Package-level declarations

Error thrown for access denied scenarios with flexible HTTP status mapping Runtime HTTP Status Code Mapping: - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS The specific HTTP status code is determined at runtime based on the error enum value. Consumers should use the error field to determine the specific access denial reason.

AWS credentials structure containing temporary access credentials The scoped-down, 15 minute duration AWS credentials. Scoping down will be based on CLI policy (CLI team needs to create it). Similar to cloud shell implementation.

Error thrown when request conflicts with current state HTTP Status Code: 409 Conflict Used when the request conflicts with the current state of the resource

Input structure for CreateOAuth2Token operation Contains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body.

Request body payload for CreateOAuth2Token operation The operation type is determined by the grant_type parameter: - grant_type=authorization_code: Requires code, redirect_uri, code_verifier - grant_type=refresh_token: Requires refresh_token

Output structure for CreateOAuth2Token operation Contains flattened token operation outputs for both authorization code and refresh token flows. The response content depends on the grant_type from the original request.

Response body payload for CreateOAuth2Token operation The response content depends on the grant_type from the request: - grant_type=authorization_code: Returns all fields including refresh_token and id_token - grant_type=refresh_token: Returns access_token, token_type, expires_in, refresh_token (no id_token)

Input for DeleteConsoleAuthorizationConfiguration operation

Output for DeleteConsoleAuthorizationConfiguration operation

Input for DeleteResourcePermissionStatement operation

Output for DeleteResourcePermissionStatement operation

Input for GetConsoleAuthorizationConfiguration operation

Output for GetConsoleAuthorizationConfiguration operation

Input for GetResourcePolicy operation

Output for GetResourcePolicy operation

Error thrown when an internal server error occurs HTTP Status Code: 500 Internal Server Error Used for unexpected server-side errors that prevent request processing.

Input for ListResourcePermissionStatements operation

Output for ListResourcePermissionStatements operation

OAuth 2.0 error codes returned by the server Standard OAuth 2.0 error codes used in error responses to indicate the specific type of error that occurred during token operations.

Summary of a permission statement

Individual policy statement within a resource-based policy

Input for PutConsoleAuthorizationConfiguration operation

Output for PutConsoleAuthorizationConfiguration operation

Input for PutResourcePermissionStatement operation

Output for PutResourcePermissionStatement operation

Error thrown when requested resource is not found HTTP Status Code: 404 Not Found Used when the specified resource does not exist

Error thrown when service quota is exceeded HTTP Status Code: 402 Payment Required (used as quota exceeded indicator) Used when the request would cause a service quota to be exceeded

Base class for all service related exceptions thrown by the Signin client

SignIn resource-based policy document

Error thrown when rate limit is exceeded HTTP Status Code: 429 Too Many Requests Possible OAuth2ErrorCode values: - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention Possible causes: - Too many token requests from the same client - Rate limiting based on client_id or IP address - Abuse prevention mechanisms triggered - Service protection against excessive token generation

Error thrown when request validation fails HTTP Status Code: 400 Bad Request Used for request validation errors such as malformed parameters, missing required fields, or invalid parameter values.