AWS Signin (signin)

2026-07-15

3 new actions, 2 new resources, 5 new conditions | 2 updated actions

Additions

    Actions
  • CreateOAuth2PublicClient
    • Description:  Grants permission to dynamically register an OAuth 2.0 public client for use with AWS Sign-In
    • Access:  Write
    • Resources: 

      Name: oauth2-public-client-registration

      Required: Yes

    • Conditions: 

      signin:OAuthRedirectUri

  • IntrospectOAuth2Token
    • Description:  Grants permission to inspect the metadata and active state of an OAuth 2.0 access token or refresh token
    • Access:  Read
    • Resources: 

      Name: oauth2-public-client-localhost

      Required: Yes

      Name: oauth2-public-client-remote

      Required: Yes

      Name: oauth2-resource-service-principal

      Required: Yes

    • Conditions: 

      signin:OAuthClientId

      signin:OAuthTokenType

  • RevokeOAuth2Token
    • Description:  Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens
    • Access:  Write
    • Resources: 

      Name: oauth2-public-client-localhost

      Required: Yes

      Name: oauth2-public-client-remote

      Required: Yes

      Name: oauth2-resource-service-principal

      Required: Yes

    • Conditions: 

      signin:OAuthTokenType

    Conditions
  • signin:OAuthClientAuthentication
    • Description:  Filters access by the client authentication method used in the OAuth token request
    • Type:  String
  • signin:OAuthClientId
    • Description:  Filters access by the OAuth client ID used in the authorization or token request
    • Type:  String
  • signin:OAuthGrantType
    • Description:  Filters access by the OAuth grant type used in the token request
    • Type:  String
  • signin:OAuthRedirectUri
    • Description:  Filters access by the redirect URI specified in the OAuth authorization request
    • Type:  String
  • signin:OAuthTokenType
    • Description:  Filters access by the type of OAuth token being operated on
    • Type:  String

Updates