{"note":"OpenAPI conversion -- returning structured metadata","name":"amazonaws-com-sso-oidc","description":"AWS SSO OIDC","version":"2019-06-10","base_url":"","endpoints":4,"raw":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api AWS SSO OIDC\n@version 2019-06-10\n@auth AWS SigV4\n@endpoints 4\n@toc token(1), token?aws_iam=t(1), client(1), device_authorization(1)\n\n@group token\n@endpoint POST /token\n@desc Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.\n@required {clientId: str, clientSecret: str, grantType: str}\n@optional {deviceCode: str, code: str, refreshToken: str, scope: [str], redirectUri: str, codeVerifier: str}\n@returns(200) {accessToken: str?, tokenType: str?, expiresIn: int?, refreshToken: str?, idToken: str?}\n\n@endgroup\n\n@group token?aws_iam=t\n@endpoint POST /token?aws_iam=t\n@desc Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication.\n@required {clientId: str, grantType: str}\n@optional {code: str, refreshToken: str, assertion: str, scope: [str], redirectUri: str, subjectToken: str, subjectTokenType: str, requestedTokenType: str, codeVerifier: str}\n@returns(200) {accessToken: str?, tokenType: str?, expiresIn: int?, refreshToken: str?, idToken: str?, issuedTokenType: str?, scope: [str]?}\n\n@endgroup\n\n@group client\n@endpoint POST /client/register\n@desc Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.\n@required {clientName: str, clientType: str}\n@optional {scopes: [str], redirectUris: [str], grantTypes: [str], issuerUrl: str, entitledApplicationArn: str}\n@returns(200) {clientId: str?, clientSecret: str?, clientIdIssuedAt: int(i64)?, clientSecretExpiresAt: int(i64)?, authorizationEndpoint: str?, tokenEndpoint: str?}\n\n@endgroup\n\n@group device_authorization\n@endpoint POST /device_authorization\n@desc Initiates device authorization by requesting a pair of verification codes from the authorization service.\n@required {clientId: str, clientSecret: str, startUrl: str}\n@returns(200) {deviceCode: str?, userCode: str?, verificationUri: str?, verificationUriComplete: str?, expiresIn: int?, interval: int?}\n\n@endgroup\n\n@end\n"}