2026-07-15
3 new actions, 2 new resources, 5 new conditions | 2 updated actions
Additions
Actions
-
CreateOAuth2PublicClient
-
Description:
Grants permission to dynamically register an OAuth 2.0 public client for use with AWS Sign-In
-
Access:
Write
-
Resources:
Name: oauth2-public-client-registration
Required: Yes
-
Conditions:
signin:OAuthRedirectUri
-
IntrospectOAuth2Token
-
Description:
Grants permission to inspect the metadata and active state of an OAuth 2.0 access token or refresh token
-
Access:
Read
-
Resources:
Name: oauth2-public-client-localhost
Required: Yes
Name: oauth2-public-client-remote
Required: Yes
Name: oauth2-resource-service-principal
Required: Yes
-
Conditions:
signin:OAuthClientId
signin:OAuthTokenType
-
RevokeOAuth2Token
-
Description:
Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens
-
Access:
Write
-
Resources:
Name: oauth2-public-client-localhost
Required: Yes
Name: oauth2-public-client-remote
Required: Yes
Name: oauth2-resource-service-principal
Required: Yes
-
Conditions:
signin:OAuthTokenType
Conditions
-
signin:OAuthClientAuthentication
-
Description:
Filters access by the client authentication method used in the OAuth token request
-
Type:
String
-
signin:OAuthClientId
-
Description:
Filters access by the OAuth client ID used in the authorization or token request
-
Type:
String
-
signin:OAuthGrantType
-
Description:
Filters access by the OAuth grant type used in the token request
-
Type:
String
-
signin:OAuthRedirectUri
-
Description:
Filters access by the redirect URI specified in the OAuth authorization request
-
Type:
String
-
signin:OAuthTokenType
-
Description:
Filters access by the type of OAuth token being operated on
-
Type:
String