signin/aws.sdk.kotlin.services.signin/SigninClient

SigninClient

interface SigninClient : SdkClient

AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools.

Properties

Link copied to clipboard
abstract override val config: SigninClient.Config

SigninClient's configuration

Functions

Link copied to clipboard
abstract suspend fun createOAuth2Token(input: CreateOAuth2TokenRequest): CreateOAuth2TokenResponse

CreateOAuth2Token API Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both: 1. Authorization code redemption (grant_type=authorization_code) - NOT idempotent 2. Token refresh (grant_type=refresh_token) - Idempotent within token validity window The operation behavior is determined by the grant_type parameter in the request body: Authorization Code Flow (NOT Idempotent): - JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier - Returns access_token, token_type, expires_in, refresh_token, and id_token - Each authorization code can only be used ONCE for security (prevents replay attacks) Token Refresh Flow (Idempotent): - JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token - Returns access_token, token_type, expires_in, and refresh_token (no id_token) - Multiple calls with same refresh_token return consistent results within validity window Authentication and authorization: - Confidential clients: sigv4 signing required with signin:ExchangeToken permissions - CLI clients (public): authn/authz skipped based on client_id & grant_type Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.

Link copied to clipboard
abstract suspend fun deleteConsoleAuthorizationConfiguration(input: DeleteConsoleAuthorizationConfigurationRequest = DeleteConsoleAuthorizationConfigurationRequest { }): DeleteConsoleAuthorizationConfigurationResponse

Delete console authorization configuration with automatic scope detection

Link copied to clipboard
abstract suspend fun deleteResourcePermissionStatement(input: DeleteResourcePermissionStatementRequest): DeleteResourcePermissionStatementResponse

Remove a permission statement from the account's SignIn resource-based policy

Link copied to clipboard
abstract suspend fun getConsoleAuthorizationConfiguration(input: GetConsoleAuthorizationConfigurationRequest = GetConsoleAuthorizationConfigurationRequest { }): GetConsoleAuthorizationConfigurationResponse

Get console authorization configuration with automatic scope detection

Link copied to clipboard
abstract suspend fun getResourcePolicy(input: GetResourcePolicyRequest = GetResourcePolicyRequest { }): GetResourcePolicyResponse

Retrieve the account's consolidated SignIn resource-based policy

Link copied to clipboard
abstract suspend fun listResourcePermissionStatements(input: ListResourcePermissionStatementsRequest = ListResourcePermissionStatementsRequest { }): ListResourcePermissionStatementsResponse

Retrieve all permission statements in the account's SignIn resource-based policy

Link copied to clipboard
abstract suspend fun putConsoleAuthorizationConfiguration(input: PutConsoleAuthorizationConfigurationRequest = PutConsoleAuthorizationConfigurationRequest { }): PutConsoleAuthorizationConfigurationResponse

Enable console authorization configuration with automatic scope detection

Link copied to clipboard
abstract suspend fun putResourcePermissionStatement(input: PutResourcePermissionStatementRequest = PutResourcePermissionStatementRequest { }): PutResourcePermissionStatementResponse

Create a permission statement in the account's SignIn resource-based policy

Inherited functions

Link copied to clipboard
expect abstract fun close()
Link copied to clipboard
inline suspend fun SigninClient.createOAuth2Token(crossinline block: CreateOAuth2TokenRequest.Builder.() -> Unit): CreateOAuth2TokenResponse

CreateOAuth2Token API Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both: 1. Authorization code redemption (grant_type=authorization_code) - NOT idempotent 2. Token refresh (grant_type=refresh_token) - Idempotent within token validity window The operation behavior is determined by the grant_type parameter in the request body: Authorization Code Flow (NOT Idempotent): - JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier - Returns access_token, token_type, expires_in, refresh_token, and id_token - Each authorization code can only be used ONCE for security (prevents replay attacks) Token Refresh Flow (Idempotent): - JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token - Returns access_token, token_type, expires_in, and refresh_token (no id_token) - Multiple calls with same refresh_token return consistent results within validity window Authentication and authorization: - Confidential clients: sigv4 signing required with signin:ExchangeToken permissions - CLI clients (public): authn/authz skipped based on client_id & grant_type Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.

Link copied to clipboard
inline suspend fun SigninClient.deleteConsoleAuthorizationConfiguration(crossinline block: DeleteConsoleAuthorizationConfigurationRequest.Builder.() -> Unit): DeleteConsoleAuthorizationConfigurationResponse

Delete console authorization configuration with automatic scope detection

Link copied to clipboard
inline suspend fun SigninClient.deleteResourcePermissionStatement(crossinline block: DeleteResourcePermissionStatementRequest.Builder.() -> Unit): DeleteResourcePermissionStatementResponse

Remove a permission statement from the account's SignIn resource-based policy

Link copied to clipboard
inline suspend fun SigninClient.getConsoleAuthorizationConfiguration(crossinline block: GetConsoleAuthorizationConfigurationRequest.Builder.() -> Unit): GetConsoleAuthorizationConfigurationResponse

Get console authorization configuration with automatic scope detection

Link copied to clipboard
inline suspend fun SigninClient.getResourcePolicy(crossinline block: GetResourcePolicyRequest.Builder.() -> Unit): GetResourcePolicyResponse

Retrieve the account's consolidated SignIn resource-based policy

Link copied to clipboard
inline suspend fun SigninClient.listResourcePermissionStatements(crossinline block: ListResourcePermissionStatementsRequest.Builder.() -> Unit): ListResourcePermissionStatementsResponse

Retrieve all permission statements in the account's SignIn resource-based policy

Link copied to clipboard
inline suspend fun SigninClient.putConsoleAuthorizationConfiguration(crossinline block: PutConsoleAuthorizationConfigurationRequest.Builder.() -> Unit): PutConsoleAuthorizationConfigurationResponse

Enable console authorization configuration with automatic scope detection

Link copied to clipboard
inline suspend fun SigninClient.putResourcePermissionStatement(crossinline block: PutResourcePermissionStatementRequest.Builder.() -> Unit): PutResourcePermissionStatementResponse

Create a permission statement in the account's SignIn resource-based policy

Link copied to clipboard
fun SigninClient.withConfig(block: SigninClient.Config.Builder.() -> Unit): SigninClient

Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.

Generated by Dokka
© 2026, Amazon Web Services, Inc. or its affiliates. All rights reserved.