@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api AWS SSO OIDC
@version 2019-06-10
@auth AWS SigV4
@endpoints 4
@toc token(1), token?aws_iam=t(1), client(1), device_authorization(1)

@group token
@endpoint POST /token
@required {clientId: str, clientSecret: str, grantType: str}
@optional {deviceCode: str, code: str, refreshToken: str, scope: [str], redirectUri: str, codeVerifier: str}
@returns(200) {accessToken: str?, tokenType: str?, expiresIn: int?, refreshToken: str?, idToken: str?}

@endgroup

@group token?aws_iam=t
@endpoint POST /token?aws_iam=t
@required {clientId: str, grantType: str}
@optional {code: str, refreshToken: str, assertion: str, scope: [str], redirectUri: str, subjectToken: str, subjectTokenType: str, requestedTokenType: str, codeVerifier: str}
@returns(200) {accessToken: str?, tokenType: str?, expiresIn: int?, refreshToken: str?, idToken: str?, issuedTokenType: str?, scope: [str]?}

@endgroup

@group client
@endpoint POST /client/register
@required {clientName: str, clientType: str}
@optional {scopes: [str], redirectUris: [str], grantTypes: [str], issuerUrl: str, entitledApplicationArn: str}
@returns(200) {clientId: str?, clientSecret: str?, clientIdIssuedAt: int(i64)?, clientSecretExpiresAt: int(i64)?, authorizationEndpoint: str?, tokenEndpoint: str?}

@endgroup

@group device_authorization
@endpoint POST /device_authorization
@required {clientId: str, clientSecret: str, startUrl: str}
@returns(200) {deviceCode: str?, userCode: str?, verificationUri: str?, verificationUriComplete: str?, expiresIn: int?, interval: int?}

@endgroup

@end