This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response.

Author: aws-sdk-dotnet-automation

docgenerator/AWSSDKDocSamples/SSOOIDC/SSOOIDC.GeneratedSamples.cs

@@ -75,6 +75,7 @@ public void SSOOIDCCreateTokenWithIAM()
             });
 
             string accessToken = response.AccessToken;
+            AwsAdditionalDetails awsAdditionalDetails = response.AwsAdditionalDetails;
             int expiresIn = response.ExpiresIn;
             string idToken = response.IdToken;
             string issuedTokenType = response.IssuedTokenType;
@@ -120,6 +121,7 @@ public void SSOOIDCCreateTokenWithIAM()
             });
 
             string accessToken = response.AccessToken;
+            AwsAdditionalDetails awsAdditionalDetails = response.AwsAdditionalDetails;
             int expiresIn = response.ExpiresIn;
             string idToken = response.IdToken;
             string issuedTokenType = response.IssuedTokenType;
@@ -145,6 +147,7 @@ public void SSOOIDCCreateTokenWithIAM()
             });
 
             string accessToken = response.AccessToken;
+            AwsAdditionalDetails awsAdditionalDetails = response.AwsAdditionalDetails;
             int expiresIn = response.ExpiresIn;
             string idToken = response.IdToken;
             string issuedTokenType = response.IssuedTokenType;

generator/ServiceModels/sso-oidc/sso-oidc-2019-06-10.api.json

@@ -129,6 +129,12 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "AwsAdditionalDetails":{
+      "type":"structure",
+      "members":{
+        "identityContext":{"shape":"IdentityContext"}
+      }
+    },
     "ClientId":{"type":"string"},
     "ClientName":{"type":"string"},
     "ClientSecret":{
@@ -198,7 +204,8 @@
         "refreshToken":{"shape":"RefreshToken"},
         "idToken":{"shape":"IdToken"},
         "issuedTokenType":{"shape":"TokenTypeURI"},
-        "scope":{"shape":"Scopes"}
+        "scope":{"shape":"Scopes"},
+        "awsAdditionalDetails":{"shape":"AwsAdditionalDetails"}
       }
     },
     "DeviceCode":{"type":"string"},
@@ -223,6 +230,7 @@
       "type":"string",
       "sensitive":true
     },
+    "IdentityContext":{"type":"string"},
     "InternalServerException":{
       "type":"structure",
       "members":{

generator/ServiceModels/sso-oidc/sso-oidc-2019-06-10.docs.json

@@ -44,6 +44,12 @@
       "refs": {
       }
     },
+    "AwsAdditionalDetails": {
+      "base": "<p>This structure contains Amazon Web Services-specific parameter extensions for the token endpoint responses and includes the identity context.</p>",
+      "refs": {
+        "CreateTokenWithIAMResponse$awsAdditionalDetails": "<p>A structure containing information from the <code>idToken</code>. Only the <code>identityContext</code> is in it, which is a value extracted from the <code>idToken</code>. This provides direct access to identity information without requiring JWT parsing.</p>"
+      }
+    },
     "ClientId": {
       "base": null,
       "refs": {
@@ -179,6 +185,12 @@
         "CreateTokenWithIAMResponse$idToken": "<p>A JSON Web Token (JWT) that identifies the user associated with the issued access token. </p>"
       }
     },
+    "IdentityContext": {
+      "base": null,
+      "refs": {
+        "AwsAdditionalDetails$identityContext": "<p>STS context assertion that carries a user identifier to the Amazon Web Services service that it calls and can be used to obtain an identity-enhanced IAM role session. This value corresponds to the <code>sts:identity_context</code> claim in the ID token.</p>"
+      }
+    },
     "InternalServerException": {
       "base": "<p>Indicates that an error from the service occurred while trying to process a request.</p>",
       "refs": {

generator/ServiceModels/sso-oidc/sso-oidc-2019-06-10.examples.json

@@ -67,6 +67,9 @@
         },
         "output": {
           "accessToken": "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
+          "awsAdditionalDetails": {
+            "identityContext": "EXAMPLEIDENTITYCONTEXT"
+          },
           "expiresIn": 1579729529,
           "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
           "issuedTokenType": "urn:ietf:params:oauth:token-type:refresh_token",
@@ -124,6 +127,9 @@
         },
         "output": {
           "accessToken": "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
+          "awsAdditionalDetails": {
+            "identityContext": "EXAMPLEIDENTITYCONTEXT"
+          },
           "expiresIn": 1579729529,
           "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0",
           "issuedTokenType": "urn:ietf:params:oauth:token-type:refresh_token",
@@ -155,6 +161,9 @@
         },
         "output": {
           "accessToken": "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN",
+          "awsAdditionalDetails": {
+            "identityContext": "EXAMPLEIDENTITYCONTEXT"
+          },
           "expiresIn": 1579729529,
           "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM",
           "issuedTokenType": "urn:ietf:params:oauth:token-type:access_token",
@@ -224,8 +233,8 @@
           "expiresIn": 1579729529,
           "interval": 1,
           "userCode": "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE",
-          "verificationUri": "https://device.sso.us-west-2.amazonaws.com",
-          "verificationUriComplete": "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE"
+          "verificationUri": "https://directory-alias-example.awsapps.com/start/#/device",
+          "verificationUriComplete": "https://directory-alias-example.awsapps.com/start/#/device?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE"
         },
         "comments": {
           "input": {

generator/ServiceModels/sso-oidc/sso-oidc-2019-06-10.normal.json

@@ -147,6 +147,16 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "AwsAdditionalDetails":{
+      "type":"structure",
+      "members":{
+        "identityContext":{
+          "shape":"IdentityContext",
+          "documentation":"<p>STS context assertion that carries a user identifier to the Amazon Web Services service that it calls and can be used to obtain an identity-enhanced IAM role session. This value corresponds to the <code>sts:identity_context</code> claim in the ID token.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains Amazon Web Services-specific parameter extensions for the token endpoint responses and includes the identity context.</p>"
+    },
     "ClientId":{"type":"string"},
     "ClientName":{"type":"string"},
     "ClientSecret":{
@@ -312,6 +322,10 @@
         "scope":{
           "shape":"Scopes",
           "documentation":"<p>The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.</p>"
+        },
+        "awsAdditionalDetails":{
+          "shape":"AwsAdditionalDetails",
+          "documentation":"<p>A structure containing information from the <code>idToken</code>. Only the <code>identityContext</code> is in it, which is a value extracted from the <code>idToken</code>. This provides direct access to identity information without requiring JWT parsing.</p>"
         }
       }
     },
@@ -344,6 +358,7 @@
       "type":"string",
       "sensitive":true
     },
+    "IdentityContext":{"type":"string"},
     "InternalServerException":{
       "type":"structure",
       "members":{

sdk/src/Services/SSOOIDC/Generated/Model/AwsAdditionalDetails.cs

@@ -0,0 +1,61 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the sso-oidc-2019-06-10.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+#pragma warning disable CS0612,CS0618,CS1570
+namespace Amazon.SSOOIDC.Model
+{
+    /// <summary>
+    /// This structure contains Amazon Web Services-specific parameter extensions for the
+    /// token endpoint responses and includes the identity context.
+    /// </summary>
+    public partial class AwsAdditionalDetails
+    {
+        private string _identityContext;
+
+        /// <summary>
+        /// Gets and sets the property IdentityContext. 
+        /// <para>
+        /// STS context assertion that carries a user identifier to the Amazon Web Services service
+        /// that it calls and can be used to obtain an identity-enhanced IAM role session. This
+        /// value corresponds to the <c>sts:identity_context</c> claim in the ID token.
+        /// </para>
+        /// </summary>
+        public string IdentityContext
+        {
+            get { return this._identityContext; }
+            set { this._identityContext = value; }
+        }
+
+        // Check to see if IdentityContext property is set
+        internal bool IsSetIdentityContext()
+        {
+            return this._identityContext != null;
+        }
+
+    }
+}

sdk/src/Services/SSOOIDC/Generated/Model/CreateTokenWithIAMResponse.cs

@@ -35,6 +35,7 @@ namespace Amazon.SSOOIDC.Model
     public partial class CreateTokenWithIAMResponse : AmazonWebServiceResponse
     {
         private string _accessToken;
+        private AwsAdditionalDetails _awsAdditionalDetails;
         private int? _expiresIn;
         private string _idToken;
         private string _issuedTokenType;
@@ -62,6 +63,26 @@ internal bool IsSetAccessToken()
             return this._accessToken != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property AwsAdditionalDetails. 
+        /// <para>
+        /// A structure containing information from the <c>idToken</c>. Only the <c>identityContext</c>
+        /// is in it, which is a value extracted from the <c>idToken</c>. This provides direct
+        /// access to identity information without requiring JWT parsing.
+        /// </para>
+        /// </summary>
+        public AwsAdditionalDetails AwsAdditionalDetails
+        {
+            get { return this._awsAdditionalDetails; }
+            set { this._awsAdditionalDetails = value; }
+        }
+
+        // Check to see if AwsAdditionalDetails property is set
+        internal bool IsSetAwsAdditionalDetails()
+        {
+            return this._awsAdditionalDetails != null;
+        }
+
         /// <summary>
         /// Gets and sets the property ExpiresIn. 
         /// <para>

sdk/src/Services/SSOOIDC/Generated/Model/Internal/MarshallTransformations/AwsAdditionalDetailsUnmarshaller.cs

@@ -0,0 +1,93 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the sso-oidc-2019-06-10.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Xml.Serialization;
+
+using Amazon.SSOOIDC.Model;
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+using Amazon.Runtime.Internal.Transform;
+using Amazon.Runtime.Internal.Util;
+using ThirdParty.Json.LitJson;
+
+#pragma warning disable CS0612,CS0618
+namespace Amazon.SSOOIDC.Model.Internal.MarshallTransformations
+{
+    /// <summary>
+    /// Response Unmarshaller for AwsAdditionalDetails Object
+    /// </summary>  
+    public class AwsAdditionalDetailsUnmarshaller : IUnmarshaller<AwsAdditionalDetails, XmlUnmarshallerContext>, IUnmarshaller<AwsAdditionalDetails, JsonUnmarshallerContext>
+    {
+        /// <summary>
+        /// Unmarshaller the response from the service to the response class.
+        /// </summary>  
+        /// <param name="context"></param>
+        /// <returns></returns>
+        AwsAdditionalDetails IUnmarshaller<AwsAdditionalDetails, XmlUnmarshallerContext>.Unmarshall(XmlUnmarshallerContext context)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Unmarshaller the response from the service to the response class.
+        /// </summary>  
+        /// <param name="context"></param>
+        /// <returns>The unmarshalled object</returns>
+        public AwsAdditionalDetails Unmarshall(JsonUnmarshallerContext context)
+        {
+            AwsAdditionalDetails unmarshalledObject = new AwsAdditionalDetails();
+            if (context.IsEmptyResponse)
+                return null;
+            context.Read();
+            if (context.CurrentTokenType == JsonToken.Null) 
+                return null;
+
+            int targetDepth = context.CurrentDepth;
+            while (context.ReadAtDepth(targetDepth))
+            {
+                if (context.TestExpression("identityContext", targetDepth))
+                {
+                    var unmarshaller = StringUnmarshaller.Instance;
+                    unmarshalledObject.IdentityContext = unmarshaller.Unmarshall(context);
+                    continue;
+                }
+            }
+            return unmarshalledObject;
+        }
+
+
+        private static AwsAdditionalDetailsUnmarshaller _instance = new AwsAdditionalDetailsUnmarshaller();        
+
+        /// <summary>
+        /// Gets the singleton.
+        /// </summary>  
+        public static AwsAdditionalDetailsUnmarshaller Instance
+        {
+            get
+            {
+                return _instance;
+            }
+        }
+    }
+}

sdk/src/Services/SSOOIDC/Generated/Model/Internal/MarshallTransformations/CreateTokenWithIAMResponseUnmarshaller.cs

@@ -58,6 +58,12 @@ public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext cont
                     response.AccessToken = unmarshaller.Unmarshall(context);
                     continue;
                 }
+                if (context.TestExpression("awsAdditionalDetails", targetDepth))
+                {
+                    var unmarshaller = AwsAdditionalDetailsUnmarshaller.Instance;
+                    response.AwsAdditionalDetails = unmarshaller.Unmarshall(context);
+                    continue;
+                }
                 if (context.TestExpression("expiresIn", targetDepth))
                 {
                     var unmarshaller = IntUnmarshaller.Instance;