:doc:`SSOAdmin <../../sso-admin>` / Client / get_application_grant

*********************
get_application_grant
*********************



.. py:method:: SSOAdmin.Client.get_application_grant(**kwargs)

  

  Retrieves details about an application grant.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetApplicationGrant>`_  


  **Request Syntax**
  ::

    response = client.get_application_grant(
        ApplicationArn='string',
        GrantType='authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange'
    )
    
  :type ApplicationArn: string
  :param ApplicationArn: **[REQUIRED]** 

    Specifies the ARN of the application that contains the grant.

    

  
  :type GrantType: string
  :param GrantType: **[REQUIRED]** 

    Specifies the type of grant.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Grant': {
              'AuthorizationCode': {
                  'RedirectUris': [
                      'string',
                  ]
              },
              'JwtBearer': {
                  'AuthorizedTokenIssuers': [
                      {
                          'TrustedTokenIssuerArn': 'string',
                          'AuthorizedAudiences': [
                              'string',
                          ]
                      },
                  ]
              },
              'RefreshToken': {},
              'TokenExchange': {}
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Grant** *(dict) --* 

        A structure that describes the requested grant.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``AuthorizationCode``, ``JwtBearer``, ``RefreshToken``, ``TokenExchange``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


      
        

        - **AuthorizationCode** *(dict) --* 

          Configuration options for the ``authorization_code`` grant type.

          
          

          - **RedirectUris** *(list) --* 

            A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

             

            .. note::

              

              RedirectUris is required when the grant type is ``authorization_code``.

              

            
            

            - *(string) --* 
        
      
        

        - **JwtBearer** *(dict) --* 

          Configuration options for the ``urn:ietf:params:oauth:grant-type:jwt-bearer`` grant type.

          
          

          - **AuthorizedTokenIssuers** *(list) --* 

            A list of allowed token issuers trusted by the Identity Center instances for this application.

             

            .. note::

              

              ``AuthorizedTokenIssuers`` is required when the grant type is ``JwtBearerGrant``.

              

            
            

            - *(dict) --* 

              A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

              
              

              - **TrustedTokenIssuerArn** *(string) --* 

                The ARN of the trusted token issuer.

                
              

              - **AuthorizedAudiences** *(list) --* 

                An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

                
                

                - *(string) --* 
            
          
        
      
        

        - **RefreshToken** *(dict) --* 

          Configuration options for the ``refresh_token`` grant type.

          
      
        

        - **TokenExchange** *(dict) --* 

          Configuration options for the ``urn:ietf:params:oauth:grant-type:token-exchange`` grant type.

          
      
    
  
  **Exceptions**
  
  *   :py:class:`SSOAdmin.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.InternalServerException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ValidationException`

  