/AWS1/IF_SIS=>INTROSPECTOAUTH2TOKENWITHIAM()¶
About IntrospectOAuth2TokenWithIAM¶
Grants permission to inspect the metadata and state of an OAuth 2.0 access token or refresh token
Implements RFC 7662 OAuth 2.0 Token Introspection over a SigV4-authenticated endpoint. Inspects the metadata of an access_token or refresh_token issued by AWS Sign-In and returns the claims associated with it.
Inactive token semantics (RFC 7662 §2.2): when the supplied token is unknown, expired, revoked, malformed, or owned by a different account, the response body is exactly { "active": false } with all other claims omitted.
Method Signature¶
METHODS /AWS1/IF_SIS~INTROSPECTOAUTH2TOKENWITHIAM
IMPORTING
!IV_TOKEN TYPE /AWS1/SISINTROSPECTIONTOKEN OPTIONAL
!IV_TOKENTYPEHINT TYPE /AWS1/SISTOKENTYPEHINT OPTIONAL
RETURNING
VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_sisintrospecto2tokw01
RAISING
/AWS1/CX_SISACCESSDENIEDEX
/AWS1/CX_SISINTERNALSERVEREX
/AWS1/CX_SISTOOMANYREQSERROR
/AWS1/CX_SISVLDTNEXCEPTION
/AWS1/CX_SISCLIENTEXC
/AWS1/CX_SISSERVEREXC
/AWS1/CX_RT_TECHNICAL_GENERIC
/AWS1/CX_RT_SERVICE_GENERIC.
IMPORTING¶
Required arguments:¶
iv_token TYPE /AWS1/SISINTROSPECTIONTOKEN /AWS1/SISINTROSPECTIONTOKEN¶
The string value of the token to introspect. May be either an access_token or a refresh_token issued by AWS Sign-In.
Optional arguments:¶
iv_tokentypehint TYPE /AWS1/SISTOKENTYPEHINT /AWS1/SISTOKENTYPEHINT¶
Optional hint about the type of the token submitted for introspection. The server uses this hint to optimize lookup, but still falls back to the other token type on miss. Allowed values: access_token, refresh_token.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_sisintrospecto2tokw01 /AWS1/CL_SISINTROSPECTO2TOKW01¶
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->introspectoauth2tokenwithiam(
iv_token = |string|
iv_tokentypehint = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
lv_boolean = lo_result->get_active( ).
lv_string = lo_result->get_clientid( ).
lv_string = lo_result->get_userid( ).
lv_introspectedtokentype = lo_result->get_tokentype( ).
lv_long = lo_result->get_exp( ).
lv_long = lo_result->get_iat( ).
lv_long = lo_result->get_nbf( ).
lv_string = lo_result->get_sub( ).
lv_string = lo_result->get_aud( ).
lv_string = lo_result->get_iss( ).
lv_string = lo_result->get_jti( ).
lv_accountid = lo_result->get_accountid( ).
lv_string = lo_result->get_signinsession( ).
lv_string = lo_result->get_resource( ).
ENDIF.