Skip to content

/AWS1/IF_SSI=>REGISTERCLIENT()

About RegisterClient

Registers a public client with IAM Identity Center. This allows clients to perform authorization using the authorization code grant with Proof Key for Code Exchange (PKCE) or the device code grant.

Method Signature

METHODS /AWS1/IF_SSI~REGISTERCLIENT
  IMPORTING
    !IV_CLIENTNAME TYPE /AWS1/SSICLIENTNAME OPTIONAL
    !IV_CLIENTTYPE TYPE /AWS1/SSICLIENTTYPE OPTIONAL
    !IT_SCOPES TYPE /AWS1/CL_SSISCOPES_W=>TT_SCOPES OPTIONAL
    !IT_REDIRECTURIS TYPE /AWS1/CL_SSIREDIRECTURIS_W=>TT_REDIRECTURIS OPTIONAL
    !IT_GRANTTYPES TYPE /AWS1/CL_SSIGRANTTYPES_W=>TT_GRANTTYPES OPTIONAL
    !IV_ISSUERURL TYPE /AWS1/SSIURI OPTIONAL
    !IV_ENTITLEDAPPLICATIONARN TYPE /AWS1/SSIARNTYPE OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_ssiregclientresponse
  RAISING
    /AWS1/CX_SSIINTERNALSERVEREX
    /AWS1/CX_SSIINVALIDCLIENTMETEX
    /AWS1/CX_SSIINVALIDREDIRURIEX
    /AWS1/CX_SSIINVALIDREQUESTEX
    /AWS1/CX_SSIINVALIDSCOPEEX
    /AWS1/CX_SSISLOWDOWNEXCEPTION
    /AWS1/CX_SSIUNSUPPEDGRANTTYP00
    /AWS1/CX_SSICLIENTEXC
    /AWS1/CX_SSISERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_clientname TYPE /AWS1/SSICLIENTNAME /AWS1/SSICLIENTNAME

The friendly name of the client.

iv_clienttype TYPE /AWS1/SSICLIENTTYPE /AWS1/SSICLIENTTYPE

The type of client. The service supports only public as a client type. Anything other than public will be rejected by the service.

Optional arguments:

it_scopes TYPE /AWS1/CL_SSISCOPES_W=>TT_SCOPES TT_SCOPES

The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.

it_redirecturis TYPE /AWS1/CL_SSIREDIRECTURIS_W=>TT_REDIRECTURIS TT_REDIRECTURIS

The list of redirect URI that are defined by the client. At completion of authorization, this list is used to restrict what locations the user agent can be redirected back to.

it_granttypes TYPE /AWS1/CL_SSIGRANTTYPES_W=>TT_GRANTTYPES TT_GRANTTYPES

The list of OAuth 2.0 grant types that are defined by the client. This list is used to restrict the token granting flows available to the client. Supports the following OAuth 2.0 grant types: Authorization Code, Device Code, and Refresh Token.

Authorization Code - authorization_code

Device Code - urn:ietf:params:oauth:grant-type:device_code

* Refresh Token - refresh_token

iv_issuerurl TYPE /AWS1/SSIURI /AWS1/SSIURI

The IAM Identity Center Issuer URL associated with an instance of IAM Identity Center. This value is needed for user access to resources through the client.

iv_entitledapplicationarn TYPE /AWS1/SSIARNTYPE /AWS1/SSIARNTYPE

This IAM Identity Center application ARN is used to define administrator-managed configuration for public client access to resources. At authorization, the scopes, grants, and redirect URI available to this client will be restricted by this application resource.

RETURNING

oo_output TYPE REF TO /aws1/cl_ssiregclientresponse /AWS1/CL_SSIREGCLIENTRESPONSE

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->registerclient(
  it_granttypes = VALUE /aws1/cl_ssigranttypes_w=>tt_granttypes(
    ( new /aws1/cl_ssigranttypes_w( |string| ) )
  )
  it_redirecturis = VALUE /aws1/cl_ssiredirecturis_w=>tt_redirecturis(
    ( new /aws1/cl_ssiredirecturis_w( |string| ) )
  )
  it_scopes = VALUE /aws1/cl_ssiscopes_w=>tt_scopes(
    ( new /aws1/cl_ssiscopes_w( |string| ) )
  )
  iv_clientname = |string|
  iv_clienttype = |string|
  iv_entitledapplicationarn = |string|
  iv_issuerurl = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_clientid = lo_result->get_clientid( ).
  lv_clientsecret = lo_result->get_clientsecret( ).
  lv_longtimestamptype = lo_result->get_clientidissuedat( ).
  lv_longtimestamptype = lo_result->get_clientsecretexpiresat( ).
  lv_uri = lo_result->get_authorizationendpoint( ).
  lv_uri = lo_result->get_tokenendpoint( ).
ENDIF.

Call OAuth/OIDC /register-client endpoint

DATA(lo_result) = lo_client->registerclient(
  it_granttypes = VALUE /aws1/cl_ssigranttypes_w=>tt_granttypes(
    ( new /aws1/cl_ssigranttypes_w( |authorization_code| ) )
    ( new /aws1/cl_ssigranttypes_w( |refresh_token| ) )
  )
  it_redirecturis = VALUE /aws1/cl_ssiredirecturis_w=>tt_redirecturis(
    ( new /aws1/cl_ssiredirecturis_w( |127.0.0.1:PORT/oauth/callback| ) )
  )
  it_scopes = VALUE /aws1/cl_ssiscopes_w=>tt_scopes(
    ( new /aws1/cl_ssiscopes_w( |sso:account:access| ) )
    ( new /aws1/cl_ssiscopes_w( |codewhisperer:completions| ) )
  )
  iv_clientname = |My IDE Plugin|
  iv_clienttype = |public|
  iv_entitledapplicationarn = |arn:aws:sso::ACCOUNTID:application/ssoins-1111111111111111/apl-1111111111111111|
  iv_issuerurl = |https://identitycenter.amazonaws.com/ssoins-1111111111111111|
).