@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api AWS Single Sign-On
@version 2019-06-10
@auth AWS SigV4
@endpoints 4
@toc federation(1), assignment(2), logout(1)

@group federation
@endpoint GET /federation/credentials
@required {role_name: str, account_id: str, x-amz-sso_bearer_token: str}
@returns(200) {roleCredentials: RoleCredentials?{accessKeyId: str?, secretAccessKey: str?, sessionToken: str?, expiration: int(i64)?}}

@endgroup

@group assignment
@endpoint GET /assignment/roles
@required {x-amz-sso_bearer_token: str, account_id: str}
@optional {next_token: str, max_result: int}
@returns(200) {nextToken: str?, roleList: [RoleInfo]?}

@endpoint GET /assignment/accounts
@required {x-amz-sso_bearer_token: str}
@optional {next_token: str, max_result: int}
@returns(200) {nextToken: str?, accountList: [AccountInfo]?}

@endgroup

@group logout
@endpoint POST /logout
@required {x-amz-sso_bearer_token: str}

@endgroup

@end