Interface SigninClient
- All Superinterfaces:
AutoCloseable,AwsClient,SdkAutoCloseable,SdkClient
builder() method.
AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringValue for looking up the service's metadata from theServiceMetadataProvider.static final String -
Method Summary
Modifier and TypeMethodDescriptionstatic SigninClientBuilderbuilder()Create a builder that can be used to configure and create aSigninClient.static SigninClientcreate()Create aSigninClientwith the region loaded from theDefaultAwsRegionProviderChainand credentials loaded from theDefaultCredentialsProvider.default CreateOAuth2TokenResponsecreateOAuth2Token(Consumer<CreateOAuth2TokenRequest.Builder> createOAuth2TokenRequest) CreateOAuth2Token APIdefault CreateOAuth2TokenResponsecreateOAuth2Token(CreateOAuth2TokenRequest createOAuth2TokenRequest) CreateOAuth2Token APIdeleteConsoleAuthorizationConfiguration(Consumer<DeleteConsoleAuthorizationConfigurationRequest.Builder> deleteConsoleAuthorizationConfigurationRequest) Delete console authorization configuration with automatic scope detectiondeleteConsoleAuthorizationConfiguration(DeleteConsoleAuthorizationConfigurationRequest deleteConsoleAuthorizationConfigurationRequest) Delete console authorization configuration with automatic scope detectiondeleteResourcePermissionStatement(Consumer<DeleteResourcePermissionStatementRequest.Builder> deleteResourcePermissionStatementRequest) Remove a permission statement from the account's SignIn resource-based policydeleteResourcePermissionStatement(DeleteResourcePermissionStatementRequest deleteResourcePermissionStatementRequest) Remove a permission statement from the account's SignIn resource-based policygetConsoleAuthorizationConfiguration(Consumer<GetConsoleAuthorizationConfigurationRequest.Builder> getConsoleAuthorizationConfigurationRequest) Get console authorization configuration with automatic scope detectiongetConsoleAuthorizationConfiguration(GetConsoleAuthorizationConfigurationRequest getConsoleAuthorizationConfigurationRequest) Get console authorization configuration with automatic scope detectiondefault GetResourcePolicyResponsegetResourcePolicy(Consumer<GetResourcePolicyRequest.Builder> getResourcePolicyRequest) Retrieve the account's consolidated SignIn resource-based policydefault GetResourcePolicyResponsegetResourcePolicy(GetResourcePolicyRequest getResourcePolicyRequest) Retrieve the account's consolidated SignIn resource-based policylistResourcePermissionStatements(Consumer<ListResourcePermissionStatementsRequest.Builder> listResourcePermissionStatementsRequest) Retrieve all permission statements in the account's SignIn resource-based policylistResourcePermissionStatements(ListResourcePermissionStatementsRequest listResourcePermissionStatementsRequest) Retrieve all permission statements in the account's SignIn resource-based policylistResourcePermissionStatementsPaginator(Consumer<ListResourcePermissionStatementsRequest.Builder> listResourcePermissionStatementsRequest) This is a variant oflistResourcePermissionStatements(software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsRequest)operation.listResourcePermissionStatementsPaginator(ListResourcePermissionStatementsRequest listResourcePermissionStatementsRequest) This is a variant oflistResourcePermissionStatements(software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsRequest)operation.putConsoleAuthorizationConfiguration(Consumer<PutConsoleAuthorizationConfigurationRequest.Builder> putConsoleAuthorizationConfigurationRequest) Enable console authorization configuration with automatic scope detectionputConsoleAuthorizationConfiguration(PutConsoleAuthorizationConfigurationRequest putConsoleAuthorizationConfigurationRequest) Enable console authorization configuration with automatic scope detectionputResourcePermissionStatement(Consumer<PutResourcePermissionStatementRequest.Builder> putResourcePermissionStatementRequest) Create a permission statement in the account's SignIn resource-based policyputResourcePermissionStatement(PutResourcePermissionStatementRequest putResourcePermissionStatementRequest) Create a permission statement in the account's SignIn resource-based policydefault SigninServiceClientConfigurationThe SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfigurationstatic ServiceMetadataMethods inherited from interface software.amazon.awssdk.utils.SdkAutoCloseable
closeMethods inherited from interface software.amazon.awssdk.core.SdkClient
serviceName
-
Field Details
-
SERVICE_NAME
- See Also:
-
SERVICE_METADATA_ID
Value for looking up the service's metadata from theServiceMetadataProvider.- See Also:
-
-
Method Details
-
createOAuth2Token
default CreateOAuth2TokenResponse createOAuth2Token(CreateOAuth2TokenRequest createOAuth2TokenRequest) throws TooManyRequestsErrorException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException CreateOAuth2Token API
Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded
This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:
- Authorization code redemption (grant_type=authorization_code) - NOT idempotent
- Token refresh (grant_type=refresh_token) - Idempotent within token validity window
The operation behavior is determined by the grant_type parameter in the request body:
Authorization Code Flow (NOT Idempotent):
- JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
- Returns access_token, token_type, expires_in, refresh_token, and id_token
- Each authorization code can only be used ONCE for security (prevents replay attacks)
Token Refresh Flow (Idempotent):
- JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
- Returns access_token, token_type, expires_in, and refresh_token (no id_token)
- Multiple calls with same refresh_token return consistent results within validity window
Authentication and authorization:
- Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
- CLI clients (public): authn/authz skipped based on client_id & grant_type
Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.
- Parameters:
createOAuth2TokenRequest- Input structure for CreateOAuth2Token operationContains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body.
- Returns:
- Result of the CreateOAuth2Token operation returned by the service.
- See Also:
-
createOAuth2Token
default CreateOAuth2TokenResponse createOAuth2Token(Consumer<CreateOAuth2TokenRequest.Builder> createOAuth2TokenRequest) throws TooManyRequestsErrorException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException CreateOAuth2Token API
Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded
This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:
- Authorization code redemption (grant_type=authorization_code) - NOT idempotent
- Token refresh (grant_type=refresh_token) - Idempotent within token validity window
The operation behavior is determined by the grant_type parameter in the request body:
Authorization Code Flow (NOT Idempotent):
- JSON or form-encoded body with client_id, grant_type=authorization_code, code, redirect_uri, code_verifier
- Returns access_token, token_type, expires_in, refresh_token, and id_token
- Each authorization code can only be used ONCE for security (prevents replay attacks)
Token Refresh Flow (Idempotent):
- JSON or form-encoded body with client_id, grant_type=refresh_token, refresh_token
- Returns access_token, token_type, expires_in, and refresh_token (no id_token)
- Multiple calls with same refresh_token return consistent results within validity window
Authentication and authorization:
- Confidential clients: sigv4 signing required with signin:ExchangeToken permissions
- CLI clients (public): authn/authz skipped based on client_id & grant_type
Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.
This is a convenience which creates an instance of the
CreateOAuth2TokenRequest.Builderavoiding the need to create one manually viaCreateOAuth2TokenRequest.builder()- Parameters:
createOAuth2TokenRequest- AConsumerthat will call methods onCreateOAuth2TokenRequest.Builderto create a request. Input structure for CreateOAuth2Token operationContains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body.
- Returns:
- Result of the CreateOAuth2Token operation returned by the service.
- See Also:
-
deleteConsoleAuthorizationConfiguration
default DeleteConsoleAuthorizationConfigurationResponse deleteConsoleAuthorizationConfiguration(DeleteConsoleAuthorizationConfigurationRequest deleteConsoleAuthorizationConfigurationRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Delete console authorization configuration with automatic scope detection
- Parameters:
deleteConsoleAuthorizationConfigurationRequest- Input for DeleteConsoleAuthorizationConfiguration operation- Returns:
- Result of the DeleteConsoleAuthorizationConfiguration operation returned by the service.
- See Also:
-
deleteConsoleAuthorizationConfiguration
default DeleteConsoleAuthorizationConfigurationResponse deleteConsoleAuthorizationConfiguration(Consumer<DeleteConsoleAuthorizationConfigurationRequest.Builder> deleteConsoleAuthorizationConfigurationRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Delete console authorization configuration with automatic scope detection
This is a convenience which creates an instance of the
DeleteConsoleAuthorizationConfigurationRequest.Builderavoiding the need to create one manually viaDeleteConsoleAuthorizationConfigurationRequest.builder()- Parameters:
deleteConsoleAuthorizationConfigurationRequest- AConsumerthat will call methods onDeleteConsoleAuthorizationConfigurationRequest.Builderto create a request. Input for DeleteConsoleAuthorizationConfiguration operation- Returns:
- Result of the DeleteConsoleAuthorizationConfiguration operation returned by the service.
- See Also:
-
deleteResourcePermissionStatement
default DeleteResourcePermissionStatementResponse deleteResourcePermissionStatement(DeleteResourcePermissionStatementRequest deleteResourcePermissionStatementRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Remove a permission statement from the account's SignIn resource-based policy
- Parameters:
deleteResourcePermissionStatementRequest- Input for DeleteResourcePermissionStatement operation- Returns:
- Result of the DeleteResourcePermissionStatement operation returned by the service.
- See Also:
-
deleteResourcePermissionStatement
default DeleteResourcePermissionStatementResponse deleteResourcePermissionStatement(Consumer<DeleteResourcePermissionStatementRequest.Builder> deleteResourcePermissionStatementRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Remove a permission statement from the account's SignIn resource-based policy
This is a convenience which creates an instance of the
DeleteResourcePermissionStatementRequest.Builderavoiding the need to create one manually viaDeleteResourcePermissionStatementRequest.builder()- Parameters:
deleteResourcePermissionStatementRequest- AConsumerthat will call methods onDeleteResourcePermissionStatementRequest.Builderto create a request. Input for DeleteResourcePermissionStatement operation- Returns:
- Result of the DeleteResourcePermissionStatement operation returned by the service.
- See Also:
-
getConsoleAuthorizationConfiguration
default GetConsoleAuthorizationConfigurationResponse getConsoleAuthorizationConfiguration(GetConsoleAuthorizationConfigurationRequest getConsoleAuthorizationConfigurationRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Get console authorization configuration with automatic scope detection
- Parameters:
getConsoleAuthorizationConfigurationRequest- Input for GetConsoleAuthorizationConfiguration operation- Returns:
- Result of the GetConsoleAuthorizationConfiguration operation returned by the service.
- See Also:
-
getConsoleAuthorizationConfiguration
default GetConsoleAuthorizationConfigurationResponse getConsoleAuthorizationConfiguration(Consumer<GetConsoleAuthorizationConfigurationRequest.Builder> getConsoleAuthorizationConfigurationRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Get console authorization configuration with automatic scope detection
This is a convenience which creates an instance of the
GetConsoleAuthorizationConfigurationRequest.Builderavoiding the need to create one manually viaGetConsoleAuthorizationConfigurationRequest.builder()- Parameters:
getConsoleAuthorizationConfigurationRequest- AConsumerthat will call methods onGetConsoleAuthorizationConfigurationRequest.Builderto create a request. Input for GetConsoleAuthorizationConfiguration operation- Returns:
- Result of the GetConsoleAuthorizationConfiguration operation returned by the service.
- See Also:
-
getResourcePolicy
default GetResourcePolicyResponse getResourcePolicy(GetResourcePolicyRequest getResourcePolicyRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Retrieve the account's consolidated SignIn resource-based policy
- Parameters:
getResourcePolicyRequest- Input for GetResourcePolicy operation- Returns:
- Result of the GetResourcePolicy operation returned by the service.
- See Also:
-
getResourcePolicy
default GetResourcePolicyResponse getResourcePolicy(Consumer<GetResourcePolicyRequest.Builder> getResourcePolicyRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Retrieve the account's consolidated SignIn resource-based policy
This is a convenience which creates an instance of the
GetResourcePolicyRequest.Builderavoiding the need to create one manually viaGetResourcePolicyRequest.builder()- Parameters:
getResourcePolicyRequest- AConsumerthat will call methods onGetResourcePolicyRequest.Builderto create a request. Input for GetResourcePolicy operation- Returns:
- Result of the GetResourcePolicy operation returned by the service.
- See Also:
-
listResourcePermissionStatements
default ListResourcePermissionStatementsResponse listResourcePermissionStatements(ListResourcePermissionStatementsRequest listResourcePermissionStatementsRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Retrieve all permission statements in the account's SignIn resource-based policy
- Parameters:
listResourcePermissionStatementsRequest- Input for ListResourcePermissionStatements operation- Returns:
- Result of the ListResourcePermissionStatements operation returned by the service.
- See Also:
-
listResourcePermissionStatements
default ListResourcePermissionStatementsResponse listResourcePermissionStatements(Consumer<ListResourcePermissionStatementsRequest.Builder> listResourcePermissionStatementsRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Retrieve all permission statements in the account's SignIn resource-based policy
This is a convenience which creates an instance of the
ListResourcePermissionStatementsRequest.Builderavoiding the need to create one manually viaListResourcePermissionStatementsRequest.builder()- Parameters:
listResourcePermissionStatementsRequest- AConsumerthat will call methods onListResourcePermissionStatementsRequest.Builderto create a request. Input for ListResourcePermissionStatements operation- Returns:
- Result of the ListResourcePermissionStatements operation returned by the service.
- See Also:
-
listResourcePermissionStatementsPaginator
default ListResourcePermissionStatementsIterable listResourcePermissionStatementsPaginator(ListResourcePermissionStatementsRequest listResourcePermissionStatementsRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException This is a variant of
listResourcePermissionStatements(software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsRequest)operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Stream
2) Using For loopsoftware.amazon.awssdk.services.signin.paginators.ListResourcePermissionStatementsIterable responses = client.listResourcePermissionStatementsPaginator(request); responses.stream().forEach(....);{ @code software.amazon.awssdk.services.signin.paginators.ListResourcePermissionStatementsIterable responses = client .listResourcePermissionStatementsPaginator(request); for (software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsResponse response : responses) { // do something; } }3) Use iterator directlysoftware.amazon.awssdk.services.signin.paginators.ListResourcePermissionStatementsIterable responses = client.listResourcePermissionStatementsPaginator(request); responses.iterator().forEachRemaining(....);Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listResourcePermissionStatements(software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsRequest)operation.- Parameters:
listResourcePermissionStatementsRequest- Input for ListResourcePermissionStatements operation- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listResourcePermissionStatementsPaginator
default ListResourcePermissionStatementsIterable listResourcePermissionStatementsPaginator(Consumer<ListResourcePermissionStatementsRequest.Builder> listResourcePermissionStatementsRequest) throws TooManyRequestsErrorException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException This is a variant of
listResourcePermissionStatements(software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsRequest)operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Stream
2) Using For loopsoftware.amazon.awssdk.services.signin.paginators.ListResourcePermissionStatementsIterable responses = client.listResourcePermissionStatementsPaginator(request); responses.stream().forEach(....);{ @code software.amazon.awssdk.services.signin.paginators.ListResourcePermissionStatementsIterable responses = client .listResourcePermissionStatementsPaginator(request); for (software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsResponse response : responses) { // do something; } }3) Use iterator directlysoftware.amazon.awssdk.services.signin.paginators.ListResourcePermissionStatementsIterable responses = client.listResourcePermissionStatementsPaginator(request); responses.iterator().forEachRemaining(....);Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listResourcePermissionStatements(software.amazon.awssdk.services.signin.model.ListResourcePermissionStatementsRequest)operation.
This is a convenience which creates an instance of the
ListResourcePermissionStatementsRequest.Builderavoiding the need to create one manually viaListResourcePermissionStatementsRequest.builder()- Parameters:
listResourcePermissionStatementsRequest- AConsumerthat will call methods onListResourcePermissionStatementsRequest.Builderto create a request. Input for ListResourcePermissionStatements operation- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
putConsoleAuthorizationConfiguration
default PutConsoleAuthorizationConfigurationResponse putConsoleAuthorizationConfiguration(PutConsoleAuthorizationConfigurationRequest putConsoleAuthorizationConfigurationRequest) throws TooManyRequestsErrorException, ConflictException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Enable console authorization configuration with automatic scope detection
- Parameters:
putConsoleAuthorizationConfigurationRequest- Input for PutConsoleAuthorizationConfiguration operation- Returns:
- Result of the PutConsoleAuthorizationConfiguration operation returned by the service.
- See Also:
-
putConsoleAuthorizationConfiguration
default PutConsoleAuthorizationConfigurationResponse putConsoleAuthorizationConfiguration(Consumer<PutConsoleAuthorizationConfigurationRequest.Builder> putConsoleAuthorizationConfigurationRequest) throws TooManyRequestsErrorException, ConflictException, ResourceNotFoundException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Enable console authorization configuration with automatic scope detection
This is a convenience which creates an instance of the
PutConsoleAuthorizationConfigurationRequest.Builderavoiding the need to create one manually viaPutConsoleAuthorizationConfigurationRequest.builder()- Parameters:
putConsoleAuthorizationConfigurationRequest- AConsumerthat will call methods onPutConsoleAuthorizationConfigurationRequest.Builderto create a request. Input for PutConsoleAuthorizationConfiguration operation- Returns:
- Result of the PutConsoleAuthorizationConfiguration operation returned by the service.
- See Also:
-
putResourcePermissionStatement
default PutResourcePermissionStatementResponse putResourcePermissionStatement(PutResourcePermissionStatementRequest putResourcePermissionStatementRequest) throws TooManyRequestsErrorException, ConflictException, ServiceQuotaExceededException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Create a permission statement in the account's SignIn resource-based policy
- Parameters:
putResourcePermissionStatementRequest- Input for PutResourcePermissionStatement operation- Returns:
- Result of the PutResourcePermissionStatement operation returned by the service.
- See Also:
-
putResourcePermissionStatement
default PutResourcePermissionStatementResponse putResourcePermissionStatement(Consumer<PutResourcePermissionStatementRequest.Builder> putResourcePermissionStatementRequest) throws TooManyRequestsErrorException, ConflictException, ServiceQuotaExceededException, InternalServerException, ValidationException, AccessDeniedException, AwsServiceException, SdkClientException, SigninException Create a permission statement in the account's SignIn resource-based policy
This is a convenience which creates an instance of the
PutResourcePermissionStatementRequest.Builderavoiding the need to create one manually viaPutResourcePermissionStatementRequest.builder()- Parameters:
putResourcePermissionStatementRequest- AConsumerthat will call methods onPutResourcePermissionStatementRequest.Builderto create a request. Input for PutResourcePermissionStatement operation- Returns:
- Result of the PutResourcePermissionStatement operation returned by the service.
- See Also:
-
create
Create aSigninClientwith the region loaded from theDefaultAwsRegionProviderChainand credentials loaded from theDefaultCredentialsProvider. -
builder
Create a builder that can be used to configure and create aSigninClient. -
serviceMetadata
-
serviceClientConfiguration
Description copied from interface:SdkClientThe SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration- Specified by:
serviceClientConfigurationin interfaceAwsClient- Specified by:
serviceClientConfigurationin interfaceSdkClient- Returns:
- SdkServiceClientConfiguration
-