@fnd-platform/cognito-auth 1.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +323 -0
  3. package/lib/authorizer/handler.d.ts +33 -0
  4. package/lib/authorizer/handler.d.ts.map +1 -0
  5. package/lib/authorizer/handler.js +106 -0
  6. package/lib/authorizer/handler.js.map +1 -0
  7. package/lib/authorizer/index.d.ts +7 -0
  8. package/lib/authorizer/index.d.ts.map +1 -0
  9. package/lib/authorizer/index.js +16 -0
  10. package/lib/authorizer/index.js.map +1 -0
  11. package/lib/client/auth-client.d.ts +131 -0
  12. package/lib/client/auth-client.d.ts.map +1 -0
  13. package/lib/client/auth-client.js +270 -0
  14. package/lib/client/auth-client.js.map +1 -0
  15. package/lib/client/errors.d.ts +67 -0
  16. package/lib/client/errors.d.ts.map +1 -0
  17. package/lib/client/errors.js +90 -0
  18. package/lib/client/errors.js.map +1 -0
  19. package/lib/client/index.d.ts +8 -0
  20. package/lib/client/index.d.ts.map +1 -0
  21. package/lib/client/index.js +29 -0
  22. package/lib/client/index.js.map +1 -0
  23. package/lib/cognito-construct.d.ts +113 -0
  24. package/lib/cognito-construct.d.ts.map +1 -0
  25. package/lib/cognito-construct.js +211 -0
  26. package/lib/cognito-construct.js.map +1 -0
  27. package/lib/index.d.ts +30 -0
  28. package/lib/index.d.ts.map +1 -0
  29. package/lib/index.js +59 -0
  30. package/lib/index.js.map +1 -0
  31. package/lib/jwt.d.ts +89 -0
  32. package/lib/jwt.d.ts.map +1 -0
  33. package/lib/jwt.js +117 -0
  34. package/lib/jwt.js.map +1 -0
  35. package/lib/middleware/auth.d.ts +59 -0
  36. package/lib/middleware/auth.d.ts.map +1 -0
  37. package/lib/middleware/auth.js +148 -0
  38. package/lib/middleware/auth.js.map +1 -0
  39. package/lib/middleware/index.d.ts +12 -0
  40. package/lib/middleware/index.d.ts.map +1 -0
  41. package/lib/middleware/index.js +16 -0
  42. package/lib/middleware/index.js.map +1 -0
  43. package/lib/remix/admin.server.d.ts +105 -0
  44. package/lib/remix/admin.server.d.ts.map +1 -0
  45. package/lib/remix/admin.server.js +146 -0
  46. package/lib/remix/admin.server.js.map +1 -0
  47. package/lib/remix/index.d.ts +17 -0
  48. package/lib/remix/index.d.ts.map +1 -0
  49. package/lib/remix/index.js +95 -0
  50. package/lib/remix/index.js.map +1 -0
  51. package/lib/remix/session.server.d.ts +177 -0
  52. package/lib/remix/session.server.d.ts.map +1 -0
  53. package/lib/remix/session.server.js +287 -0
  54. package/lib/remix/session.server.js.map +1 -0
  55. package/lib/types.d.ts +161 -0
  56. package/lib/types.d.ts.map +1 -0
  57. package/lib/types.js +8 -0
  58. package/lib/types.js.map +1 -0
  59. package/lib/utils/index.d.ts +12 -0
  60. package/lib/utils/index.d.ts.map +1 -0
  61. package/lib/utils/index.js +22 -0
  62. package/lib/utils/index.js.map +1 -0
  63. package/lib/utils/token-refresh.d.ts +62 -0
  64. package/lib/utils/token-refresh.d.ts.map +1 -0
  65. package/lib/utils/token-refresh.js +84 -0
  66. package/lib/utils/token-refresh.js.map +1 -0
  67. package/package.json +70 -0
package/lib/utils/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,uDAK4B;AAJ1B,sHAAA,kBAAkB,OAAA;AAClB,oHAAA,gBAAgB,OAAA"}
package/lib/utils/token-refresh.d.ts ADDED
@@ -0,0 +1,62 @@
1
+ /**
2
+ * Token refresh utilities for server-side token management.
3
+ *
4
+ * @packageDocumentation
5
+ */
6
+ /**
7
+ * Configuration for token refresh.
8
+ */
9
+ export interface TokenRefreshConfig {
10
+ /** Cognito User Pool Client ID */
11
+ clientId: string;
12
+ /** AWS region (defaults to AWS_REGION env var) */
13
+ region?: string;
14
+ }
15
+ /**
16
+ * Result of token refresh.
17
+ */
18
+ export interface RefreshResult {
19
+ /** New access token */
20
+ accessToken: string;
21
+ /** New ID token */
22
+ idToken: string;
23
+ /** Access token expiration in seconds */
24
+ expiresIn: number;
25
+ }
26
+ /**
27
+ * Refreshes access and ID tokens using a refresh token.
28
+ *
29
+ * This is useful for server-side scenarios where you need to
30
+ * refresh tokens programmatically (e.g., long-running jobs).
31
+ *
32
+ * For client-side refresh, use AWS Amplify or similar libraries.
33
+ *
34
+ * @param refreshToken - The refresh token from initial auth
35
+ * @param config - Refresh configuration
36
+ * @returns New access and ID tokens
37
+ * @throws Error if refresh fails
38
+ *
39
+ * @example
40
+ * ```typescript
41
+ * const result = await refreshAccessToken(storedRefreshToken, {
42
+ * clientId: process.env.COGNITO_CLIENT_ID!,
43
+ * });
44
+ * console.log(result.accessToken);
45
+ * ```
46
+ */
47
+ export declare function refreshAccessToken(
48
+ refreshToken: string,
49
+ config: TokenRefreshConfig
50
+ ): Promise<RefreshResult>;
51
+ /**
52
+ * Clears the Cognito client cache. Useful for testing.
53
+ *
54
+ * @example
55
+ * ```typescript
56
+ * beforeEach(() => {
57
+ * clearClientCache();
58
+ * });
59
+ * ```
60
+ */
61
+ export declare function clearClientCache(): void;
62
+ //# sourceMappingURL=token-refresh.d.ts.map
package/lib/utils/token-refresh.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-refresh.d.ts","sourceRoot":"","sources":["../../src/utils/token-refresh.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;CACnB;AAoBD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,kBAAkB,CACtC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,aAAa,CAAC,CA4BxB;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC"}
package/lib/utils/token-refresh.js ADDED
@@ -0,0 +1,84 @@
1
+ 'use strict';
2
+ /**
3
+ * Token refresh utilities for server-side token management.
4
+ *
5
+ * @packageDocumentation
6
+ */
7
+ Object.defineProperty(exports, '__esModule', { value: true });
8
+ exports.refreshAccessToken = refreshAccessToken;
9
+ exports.clearClientCache = clearClientCache;
10
+ const client_cognito_identity_provider_1 = require('@aws-sdk/client-cognito-identity-provider');
11
+ /** Client cache for reuse */
12
+ let cognitoClient = null;
13
+ /**
14
+ * Gets or creates a Cognito client.
15
+ *
16
+ * @param region - AWS region
17
+ * @returns Cognito Identity Provider client
18
+ */
19
+ function getClient(region) {
20
+ if (!cognitoClient) {
21
+ cognitoClient = new client_cognito_identity_provider_1.CognitoIdentityProviderClient({
22
+ region: region ?? process.env.AWS_REGION,
23
+ });
24
+ }
25
+ return cognitoClient;
26
+ }
27
+ /**
28
+ * Refreshes access and ID tokens using a refresh token.
29
+ *
30
+ * This is useful for server-side scenarios where you need to
31
+ * refresh tokens programmatically (e.g., long-running jobs).
32
+ *
33
+ * For client-side refresh, use AWS Amplify or similar libraries.
34
+ *
35
+ * @param refreshToken - The refresh token from initial auth
36
+ * @param config - Refresh configuration
37
+ * @returns New access and ID tokens
38
+ * @throws Error if refresh fails
39
+ *
40
+ * @example
41
+ * ```typescript
42
+ * const result = await refreshAccessToken(storedRefreshToken, {
43
+ * clientId: process.env.COGNITO_CLIENT_ID!,
44
+ * });
45
+ * console.log(result.accessToken);
46
+ * ```
47
+ */
48
+ async function refreshAccessToken(refreshToken, config) {
49
+ const client = getClient(config.region);
50
+ const command = new client_cognito_identity_provider_1.InitiateAuthCommand({
51
+ AuthFlow: client_cognito_identity_provider_1.AuthFlowType.REFRESH_TOKEN_AUTH,
52
+ ClientId: config.clientId,
53
+ AuthParameters: {
54
+ REFRESH_TOKEN: refreshToken,
55
+ },
56
+ });
57
+ const response = await client.send(command);
58
+ if (!response.AuthenticationResult) {
59
+ throw new Error('Token refresh failed: No authentication result');
60
+ }
61
+ const { AccessToken, IdToken, ExpiresIn } = response.AuthenticationResult;
62
+ if (!AccessToken || !IdToken) {
63
+ throw new Error('Token refresh failed: Missing tokens in response');
64
+ }
65
+ return {
66
+ accessToken: AccessToken,
67
+ idToken: IdToken,
68
+ expiresIn: ExpiresIn ?? 3600,
69
+ };
70
+ }
71
+ /**
72
+ * Clears the Cognito client cache. Useful for testing.
73
+ *
74
+ * @example
75
+ * ```typescript
76
+ * beforeEach(() => {
77
+ * clearClientCache();
78
+ * });
79
+ * ```
80
+ */
81
+ function clearClientCache() {
82
+ cognitoClient = null;
83
+ }
84
+ //# sourceMappingURL=token-refresh.js.map
package/lib/utils/token-refresh.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-refresh.js","sourceRoot":"","sources":["../../src/utils/token-refresh.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAqEH,gDA+BC;AAYD,4CAEC;AAhHD,gGAImD;AAwBnD,6BAA6B;AAC7B,IAAI,aAAa,GAAyC,IAAI,CAAC;AAE/D;;;;;GAKG;AACH,SAAS,SAAS,CAAC,MAAe;IAChC,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,aAAa,GAAG,IAAI,gEAA6B,CAAC;YAChD,MAAM,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU;SACzC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,kBAAkB,CACtC,YAAoB,EACpB,MAA0B;IAE1B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAExC,MAAM,OAAO,GAAG,IAAI,sDAAmB,CAAC;QACtC,QAAQ,EAAE,+CAAY,CAAC,kBAAkB;QACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,cAAc,EAAE;YACd,aAAa,EAAE,YAAY;SAC5B;KACF,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC,oBAAoB,CAAC;IAE1E,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO;QACL,WAAW,EAAE,WAAW;QACxB,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,SAAS,IAAI,IAAI;KAC7B,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,gBAAgB;IAC9B,aAAa,GAAG,IAAI,CAAC;AACvB,CAAC"}
package/package.json ADDED
@@ -0,0 +1,70 @@
1
+ {
2
+ "name": "@fnd-platform/cognito-auth",
3
+ "version": "1.0.0-alpha.1",
4
+ "description": "AWS Cognito authentication constructs and middleware for fnd-platform applications",
5
+ "main": "lib/index.js",
6
+ "types": "lib/index.d.ts",
7
+ "files": [
8
+ "lib/"
9
+ ],
10
+ "dependencies": {
11
+ "aws-jwt-verify": "^4.0.0"
12
+ },
13
+ "peerDependencies": {
14
+ "aws-cdk-lib": "^2.130.0",
15
+ "constructs": "^10.3.0",
16
+ "@aws-sdk/client-cognito-identity-provider": "^3.0.0",
17
+ "@remix-run/node": "^2.0.0"
18
+ },
19
+ "peerDependenciesMeta": {
20
+ "@aws-sdk/client-cognito-identity-provider": {
21
+ "optional": true
22
+ },
23
+ "@remix-run/node": {
24
+ "optional": true
25
+ }
26
+ },
27
+ "devDependencies": {
28
+ "@aws-sdk/client-cognito-identity-provider": "^3.500.0",
29
+ "@remix-run/node": "^2.15.0",
30
+ "@types/aws-lambda": "^8.10.145",
31
+ "@types/node": "^20.0.0",
32
+ "@typescript-eslint/eslint-plugin": "^7.18.0",
33
+ "@typescript-eslint/parser": "^7.18.0",
34
+ "@vitest/coverage-v8": "^1.6.0",
35
+ "aws-cdk-lib": "^2.130.0",
36
+ "constructs": "^10.3.0",
37
+ "eslint": "^8.57.0",
38
+ "typescript": "^5.6.3",
39
+ "vitest": "^1.6.0"
40
+ },
41
+ "keywords": [
42
+ "cdk",
43
+ "aws",
44
+ "cognito",
45
+ "authentication",
46
+ "user-pool",
47
+ "constructs",
48
+ "middleware",
49
+ "jwt",
50
+ "authorizer",
51
+ "remix",
52
+ "session"
53
+ ],
54
+ "license": "MIT",
55
+ "publishConfig": {
56
+ "access": "public"
57
+ },
58
+ "repository": {
59
+ "type": "git",
60
+ "url": "https://github.com/your-org/fnd-platform",
61
+ "directory": "packages/cognito-auth"
62
+ },
63
+ "scripts": {
64
+ "build": "tsc",
65
+ "test": "vitest run",
66
+ "test:watch": "vitest",
67
+ "test:coverage": "vitest run --coverage",
68
+ "lint": "eslint src/ test/"
69
+ }
70
+ }