@aws-sdk/credential-provider-login 3.972.52 → 3.972.53

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist-cjs/index.js +31 -33
  2. package/package.json +7 -7
package/dist-cjs/index.js CHANGED
@@ -1,12 +1,10 @@
1
- 'use strict';
2
-
3
- var client = require('@aws-sdk/core/client');
4
- var config = require('@smithy/core/config');
5
- var protocols = require('@smithy/core/protocols');
6
- var node_crypto = require('node:crypto');
7
- var node_fs = require('node:fs');
8
- var node_os = require('node:os');
9
- var node_path = require('node:path');
1
+ const { setCredentialFeature } = require("@aws-sdk/core/client");
2
+ const { CredentialsProviderError, readFile, parseKnownFiles, getProfileName } = require("@smithy/core/config");
3
+ const { HttpRequest } = require("@smithy/core/protocols");
4
+ const { createHash, createPrivateKey, createPublicKey, sign } = require("node:crypto");
5
+ const { promises } = require("node:fs");
6
+ const { homedir } = require("node:os");
7
+ const { dirname, join } = require("node:path");
10
8
 
11
9
  class LoginCredentialsFetcher {
12
10
  profileData;
@@ -21,7 +19,7 @@ class LoginCredentialsFetcher {
21
19
  async loadCredentials() {
22
20
  const token = await this.loadToken();
23
21
  if (!token) {
24
- throw new config.CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, { tryNextLink: false, logger: this.logger });
22
+ throw new CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, { tryNextLink: false, logger: this.logger });
25
23
  }
26
24
  const accessToken = token.accessToken;
27
25
  const now = Date.now();
@@ -45,7 +43,7 @@ class LoginCredentialsFetcher {
45
43
  return this.profileData.login_session;
46
44
  }
47
45
  async refresh(token) {
48
- const { SigninClient, CreateOAuth2TokenCommand } = await import('@aws-sdk/nested-clients/signin');
46
+ const { SigninClient, CreateOAuth2TokenCommand } = require('@aws-sdk/nested-clients/signin');
49
47
  const { logger, userAgentAppId } = this.callerClientConfig ?? {};
50
48
  const isH2 = (requestHandler) => {
51
49
  return requestHandler?.metadata?.handlerProtocol === "h2";
@@ -78,7 +76,7 @@ class LoginCredentialsFetcher {
78
76
  const { accessKeyId, secretAccessKey, sessionToken } = response.tokenOutput?.accessToken ?? {};
79
77
  const { refreshToken, expiresIn } = response.tokenOutput ?? {};
80
78
  if (!accessKeyId || !secretAccessKey || !sessionToken || !refreshToken) {
81
- throw new config.CredentialsProviderError("Token refresh response missing required fields", {
79
+ throw new CredentialsProviderError("Token refresh response missing required fields", {
82
80
  logger: this.logger,
83
81
  tryNextLink: false,
84
82
  });
@@ -125,9 +123,9 @@ class LoginCredentialsFetcher {
125
123
  default:
126
124
  message = `Failed to refresh token: ${String(error)}. Please re-authenticate using \`aws login\``;
127
125
  }
128
- throw new config.CredentialsProviderError(message, { logger: this.logger, tryNextLink: false });
126
+ throw new CredentialsProviderError(message, { logger: this.logger, tryNextLink: false });
129
127
  }
130
- throw new config.CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });
128
+ throw new CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });
131
129
  }
132
130
  }
133
131
  async loadToken() {
@@ -135,10 +133,10 @@ class LoginCredentialsFetcher {
135
133
  try {
136
134
  let tokenData;
137
135
  try {
138
- tokenData = await config.readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });
136
+ tokenData = await readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });
139
137
  }
140
138
  catch {
141
- tokenData = await node_fs.promises.readFile(tokenFilePath, "utf8");
139
+ tokenData = await promises.readFile(tokenFilePath, "utf8");
142
140
  }
143
141
  const token = JSON.parse(tokenData);
144
142
  const missingFields = ["accessToken", "clientId", "refreshToken", "dpopKey"].filter((k) => !token[k]);
@@ -146,7 +144,7 @@ class LoginCredentialsFetcher {
146
144
  missingFields.push("accountId");
147
145
  }
148
146
  if (missingFields.length > 0) {
149
- throw new config.CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(", ")}`, {
147
+ throw new CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(", ")}`, {
150
148
  logger: this.logger,
151
149
  tryNextLink: false,
152
150
  });
@@ -154,7 +152,7 @@ class LoginCredentialsFetcher {
154
152
  return token;
155
153
  }
156
154
  catch (error) {
157
- throw new config.CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {
155
+ throw new CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {
158
156
  logger: this.logger,
159
157
  tryNextLink: false,
160
158
  });
@@ -162,19 +160,19 @@ class LoginCredentialsFetcher {
162
160
  }
163
161
  async saveToken(token) {
164
162
  const tokenFilePath = this.getTokenFilePath();
165
- const directory = node_path.dirname(tokenFilePath);
163
+ const directory = dirname(tokenFilePath);
166
164
  try {
167
- await node_fs.promises.mkdir(directory, { recursive: true });
165
+ await promises.mkdir(directory, { recursive: true });
168
166
  }
169
167
  catch (error) {
170
168
  }
171
- await node_fs.promises.writeFile(tokenFilePath, JSON.stringify(token, null, 2), "utf8");
169
+ await promises.writeFile(tokenFilePath, JSON.stringify(token, null, 2), "utf8");
172
170
  }
173
171
  getTokenFilePath() {
174
- const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? node_path.join(node_os.homedir(), ".aws", "login", "cache");
172
+ const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? join(homedir(), ".aws", "login", "cache");
175
173
  const loginSessionBytes = Buffer.from(this.loginSession, "utf8");
176
- const loginSessionSha256 = node_crypto.createHash("sha256").update(loginSessionBytes).digest("hex");
177
- return node_path.join(directory, `${loginSessionSha256}.json`);
174
+ const loginSessionSha256 = createHash("sha256").update(loginSessionBytes).digest("hex");
175
+ return join(directory, `${loginSessionSha256}.json`);
178
176
  }
179
177
  derToRawSignature(derSignature) {
180
178
  let offset = 2;
@@ -199,7 +197,7 @@ class LoginCredentialsFetcher {
199
197
  }
200
198
  createDPoPInterceptor(middlewareStack) {
201
199
  middlewareStack.add((next) => async (args) => {
202
- if (protocols.HttpRequest.isInstance(args.request)) {
200
+ if (HttpRequest.isInstance(args.request)) {
203
201
  const request = args.request;
204
202
  const actualEndpoint = `${request.protocol}//${request.hostname}${request.port ? `:${request.port}` : ""}${request.path}`;
205
203
  const dpop = await this.generateDpop(request.method, actualEndpoint);
@@ -218,12 +216,12 @@ class LoginCredentialsFetcher {
218
216
  async generateDpop(method = "POST", endpoint) {
219
217
  const token = await this.loadToken();
220
218
  try {
221
- const privateKey = node_crypto.createPrivateKey({
219
+ const privateKey = createPrivateKey({
222
220
  key: token.dpopKey,
223
221
  format: "pem",
224
222
  type: "sec1",
225
223
  });
226
- const publicKey = node_crypto.createPublicKey(privateKey);
224
+ const publicKey = createPublicKey(privateKey);
227
225
  const publicDer = publicKey.export({ format: "der", type: "spki" });
228
226
  let pointStart = -1;
229
227
  for (let i = 0; i < publicDer.length; i++) {
@@ -253,33 +251,33 @@ class LoginCredentialsFetcher {
253
251
  const headerB64 = Buffer.from(JSON.stringify(header)).toString("base64url");
254
252
  const payloadB64 = Buffer.from(JSON.stringify(payload)).toString("base64url");
255
253
  const message = `${headerB64}.${payloadB64}`;
256
- const asn1Signature = node_crypto.sign("sha256", Buffer.from(message), privateKey);
254
+ const asn1Signature = sign("sha256", Buffer.from(message), privateKey);
257
255
  const rawSignature = this.derToRawSignature(asn1Signature);
258
256
  const signatureB64 = rawSignature.toString("base64url");
259
257
  return `${message}.${signatureB64}`;
260
258
  }
261
259
  catch (error) {
262
- throw new config.CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, { logger: this.logger, tryNextLink: false });
260
+ throw new CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, { logger: this.logger, tryNextLink: false });
263
261
  }
264
262
  }
265
263
  }
266
264
 
267
265
  const fromLoginCredentials = (init) => async ({ callerClientConfig } = {}) => {
268
266
  init?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");
269
- const profiles = await config.parseKnownFiles(init || {});
270
- const profileName = config.getProfileName({
267
+ const profiles = await parseKnownFiles(init || {});
268
+ const profileName = getProfileName({
271
269
  profile: init?.profile ?? callerClientConfig?.profile,
272
270
  });
273
271
  const profile = profiles[profileName];
274
272
  if (!profile?.login_session) {
275
- throw new config.CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {
273
+ throw new CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {
276
274
  tryNextLink: true,
277
275
  logger: init?.logger,
278
276
  });
279
277
  }
280
278
  const fetcher = new LoginCredentialsFetcher(profile, init, callerClientConfig);
281
279
  const credentials = await fetcher.loadCredentials();
282
- return client.setCredentialFeature(credentials, "CREDENTIALS_LOGIN", "AD");
280
+ return setCredentialFeature(credentials, "CREDENTIALS_LOGIN", "AD");
283
281
  };
284
282
 
285
283
  exports.fromLoginCredentials = fromLoginCredentials;
package/package.json CHANGED
@@ -1,17 +1,17 @@
1
1
  {
2
2
  "name": "@aws-sdk/credential-provider-login",
3
- "version": "3.972.52",
3
+ "version": "3.972.53",
4
4
  "description": "AWS credential provider that sources credentials from aws login cached tokens",
5
5
  "main": "./dist-cjs/index.js",
6
6
  "module": "./dist-es/index.js",
7
7
  "scripts": {
8
8
  "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
9
9
  "build:cjs": "node ../../scripts/compilation/inline",
10
- "build:es": "tsc -p tsconfig.es.json",
10
+ "build:es": "premove dist-es && tsc -p tsconfig.es.json",
11
11
  "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
12
- "build:types": "tsc -p tsconfig.types.json",
12
+ "build:types": "premove dist-types && tsc -p tsconfig.types.json",
13
13
  "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
14
- "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
14
+ "clean": "premove dist-cjs dist-es dist-types",
15
15
  "test": "yarn g:vitest run",
16
16
  "test:watch": "yarn g:vitest watch"
17
17
  },
@@ -28,9 +28,9 @@
28
28
  },
29
29
  "license": "Apache-2.0",
30
30
  "dependencies": {
31
- "@aws-sdk/core": "^3.974.20",
32
- "@aws-sdk/nested-clients": "^3.997.20",
33
- "@aws-sdk/types": "^3.973.12",
31
+ "@aws-sdk/core": "^3.974.21",
32
+ "@aws-sdk/nested-clients": "^3.997.21",
33
+ "@aws-sdk/types": "^3.973.13",
34
34
  "@smithy/core": "^3.24.6",
35
35
  "@smithy/types": "^4.14.3",
36
36
  "tslib": "^2.6.2"