@aws-amplify/adapter-nextjs 1.1.6 → 1.1.7-s-auth.30d0cd2.0

package/dist/esm/auth/createTokenExchangeRouteHandlerFactory.d.ts

@@ -0,0 +1,2 @@
+import { CreateTokenExchangeRouteHandlerFactory } from './types';
+export declare const createTokenExchangeRouteHandlerFactory: CreateTokenExchangeRouteHandlerFactory;

package/dist/esm/auth/createTokenExchangeRouteHandlerFactory.mjs

@@ -0,0 +1,50 @@
+import { cookies } from 'next/headers.js';
+import { fetchAuthSession } from 'aws-amplify/auth/server';
+import { createRunWithAmplifyServerContext } from '../utils/createRunWithAmplifyServerContext.mjs';
+
+const createTokenExchangeRouteHandlerFactory = input => {
+    const runWithAmplifyServerContext = createRunWithAmplifyServerContext(input);
+    const handleRequest = async (_, __) => {
+        const { origin } = input;
+        if (!origin) {
+            throw new Error('`origin` parameter is required when using `getOAuthInitiationRoute`.');
+        }
+        const userSession = await runWithAmplifyServerContext({
+            nextServerContext: { cookies },
+            operation: contextSpec => fetchAuthSession(contextSpec),
+        });
+        const clockDrift = cookies()
+            .getAll()
+            .find(cookie => cookie.name.endsWith('.clockDrift'))?.value;
+        return new Response(JSON.stringify({
+            ...userSession,
+            tokens: {
+                accessToken: userSession.tokens?.accessToken.toString(),
+                idToken: userSession.tokens?.idToken?.toString(),
+            },
+            username: userSession.tokens?.accessToken.payload.username,
+            clockDrift,
+            userSession,
+        }), {
+            headers: {
+                'content-type': 'application/json',
+                'Access-Control-Allow-Origin': origin,
+                'Access-Control-Allow-Methods': 'POST',
+            },
+        });
+    };
+    return handlerInput => ({
+        async POST(request) {
+            try {
+                return await handleRequest(request, handlerInput);
+            }
+            catch (error) {
+                const { onError } = handlerInput;
+                onError(error);
+            }
+        },
+    });
+};
+
+export { createTokenExchangeRouteHandlerFactory };
+//# sourceMappingURL=createTokenExchangeRouteHandlerFactory.mjs.map

package/dist/esm/auth/createTokenExchangeRouteHandlerFactory.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"createTokenExchangeRouteHandlerFactory.mjs","sources":["../../../src/auth/createTokenExchangeRouteHandlerFactory.ts"],"sourcesContent":["import { cookies } from 'next/headers.js';\nimport { fetchAuthSession } from 'aws-amplify/auth/server';\nimport { createRunWithAmplifyServerContext } from '../utils';\nexport const createTokenExchangeRouteHandlerFactory = input => {\n    const runWithAmplifyServerContext = createRunWithAmplifyServerContext(input);\n    const handleRequest = async (_, __) => {\n        const { origin } = input;\n        if (!origin) {\n            throw new Error('`origin` parameter is required when using `getOAuthInitiationRoute`.');\n        }\n        const userSession = await runWithAmplifyServerContext({\n            nextServerContext: { cookies },\n            operation: contextSpec => fetchAuthSession(contextSpec),\n        });\n        const clockDrift = cookies()\n            .getAll()\n            .find(cookie => cookie.name.endsWith('.clockDrift'))?.value;\n        return new Response(JSON.stringify({\n            ...userSession,\n            tokens: {\n                accessToken: userSession.tokens?.accessToken.toString(),\n                idToken: userSession.tokens?.idToken?.toString(),\n            },\n            username: userSession.tokens?.accessToken.payload.username,\n            clockDrift,\n            userSession,\n        }), {\n            headers: {\n                'content-type': 'application/json',\n                'Access-Control-Allow-Origin': origin,\n                'Access-Control-Allow-Methods': 'POST',\n            },\n        });\n    };\n    return handlerInput => ({\n        async POST(request) {\n            try {\n                return await handleRequest(request, handlerInput);\n            }\n            catch (error) {\n                const { onError } = handlerInput;\n                onError(error);\n            }\n        },\n    });\n};\n"],"names":[],"mappings":";;;;AAGY,MAAC,sCAAsC,GAAG,KAAK,IAAI;AAC/D,IAAI,MAAM,2BAA2B,GAAG,iCAAiC,CAAC,KAAK,CAAC,CAAC;AACjF,IAAI,MAAM,aAAa,GAAG,OAAO,CAAC,EAAE,EAAE,KAAK;AAC3C,QAAQ,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;AACjC,QAAQ,IAAI,CAAC,MAAM,EAAE;AACrB,YAAY,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;AACpG,SAAS;AACT,QAAQ,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC;AAC9D,YAAY,iBAAiB,EAAE,EAAE,OAAO,EAAE;AAC1C,YAAY,SAAS,EAAE,WAAW,IAAI,gBAAgB,CAAC,WAAW,CAAC;AACnE,SAAS,CAAC,CAAC;AACX,QAAQ,MAAM,UAAU,GAAG,OAAO,EAAE;AACpC,aAAa,MAAM,EAAE;AACrB,aAAa,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC;AACxE,QAAQ,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AAC3C,YAAY,GAAG,WAAW;AAC1B,YAAY,MAAM,EAAE;AACpB,gBAAgB,WAAW,EAAE,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,QAAQ,EAAE;AACvE,gBAAgB,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;AAChE,aAAa;AACb,YAAY,QAAQ,EAAE,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,QAAQ;AACtE,YAAY,UAAU;AACtB,YAAY,WAAW;AACvB,SAAS,CAAC,EAAE;AACZ,YAAY,OAAO,EAAE;AACrB,gBAAgB,cAAc,EAAE,kBAAkB;AAClD,gBAAgB,6BAA6B,EAAE,MAAM;AACrD,gBAAgB,8BAA8B,EAAE,MAAM;AACtD,aAAa;AACb,SAAS,CAAC,CAAC;AACX,KAAK,CAAC;AACN,IAAI,OAAO,YAAY,KAAK;AAC5B,QAAQ,MAAM,IAAI,CAAC,OAAO,EAAE;AAC5B,YAAY,IAAI;AAChB,gBAAgB,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;AAClE,aAAa;AACb,YAAY,OAAO,KAAK,EAAE;AAC1B,gBAAgB,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;AACjD,gBAAgB,OAAO,CAAC,KAAK,CAAC,CAAC;AAC/B,aAAa;AACb,SAAS;AACT,KAAK,CAAC,CAAC;AACP;;;;"}

package/dist/esm/auth/httpOnlyCookieBasedAuthProviders/createHttpOnlyCookieBasedAuthProviders.d.ts

@@ -0,0 +1,4 @@
+import { LibraryOptions } from '@aws-amplify/core';
+export declare const createHttpOnlyCookieBasedAuthProviders: ({ authTokenExchangeRoute, }: {
+    authTokenExchangeRoute: string;
+}) => LibraryOptions['Auth'];

package/dist/esm/auth/httpOnlyCookieBasedAuthProviders/createHttpOnlyCookieBasedAuthProviders.mjs

@@ -0,0 +1,37 @@
+import { sharedInMemoryStorage } from '@aws-amplify/core';
+import { runInBrowserContext } from '@aws-amplify/core/internals/utils';
+import { cognitoUserPoolsTokenProvider, cognitoCredentialsProvider } from 'aws-amplify/auth/cognito';
+
+const createHttpOnlyCookieBasedAuthProviders = ({ authTokenExchangeRoute, }) => {
+    cognitoUserPoolsTokenProvider.setKeyValueStorage(sharedInMemoryStorage);
+    runInBrowserContext(() => {
+        refreshSession({
+            authTokenExchangeRoute,
+            tokenProvider: cognitoUserPoolsTokenProvider,
+            credentialsProvider: cognitoCredentialsProvider,
+        });
+    });
+    return {
+        tokenProvider: cognitoUserPoolsTokenProvider,
+        credentialsProvider: cognitoCredentialsProvider,
+    };
+};
+const refreshSession = async ({ authTokenExchangeRoute, tokenProvider, credentialsProvider, }) => {
+    const response = await fetch(authTokenExchangeRoute, { method: 'POST' });
+    const session = await response.json();
+    tokenProvider.tokenOrchestrator.setTokens({
+        tokens: {
+            accessToken: session.tokens.accessToken,
+            idToken: session.tokens.idToken,
+            clockDrift: session.clockDrift,
+            username: session.username,
+        },
+    });
+    credentialsProvider.setIdentityIdCredentials({
+        credentials: session.credentials,
+        identityId: session.identityId,
+    }, session.tokens.idToken);
+};
+
+export { createHttpOnlyCookieBasedAuthProviders };
+//# sourceMappingURL=createHttpOnlyCookieBasedAuthProviders.mjs.map

package/dist/esm/auth/httpOnlyCookieBasedAuthProviders/createHttpOnlyCookieBasedAuthProviders.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"createHttpOnlyCookieBasedAuthProviders.mjs","sources":["../../../../src/auth/httpOnlyCookieBasedAuthProviders/createHttpOnlyCookieBasedAuthProviders.ts"],"sourcesContent":["import { sharedInMemoryStorage } from '@aws-amplify/core';\nimport { runInBrowserContext } from '@aws-amplify/core/internals/utils';\nimport { cognitoCredentialsProvider, cognitoUserPoolsTokenProvider, } from 'aws-amplify/auth/cognito';\nexport const createHttpOnlyCookieBasedAuthProviders = ({ authTokenExchangeRoute, }) => {\n    cognitoUserPoolsTokenProvider.setKeyValueStorage(sharedInMemoryStorage);\n    runInBrowserContext(() => {\n        refreshSession({\n            authTokenExchangeRoute,\n            tokenProvider: cognitoUserPoolsTokenProvider,\n            credentialsProvider: cognitoCredentialsProvider,\n        });\n    });\n    return {\n        tokenProvider: cognitoUserPoolsTokenProvider,\n        credentialsProvider: cognitoCredentialsProvider,\n    };\n};\nconst refreshSession = async ({ authTokenExchangeRoute, tokenProvider, credentialsProvider, }) => {\n    const response = await fetch(authTokenExchangeRoute, { method: 'POST' });\n    const session = await response.json();\n    tokenProvider.tokenOrchestrator.setTokens({\n        tokens: {\n            accessToken: session.tokens.accessToken,\n            idToken: session.tokens.idToken,\n            clockDrift: session.clockDrift,\n            username: session.username,\n        },\n    });\n    credentialsProvider.setIdentityIdCredentials({\n        credentials: session.credentials,\n        identityId: session.identityId,\n    }, session.tokens.idToken);\n};\n"],"names":[],"mappings":";;;;AAGY,MAAC,sCAAsC,GAAG,CAAC,EAAE,sBAAsB,GAAG,KAAK;AACvF,IAAI,6BAA6B,CAAC,kBAAkB,CAAC,qBAAqB,CAAC,CAAC;AAC5E,IAAI,mBAAmB,CAAC,MAAM;AAC9B,QAAQ,cAAc,CAAC;AACvB,YAAY,sBAAsB;AAClC,YAAY,aAAa,EAAE,6BAA6B;AACxD,YAAY,mBAAmB,EAAE,0BAA0B;AAC3D,SAAS,CAAC,CAAC;AACX,KAAK,CAAC,CAAC;AACP,IAAI,OAAO;AACX,QAAQ,aAAa,EAAE,6BAA6B;AACpD,QAAQ,mBAAmB,EAAE,0BAA0B;AACvD,KAAK,CAAC;AACN,EAAE;AACF,MAAM,cAAc,GAAG,OAAO,EAAE,sBAAsB,EAAE,aAAa,EAAE,mBAAmB,GAAG,KAAK;AAClG,IAAI,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;AAC7E,IAAI,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC1C,IAAI,aAAa,CAAC,iBAAiB,CAAC,SAAS,CAAC;AAC9C,QAAQ,MAAM,EAAE;AAChB,YAAY,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;AACnD,YAAY,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;AAC3C,YAAY,UAAU,EAAE,OAAO,CAAC,UAAU;AAC1C,YAAY,QAAQ,EAAE,OAAO,CAAC,QAAQ;AACtC,SAAS;AACT,KAAK,CAAC,CAAC;AACP,IAAI,mBAAmB,CAAC,wBAAwB,CAAC;AACjD,QAAQ,WAAW,EAAE,OAAO,CAAC,WAAW;AACxC,QAAQ,UAAU,EAAE,OAAO,CAAC,UAAU;AACtC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;;;;"}

package/dist/esm/auth/httpOnlyCookieBasedAuthProviders/index.d.ts

@@ -0,0 +1,2 @@
+import 'client-only';
+export { createHttpOnlyCookieBasedAuthProviders } from './createHttpOnlyCookieBasedAuthProviders';

package/dist/esm/auth/httpOnlyCookieBasedAuthProviders/index.mjs

@@ -0,0 +1,3 @@
+import 'client-only';
+export { createHttpOnlyCookieBasedAuthProviders } from './createHttpOnlyCookieBasedAuthProviders.mjs';
+//# sourceMappingURL=index.mjs.map

package/dist/esm/auth/httpOnlyCookieBasedAuthProviders/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";"}

package/dist/esm/auth/types.d.ts

@@ -0,0 +1,17 @@
+import { ResourcesConfig } from 'aws-amplify';
+import { NextRequest } from 'next/server';
+import { NextServer } from '../types';
+interface CreateTokenExchangeRouteHandlerFactoryInput {
+    config: ResourcesConfig;
+    origin?: string;
+    setAuthCookieOptions?: NextServer.SetCookieOptions;
+}
+interface CreateOAuthRouteHandlerOutput {
+    POST(request: NextRequest): Promise<Response | void>;
+}
+export interface CreateTokenExchangeRouteHandlerInput {
+    onError(error: Error): void;
+}
+export type CreateTokenExchangeRouteHandler = (input: CreateTokenExchangeRouteHandlerInput) => CreateOAuthRouteHandlerOutput;
+export type CreateTokenExchangeRouteHandlerFactory = (input: CreateTokenExchangeRouteHandlerFactoryInput) => CreateTokenExchangeRouteHandler;
+export {};

package/dist/esm/auth/types.mjs

@@ -0,0 +1,2 @@
+
+//# sourceMappingURL=types.mjs.map

package/dist/esm/auth/types.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/esm/client/index.d.ts

@@ -0,0 +1 @@
+export { createHttpOnlyCookieBasedAuthProviders } from '../auth/httpOnlyCookieBasedAuthProviders';

package/dist/esm/client/index.mjs

@@ -0,0 +1,3 @@
+import 'client-only';
+export { createHttpOnlyCookieBasedAuthProviders } from '../auth/httpOnlyCookieBasedAuthProviders/createHttpOnlyCookieBasedAuthProviders.mjs';
+//# sourceMappingURL=index.mjs.map

package/dist/esm/client/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";"}

package/dist/esm/createServerRunner.mjs

@@ -1,5 +1,8 @@
 import { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';
 import { createRunWithAmplifyServerContext } from './utils/createRunWithAmplifyServerContext.mjs';
+import { createOAuthRouteHandlerFactory } from './oauth/createOAuthRouteHandlerFactory.mjs';
+import { createTokenExchangeRouteHandlerFactory } from './auth/createTokenExchangeRouteHandlerFactory.mjs';
+import { createGetOAuthInitiationRouteFactory } from './oauth/createGetOAuthInitiationRouteFactory.mjs';
 
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
@@ -21,11 +24,25 @@ import { createRunWithAmplifyServerContext } from './utils/createRunWithAmplifyS
  *
  * export const { runWithAmplifyServerContext } = createServerRunner({ config })
  */
-const createServerRunner = ({ config, }) => {
+const createServerRunner = ({ config, origin, setAuthCookieOptions, }) => {
     const amplifyConfig = parseAmplifyConfig(config);
     return {
         runWithAmplifyServerContext: createRunWithAmplifyServerContext({
             config: amplifyConfig,
+            setAuthCookieOptions,
+        }),
+        createOAuthRouteHandler: createOAuthRouteHandlerFactory({
+            config: amplifyConfig,
+            setAuthCookieOptions,
+        }),
+        getOAuthInitiationRoute: createGetOAuthInitiationRouteFactory({
+            config: amplifyConfig,
+            origin,
+        }),
+        createTokenExchangeRouteHandler: createTokenExchangeRouteHandlerFactory({
+            config: amplifyConfig,
+            origin,
+            setAuthCookieOptions,
         }),
     };
 };

package/dist/esm/createServerRunner.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"createServerRunner.mjs","sources":["../../src/createServerRunner.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createRunWithAmplifyServerContext } from './utils';\n/**\n * Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.\n *\n * @remarks\n * This function should be called only once; you can use the returned `runWithAmplifyServerContext` across\n * your codebase.\n *\n * @param input The input used to create the `runWithAmplifyServerContext` function.\n * @param input.config The {@link ResourcesConfig} imported from the `amplifyconfiguration.json` file or manually\n * created.\n * @returns An object that contains the `runWithAmplifyServerContext` function.\n *\n * @example\n * import { createServerRunner } from '@aws-amplify/adapter-nextjs';\n * import config from './amplifyconfiguration.json';\n *\n * export const { runWithAmplifyServerContext } = createServerRunner({ config })\n */\nexport const createServerRunner = ({ config, }) => {\n    const amplifyConfig = parseAmplifyConfig(config);\n    return {\n        runWithAmplifyServerContext: createRunWithAmplifyServerContext({\n            config: amplifyConfig,\n        }),\n    };\n};\n"],"names":[],"mappings":";;;AAAA;AACA;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,kBAAkB,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK;AACnD,IAAI,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACrD,IAAI,OAAO;AACX,QAAQ,2BAA2B,EAAE,iCAAiC,CAAC;AACvE,YAAY,MAAM,EAAE,aAAa;AACjC,SAAS,CAAC;AACV,KAAK,CAAC;AACN;;;;"}
+{"version":3,"file":"createServerRunner.mjs","sources":["../../src/createServerRunner.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createRunWithAmplifyServerContext } from './utils';\nimport { createOAuthRouteHandlerFactory } from './oauth';\nimport { createTokenExchangeRouteHandlerFactory } from './auth/createTokenExchangeRouteHandlerFactory';\nimport { createGetOAuthInitiationRouteFactory } from './oauth/createGetOAuthInitiationRouteFactory';\n/**\n * Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.\n *\n * @remarks\n * This function should be called only once; you can use the returned `runWithAmplifyServerContext` across\n * your codebase.\n *\n * @param input The input used to create the `runWithAmplifyServerContext` function.\n * @param input.config The {@link ResourcesConfig} imported from the `amplifyconfiguration.json` file or manually\n * created.\n * @returns An object that contains the `runWithAmplifyServerContext` function.\n *\n * @example\n * import { createServerRunner } from '@aws-amplify/adapter-nextjs';\n * import config from './amplifyconfiguration.json';\n *\n * export const { runWithAmplifyServerContext } = createServerRunner({ config })\n */\nexport const createServerRunner = ({ config, origin, setAuthCookieOptions, }) => {\n    const amplifyConfig = parseAmplifyConfig(config);\n    return {\n        runWithAmplifyServerContext: createRunWithAmplifyServerContext({\n            config: amplifyConfig,\n            setAuthCookieOptions,\n        }),\n        createOAuthRouteHandler: createOAuthRouteHandlerFactory({\n            config: amplifyConfig,\n            setAuthCookieOptions,\n        }),\n        getOAuthInitiationRoute: createGetOAuthInitiationRouteFactory({\n            config: amplifyConfig,\n            origin,\n        }),\n        createTokenExchangeRouteHandler: createTokenExchangeRouteHandlerFactory({\n            config: amplifyConfig,\n            origin,\n            setAuthCookieOptions,\n        }),\n    };\n};\n"],"names":[],"mappings":";;;;;;AAAA;AACA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,kBAAkB,GAAG,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,GAAG,KAAK;AACjF,IAAI,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACrD,IAAI,OAAO;AACX,QAAQ,2BAA2B,EAAE,iCAAiC,CAAC;AACvE,YAAY,MAAM,EAAE,aAAa;AACjC,YAAY,oBAAoB;AAChC,SAAS,CAAC;AACV,QAAQ,uBAAuB,EAAE,8BAA8B,CAAC;AAChE,YAAY,MAAM,EAAE,aAAa;AACjC,YAAY,oBAAoB;AAChC,SAAS,CAAC;AACV,QAAQ,uBAAuB,EAAE,oCAAoC,CAAC;AACtE,YAAY,MAAM,EAAE,aAAa;AACjC,YAAY,MAAM;AAClB,SAAS,CAAC;AACV,QAAQ,+BAA+B,EAAE,sCAAsC,CAAC;AAChF,YAAY,MAAM,EAAE,aAAa;AACjC,YAAY,MAAM;AAClB,YAAY,oBAAoB;AAChC,SAAS,CAAC;AACV,KAAK,CAAC;AACN;;;;"}

package/dist/esm/oauth/createGetOAuthInitiationRouteFactory.d.ts

@@ -0,0 +1,2 @@
+import { CreateGetOAuthInitiationRouteFactory } from './types';
+export declare const createGetOAuthInitiationRouteFactory: CreateGetOAuthInitiationRouteFactory;

package/dist/esm/oauth/createGetOAuthInitiationRouteFactory.mjs

@@ -0,0 +1,20 @@
+import { assertTokenProviderConfig, assertOAuthConfig } from '@aws-amplify/core/internals/utils';
+import { getRedirectUrl } from './utils/getRedirectUrl.mjs';
+
+const createGetOAuthInitiationRouteFactory = ({ config: resourcesConfig, origin }) => {
+    const getOAuthInitiationRoute = input => {
+        assertTokenProviderConfig(resourcesConfig.Auth?.Cognito);
+        assertOAuthConfig(resourcesConfig.Auth.Cognito);
+        const { Cognito: cognitoUserPoolConfig } = resourcesConfig.Auth;
+        if (!origin) {
+            throw new Error('`origin` parameter is required when using `getOAuthInitiationRoute`.');
+        }
+        const redirectUrl = getRedirectUrl(origin, cognitoUserPoolConfig.loginWith.oauth);
+        const { provider } = input;
+        return `${redirectUrl}?init=true&provider=${provider}`;
+    };
+    return getOAuthInitiationRoute;
+};
+
+export { createGetOAuthInitiationRouteFactory };
+//# sourceMappingURL=createGetOAuthInitiationRouteFactory.mjs.map

package/dist/esm/oauth/createGetOAuthInitiationRouteFactory.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"createGetOAuthInitiationRouteFactory.mjs","sources":["../../../src/oauth/createGetOAuthInitiationRouteFactory.ts"],"sourcesContent":["import { assertOAuthConfig, assertTokenProviderConfig, } from '@aws-amplify/core/internals/utils';\nimport { getRedirectUrl } from './utils/getRedirectUrl';\nexport const createGetOAuthInitiationRouteFactory = ({ config: resourcesConfig, origin }) => {\n    const getOAuthInitiationRoute = input => {\n        assertTokenProviderConfig(resourcesConfig.Auth?.Cognito);\n        assertOAuthConfig(resourcesConfig.Auth.Cognito);\n        const { Cognito: cognitoUserPoolConfig } = resourcesConfig.Auth;\n        if (!origin) {\n            throw new Error('`origin` parameter is required when using `getOAuthInitiationRoute`.');\n        }\n        const redirectUrl = getRedirectUrl(origin, cognitoUserPoolConfig.loginWith.oauth);\n        const { provider } = input;\n        return `${redirectUrl}?init=true&provider=${provider}`;\n    };\n    return getOAuthInitiationRoute;\n};\n"],"names":[],"mappings":";;;AAEY,MAAC,oCAAoC,GAAG,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,KAAK;AAC7F,IAAI,MAAM,uBAAuB,GAAG,KAAK,IAAI;AAC7C,QAAQ,yBAAyB,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACjE,QAAQ,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACxD,QAAQ,MAAM,EAAE,OAAO,EAAE,qBAAqB,EAAE,GAAG,eAAe,CAAC,IAAI,CAAC;AACxE,QAAQ,IAAI,CAAC,MAAM,EAAE;AACrB,YAAY,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;AACpG,SAAS;AACT,QAAQ,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,EAAE,qBAAqB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC1F,QAAQ,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;AACnC,QAAQ,OAAO,CAAC,EAAE,WAAW,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK,CAAC;AACN,IAAI,OAAO,uBAAuB,CAAC;AACnC;;;;"}

package/dist/esm/oauth/createOAuthRouteHandlerFactory.d.ts

@@ -0,0 +1,2 @@
+import { CreateOAuthRouteHandlerFactory } from './types';
+export declare const createOAuthRouteHandlerFactory: CreateOAuthRouteHandlerFactory;

package/dist/esm/oauth/createOAuthRouteHandlerFactory.mjs

@@ -0,0 +1,53 @@
+import { assertTokenProviderConfig, assertOAuthConfig } from '@aws-amplify/core/internals/utils';
+import { initOAuthFlow } from './utils/initOAuthFlow.mjs';
+import { completeOAuthFlow } from './utils/completeOAuthFlow.mjs';
+
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+const createOAuthRouteHandlerFactory = ({ config: resourcesConfig, origin, setAuthCookieOptions, }) => {
+    const handleRequest = async (request, { customState, redirectOnAuthComplete, onError, }) => {
+        if (!origin)
+            throw new Error('Origin is not provided');
+        assertTokenProviderConfig(resourcesConfig.Auth?.Cognito);
+        assertOAuthConfig(resourcesConfig.Auth.Cognito);
+        const { Cognito: cognitoUserPoolConfig } = resourcesConfig.Auth;
+        const { searchParams } = request.nextUrl;
+        // when request url has `init` query param - initiate oauth flow
+        if (searchParams.has('init')) {
+            return initOAuthFlow({
+                origin,
+                setAuthCookieOptions,
+                request,
+                customState,
+                cognitoUserPoolConfig,
+                oAuthConfig: cognitoUserPoolConfig.loginWith.oauth,
+            });
+        }
+        if (searchParams.has('code') && searchParams.has('state')) {
+            return completeOAuthFlow({
+                origin,
+                request,
+                redirectOnComplete: redirectOnAuthComplete,
+                setAuthCookieOptions,
+                customState,
+                cognitoUserPoolConfig,
+                oAuthConfig: cognitoUserPoolConfig.loginWith.oauth,
+            });
+        }
+        onError(new Error('Invalid point (update me)'));
+    };
+    return handlerInput => ({
+        async GET(request) {
+            try {
+                return await handleRequest(request, handlerInput);
+            }
+            catch (error) {
+                const { onError } = handlerInput;
+                onError(error);
+            }
+        },
+    });
+};
+
+export { createOAuthRouteHandlerFactory };
+//# sourceMappingURL=createOAuthRouteHandlerFactory.mjs.map

package/dist/esm/oauth/createOAuthRouteHandlerFactory.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"createOAuthRouteHandlerFactory.mjs","sources":["../../../src/oauth/createOAuthRouteHandlerFactory.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { assertOAuthConfig, assertTokenProviderConfig, } from '@aws-amplify/core/internals/utils';\nimport { initOAuthFlow } from './utils/initOAuthFlow';\nimport { completeOAuthFlow } from './utils/completeOAuthFlow';\nexport const createOAuthRouteHandlerFactory = ({ config: resourcesConfig, origin, setAuthCookieOptions, }) => {\n    const handleRequest = async (request, { customState, redirectOnAuthComplete, onError, }) => {\n        if (!origin)\n            throw new Error('Origin is not provided');\n        assertTokenProviderConfig(resourcesConfig.Auth?.Cognito);\n        assertOAuthConfig(resourcesConfig.Auth.Cognito);\n        const { Cognito: cognitoUserPoolConfig } = resourcesConfig.Auth;\n        const { searchParams } = request.nextUrl;\n        // when request url has `init` query param - initiate oauth flow\n        if (searchParams.has('init')) {\n            return initOAuthFlow({\n                origin,\n                setAuthCookieOptions,\n                request,\n                customState,\n                cognitoUserPoolConfig,\n                oAuthConfig: cognitoUserPoolConfig.loginWith.oauth,\n            });\n        }\n        if (searchParams.has('code') && searchParams.has('state')) {\n            return completeOAuthFlow({\n                origin,\n                request,\n                redirectOnComplete: redirectOnAuthComplete,\n                setAuthCookieOptions,\n                customState,\n                cognitoUserPoolConfig,\n                oAuthConfig: cognitoUserPoolConfig.loginWith.oauth,\n            });\n        }\n        onError(new Error('Invalid point (update me)'));\n    };\n    return handlerInput => ({\n        async GET(request) {\n            try {\n                return await handleRequest(request, handlerInput);\n            }\n            catch (error) {\n                const { onError } = handlerInput;\n                onError(error);\n            }\n        },\n    });\n};\n"],"names":[],"mappings":";;;;AAAA;AACA;AAIY,MAAC,8BAA8B,GAAG,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,oBAAoB,GAAG,KAAK;AAC9G,IAAI,MAAM,aAAa,GAAG,OAAO,OAAO,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE,OAAO,GAAG,KAAK;AAChG,QAAQ,IAAI,CAAC,MAAM;AACnB,YAAY,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;AACtD,QAAQ,yBAAyB,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACjE,QAAQ,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACxD,QAAQ,MAAM,EAAE,OAAO,EAAE,qBAAqB,EAAE,GAAG,eAAe,CAAC,IAAI,CAAC;AACxE,QAAQ,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;AACjD;AACA,QAAQ,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;AACtC,YAAY,OAAO,aAAa,CAAC;AACjC,gBAAgB,MAAM;AACtB,gBAAgB,oBAAoB;AACpC,gBAAgB,OAAO;AACvB,gBAAgB,WAAW;AAC3B,gBAAgB,qBAAqB;AACrC,gBAAgB,WAAW,EAAE,qBAAqB,CAAC,SAAS,CAAC,KAAK;AAClE,aAAa,CAAC,CAAC;AACf,SAAS;AACT,QAAQ,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;AACnE,YAAY,OAAO,iBAAiB,CAAC;AACrC,gBAAgB,MAAM;AACtB,gBAAgB,OAAO;AACvB,gBAAgB,kBAAkB,EAAE,sBAAsB;AAC1D,gBAAgB,oBAAoB;AACpC,gBAAgB,WAAW;AAC3B,gBAAgB,qBAAqB;AACrC,gBAAgB,WAAW,EAAE,qBAAqB,CAAC,SAAS,CAAC,KAAK;AAClE,aAAa,CAAC,CAAC;AACf,SAAS;AACT,QAAQ,OAAO,CAAC,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;AACxD,KAAK,CAAC;AACN,IAAI,OAAO,YAAY,KAAK;AAC5B,QAAQ,MAAM,GAAG,CAAC,OAAO,EAAE;AAC3B,YAAY,IAAI;AAChB,gBAAgB,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;AAClE,aAAa;AACb,YAAY,OAAO,KAAK,EAAE;AAC1B,gBAAgB,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;AACjD,gBAAgB,OAAO,CAAC,KAAK,CAAC,CAAC;AAC/B,aAAa;AACb,SAAS;AACT,KAAK,CAAC,CAAC;AACP;;;;"}

package/dist/esm/oauth/index.d.ts

@@ -0,0 +1 @@
+export { createOAuthRouteHandlerFactory } from './createOAuthRouteHandlerFactory';

package/dist/esm/oauth/index.mjs

@@ -0,0 +1,2 @@
+export { createOAuthRouteHandlerFactory } from './createOAuthRouteHandlerFactory.mjs';
+//# sourceMappingURL=index.mjs.map

package/dist/esm/oauth/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/esm/oauth/types.d.ts

@@ -0,0 +1,39 @@
+import { AuthError, AuthProvider } from '@aws-amplify/auth';
+import { ResourcesConfig } from 'aws-amplify';
+import { NextRequest } from 'next/server';
+import { NextServer } from '../types';
+export interface CreateOAuthRouteHandlerInput {
+    /** A custom state identifying an OAuth flow. */
+    customState?: string;
+    /** The path to redirect to when an OAuth flow completes. */
+    redirectOnAuthComplete: string;
+    /**
+     * A callback function to be called with a {@link AuthError} object that thrown
+     * from an inflight OAuth flow when error occurs. You need to return a
+     * {@link Response} object to redirect end user away from the API route
+     * you set up, for example, redirect back to the sign in page by
+     * `return NextResponse.redirect('/sign-in')`.
+     */
+    onError(error: AuthError): void;
+}
+interface CreateOAuthRouteHandlerOutput {
+    GET(request: NextRequest): Promise<Response | void>;
+}
+export type CreateOAuthRouteHandler = (input: CreateOAuthRouteHandlerInput) => CreateOAuthRouteHandlerOutput;
+interface CreateOAuthRouteHandlerFactoryInput {
+    config: ResourcesConfig;
+    origin?: string;
+    setAuthCookieOptions?: NextServer.SetCookieOptions;
+}
+export type CreateOAuthRouteHandlerFactory = (input: CreateOAuthRouteHandlerFactoryInput) => CreateOAuthRouteHandler;
+export type GetOAuthInitiationRoute = (input: {
+    provider: AuthProvider | {
+        custom: string;
+    };
+}) => string;
+interface CreateGetOAuthInitiationRouteFactoryInput {
+    config: ResourcesConfig;
+    origin?: string;
+}
+export type CreateGetOAuthInitiationRouteFactory = (input: CreateGetOAuthInitiationRouteFactoryInput) => GetOAuthInitiationRoute;
+export {};

package/dist/esm/oauth/types.mjs

@@ -0,0 +1,2 @@
+
+//# sourceMappingURL=types.mjs.map

package/dist/esm/oauth/types.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/esm/oauth/utils/completeOAuthFlow.d.ts

@@ -0,0 +1,12 @@
+import { CognitoUserPoolConfig, OAuthConfig } from '@aws-amplify/core';
+import { NextRequest } from 'next/server.js';
+import { NextServer } from '../../types';
+export declare const completeOAuthFlow: ({ origin, request, redirectOnComplete, cognitoUserPoolConfig, oAuthConfig, setAuthCookieOptions, }: {
+    origin: string;
+    request: NextRequest;
+    customState: string | undefined;
+    redirectOnComplete: string;
+    cognitoUserPoolConfig: CognitoUserPoolConfig;
+    oAuthConfig: OAuthConfig;
+    setAuthCookieOptions?: Partial<Pick<import("cookie").CookieSerializeOptions, "domain" | "expires" | "httpOnly" | "maxAge" | "sameSite" | "secure">> | undefined;
+}) => Promise<Response>;

package/dist/esm/oauth/utils/completeOAuthFlow.mjs

@@ -0,0 +1,99 @@
+import { decodeJWT } from '@aws-amplify/core';
+import { NextResponse } from 'next/server.js';
+import { createKeyValueStorageFromCookieStorageAdapter, validateState } from 'aws-amplify/adapter-core';
+import { DefaultOAuthStore, DefaultTokenStore, TokenOrchestrator } from '@aws-amplify/auth/cognito';
+import { createCookieStorageAdapterFromNextServerContext } from '../../utils/createCookieStorageAdapterFromNextServerContext.mjs';
+import { getRedirectUrl } from './getRedirectUrl.mjs';
+
+const completeOAuthFlow = async ({ origin, request, redirectOnComplete, cognitoUserPoolConfig, oAuthConfig, setAuthCookieOptions, }) => {
+    const { searchParams } = request.nextUrl;
+    const code = searchParams.get('code');
+    const state = searchParams.get('state');
+    const oAuthTokenEndpoint = `https://${oAuthConfig.domain}/oauth2/token`;
+    const response = NextResponse.redirect(new URL(redirectOnComplete, request.url));
+    const keyValueStorage = createKeyValueStorageFromCookieStorageAdapter(createCookieStorageAdapterFromNextServerContext({
+        request,
+        response,
+    }), setAuthCookieOptions);
+    const oAuthStore = new DefaultOAuthStore(keyValueStorage);
+    oAuthStore.setAuthConfig(cognitoUserPoolConfig);
+    await validateState(oAuthStore, state);
+    const authTokenStore = new DefaultTokenStore();
+    authTokenStore.setAuthConfig({ Cognito: cognitoUserPoolConfig });
+    authTokenStore.setKeyValueStorage(keyValueStorage);
+    const tokenOrchestrator = new TokenOrchestrator();
+    tokenOrchestrator.setAuthConfig({ Cognito: cognitoUserPoolConfig });
+    tokenOrchestrator.setAuthTokenStore(authTokenStore);
+    const codeVerifier = await oAuthStore.loadPKCE();
+    const oAuthTokenBody = {
+        grant_type: 'authorization_code',
+        code,
+        client_id: cognitoUserPoolConfig.userPoolClientId,
+        // TODO(Hui): request.nextUrl.origin should be generic and not use Next specifics
+        redirect_uri: getRedirectUrl(origin, oAuthConfig),
+        ...(codeVerifier ? { code_verifier: codeVerifier } : {}),
+    };
+    const body = Object.entries(oAuthTokenBody)
+        .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)
+        .join('&');
+    const tokenExchangeResponse = await fetch(oAuthTokenEndpoint, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body,
+    });
+    const { access_token, refresh_token: refreshToken, id_token, error, error_message: errorMessage, token_type, expires_in, } = await tokenExchangeResponse.json();
+    if (error) {
+        throw new Error(errorMessage ?? error);
+    }
+    const username = (access_token && decodeJWT(access_token).payload.username) ?? 'username';
+    await writeTokensToStorage({
+        username,
+        AccessToken: access_token,
+        IdToken: id_token,
+        RefreshToken: refreshToken,
+        TokenType: token_type,
+        ExpiresIn: expires_in,
+    }, tokenOrchestrator);
+    await oAuthStore.clearOAuthData();
+    return response;
+};
+const writeTokensToStorage = async (payload, tokenOrchestrator) => {
+    if (!payload.AccessToken) {
+        return;
+    }
+    const accessToken = decodeJWT(payload.AccessToken);
+    const accessTokenIssuedAtInMillis = (accessToken.payload.iat || 0) * 1000;
+    const currentTime = new Date().getTime();
+    const clockDrift = accessTokenIssuedAtInMillis > 0
+        ? accessTokenIssuedAtInMillis - currentTime
+        : 0;
+    let idToken;
+    let refreshToken;
+    let deviceMetadata;
+    if (payload.RefreshToken) {
+        refreshToken = payload.RefreshToken;
+    }
+    if (payload.IdToken) {
+        idToken = decodeJWT(payload.IdToken);
+    }
+    if (payload?.NewDeviceMetadata) {
+        deviceMetadata = payload.NewDeviceMetadata;
+    }
+    const tokens = {
+        accessToken,
+        idToken,
+        refreshToken,
+        clockDrift,
+        deviceMetadata,
+        username: payload.username,
+    };
+    if (payload?.signInDetails) {
+        tokens.signInDetails = payload.signInDetails;
+    }
+    await tokenOrchestrator.setTokens({ tokens });
+};
+
+export { completeOAuthFlow };
+//# sourceMappingURL=completeOAuthFlow.mjs.map

package/dist/esm/oauth/utils/completeOAuthFlow.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"completeOAuthFlow.mjs","sources":["../../../../src/oauth/utils/completeOAuthFlow.ts"],"sourcesContent":["import { decodeJWT, } from '@aws-amplify/core';\nimport { NextResponse } from 'next/server.js';\nimport { createKeyValueStorageFromCookieStorageAdapter, validateState, } from 'aws-amplify/adapter-core';\nimport { DefaultOAuthStore, DefaultTokenStore, TokenOrchestrator, } from '@aws-amplify/auth/cognito';\nimport { createCookieStorageAdapterFromNextServerContext } from '../../utils/createCookieStorageAdapterFromNextServerContext';\nimport { getRedirectUrl } from './getRedirectUrl';\nexport const completeOAuthFlow = async ({ origin, request, redirectOnComplete, cognitoUserPoolConfig, oAuthConfig, setAuthCookieOptions, }) => {\n    const { searchParams } = request.nextUrl;\n    const code = searchParams.get('code');\n    const state = searchParams.get('state');\n    const oAuthTokenEndpoint = `https://${oAuthConfig.domain}/oauth2/token`;\n    const response = NextResponse.redirect(new URL(redirectOnComplete, request.url));\n    const keyValueStorage = createKeyValueStorageFromCookieStorageAdapter(createCookieStorageAdapterFromNextServerContext({\n        request,\n        response,\n    }), setAuthCookieOptions);\n    const oAuthStore = new DefaultOAuthStore(keyValueStorage);\n    oAuthStore.setAuthConfig(cognitoUserPoolConfig);\n    await validateState(oAuthStore, state);\n    const authTokenStore = new DefaultTokenStore();\n    authTokenStore.setAuthConfig({ Cognito: cognitoUserPoolConfig });\n    authTokenStore.setKeyValueStorage(keyValueStorage);\n    const tokenOrchestrator = new TokenOrchestrator();\n    tokenOrchestrator.setAuthConfig({ Cognito: cognitoUserPoolConfig });\n    tokenOrchestrator.setAuthTokenStore(authTokenStore);\n    const codeVerifier = await oAuthStore.loadPKCE();\n    const oAuthTokenBody = {\n        grant_type: 'authorization_code',\n        code,\n        client_id: cognitoUserPoolConfig.userPoolClientId,\n        // TODO(Hui): request.nextUrl.origin should be generic and not use Next specifics\n        redirect_uri: getRedirectUrl(origin, oAuthConfig),\n        ...(codeVerifier ? { code_verifier: codeVerifier } : {}),\n    };\n    const body = Object.entries(oAuthTokenBody)\n        .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)\n        .join('&');\n    const tokenExchangeResponse = await fetch(oAuthTokenEndpoint, {\n        method: 'POST',\n        headers: {\n            'Content-Type': 'application/x-www-form-urlencoded',\n        },\n        body,\n    });\n    const { access_token, refresh_token: refreshToken, id_token, error, error_message: errorMessage, token_type, expires_in, } = await tokenExchangeResponse.json();\n    if (error) {\n        throw new Error(errorMessage ?? error);\n    }\n    const username = (access_token && decodeJWT(access_token).payload.username) ?? 'username';\n    await writeTokensToStorage({\n        username,\n        AccessToken: access_token,\n        IdToken: id_token,\n        RefreshToken: refreshToken,\n        TokenType: token_type,\n        ExpiresIn: expires_in,\n    }, tokenOrchestrator);\n    await oAuthStore.clearOAuthData();\n    return response;\n};\nconst writeTokensToStorage = async (payload, tokenOrchestrator) => {\n    if (!payload.AccessToken) {\n        return;\n    }\n    const accessToken = decodeJWT(payload.AccessToken);\n    const accessTokenIssuedAtInMillis = (accessToken.payload.iat || 0) * 1000;\n    const currentTime = new Date().getTime();\n    const clockDrift = accessTokenIssuedAtInMillis > 0\n        ? accessTokenIssuedAtInMillis - currentTime\n        : 0;\n    let idToken;\n    let refreshToken;\n    let deviceMetadata;\n    if (payload.RefreshToken) {\n        refreshToken = payload.RefreshToken;\n    }\n    if (payload.IdToken) {\n        idToken = decodeJWT(payload.IdToken);\n    }\n    if (payload?.NewDeviceMetadata) {\n        deviceMetadata = payload.NewDeviceMetadata;\n    }\n    const tokens = {\n        accessToken,\n        idToken,\n        refreshToken,\n        clockDrift,\n        deviceMetadata,\n        username: payload.username,\n    };\n    if (payload?.signInDetails) {\n        tokens.signInDetails = payload.signInDetails;\n    }\n    await tokenOrchestrator.setTokens({ tokens });\n};\n"],"names":[],"mappings":";;;;;;;AAMY,MAAC,iBAAiB,GAAG,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,WAAW,EAAE,oBAAoB,GAAG,KAAK;AAC/I,IAAI,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;AAC7C,IAAI,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAC1C,IAAI,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC5C,IAAI,MAAM,kBAAkB,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;AAC5E,IAAI,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;AACrF,IAAI,MAAM,eAAe,GAAG,6CAA6C,CAAC,+CAA+C,CAAC;AAC1H,QAAQ,OAAO;AACf,QAAQ,QAAQ;AAChB,KAAK,CAAC,EAAE,oBAAoB,CAAC,CAAC;AAC9B,IAAI,MAAM,UAAU,GAAG,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC;AAC9D,IAAI,UAAU,CAAC,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACpD,IAAI,MAAM,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAC3C,IAAI,MAAM,cAAc,GAAG,IAAI,iBAAiB,EAAE,CAAC;AACnD,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;AACrE,IAAI,cAAc,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;AACvD,IAAI,MAAM,iBAAiB,GAAG,IAAI,iBAAiB,EAAE,CAAC;AACtD,IAAI,iBAAiB,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;AACxE,IAAI,iBAAiB,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;AACxD,IAAI,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,QAAQ,EAAE,CAAC;AACrD,IAAI,MAAM,cAAc,GAAG;AAC3B,QAAQ,UAAU,EAAE,oBAAoB;AACxC,QAAQ,IAAI;AACZ,QAAQ,SAAS,EAAE,qBAAqB,CAAC,gBAAgB;AACzD;AACA,QAAQ,YAAY,EAAE,cAAc,CAAC,MAAM,EAAE,WAAW,CAAC;AACzD,QAAQ,IAAI,YAAY,GAAG,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,EAAE;AAC/D,KAAK,CAAC;AACN,IAAI,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;AAC/C,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,SAAS,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,IAAI,MAAM,qBAAqB,GAAG,MAAM,KAAK,CAAC,kBAAkB,EAAE;AAClE,QAAQ,MAAM,EAAE,MAAM;AACtB,QAAQ,OAAO,EAAE;AACjB,YAAY,cAAc,EAAE,mCAAmC;AAC/D,SAAS;AACT,QAAQ,IAAI;AACZ,KAAK,CAAC,CAAC;AACP,IAAI,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,GAAG,GAAG,MAAM,qBAAqB,CAAC,IAAI,EAAE,CAAC;AACpK,IAAI,IAAI,KAAK,EAAE;AACf,QAAQ,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,CAAC;AAC/C,KAAK;AACL,IAAI,MAAM,QAAQ,GAAG,CAAC,YAAY,IAAI,SAAS,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC;AAC9F,IAAI,MAAM,oBAAoB,CAAC;AAC/B,QAAQ,QAAQ;AAChB,QAAQ,WAAW,EAAE,YAAY;AACjC,QAAQ,OAAO,EAAE,QAAQ;AACzB,QAAQ,YAAY,EAAE,YAAY;AAClC,QAAQ,SAAS,EAAE,UAAU;AAC7B,QAAQ,SAAS,EAAE,UAAU;AAC7B,KAAK,EAAE,iBAAiB,CAAC,CAAC;AAC1B,IAAI,MAAM,UAAU,CAAC,cAAc,EAAE,CAAC;AACtC,IAAI,OAAO,QAAQ,CAAC;AACpB,EAAE;AACF,MAAM,oBAAoB,GAAG,OAAO,OAAO,EAAE,iBAAiB,KAAK;AACnE,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;AAC9B,QAAQ,OAAO;AACf,KAAK;AACL,IAAI,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AACvD,IAAI,MAAM,2BAA2B,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC;AAC9E,IAAI,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;AAC7C,IAAI,MAAM,UAAU,GAAG,2BAA2B,GAAG,CAAC;AACtD,UAAU,2BAA2B,GAAG,WAAW;AACnD,UAAU,CAAC,CAAC;AACZ,IAAI,IAAI,OAAO,CAAC;AAChB,IAAI,IAAI,YAAY,CAAC;AACrB,IAAI,IAAI,cAAc,CAAC;AACvB,IAAI,IAAI,OAAO,CAAC,YAAY,EAAE;AAC9B,QAAQ,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;AAC5C,KAAK;AACL,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE;AACzB,QAAQ,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AAC7C,KAAK;AACL,IAAI,IAAI,OAAO,EAAE,iBAAiB,EAAE;AACpC,QAAQ,cAAc,GAAG,OAAO,CAAC,iBAAiB,CAAC;AACnD,KAAK;AACL,IAAI,MAAM,MAAM,GAAG;AACnB,QAAQ,WAAW;AACnB,QAAQ,OAAO;AACf,QAAQ,YAAY;AACpB,QAAQ,UAAU;AAClB,QAAQ,cAAc;AACtB,QAAQ,QAAQ,EAAE,OAAO,CAAC,QAAQ;AAClC,KAAK,CAAC;AACN,IAAI,IAAI,OAAO,EAAE,aAAa,EAAE;AAChC,QAAQ,MAAM,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;AACrD,KAAK;AACL,IAAI,MAAM,iBAAiB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;AAClD,CAAC;;;;"}

package/dist/esm/oauth/utils/getRedirectUrl.d.ts

@@ -0,0 +1,2 @@
+import { OAuthConfig } from '@aws-amplify/core';
+export declare const getRedirectUrl: (origin: string, oAuthConfig: OAuthConfig) => string;

package/dist/esm/oauth/utils/getRedirectUrl.mjs

@@ -0,0 +1,18 @@
+import { AuthError } from '@aws-amplify/auth';
+
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+const getRedirectUrl = (origin, oAuthConfig) => {
+    const redirectUrl = oAuthConfig.redirectSignIn.find(url => url.startsWith(origin));
+    if (!redirectUrl) {
+        throw new AuthError({
+            name: 'InvalidRedirectException',
+            message: 'signInRedirect or signOutRedirect had an invalid format or was not found.',
+            recoverySuggestion: 'Please make sure the signIn/Out redirect in your oauth config is valid.',
+        });
+    }
+    return redirectUrl;
+};
+
+export { getRedirectUrl };
+//# sourceMappingURL=getRedirectUrl.mjs.map

package/dist/esm/oauth/utils/getRedirectUrl.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"getRedirectUrl.mjs","sources":["../../../../src/oauth/utils/getRedirectUrl.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { AuthError } from '@aws-amplify/auth';\nexport const getRedirectUrl = (origin, oAuthConfig) => {\n    const redirectUrl = oAuthConfig.redirectSignIn.find(url => url.startsWith(origin));\n    if (!redirectUrl) {\n        throw new AuthError({\n            name: 'InvalidRedirectException',\n            message: 'signInRedirect or signOutRedirect had an invalid format or was not found.',\n            recoverySuggestion: 'Please make sure the signIn/Out redirect in your oauth config is valid.',\n        });\n    }\n    return redirectUrl;\n};\n"],"names":[],"mappings":";;AAAA;AACA;AAEY,MAAC,cAAc,GAAG,CAAC,MAAM,EAAE,WAAW,KAAK;AACvD,IAAI,MAAM,WAAW,GAAG,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACvF,IAAI,IAAI,CAAC,WAAW,EAAE;AACtB,QAAQ,MAAM,IAAI,SAAS,CAAC;AAC5B,YAAY,IAAI,EAAE,0BAA0B;AAC5C,YAAY,OAAO,EAAE,2EAA2E;AAChG,YAAY,kBAAkB,EAAE,yEAAyE;AACzG,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,OAAO,WAAW,CAAC;AACvB;;;;"}

package/dist/esm/oauth/utils/initOAuthFlow.d.ts

@@ -0,0 +1,11 @@
+import { NextRequest } from 'next/server.js';
+import { CognitoUserPoolConfig, OAuthConfig } from '@aws-amplify/core';
+import { NextServer } from '../../types';
+export declare const initOAuthFlow: ({ request, customState, cognitoUserPoolConfig, oAuthConfig, setAuthCookieOptions, }: {
+    origin: string;
+    request: NextRequest;
+    customState: string | undefined;
+    cognitoUserPoolConfig: CognitoUserPoolConfig;
+    oAuthConfig: OAuthConfig;
+    setAuthCookieOptions?: Partial<Pick<import("cookie").CookieSerializeOptions, "domain" | "expires" | "httpOnly" | "maxAge" | "sameSite" | "secure">> | undefined;
+}) => Promise<Response>;

package/dist/esm/oauth/utils/initOAuthFlow.mjs

@@ -0,0 +1,68 @@
+import { generateState, generateCodeVerifier, createKeyValueStorageFromCookieStorageAdapter, cognitoHostedUIIdentityProviderMap } from 'aws-amplify/adapter-core';
+import { NextResponse } from 'next/server.js';
+import { urlSafeEncode } from '@aws-amplify/core/internals/utils';
+import { DefaultOAuthStore } from '@aws-amplify/auth/cognito';
+import { createCookieStorageAdapterFromNextServerContext } from '../../utils/createCookieStorageAdapterFromNextServerContext.mjs';
+import { getRedirectUrl } from './getRedirectUrl.mjs';
+
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+const initOAuthFlow = async ({ request, customState, cognitoUserPoolConfig, oAuthConfig, setAuthCookieOptions, }) => {
+    const { searchParams } = request.nextUrl;
+    const specifiedProvider = searchParams.get('provider');
+    const provider = getProvider(specifiedProvider);
+    const randomState = generateState();
+    const state = customState
+        ? `${randomState}-${urlSafeEncode(customState)}`
+        : randomState;
+    const scope = oAuthConfig.scopes.join(' ');
+    const redirectUrlSearchParams = new URLSearchParams({
+        redirect_uri: getRedirectUrl(origin, oAuthConfig),
+        response_type: oAuthConfig.responseType,
+        client_id: cognitoUserPoolConfig.userPoolClientId,
+        identity_provider: provider,
+        scope,
+        state,
+    });
+    let peckKey;
+    if (oAuthConfig.responseType === 'code') {
+        const { value, method, toCodeChallenge } = generateCodeVerifier(128);
+        peckKey = value;
+        redirectUrlSearchParams.append('code_challenge', toCodeChallenge());
+        redirectUrlSearchParams.append('code_challenge_method', method);
+    }
+    const redirectUrl = new URL(`https://${oAuthConfig.domain}/oauth2/authorize?${redirectUrlSearchParams.toString()}`);
+    const response = NextResponse.redirect(redirectUrl);
+    const keyValueStorage = createKeyValueStorageFromCookieStorageAdapter(createCookieStorageAdapterFromNextServerContext({
+        request,
+        response,
+    }), setAuthCookieOptions);
+    const oauthStore = new DefaultOAuthStore(keyValueStorage);
+    oauthStore.setAuthConfig(cognitoUserPoolConfig);
+    oauthStore.storeOAuthState(state);
+    peckKey && oauthStore.storePKCE(peckKey);
+    return response;
+};
+const getProvider = (provider) => {
+    if (typeof provider === 'string') {
+        return resolveProvider(provider);
+    }
+    return 'COGNITO';
+};
+const resolveProvider = (provider) => {
+    try {
+        assertAuthProvider(provider);
+        return cognitoHostedUIIdentityProviderMap[provider];
+    }
+    catch (_) {
+        return provider;
+    }
+};
+function assertAuthProvider(provider) {
+    if (!['Amazon', 'Apple', 'Facebook', 'Google'].includes(provider)) {
+        throw new Error('No valid provider specified.');
+    }
+}
+
+export { initOAuthFlow };
+//# sourceMappingURL=initOAuthFlow.mjs.map