SSOAdmin / Client / get_application_grant



Retrieves details about an application grant.

See also: AWS API Documentation

Request Syntax

response = client.get_application_grant(
  • ApplicationArn (string) –


    Specifies the ARN of the application that contains the grant.

  • GrantType (string) –


    Specifies the type of grant.

Return type:



Response Syntax

    'Grant': {
        'AuthorizationCode': {
            'RedirectUris': [
        'JwtBearer': {
            'AuthorizedTokenIssuers': [
                    'AuthorizedAudiences': [
                    'TrustedTokenIssuerArn': 'string'
        'RefreshToken': {},
        'TokenExchange': {}

Response Structure

  • (dict) –

    • Grant (dict) –

      A structure that describes the requested grant.


      This is a Tagged Union structure. Only one of the following top level keys will be set: AuthorizationCode, JwtBearer, RefreshToken, TokenExchange. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      • AuthorizationCode (dict) –

        Configuration options for the authorization_code grant type.

        • RedirectUris (list) –

          A list of URIs that are valid locations to redirect a user’s browser after the user is authorized.

          • (string) –

      • JwtBearer (dict) –

        Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.

        • AuthorizedTokenIssuers (list) –

          A list of allowed token issuers trusted by the Identity Center instances for this application.

          • (dict) –

            A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

            • AuthorizedAudiences (list) –

              An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

              • (string) –

            • TrustedTokenIssuerArn (string) –

              The ARN of the trusted token issuer.

      • RefreshToken (dict) –

        Configuration options for the refresh_token grant type.

      • TokenExchange (dict) –

        Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.


  • SSOAdmin.Client.exceptions.ThrottlingException

  • SSOAdmin.Client.exceptions.InternalServerException

  • SSOAdmin.Client.exceptions.ResourceNotFoundException

  • SSOAdmin.Client.exceptions.AccessDeniedException

  • SSOAdmin.Client.exceptions.ValidationException