Container for the parameters to the DecodeAuthorizationMessage operation.

Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request.

For example, if a user is not authorized to perform an action that he or she has requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some AWS actions additionally return an encoded message that can provide details about this authorization failure.

NOTE: Only certain AWS actions return an encoded authorization message. The documentation for an individual action indicates whether that action returns an encoded message in addition to returning an HTTP code.

The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the action should not see. To decode an authorization status message, a user must be granted permissions via an AWS IAM policy to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage ) action.

The decoded message includes the following type of information:

  • Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in Using AWS IAM .
  • The principal who made the request.
  • The requested action.
  • The requested resource.
  • The values of condition keys in the context of the user's request.
Inheritance: AmazonSecurityTokenServiceRequest
        public object Execute(ExecutorContext context)
        {
            var cmdletContext = context as CmdletContext;
            // create request
            var request = new Amazon.SecurityToken.Model.DecodeAuthorizationMessageRequest();

            if (cmdletContext.EncodedMessage != null)
            {
                request.EncodedMessage = cmdletContext.EncodedMessage;
            }

            CmdletOutput output;

            // issue call
            var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);

            try
            {
                var    response       = CallAWSServiceOperation(client, request);
                object pipelineOutput = null;
                pipelineOutput = cmdletContext.Select(response, this);
                output         = new CmdletOutput
                {
                    PipelineOutput  = pipelineOutput,
                    ServiceResponse = response
                };
            }
            catch (Exception e)
            {
                output = new CmdletOutput {
                    ErrorResponse = e
                };
            }

            return(output);
        }
 private Amazon.SecurityToken.Model.DecodeAuthorizationMessageResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.DecodeAuthorizationMessageRequest request)
 {
     Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service (STS)", "DecodeAuthorizationMessage");
     try
     {
         #if DESKTOP
         return(client.DecodeAuthorizationMessage(request));
         #elif CORECLR
         return(client.DecodeAuthorizationMessageAsync(request).GetAwaiter().GetResult());
         #else
                 #error "Unknown build edition"
         #endif
     }
     catch (AmazonServiceException exc)
     {
         var webException = exc.InnerException as System.Net.WebException;
         if (webException != null)
         {
             throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
         }
         throw;
     }
 }
        /// <summary>
        /// Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the DecodeAuthorizationMessage operation on AmazonSecurityTokenServiceClient.</param>
        /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
        /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
        ///          procedure using the AsyncState property.</param>
        /// 
        /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndDecodeAuthorizationMessage
        ///         operation.</returns>
        public IAsyncResult BeginDecodeAuthorizationMessage(DecodeAuthorizationMessageRequest request, AsyncCallback callback, object state)
        {
            var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
            var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.Instance;

            return BeginInvoke<DecodeAuthorizationMessageRequest>(request, marshaller, unmarshaller,
                callback, state);
        }
        /// <summary>
        /// Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the DecodeAuthorizationMessage operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
        public Task<DecodeAuthorizationMessageResponse> DecodeAuthorizationMessageAsync(DecodeAuthorizationMessageRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
            var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.Instance;

            return InvokeAsync<DecodeAuthorizationMessageRequest,DecodeAuthorizationMessageResponse>(request, marshaller, 
                unmarshaller, cancellationToken);
        }
        /// <summary>
        /// Decodes additional information about the authorization status of a request from an
        /// encoded message returned in response to an AWS request. 
        /// 
        ///  
        /// <para>
        /// For example, if a user is not authorized to perform an action that he or she has requested,
        /// the request returns a <code>Client.UnauthorizedOperation</code> response (an HTTP
        /// 403 response). Some AWS actions additionally return an encoded message that can provide
        /// details about this authorization failure. 
        /// </para>
        ///  <note> Only certain AWS actions return an encoded authorization message. The documentation
        /// for an individual action indicates whether that action returns an encoded message
        /// in addition to returning an HTTP code. </note> 
        /// <para>
        /// The message is encoded because the details of the authorization status can constitute
        /// privileged information that the user who requested the action should not see. To decode
        /// an authorization status message, a user must be granted permissions via an IAM policy
        /// to request the <code>DecodeAuthorizationMessage</code> (<code>sts:DecodeAuthorizationMessage</code>)
        /// action. 
        /// </para>
        ///  
        /// <para>
        /// The decoded message includes the following type of information: 
        /// </para>
        ///  <ul> <li>Whether the request was denied due to an explicit deny or due to the absence
        /// of an explicit allow. For more information, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow">Determining
        /// Whether a Request is Allowed or Denied</a> in the <i>Using IAM</i>. </li> <li>The
        /// principal who made the request.</li> <li>The requested action.</li> <li>The requested
        /// resource.</li> <li>The values of condition keys in the context of the user's request.</li>
        /// </ul>
        /// </summary>
        /// <param name="request">Container for the necessary parameters to execute the DecodeAuthorizationMessage service method.</param>
        /// 
        /// <returns>The response from the DecodeAuthorizationMessage service method, as returned by SecurityTokenService.</returns>
        /// <exception cref="Amazon.SecurityToken.Model.InvalidAuthorizationMessageException">
        /// The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
        /// was invalid. This can happen if the token contains invalid characters, such as linebreaks.
        /// </exception>
        public DecodeAuthorizationMessageResponse DecodeAuthorizationMessage(DecodeAuthorizationMessageRequest request)
        {
            var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
            var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.Instance;

            return Invoke<DecodeAuthorizationMessageRequest,DecodeAuthorizationMessageResponse>(request, marshaller, unmarshaller);
        }
 IAsyncResult invokeDecodeAuthorizationMessage(DecodeAuthorizationMessageRequest decodeAuthorizationMessageRequest, AsyncCallback callback, object state, bool synchronized)
 {
     IRequest irequest = new DecodeAuthorizationMessageRequestMarshaller().Marshall(decodeAuthorizationMessageRequest);
     var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.GetInstance();
     AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller);
     Invoke(result);
     return result;
 }
 /// <summary>
 /// Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
 /// </summary>
 /// 
 /// <param name="request">Container for the necessary parameters to execute the DecodeAuthorizationMessage operation on AmazonSecurityTokenServiceClient.</param>
 /// <param name="callback">An Action delegate that is invoked when the operation completes.</param>
 /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
 ///          procedure using the AsyncState property.</param>
 public void DecodeAuthorizationMessageAsync(DecodeAuthorizationMessageRequest request, AmazonServiceCallback<DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse> callback, AsyncOptions options = null)
 {
     options = options == null?new AsyncOptions():options;
     var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
     var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.Instance;
     Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null;
     if(callback !=null )
         callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { 
             AmazonServiceResult<DecodeAuthorizationMessageRequest,DecodeAuthorizationMessageResponse> responseObject 
                     = new AmazonServiceResult<DecodeAuthorizationMessageRequest,DecodeAuthorizationMessageResponse>((DecodeAuthorizationMessageRequest)req, (DecodeAuthorizationMessageResponse)res, ex , ao.State);    
                 callback(responseObject); 
         };
     BeginInvoke<DecodeAuthorizationMessageRequest>(request, marshaller, unmarshaller, options, callbackHelper);
 }
 /// <summary>
 /// <para> Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS
 /// request. </para> <para> For example, if a user is not authorized to perform an action that he or she has requested, the request returns a
 /// <c>Client.UnauthorizedOperation</c> response (an HTTP 403 response). Some AWS actions additionally return an encoded message that can
 /// provide details about this authorization failure. </para> <para><b>NOTE:</b> Only certain AWS actions return an encoded authorization
 /// message. The documentation for an individual action indicates whether that action returns an encoded message in addition to returning an
 /// HTTP code. </para> <para>The message is encoded because the details of the authorization status can constitute privileged information that
 /// the user who requested the action should not see. To decode an authorization status message, a user must be granted permissions via an AWS
 /// IAM policy to request the <c>DecodeAuthorizationMessage</c> (
 /// <c>sts:DecodeAuthorizationMessage</c> ) action. </para> <para> The decoded message includes the following type of
 /// information: </para>
 /// <ul>
 /// <li>Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see <a
 /// href="http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html#policy-eval-denyallow" >Determining Whether
 /// a Request is Allowed or Denied</a> in <i>Using AWS IAM</i> . </li>
 /// <li>The principal who made the request.</li>
 /// <li>The requested action.</li>
 /// <li>The requested resource.</li>
 /// <li>The values of condition keys in the context of the user's request.</li>
 /// 
 /// </ul>
 /// </summary>
 /// 
 /// <param name="decodeAuthorizationMessageRequest">Container for the necessary parameters to execute the DecodeAuthorizationMessage service
 ///          method on AmazonSecurityTokenService.</param>
 /// 
 /// <returns>The response from the DecodeAuthorizationMessage service method, as returned by AmazonSecurityTokenService.</returns>
 /// 
 /// <exception cref="InvalidAuthorizationMessageException"/>
 public DecodeAuthorizationMessageResponse DecodeAuthorizationMessage(DecodeAuthorizationMessageRequest decodeAuthorizationMessageRequest)
 {
     IAsyncResult asyncResult = invokeDecodeAuthorizationMessage(decodeAuthorizationMessageRequest, null, null, true);
     return EndDecodeAuthorizationMessage(asyncResult);
 }
 /// <summary>
 /// Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
 /// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService.DecodeAuthorizationMessage"/>
 /// </summary>
 /// 
 /// <param name="decodeAuthorizationMessageRequest">Container for the necessary parameters to execute the DecodeAuthorizationMessage operation
 ///          on AmazonSecurityTokenService.</param>
 /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
 /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
 ///          procedure using the AsyncState property.</param>
 /// 
 /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking
 ///         EndDecodeAuthorizationMessage operation.</returns>
 public IAsyncResult BeginDecodeAuthorizationMessage(DecodeAuthorizationMessageRequest decodeAuthorizationMessageRequest, AsyncCallback callback, object state)
 {
     return invokeDecodeAuthorizationMessage(decodeAuthorizationMessageRequest, callback, state, false);
 }
        IAsyncResult invokeDecodeAuthorizationMessage(DecodeAuthorizationMessageRequest request, AsyncCallback callback, object state, bool synchronized)
        {
            var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
            var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.Instance;

            return Invoke(request, callback, state, synchronized, marshaller, unmarshaller, signer);
        }
        /// <summary>
        /// <para> Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS
        /// request. </para> <para> For example, if a user is not authorized to perform an action that he or she has requested, the request returns a
        /// <c>Client.UnauthorizedOperation</c> response (an HTTP 403 response). Some AWS actions additionally return an encoded message that can
        /// provide details about this authorization failure. </para> <para><b>NOTE:</b> Only certain AWS actions return an encoded authorization
        /// message. The documentation for an individual action indicates whether that action returns an encoded message in addition to returning an
        /// HTTP code. </para> <para>The message is encoded because the details of the authorization status can constitute privileged information that
        /// the user who requested the action should not see. To decode an authorization status message, a user must be granted permissions via an AWS
        /// IAM policy to request the <c>DecodeAuthorizationMessage</c> (
        /// <c>sts:DecodeAuthorizationMessage</c> ) action. </para> <para> The decoded message includes the following type of
        /// information: </para>
        /// <ul>
        /// <li>Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html#policy-eval-denyallow">Determining Whether
        /// a Request is Allowed or Denied</a> in <i>Using AWS IAM</i> . </li>
        /// <li>The principal who made the request.</li>
        /// <li>The requested action.</li>
        /// <li>The requested resource.</li>
        /// <li>The values of condition keys in the context of the user's request.</li>
        /// 
        /// </ul>
        /// </summary>
        /// 
        /// <param name="decodeAuthorizationMessageRequest">Container for the necessary parameters to execute the DecodeAuthorizationMessage service
        /// method on AmazonSecurityTokenService.</param>
        /// 
        /// <returns>The response from the DecodeAuthorizationMessage service method, as returned by AmazonSecurityTokenService.</returns>
        /// 
        /// <exception cref="T:Amazon.SecurityToken.Model.InvalidAuthorizationMessageException" />
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
		public Task<DecodeAuthorizationMessageResponse> DecodeAuthorizationMessageAsync(DecodeAuthorizationMessageRequest decodeAuthorizationMessageRequest, CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
            var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.GetInstance();
            return Invoke<IRequest, DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse>(decodeAuthorizationMessageRequest, marshaller, unmarshaller, signer, cancellationToken);
        }
		internal DecodeAuthorizationMessageResponse DecodeAuthorizationMessage(DecodeAuthorizationMessageRequest request)
        {
            var task = DecodeAuthorizationMessageAsync(request);
            try
            {
                return task.Result;
            }
            catch(AggregateException e)
            {
                throw e.InnerException;
            }
        }
		internal DecodeAuthorizationMessageResponse DecodeAuthorizationMessage(DecodeAuthorizationMessageRequest request)
        {
            var task = DecodeAuthorizationMessageAsync(request);
            try
            {
                return task.Result;
            }
            catch(AggregateException e)
            {
                ExceptionDispatchInfo.Capture(e.InnerException).Throw();
                return null;
            }
        }
        /// <summary>
        /// Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
        /// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService.DecodeAuthorizationMessage"/>
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the DecodeAuthorizationMessage operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
		public async Task<DecodeAuthorizationMessageResponse> DecodeAuthorizationMessageAsync(DecodeAuthorizationMessageRequest request, CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new DecodeAuthorizationMessageRequestMarshaller();
            var unmarshaller = DecodeAuthorizationMessageResponseUnmarshaller.GetInstance();
            var response = await Invoke<IRequest, DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse>(request, marshaller, unmarshaller, signer, cancellationToken)
                .ConfigureAwait(continueOnCapturedContext: false);
            return response;
        }