The unique identifier string for the client or application. This value comes from the * result of the RegisterClient API.
* @public */ clientId: string | undefined; /** *A secret string generated for the client. This value should come from the persisted result * of the RegisterClient API.
* @public */ clientSecret: string | undefined; /** *Supports the following OAuth grant types: Authorization Code, Device Code, and Refresh * Token. Specify one of the following values, depending on the grant type that you want:
** Authorization Code - authorization_code
*
* Device Code - urn:ietf:params:oauth:grant-type:device_code
*
* Refresh Token - refresh_token
*
Used only when calling this API for the Device Code grant type. This short-lived code is * used to identify this authorization request. This comes from the result of the StartDeviceAuthorization API.
* @public */ deviceCode?: string | undefined; /** *Used only when calling this API for the Authorization Code grant type. The short-lived * code is used to identify this authorization request.
* @public */ code?: string | undefined; /** *Used only when calling this API for the Refresh Token grant type. This token is used to * refresh short-lived tokens, such as the access token, that might expire.
*For more information about the features and limitations of the current IAM Identity Center OIDC * implementation, see Considerations for Using this Guide in the IAM Identity Center * OIDC API Reference.
* @public */ refreshToken?: string | undefined; /** *The list of scopes for which authorization is requested. This parameter has no effect; the access token will always include all scopes configured during client registration.
* @public */ scope?: string[] | undefined; /** *Used only when calling this API for the Authorization Code grant type. This value * specifies the location of the client or application that has registered to receive the * authorization code.
* @public */ redirectUri?: string | undefined; /** *Used only when calling this API for the Authorization Code grant type. This value is * generated by the client and presented to validate the original code challenge value the client * passed at authorization time.
* @public */ codeVerifier?: string | undefined; } /** * @public */ export interface CreateTokenResponse { /** *A bearer token to access Amazon Web Services accounts and applications assigned to a user.
* @public */ accessToken?: string | undefined; /** *Used to notify the client that the returned token is an access token. The supported token
* type is Bearer.
Indicates the time in seconds when an access token will expire.
* @public */ expiresIn?: number | undefined; /** *A token that, if present, can be used to refresh a previously issued access token that * might have expired.
*For more information about the features and limitations of the current IAM Identity Center OIDC * implementation, see Considerations for Using this Guide in the IAM Identity Center * OIDC API Reference.
* @public */ refreshToken?: string | undefined; /** *The idToken is not implemented or supported. For more information about the
* features and limitations of the current IAM Identity Center OIDC implementation, see
* Considerations for Using this Guide in the IAM Identity Center
* OIDC API Reference.
A JSON Web Token (JWT) that identifies who is associated with the issued access token. *
* @public */ idToken?: string | undefined; }