth2TokenRequest) throws TooManyRequestsErrorException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException

      CreateOAuth2Token API

      Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded

      This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:

      1. Authorization code redemption (grant_type=authorization_code) - NOT idempotent
      2. Token refresh (grant_type=refresh_token) - Idempotent within token validity window

      The operation behavior is determined by the grant_type parameter in the request body:

      Authorization Code Flow (NOT Idempotent):

      • JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
      • Returns access_token, token_type, expires_in, refresh_token, and id_token
      • Each authorization code can only be used ONCE for security (prevents replay attacks)

      Token Refresh Flow (Idempotent):

      • JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
      • Returns access_token, token_type, expires_in, and refresh_token (no id_token)
      • Multiple calls with same refresh_token return consistent results within validity window

      Authentication and authorization:

      • Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
      • CLI clients (public): authn/authz skipped based on client_id & grant_type

      Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.

      Parameters:
      createOAuth2TokenRequest - Input structure for CreateOAuth2Token operation

      Contains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body.

      Returns:
      Result of the CreateOAuth2Token operation returned by the service.
      See Also:

    • createOAuth2Token

      default CreateOAuth2TokenResponse createOAuth2Token(Consumer<CreateOAuth2TokenRequest.Builder> createOAuth2TokenRequest) throws TooManyRequestsErrorException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException

      CreateOAuth2Token API

      Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded

      This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:

      1. Authorization code redemption (grant_type=authorization_code) - NOT idempotent
      2. Token refresh (grant_type=refresh_token) - Idempotent within token validity window

      The operation behavior is determined by the grant_type parameter in the request body:

      Authorization Code Flow (NOT Idempotent):

      • JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
      • Returns access_token, token_type, expires_in, refresh_token, and id_token
      • Each authorization code can only be used ONCE for security (prevents replay attacks)

      Token Refresh Flow (Idempotent):

      • JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
      • Returns access_token, token_type, expires_in, and refresh_token (no id_token)
      • Multiple calls with same refresh_token return consistent results within validity window

      Authentication and authorization:

      • Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
      • CLI clients (public): authn/authz skipped based on client_id & grant_type

      Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.


      This is a convenience which creates an instance of the CreateOAuth2TokenRequest.Builder avoiding the need to create one manually via CreateOAuth2TokenRequest.builder()

      Parameters:
      createOAuth2TokenRequest - A Consumer that will call methods on CreateOAuth2TokenRequest.Builder to create a request. Input structure for CreateOAuth2Token operation

      Contains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body.

      Returns:
      Result of the CreateOAuth2Token operation returned by the service.
      See Also:

    • create

      static SigninClient create()
      Create a SigninClient with the region loaded from the DefaultAwsRegionProviderChain and credentials loaded from the DefaultCredentialsProvider.

    • builder

      static SigninClientBuilder builder()
      Create a builder that can be used to configure and create a SigninClient.

    • serviceMetadata

      static ServiceMetadata serviceMetadata()

    • serviceClientConfiguration

      default SigninServiceClientConfiguration serviceClientConfiguration()
      Description copied from interface: SdkClient
      The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration
      Specified by:
      serviceClientConfiguration in interface AwsClient
      Specified by:
      serviceClientConfiguration in interface SdkClient
      Returns:
      SdkServiceClientConfiguration