{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SSOOIDC.CreateToken
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates and returns an access token for the authorized client. The
-- access token issued will be used to fetch short-term credentials for the
-- assigned roles in the AWS account.
module Amazonka.SSOOIDC.CreateToken
  ( -- * Creating a Request
    CreateToken (..),
    newCreateToken,

    -- * Request Lenses
    createToken_code,
    createToken_deviceCode,
    createToken_redirectUri,
    createToken_refreshToken,
    createToken_scope,
    createToken_clientId,
    createToken_clientSecret,
    createToken_grantType,

    -- * Destructuring the Response
    CreateTokenResponse (..),
    newCreateTokenResponse,

    -- * Response Lenses
    createTokenResponse_accessToken,
    createTokenResponse_expiresIn,
    createTokenResponse_idToken,
    createTokenResponse_refreshToken,
    createTokenResponse_tokenType,
    createTokenResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SSOOIDC.Types

-- | /See:/ 'newCreateToken' smart constructor.
data CreateToken = CreateToken'
  { -- | The authorization code received from the authorization service. This
    -- parameter is required to perform an authorization grant request to get
    -- access to a token.
    CreateToken -> Maybe Text
code :: Prelude.Maybe Prelude.Text,
    -- | Used only when calling this API for the device code grant type. This
    -- short-term code is used to identify this authentication attempt. This
    -- should come from an in-memory reference to the result of the
    -- StartDeviceAuthorization API.
    CreateToken -> Maybe Text
deviceCode :: Prelude.Maybe Prelude.Text,
    -- | The location of the application that will receive the authorization
    -- code. Users authorize the service to send the request to this location.
    CreateToken -> Maybe Text
redirectUri :: Prelude.Maybe Prelude.Text,
    -- | Currently, @refreshToken@ is not yet implemented and is not supported.
    -- For more information about the features and limitations of the current
    -- IAM Identity Center OIDC implementation, see /Considerations for Using
    -- this Guide/ in the
    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
    --
    -- The token used to obtain an access token in the event that the access
    -- token is invalid or expired.
    CreateToken -> Maybe Text
refreshToken :: Prelude.Maybe Prelude.Text,
    -- | The list of scopes that is defined by the client. Upon authorization,
    -- this list is used to restrict permissions when granting an access token.
    CreateToken -> Maybe [Text]
scope :: Prelude.Maybe [Prelude.Text],
    -- | The unique identifier string for each client. This value should come
    -- from the persisted result of the RegisterClient API.
    CreateToken -> Text
clientId :: Prelude.Text,
    -- | A secret string generated for the client. This value should come from
    -- the persisted result of the RegisterClient API.
    CreateToken -> Text
clientSecret :: Prelude.Text,
    -- | Supports grant types for the authorization code, refresh token, and
    -- device code request. For device code requests, specify the following
    -- value:
    --
    -- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @
    --
    -- For information about how to obtain the device code, see the
    -- StartDeviceAuthorization topic.
    CreateToken -> Text
grantType :: Prelude.Text
  }
  deriving (CreateToken -> CreateToken -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateToken -> CreateToken -> Bool
$c/= :: CreateToken -> CreateToken -> Bool
== :: CreateToken -> CreateToken -> Bool
$c== :: CreateToken -> CreateToken -> Bool
Prelude.Eq, ReadPrec [CreateToken]
ReadPrec CreateToken
Int -> ReadS CreateToken
ReadS [CreateToken]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateToken]
$creadListPrec :: ReadPrec [CreateToken]
readPrec :: ReadPrec CreateToken
$creadPrec :: ReadPrec CreateToken
readList :: ReadS [CreateToken]
$creadList :: ReadS [CreateToken]
readsPrec :: Int -> ReadS CreateToken
$creadsPrec :: Int -> ReadS CreateToken
Prelude.Read, Int -> CreateToken -> ShowS
[CreateToken] -> ShowS
CreateToken -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateToken] -> ShowS
$cshowList :: [CreateToken] -> ShowS
show :: CreateToken -> String
$cshow :: CreateToken -> String
showsPrec :: Int -> CreateToken -> ShowS
$cshowsPrec :: Int -> CreateToken -> ShowS
Prelude.Show, forall x. Rep CreateToken x -> CreateToken
forall x. CreateToken -> Rep CreateToken x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateToken x -> CreateToken
$cfrom :: forall x. CreateToken -> Rep CreateToken x
Prelude.Generic)

-- |
-- Create a value of 'CreateToken' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'code', 'createToken_code' - The authorization code received from the authorization service. This
-- parameter is required to perform an authorization grant request to get
-- access to a token.
--
-- 'deviceCode', 'createToken_deviceCode' - Used only when calling this API for the device code grant type. This
-- short-term code is used to identify this authentication attempt. This
-- should come from an in-memory reference to the result of the
-- StartDeviceAuthorization API.
--
-- 'redirectUri', 'createToken_redirectUri' - The location of the application that will receive the authorization
-- code. Users authorize the service to send the request to this location.
--
-- 'refreshToken', 'createToken_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.
-- For more information about the features and limitations of the current
-- IAM Identity Center OIDC implementation, see /Considerations for Using
-- this Guide/ in the
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
--
-- The token used to obtain an access token in the event that the access
-- token is invalid or expired.
--
-- 'scope', 'createToken_scope' - The list of scopes that is defined by the client. Upon authorization,
-- this list is used to restrict permissions when granting an access token.
--
-- 'clientId', 'createToken_clientId' - The unique identifier string for each client. This value should come
-- from the persisted result of the RegisterClient API.
--
-- 'clientSecret', 'createToken_clientSecret' - A secret string generated for the client. This value should come from
-- the persisted result of the RegisterClient API.
--
-- 'grantType', 'createToken_grantType' - Supports grant types for the authorization code, refresh token, and
-- device code request. For device code requests, specify the following
-- value:
--
-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @
--
-- For information about how to obtain the device code, see the
-- StartDeviceAuthorization topic.
newCreateToken ::
  -- | 'clientId'
  Prelude.Text ->
  -- | 'clientSecret'
  Prelude.Text ->
  -- | 'grantType'
  Prelude.Text ->
  CreateToken
newCreateToken :: Text -> Text -> Text -> CreateToken
newCreateToken Text
pClientId_ Text
pClientSecret_ Text
pGrantType_ =
  CreateToken'
    { $sel:code:CreateToken' :: Maybe Text
code = forall a. Maybe a
Prelude.Nothing,
      $sel:deviceCode:CreateToken' :: Maybe Text
deviceCode = forall a. Maybe a
Prelude.Nothing,
      $sel:redirectUri:CreateToken' :: Maybe Text
redirectUri = forall a. Maybe a
Prelude.Nothing,
      $sel:refreshToken:CreateToken' :: Maybe Text
refreshToken = forall a. Maybe a
Prelude.Nothing,
      $sel:scope:CreateToken' :: Maybe [Text]
scope = forall a. Maybe a
Prelude.Nothing,
      $sel:clientId:CreateToken' :: Text
clientId = Text
pClientId_,
      $sel:clientSecret:CreateToken' :: Text
clientSecret = Text
pClientSecret_,
      $sel:grantType:CreateToken' :: Text
grantType = Text
pGrantType_
    }

-- | The authorization code received from the authorization service. This
-- parameter is required to perform an authorization grant request to get
-- access to a token.
createToken_code :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
createToken_code :: Lens' CreateToken (Maybe Text)
createToken_code = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Maybe Text
code :: Maybe Text
$sel:code:CreateToken' :: CreateToken -> Maybe Text
code} -> Maybe Text
code) (\s :: CreateToken
s@CreateToken' {} Maybe Text
a -> CreateToken
s {$sel:code:CreateToken' :: Maybe Text
code = Maybe Text
a} :: CreateToken)

-- | Used only when calling this API for the device code grant type. This
-- short-term code is used to identify this authentication attempt. This
-- should come from an in-memory reference to the result of the
-- StartDeviceAuthorization API.
createToken_deviceCode :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
createToken_deviceCode :: Lens' CreateToken (Maybe Text)
createToken_deviceCode = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Maybe Text
deviceCode :: Maybe Text
$sel:deviceCode:CreateToken' :: CreateToken -> Maybe Text
deviceCode} -> Maybe Text
deviceCode) (\s :: CreateToken
s@CreateToken' {} Maybe Text
a -> CreateToken
s {$sel:deviceCode:CreateToken' :: Maybe Text
deviceCode = Maybe Text
a} :: CreateToken)

-- | The location of the application that will receive the authorization
-- code. Users authorize the service to send the request to this location.
createToken_redirectUri :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
createToken_redirectUri :: Lens' CreateToken (Maybe Text)
createToken_redirectUri = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Maybe Text
redirectUri :: Maybe Text
$sel:redirectUri:CreateToken' :: CreateToken -> Maybe Text
redirectUri} -> Maybe Text
redirectUri) (\s :: CreateToken
s@CreateToken' {} Maybe Text
a -> CreateToken
s {$sel:redirectUri:CreateToken' :: Maybe Text
redirectUri = Maybe Text
a} :: CreateToken)

-- | Currently, @refreshToken@ is not yet implemented and is not supported.
-- For more information about the features and limitations of the current
-- IAM Identity Center OIDC implementation, see /Considerations for Using
-- this Guide/ in the
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
--
-- The token used to obtain an access token in the event that the access
-- token is invalid or expired.
createToken_refreshToken :: Lens.Lens' CreateToken (Prelude.Maybe Prelude.Text)
createToken_refreshToken :: Lens' CreateToken (Maybe Text)
createToken_refreshToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Maybe Text
refreshToken :: Maybe Text
$sel:refreshToken:CreateToken' :: CreateToken -> Maybe Text
refreshToken} -> Maybe Text
refreshToken) (\s :: CreateToken
s@CreateToken' {} Maybe Text
a -> CreateToken
s {$sel:refreshToken:CreateToken' :: Maybe Text
refreshToken = Maybe Text
a} :: CreateToken)

-- | The list of scopes that is defined by the client. Upon authorization,
-- this list is used to restrict permissions when granting an access token.
createToken_scope :: Lens.Lens' CreateToken (Prelude.Maybe [Prelude.Text])
createToken_scope :: Lens' CreateToken (Maybe [Text])
createToken_scope = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Maybe [Text]
scope :: Maybe [Text]
$sel:scope:CreateToken' :: CreateToken -> Maybe [Text]
scope} -> Maybe [Text]
scope) (\s :: CreateToken
s@CreateToken' {} Maybe [Text]
a -> CreateToken
s {$sel:scope:CreateToken' :: Maybe [Text]
scope = Maybe [Text]
a} :: CreateToken) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The unique identifier string for each client. This value should come
-- from the persisted result of the RegisterClient API.
createToken_clientId :: Lens.Lens' CreateToken Prelude.Text
createToken_clientId :: Lens' CreateToken Text
createToken_clientId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Text
clientId :: Text
$sel:clientId:CreateToken' :: CreateToken -> Text
clientId} -> Text
clientId) (\s :: CreateToken
s@CreateToken' {} Text
a -> CreateToken
s {$sel:clientId:CreateToken' :: Text
clientId = Text
a} :: CreateToken)

-- | A secret string generated for the client. This value should come from
-- the persisted result of the RegisterClient API.
createToken_clientSecret :: Lens.Lens' CreateToken Prelude.Text
createToken_clientSecret :: Lens' CreateToken Text
createToken_clientSecret = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Text
clientSecret :: Text
$sel:clientSecret:CreateToken' :: CreateToken -> Text
clientSecret} -> Text
clientSecret) (\s :: CreateToken
s@CreateToken' {} Text
a -> CreateToken
s {$sel:clientSecret:CreateToken' :: Text
clientSecret = Text
a} :: CreateToken)

-- | Supports grant types for the authorization code, refresh token, and
-- device code request. For device code requests, specify the following
-- value:
--
-- @urn:ietf:params:oauth:grant-type:@/@device_code@/@ @
--
-- For information about how to obtain the device code, see the
-- StartDeviceAuthorization topic.
createToken_grantType :: Lens.Lens' CreateToken Prelude.Text
createToken_grantType :: Lens' CreateToken Text
createToken_grantType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateToken' {Text
grantType :: Text
$sel:grantType:CreateToken' :: CreateToken -> Text
grantType} -> Text
grantType) (\s :: CreateToken
s@CreateToken' {} Text
a -> CreateToken
s {$sel:grantType:CreateToken' :: Text
grantType = Text
a} :: CreateToken)

instance Core.AWSRequest CreateToken where
  type AWSResponse CreateToken = CreateTokenResponse
  request :: (Service -> Service) -> CreateToken -> Request CreateToken
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy CreateToken
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateToken)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe Int
-> Maybe Text
-> Maybe Text
-> Maybe Text
-> Int
-> CreateTokenResponse
CreateTokenResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"accessToken")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"expiresIn")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"idToken")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"refreshToken")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"tokenType")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateToken where
  hashWithSalt :: Int -> CreateToken -> Int
hashWithSalt Int
_salt CreateToken' {Maybe [Text]
Maybe Text
Text
grantType :: Text
clientSecret :: Text
clientId :: Text
scope :: Maybe [Text]
refreshToken :: Maybe Text
redirectUri :: Maybe Text
deviceCode :: Maybe Text
code :: Maybe Text
$sel:grantType:CreateToken' :: CreateToken -> Text
$sel:clientSecret:CreateToken' :: CreateToken -> Text
$sel:clientId:CreateToken' :: CreateToken -> Text
$sel:scope:CreateToken' :: CreateToken -> Maybe [Text]
$sel:refreshToken:CreateToken' :: CreateToken -> Maybe Text
$sel:redirectUri:CreateToken' :: CreateToken -> Maybe Text
$sel:deviceCode:CreateToken' :: CreateToken -> Maybe Text
$sel:code:CreateToken' :: CreateToken -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
code
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
deviceCode
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
redirectUri
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
refreshToken
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Text]
scope
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
clientId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
clientSecret
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
grantType

instance Prelude.NFData CreateToken where
  rnf :: CreateToken -> ()
rnf CreateToken' {Maybe [Text]
Maybe Text
Text
grantType :: Text
clientSecret :: Text
clientId :: Text
scope :: Maybe [Text]
refreshToken :: Maybe Text
redirectUri :: Maybe Text
deviceCode :: Maybe Text
code :: Maybe Text
$sel:grantType:CreateToken' :: CreateToken -> Text
$sel:clientSecret:CreateToken' :: CreateToken -> Text
$sel:clientId:CreateToken' :: CreateToken -> Text
$sel:scope:CreateToken' :: CreateToken -> Maybe [Text]
$sel:refreshToken:CreateToken' :: CreateToken -> Maybe Text
$sel:redirectUri:CreateToken' :: CreateToken -> Maybe Text
$sel:deviceCode:CreateToken' :: CreateToken -> Maybe Text
$sel:code:CreateToken' :: CreateToken -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
code
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
deviceCode
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
redirectUri
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
refreshToken
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [Text]
scope
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
clientId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
clientSecret
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
grantType

instance Data.ToHeaders CreateToken where
  toHeaders :: CreateToken -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON CreateToken where
  toJSON :: CreateToken -> Value
toJSON CreateToken' {Maybe [Text]
Maybe Text
Text
grantType :: Text
clientSecret :: Text
clientId :: Text
scope :: Maybe [Text]
refreshToken :: Maybe Text
redirectUri :: Maybe Text
deviceCode :: Maybe Text
code :: Maybe Text
$sel:grantType:CreateToken' :: CreateToken -> Text
$sel:clientSecret:CreateToken' :: CreateToken -> Text
$sel:clientId:CreateToken' :: CreateToken -> Text
$sel:scope:CreateToken' :: CreateToken -> Maybe [Text]
$sel:refreshToken:CreateToken' :: CreateToken -> Maybe Text
$sel:redirectUri:CreateToken' :: CreateToken -> Maybe Text
$sel:deviceCode:CreateToken' :: CreateToken -> Maybe Text
$sel:code:CreateToken' :: CreateToken -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"code" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
code,
            (Key
"deviceCode" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
deviceCode,
            (Key
"redirectUri" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
redirectUri,
            (Key
"refreshToken" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
refreshToken,
            (Key
"scope" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
scope,
            forall a. a -> Maybe a
Prelude.Just (Key
"clientId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
clientId),
            forall a. a -> Maybe a
Prelude.Just (Key
"clientSecret" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
clientSecret),
            forall a. a -> Maybe a
Prelude.Just (Key
"grantType" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
grantType)
          ]
      )

instance Data.ToPath CreateToken where
  toPath :: CreateToken -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/token"

instance Data.ToQuery CreateToken where
  toQuery :: CreateToken -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateTokenResponse' smart constructor.
data CreateTokenResponse = CreateTokenResponse'
  { -- | An opaque token to access IAM Identity Center resources assigned to a
    -- user.
    CreateTokenResponse -> Maybe Text
accessToken :: Prelude.Maybe Prelude.Text,
    -- | Indicates the time in seconds when an access token will expire.
    CreateTokenResponse -> Maybe Int
expiresIn :: Prelude.Maybe Prelude.Int,
    -- | Currently, @idToken@ is not yet implemented and is not supported. For
    -- more information about the features and limitations of the current IAM
    -- Identity Center OIDC implementation, see /Considerations for Using this
    -- Guide/ in the
    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
    --
    -- The identifier of the user that associated with the access token, if
    -- present.
    CreateTokenResponse -> Maybe Text
idToken :: Prelude.Maybe Prelude.Text,
    -- | Currently, @refreshToken@ is not yet implemented and is not supported.
    -- For more information about the features and limitations of the current
    -- IAM Identity Center OIDC implementation, see /Considerations for Using
    -- this Guide/ in the
    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
    --
    -- A token that, if present, can be used to refresh a previously issued
    -- access token that might have expired.
    CreateTokenResponse -> Maybe Text
refreshToken :: Prelude.Maybe Prelude.Text,
    -- | Used to notify the client that the returned token is an access token.
    -- The supported type is @BearerToken@.
    CreateTokenResponse -> Maybe Text
tokenType :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    CreateTokenResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateTokenResponse -> CreateTokenResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateTokenResponse -> CreateTokenResponse -> Bool
$c/= :: CreateTokenResponse -> CreateTokenResponse -> Bool
== :: CreateTokenResponse -> CreateTokenResponse -> Bool
$c== :: CreateTokenResponse -> CreateTokenResponse -> Bool
Prelude.Eq, ReadPrec [CreateTokenResponse]
ReadPrec CreateTokenResponse
Int -> ReadS CreateTokenResponse
ReadS [CreateTokenResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateTokenResponse]
$creadListPrec :: ReadPrec [CreateTokenResponse]
readPrec :: ReadPrec CreateTokenResponse
$creadPrec :: ReadPrec CreateTokenResponse
readList :: ReadS [CreateTokenResponse]
$creadList :: ReadS [CreateTokenResponse]
readsPrec :: Int -> ReadS CreateTokenResponse
$creadsPrec :: Int -> ReadS CreateTokenResponse
Prelude.Read, Int -> CreateTokenResponse -> ShowS
[CreateTokenResponse] -> ShowS
CreateTokenResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateTokenResponse] -> ShowS
$cshowList :: [CreateTokenResponse] -> ShowS
show :: CreateTokenResponse -> String
$cshow :: CreateTokenResponse -> String
showsPrec :: Int -> CreateTokenResponse -> ShowS
$cshowsPrec :: Int -> CreateTokenResponse -> ShowS
Prelude.Show, forall x. Rep CreateTokenResponse x -> CreateTokenResponse
forall x. CreateTokenResponse -> Rep CreateTokenResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateTokenResponse x -> CreateTokenResponse
$cfrom :: forall x. CreateTokenResponse -> Rep CreateTokenResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateTokenResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'accessToken', 'createTokenResponse_accessToken' - An opaque token to access IAM Identity Center resources assigned to a
-- user.
--
-- 'expiresIn', 'createTokenResponse_expiresIn' - Indicates the time in seconds when an access token will expire.
--
-- 'idToken', 'createTokenResponse_idToken' - Currently, @idToken@ is not yet implemented and is not supported. For
-- more information about the features and limitations of the current IAM
-- Identity Center OIDC implementation, see /Considerations for Using this
-- Guide/ in the
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
--
-- The identifier of the user that associated with the access token, if
-- present.
--
-- 'refreshToken', 'createTokenResponse_refreshToken' - Currently, @refreshToken@ is not yet implemented and is not supported.
-- For more information about the features and limitations of the current
-- IAM Identity Center OIDC implementation, see /Considerations for Using
-- this Guide/ in the
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
--
-- A token that, if present, can be used to refresh a previously issued
-- access token that might have expired.
--
-- 'tokenType', 'createTokenResponse_tokenType' - Used to notify the client that the returned token is an access token.
-- The supported type is @BearerToken@.
--
-- 'httpStatus', 'createTokenResponse_httpStatus' - The response's http status code.
newCreateTokenResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateTokenResponse
newCreateTokenResponse :: Int -> CreateTokenResponse
newCreateTokenResponse Int
pHttpStatus_ =
  CreateTokenResponse'
    { $sel:accessToken:CreateTokenResponse' :: Maybe Text
accessToken = forall a. Maybe a
Prelude.Nothing,
      $sel:expiresIn:CreateTokenResponse' :: Maybe Int
expiresIn = forall a. Maybe a
Prelude.Nothing,
      $sel:idToken:CreateTokenResponse' :: Maybe Text
idToken = forall a. Maybe a
Prelude.Nothing,
      $sel:refreshToken:CreateTokenResponse' :: Maybe Text
refreshToken = forall a. Maybe a
Prelude.Nothing,
      $sel:tokenType:CreateTokenResponse' :: Maybe Text
tokenType = forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateTokenResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | An opaque token to access IAM Identity Center resources assigned to a
-- user.
createTokenResponse_accessToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
createTokenResponse_accessToken :: Lens' CreateTokenResponse (Maybe Text)
createTokenResponse_accessToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateTokenResponse' {Maybe Text
accessToken :: Maybe Text
$sel:accessToken:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
accessToken} -> Maybe Text
accessToken) (\s :: CreateTokenResponse
s@CreateTokenResponse' {} Maybe Text
a -> CreateTokenResponse
s {$sel:accessToken:CreateTokenResponse' :: Maybe Text
accessToken = Maybe Text
a} :: CreateTokenResponse)

-- | Indicates the time in seconds when an access token will expire.
createTokenResponse_expiresIn :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Int)
createTokenResponse_expiresIn :: Lens' CreateTokenResponse (Maybe Int)
createTokenResponse_expiresIn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateTokenResponse' {Maybe Int
expiresIn :: Maybe Int
$sel:expiresIn:CreateTokenResponse' :: CreateTokenResponse -> Maybe Int
expiresIn} -> Maybe Int
expiresIn) (\s :: CreateTokenResponse
s@CreateTokenResponse' {} Maybe Int
a -> CreateTokenResponse
s {$sel:expiresIn:CreateTokenResponse' :: Maybe Int
expiresIn = Maybe Int
a} :: CreateTokenResponse)

-- | Currently, @idToken@ is not yet implemented and is not supported. For
-- more information about the features and limitations of the current IAM
-- Identity Center OIDC implementation, see /Considerations for Using this
-- Guide/ in the
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
--
-- The identifier of the user that associated with the access token, if
-- present.
createTokenResponse_idToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
createTokenResponse_idToken :: Lens' CreateTokenResponse (Maybe Text)
createTokenResponse_idToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateTokenResponse' {Maybe Text
idToken :: Maybe Text
$sel:idToken:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
idToken} -> Maybe Text
idToken) (\s :: CreateTokenResponse
s@CreateTokenResponse' {} Maybe Text
a -> CreateTokenResponse
s {$sel:idToken:CreateTokenResponse' :: Maybe Text
idToken = Maybe Text
a} :: CreateTokenResponse)

-- | Currently, @refreshToken@ is not yet implemented and is not supported.
-- For more information about the features and limitations of the current
-- IAM Identity Center OIDC implementation, see /Considerations for Using
-- this Guide/ in the
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html IAM Identity Center OIDC API Reference>.
--
-- A token that, if present, can be used to refresh a previously issued
-- access token that might have expired.
createTokenResponse_refreshToken :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
createTokenResponse_refreshToken :: Lens' CreateTokenResponse (Maybe Text)
createTokenResponse_refreshToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateTokenResponse' {Maybe Text
refreshToken :: Maybe Text
$sel:refreshToken:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
refreshToken} -> Maybe Text
refreshToken) (\s :: CreateTokenResponse
s@CreateTokenResponse' {} Maybe Text
a -> CreateTokenResponse
s {$sel:refreshToken:CreateTokenResponse' :: Maybe Text
refreshToken = Maybe Text
a} :: CreateTokenResponse)

-- | Used to notify the client that the returned token is an access token.
-- The supported type is @BearerToken@.
createTokenResponse_tokenType :: Lens.Lens' CreateTokenResponse (Prelude.Maybe Prelude.Text)
createTokenResponse_tokenType :: Lens' CreateTokenResponse (Maybe Text)
createTokenResponse_tokenType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateTokenResponse' {Maybe Text
tokenType :: Maybe Text
$sel:tokenType:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
tokenType} -> Maybe Text
tokenType) (\s :: CreateTokenResponse
s@CreateTokenResponse' {} Maybe Text
a -> CreateTokenResponse
s {$sel:tokenType:CreateTokenResponse' :: Maybe Text
tokenType = Maybe Text
a} :: CreateTokenResponse)

-- | The response's http status code.
createTokenResponse_httpStatus :: Lens.Lens' CreateTokenResponse Prelude.Int
createTokenResponse_httpStatus :: Lens' CreateTokenResponse Int
createTokenResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateTokenResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateTokenResponse' :: CreateTokenResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateTokenResponse
s@CreateTokenResponse' {} Int
a -> CreateTokenResponse
s {$sel:httpStatus:CreateTokenResponse' :: Int
httpStatus = Int
a} :: CreateTokenResponse)

instance Prelude.NFData CreateTokenResponse where
  rnf :: CreateTokenResponse -> ()
rnf CreateTokenResponse' {Int
Maybe Int
Maybe Text
httpStatus :: Int
tokenType :: Maybe Text
refreshToken :: Maybe Text
idToken :: Maybe Text
expiresIn :: Maybe Int
accessToken :: Maybe Text
$sel:httpStatus:CreateTokenResponse' :: CreateTokenResponse -> Int
$sel:tokenType:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
$sel:refreshToken:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
$sel:idToken:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
$sel:expiresIn:CreateTokenResponse' :: CreateTokenResponse -> Maybe Int
$sel:accessToken:CreateTokenResponse' :: CreateTokenResponse -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
accessToken
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Int
expiresIn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
idToken
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
refreshToken
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
tokenType
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus