AWS IAM Identity Center OIDC service (sso-oauth)

2025-09-30

2 new actions

Additions

    Actions
  • IntrospectTokenWithIAM
    • Description:  Grants permission to validate and retrieve information about active OAuth 2.0 access tokens and refresh tokens, including their associated scopes and permissions. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

    • Dependents: 

      kms:Decrypt

  • RevokeTokenWithIAM
    • Description:  Grants permission to revoke OAuth 2.0 access tokens and refresh tokens, invalidating them before their normal expiration. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

    • Dependents: 

      kms:Decrypt