@indigoai-us/hq-cloud 5.8.2 → 5.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/share.js +16 -1
- package/dist/cli/share.js.map +1 -1
- package/dist/cognito-auth.d.ts +14 -0
- package/dist/cognito-auth.d.ts.map +1 -1
- package/dist/cognito-auth.js +43 -1
- package/dist/cognito-auth.js.map +1 -1
- package/dist/cognito-auth.test.js +83 -0
- package/dist/cognito-auth.test.js.map +1 -1
- package/package.json +1 -1
- package/src/cli/share.ts +16 -1
- package/src/cognito-auth.test.ts +99 -0
- package/src/cognito-auth.ts +43 -1
package/dist/cli/share.js
CHANGED
|
@@ -331,9 +331,24 @@ function walkDir(dir, syncRoot, filter) {
|
|
|
331
331
|
return results;
|
|
332
332
|
}
|
|
333
333
|
function isWithin(parent, child) {
|
|
334
|
-
|
|
334
|
+
// Canonicalize both ends so the comparison survives case-insensitive
|
|
335
|
+
// filesystems (macOS APFS, Windows NTFS): `path.relative('/Users/x/hq',
|
|
336
|
+
// '/Users/x/HQ/foo')` returns `'../HQ/foo'`, which would falsely report
|
|
337
|
+
// `child` as outside `parent`. `realpathSync.native` resolves to the
|
|
338
|
+
// on-disk canonical case so the relative path lands inside.
|
|
339
|
+
const parentCanon = realpathSafe(parent);
|
|
340
|
+
const childCanon = realpathSafe(child);
|
|
341
|
+
const rel = path.relative(parentCanon, childCanon);
|
|
335
342
|
return rel === "" || (!rel.startsWith("..") && !path.isAbsolute(rel));
|
|
336
343
|
}
|
|
344
|
+
function realpathSafe(p) {
|
|
345
|
+
try {
|
|
346
|
+
return fs.realpathSync.native(p);
|
|
347
|
+
}
|
|
348
|
+
catch {
|
|
349
|
+
return p;
|
|
350
|
+
}
|
|
351
|
+
}
|
|
337
352
|
/**
|
|
338
353
|
* Returns true when the remote object appears to have moved since the
|
|
339
354
|
* journal entry's last-recorded sync. Prefers ETag equality; falls back to
|
package/dist/cli/share.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"share.js","sourceRoot":"","sources":["../../src/cli/share.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAChG,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAwChD;;;;;;;;;GASG;AACH,SAAS,eAAe,CACtB,YAA8D,EAC9D,OAAoB,EACpB,aAAsB;IAEtB,MAAM,KAAK,GAAmB,EAAE,CAAC;IAEjC,KAAK,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,IAAI,YAAY,EAAE,CAAC;QAC1D,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEzC,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC7C,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;gBACrE,SAAS;YACX,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC;YACT,MAAM,EAAE,QAAQ;YAChB,YAAY;YACZ,YAAY;YACZ,SAAS;YACT,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,aAAa,EAAE,CAAC;YAChB,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,WAAW,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AAC9D,CAAC;AAyED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,OAAqB;IAC/C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAC3G,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,IAAI,oBAAoB,CAAC;IAErD,0EAA0E;IAC1E,4EAA4E;IAC5E,+CAA+C;IAC/C,IAAI,WAAW,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,8EAA8E;YAC9E,+FAA+F,CAChG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,mEAAmE;YACnE,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,0EAA0E;IAC1E,kEAAkE;IAClE,MAAM,UAAU,GACd,OAAO,IAAI,aAAa,EAAE,IAAI,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACjE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,oDAAoD;YACpD,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,8EAA8E;IAC9E,4CAA4C;IAC5C,wEAAwE;IACxE,mEAAmE;IACnE,wEAAwE;IACxE,4EAA4E;IAC5E,2CAA2C;IAC3C,IAAI,GAAG,GAAkB,aAAa;QACpC,CAAC,CAAC,aAAa;QACf,CAAC,CAAC,MAAM,oBAAoB,CAAC,UAAU,EAAE,WAAY,CAAC,CAAC;IACzD,kEAAkE;IAClE,wEAAwE;IACxE,8CAA8C;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEtC,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,6BAA6B;IAC7B,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAEvE,sEAAsE;IACtE,kEAAkE;IAClE,0EAA0E;IAC1E,sEAAsE;IACtE,2EAA2E;IAC3E,MAAM,IAAI,GAAG,eAAe,CAAC,YAAY,EAAE,OAAO,EAAE,aAAa,KAAK,IAAI,CAAC,CAAC;IAE5E,IAAI,CAAC;QACH,IAAI,EAAE,MAAM;QACZ,0EAA0E;QAC1E,eAAe,EAAE,CAAC;QAClB,eAAe,EAAE,CAAC;QAClB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,yEAAyE;QACzE,0EAA0E;QAC1E,eAAe,EAAE,CAAC;KACnB,CAAC,CAAC;IAEH,uEAAuE;IACvE,qEAAqE;IACrE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,IAAI,CAAC,YAAY;gBACvB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;YACH,YAAY,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;YACrC,YAAY,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QAEvD,sEAAsE;QACtE,mEAAmE;QACnE,oEAAoE;QACpE,wCAAwC;QACxC,IAAI,WAAW,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,GAAG,GAAG,MAAM,oBAAoB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC5D,CAAC;QAED,wEAAwE;QACxE,EAAE;QACF,yEAAyE;QACzE,yEAAyE;QACzE,sEAAsE;QACtE,yEAAyE;QACzE,sEAAsE;QACtE,qEAAqE;QACrE,0CAA0C;QAC1C,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC3D,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACjD,MAAM,YAAY,GAAG,CAAC,CAAC,YAAY,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,CAAC;YACvE,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,IAAI,gBAAgB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YAEnF,IAAI,YAAY,IAAI,aAAa,EAAE,CAAC;gBAClC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAEjC,MAAM,UAAU,GAAG,MAAM,eAAe,CACtC;oBACE,IAAI,EAAE,YAAY;oBAClB,SAAS;oBACT,cAAc,EAAE,UAAU,CAAC,YAAY;oBACvC,SAAS,EAAE,MAAM;iBAClB,EACD,UAAU,CACX,CAAC;gBAEF,IAAI,CAAC;oBACH,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,YAAY;oBAClB,SAAS,EAAE,MAAM;oBACjB,UAAU;iBACX,CAAC,CAAC;gBAEH,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;oBAC3B,OAAO;wBACL,aAAa;wBACb,aAAa;wBACb,YAAY;wBACZ,aAAa;wBACb,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACnD,YAAY,EAAE,CAAC;oBACf,SAAS;gBACX,CAAC;gBACD,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,SAAS;QACT,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEvC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;YAEnE,qEAAqE;YACrE,sEAAsE;YACtE,yDAAyD;YACzD,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACrE,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG;oBAC5B,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC;oBAC9B,OAAO;iBAC8C,CAAC;YAC1D,CAAC;YAED,aAAa,EAAE,CAAC;YAChB,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC;YAC3B,IAAI,CAAC;gBACH,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC1D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,mCAAmC;IACnC,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAEhC,OAAO;QACL,aAAa;QACb,aAAa;QACb,YAAY;QACZ,aAAa;QACb,OAAO,EAAE,KAAK;KACf,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,KAAwB;IACpD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC1B,IAAI,KAAK,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CACT,SAAS,KAAK,CAAC,aAAa,eAAe,KAAK,CAAC,aAAa,YAAY,KAAK,CAAC,WAAW,YAAY,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACrC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACrC,OAAO,CAAC,KAAK,CACX,iBAAiB,KAAK,CAAC,SAAS,MAAM,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,UAAU,EAAE,CACzE,CAAC;IACJ,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;IAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,WAAW,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,KAAe,EACf,MAAc,EACd,QAAgB,EAChB,MAA8B;IAE9B,MAAM,OAAO,GAAqD,EAAE,CAAC;IAErE,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAEtE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;YAC3D,SAAS;QACX,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,uCAAuC,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,OAAO,CACd,GAAW,EACX,QAAgB,EAChB,MAA8B;IAE9B,MAAM,OAAO,GAAqD,EAAE,CAAC;IACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IAExC,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAAE,SAAS;QAEpC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY;gBACZ,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,QAAQ,CAAC,MAAc,EAAE,KAAa;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"share.js","sourceRoot":"","sources":["../../src/cli/share.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAChG,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAwChD;;;;;;;;;GASG;AACH,SAAS,eAAe,CACtB,YAA8D,EAC9D,OAAoB,EACpB,aAAsB;IAEtB,MAAM,KAAK,GAAmB,EAAE,CAAC;IAEjC,KAAK,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,IAAI,YAAY,EAAE,CAAC;QAC1D,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEzC,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC7C,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;gBACrE,SAAS;YACX,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC;YACT,MAAM,EAAE,QAAQ;YAChB,YAAY;YACZ,YAAY;YACZ,SAAS;YACT,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,aAAa,EAAE,CAAC;YAChB,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,WAAW,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AAC9D,CAAC;AAyED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,OAAqB;IAC/C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAC3G,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,IAAI,oBAAoB,CAAC;IAErD,0EAA0E;IAC1E,4EAA4E;IAC5E,+CAA+C;IAC/C,IAAI,WAAW,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,8EAA8E;YAC9E,+FAA+F,CAChG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,mEAAmE;YACnE,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,0EAA0E;IAC1E,kEAAkE;IAClE,MAAM,UAAU,GACd,OAAO,IAAI,aAAa,EAAE,IAAI,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACjE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,oDAAoD;YACpD,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,8EAA8E;IAC9E,4CAA4C;IAC5C,wEAAwE;IACxE,mEAAmE;IACnE,wEAAwE;IACxE,4EAA4E;IAC5E,2CAA2C;IAC3C,IAAI,GAAG,GAAkB,aAAa;QACpC,CAAC,CAAC,aAAa;QACf,CAAC,CAAC,MAAM,oBAAoB,CAAC,UAAU,EAAE,WAAY,CAAC,CAAC;IACzD,kEAAkE;IAClE,wEAAwE;IACxE,8CAA8C;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEtC,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,6BAA6B;IAC7B,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAEvE,sEAAsE;IACtE,kEAAkE;IAClE,0EAA0E;IAC1E,sEAAsE;IACtE,2EAA2E;IAC3E,MAAM,IAAI,GAAG,eAAe,CAAC,YAAY,EAAE,OAAO,EAAE,aAAa,KAAK,IAAI,CAAC,CAAC;IAE5E,IAAI,CAAC;QACH,IAAI,EAAE,MAAM;QACZ,0EAA0E;QAC1E,eAAe,EAAE,CAAC;QAClB,eAAe,EAAE,CAAC;QAClB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,yEAAyE;QACzE,0EAA0E;QAC1E,eAAe,EAAE,CAAC;KACnB,CAAC,CAAC;IAEH,uEAAuE;IACvE,qEAAqE;IACrE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,IAAI,CAAC,YAAY;gBACvB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;YACH,YAAY,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;YACrC,YAAY,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QAEvD,sEAAsE;QACtE,mEAAmE;QACnE,oEAAoE;QACpE,wCAAwC;QACxC,IAAI,WAAW,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,GAAG,GAAG,MAAM,oBAAoB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC5D,CAAC;QAED,wEAAwE;QACxE,EAAE;QACF,yEAAyE;QACzE,yEAAyE;QACzE,sEAAsE;QACtE,yEAAyE;QACzE,sEAAsE;QACtE,qEAAqE;QACrE,0CAA0C;QAC1C,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC3D,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACjD,MAAM,YAAY,GAAG,CAAC,CAAC,YAAY,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,CAAC;YACvE,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,IAAI,gBAAgB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YAEnF,IAAI,YAAY,IAAI,aAAa,EAAE,CAAC;gBAClC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAEjC,MAAM,UAAU,GAAG,MAAM,eAAe,CACtC;oBACE,IAAI,EAAE,YAAY;oBAClB,SAAS;oBACT,cAAc,EAAE,UAAU,CAAC,YAAY;oBACvC,SAAS,EAAE,MAAM;iBAClB,EACD,UAAU,CACX,CAAC;gBAEF,IAAI,CAAC;oBACH,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,YAAY;oBAClB,SAAS,EAAE,MAAM;oBACjB,UAAU;iBACX,CAAC,CAAC;gBAEH,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;oBAC3B,OAAO;wBACL,aAAa;wBACb,aAAa;wBACb,YAAY;wBACZ,aAAa;wBACb,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACnD,YAAY,EAAE,CAAC;oBACf,SAAS;gBACX,CAAC;gBACD,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,SAAS;QACT,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEvC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;YAEnE,qEAAqE;YACrE,sEAAsE;YACtE,yDAAyD;YACzD,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACrE,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG;oBAC5B,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC;oBAC9B,OAAO;iBAC8C,CAAC;YAC1D,CAAC;YAED,aAAa,EAAE,CAAC;YAChB,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC;YAC3B,IAAI,CAAC;gBACH,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC1D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,mCAAmC;IACnC,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAEhC,OAAO;QACL,aAAa;QACb,aAAa;QACb,YAAY;QACZ,aAAa;QACb,OAAO,EAAE,KAAK;KACf,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,KAAwB;IACpD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC1B,IAAI,KAAK,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CACT,SAAS,KAAK,CAAC,aAAa,eAAe,KAAK,CAAC,aAAa,YAAY,KAAK,CAAC,WAAW,YAAY,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACrC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACrC,OAAO,CAAC,KAAK,CACX,iBAAiB,KAAK,CAAC,SAAS,MAAM,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,UAAU,EAAE,CACzE,CAAC;IACJ,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;IAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,WAAW,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,KAAe,EACf,MAAc,EACd,QAAgB,EAChB,MAA8B;IAE9B,MAAM,OAAO,GAAqD,EAAE,CAAC;IAErE,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAEtE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;YAC3D,SAAS;QACX,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,uCAAuC,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,OAAO,CACd,GAAW,EACX,QAAgB,EAChB,MAA8B;IAE9B,MAAM,OAAO,GAAqD,EAAE,CAAC;IACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IAExC,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAAE,SAAS;QAEpC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY;gBACZ,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,QAAQ,CAAC,MAAc,EAAE,KAAa;IAC7C,qEAAqE;IACrE,wEAAwE;IACxE,wEAAwE;IACxE,qEAAqE;IACrE,4DAA4D;IAC5D,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACnD,OAAO,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAS,gBAAgB,CACvB,MAA4C,EAC5C,KAAgD;IAEhD,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,UAAU,CAAC;IACzD,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;IACpD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,QAAQ,CAAC;AAClD,CAAC"}
|
package/dist/cognito-auth.d.ts
CHANGED
|
@@ -55,6 +55,20 @@ export declare function saveCachedTokens(tokens: CognitoTokens): void;
|
|
|
55
55
|
export declare function clearCachedTokens(): void;
|
|
56
56
|
/** True when the token expires within the given buffer (default 60s). */
|
|
57
57
|
export declare function isExpiring(tokens: CognitoTokens, bufferSeconds?: number): boolean;
|
|
58
|
+
/**
|
|
59
|
+
* Decode the `client_id` claim from a Cognito access token (no signature
|
|
60
|
+
* verification — we only need to identify which App Client minted it).
|
|
61
|
+
* Returns null when the token can't be parsed.
|
|
62
|
+
*
|
|
63
|
+
* Used by `getValidAccessToken` to detect stale cached sessions that target
|
|
64
|
+
* a different Cognito App Client. The canonical case is a pre-2026-04-25
|
|
65
|
+
* cache file holding a `hq-vault-dev` token after the user upgraded to a
|
|
66
|
+
* post-cutover CLI: the access token stays "non-expiring" for an hour but
|
|
67
|
+
* the prod vault API rejects it with 401, and the dev refresh token can't
|
|
68
|
+
* be exchanged at the prod token endpoint. Detecting the mismatch and
|
|
69
|
+
* forcing a re-login is the only safe self-heal.
|
|
70
|
+
*/
|
|
71
|
+
export declare function decodeAccessTokenClientId(accessToken: string): string | null;
|
|
58
72
|
/**
|
|
59
73
|
* Open the Cognito Hosted UI in the user's browser, wait for the redirect
|
|
60
74
|
* back to localhost, and exchange the auth code for tokens.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito-auth.d.ts","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAaH,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,oEAAoE;IACpE,cAAc,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,+KAA+K;IAC/K,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,SAAS,EAAE,QAAQ,CAAC;CACrB;AAED,qFAAqF;AACrF,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AASD,wBAAgB,gBAAgB,IAAI,aAAa,GAAG,IAAI,CAQvD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAO5D;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAiBD,yEAAyE;AACzE,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,EAAE,aAAa,SAAK,GAAG,OAAO,CAI7E;AAsCD;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,aAAa,CAAC,CA2GxB;AAsDD;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,EACzB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC,CA4BxB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,iBAAiB,EACzB,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAA;CAAO,GACtC,OAAO,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"cognito-auth.d.ts","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAaH,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,oEAAoE;IACpE,cAAc,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,+KAA+K;IAC/K,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,SAAS,EAAE,QAAQ,CAAC;CACrB;AAED,qFAAqF;AACrF,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AASD,wBAAgB,gBAAgB,IAAI,aAAa,GAAG,IAAI,CAQvD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAO5D;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAiBD,yEAAyE;AACzE,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,EAAE,aAAa,SAAK,GAAG,OAAO,CAI7E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAY5E;AAsCD;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,aAAa,CAAC,CA2GxB;AAsDD;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,EACzB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC,CA4BxB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,iBAAiB,EACzB,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAA;CAAO,GACtC,OAAO,CAAC,MAAM,CAAC,CAsCjB"}
|
package/dist/cognito-auth.js
CHANGED
|
@@ -78,6 +78,34 @@ export function isExpiring(tokens, bufferSeconds = 60) {
|
|
|
78
78
|
return true;
|
|
79
79
|
return expiresAt - Date.now() < bufferSeconds * 1000;
|
|
80
80
|
}
|
|
81
|
+
/**
|
|
82
|
+
* Decode the `client_id` claim from a Cognito access token (no signature
|
|
83
|
+
* verification — we only need to identify which App Client minted it).
|
|
84
|
+
* Returns null when the token can't be parsed.
|
|
85
|
+
*
|
|
86
|
+
* Used by `getValidAccessToken` to detect stale cached sessions that target
|
|
87
|
+
* a different Cognito App Client. The canonical case is a pre-2026-04-25
|
|
88
|
+
* cache file holding a `hq-vault-dev` token after the user upgraded to a
|
|
89
|
+
* post-cutover CLI: the access token stays "non-expiring" for an hour but
|
|
90
|
+
* the prod vault API rejects it with 401, and the dev refresh token can't
|
|
91
|
+
* be exchanged at the prod token endpoint. Detecting the mismatch and
|
|
92
|
+
* forcing a re-login is the only safe self-heal.
|
|
93
|
+
*/
|
|
94
|
+
export function decodeAccessTokenClientId(accessToken) {
|
|
95
|
+
try {
|
|
96
|
+
const parts = accessToken.split(".");
|
|
97
|
+
if (parts.length < 2)
|
|
98
|
+
return null;
|
|
99
|
+
const payloadB64 = parts[1];
|
|
100
|
+
const padded = payloadB64 + "=".repeat((4 - (payloadB64.length % 4)) % 4);
|
|
101
|
+
const json = Buffer.from(padded, "base64").toString("utf-8");
|
|
102
|
+
const claims = JSON.parse(json);
|
|
103
|
+
return typeof claims.client_id === "string" ? claims.client_id : null;
|
|
104
|
+
}
|
|
105
|
+
catch {
|
|
106
|
+
return null;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
81
109
|
// ---------------------------------------------------------------------------
|
|
82
110
|
// PKCE
|
|
83
111
|
// ---------------------------------------------------------------------------
|
|
@@ -275,7 +303,21 @@ export async function refreshTokens(config, currentRefreshToken) {
|
|
|
275
303
|
*/
|
|
276
304
|
export async function getValidAccessToken(config, options = {}) {
|
|
277
305
|
const interactive = options.interactive ?? true;
|
|
278
|
-
|
|
306
|
+
let cached = loadCachedTokens();
|
|
307
|
+
// Stale-pool detection: if the cached access token was issued by a
|
|
308
|
+
// different Cognito App Client than the one we're talking to now, drop the
|
|
309
|
+
// cache and re-authenticate. Without this, a user holding a pre-cutover
|
|
310
|
+
// dev-pool token would either keep using a token the prod API rejects
|
|
311
|
+
// with 401, or attempt a refresh against the prod token endpoint with a
|
|
312
|
+
// dev refresh token (InvalidGrant). See `decodeAccessTokenClientId` for
|
|
313
|
+
// the full rationale.
|
|
314
|
+
if (cached) {
|
|
315
|
+
const cachedClientId = decodeAccessTokenClientId(cached.accessToken);
|
|
316
|
+
if (cachedClientId !== null && cachedClientId !== config.clientId) {
|
|
317
|
+
clearCachedTokens();
|
|
318
|
+
cached = null;
|
|
319
|
+
}
|
|
320
|
+
}
|
|
279
321
|
if (cached && !isExpiring(cached))
|
|
280
322
|
return cached.accessToken;
|
|
281
323
|
if (cached) {
|
package/dist/cognito-auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito-auth.js","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,IAAI,MAAM,MAAM,CAAC;AAuCxB,qFAAqF;AACrF,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAE5D,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7E,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,UAAU,CAAC,MAAqB,EAAE,aAAa,GAAG,EAAE;IAClE,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC;AACvD,CAAC;AAED,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,eAAe,CAC/B,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CACtD,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,WAAW,CAAC,MAAyB;IAC5C,OAAO,WAAW,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,MAAM,oBAAoB,CAAC;AACpF,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,oBAAoB,IAAI,WAAW,CAAC;AAC7C,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAyB;IAEzB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtD,2EAA2E;IAC3E,8EAA8E;IAC9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACnE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzE,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;IAEd,2EAA2E;IAC3E,SAAS,eAAe,CAAC,IAAY,EAAE,aAAqB;QAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,uEAAuE;YACvE,mEAAmE;YACnE,mEAAmE;YACnE,oEAAoE;YACpE,mDAAmD;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBAChE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrB,OAAO;gBACT,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,oCAAoC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBACrE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;oBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;oBACpE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACjC,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CACL;;;;yBAIe,CAChB,CAAC;gBACF,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,6CAA6C,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBACjF,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAClC,qCAAqC;gBACvC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,UAAU,CAC3B,GAAG,EAAE;gBACH,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;YACnE,CAAC,EACD,EAAE,GAAG,EAAE,GAAG,IAAI,CACf,CAAC;YAEF,SAAS,OAAO;gBACd,YAAY,CAAC,UAAU,CAAC,CAAC;gBACzB,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAcD,KAAK,UAAU,qBAAqB,CAClC,MAAyB,EACzB,IAAY,EACZ,QAAgB,EAChB,IAAY;IAEZ,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,IAAI;QACJ,aAAa,EAAE,QAAQ;QACvB,YAAY,EAAE,WAAW,CAAC,IAAI,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,0BAA0B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACxB,MAAM,IAAI,gBAAgB,CACxB,8FAA8F,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAyB,EACzB,mBAA2B;IAE3B,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,mBAAmB;KACnC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,MAAM,MAAM,GAAkB;QAC5B,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,mBAAmB;QACvD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;IACF,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAyB,EACzB,UAAqC,EAAE;IAEvC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IAChD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAElC,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC;IAE7D,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YACnE,OAAO,SAAS,CAAC,WAAW,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,gBAAgB,CACxB,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC"}
|
|
1
|
+
{"version":3,"file":"cognito-auth.js","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,IAAI,MAAM,MAAM,CAAC;AAuCxB,qFAAqF;AACrF,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAE5D,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7E,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,UAAU,CAAC,MAAqB,EAAE,aAAa,GAAG,EAAE;IAClE,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,yBAAyB,CAAC,WAAmB;IAC3D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAC3D,OAAO,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,eAAe,CAC/B,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CACtD,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,WAAW,CAAC,MAAyB;IAC5C,OAAO,WAAW,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,MAAM,oBAAoB,CAAC;AACpF,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,oBAAoB,IAAI,WAAW,CAAC;AAC7C,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAyB;IAEzB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtD,2EAA2E;IAC3E,8EAA8E;IAC9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACnE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzE,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;IAEd,2EAA2E;IAC3E,SAAS,eAAe,CAAC,IAAY,EAAE,aAAqB;QAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,uEAAuE;YACvE,mEAAmE;YACnE,mEAAmE;YACnE,oEAAoE;YACpE,mDAAmD;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBAChE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrB,OAAO;gBACT,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,oCAAoC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBACrE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;oBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;oBACpE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACjC,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CACL;;;;yBAIe,CAChB,CAAC;gBACF,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,6CAA6C,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBACjF,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAClC,qCAAqC;gBACvC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,UAAU,CAC3B,GAAG,EAAE;gBACH,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;YACnE,CAAC,EACD,EAAE,GAAG,EAAE,GAAG,IAAI,CACf,CAAC;YAEF,SAAS,OAAO;gBACd,YAAY,CAAC,UAAU,CAAC,CAAC;gBACzB,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAcD,KAAK,UAAU,qBAAqB,CAClC,MAAyB,EACzB,IAAY,EACZ,QAAgB,EAChB,IAAY;IAEZ,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,IAAI;QACJ,aAAa,EAAE,QAAQ;QACvB,YAAY,EAAE,WAAW,CAAC,IAAI,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,0BAA0B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACxB,MAAM,IAAI,gBAAgB,CACxB,8FAA8F,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAyB,EACzB,mBAA2B;IAE3B,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,mBAAmB;KACnC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,MAAM,MAAM,GAAkB;QAC5B,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,mBAAmB;QACvD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;IACF,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAyB,EACzB,UAAqC,EAAE;IAEvC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IAChD,IAAI,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAEhC,mEAAmE;IACnE,2EAA2E;IAC3E,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,wEAAwE;IACxE,sBAAsB;IACtB,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,cAAc,GAAG,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,IAAI,cAAc,KAAK,IAAI,IAAI,cAAc,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClE,iBAAiB,EAAE,CAAC;YACpB,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC;IAE7D,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YACnE,OAAO,SAAS,CAAC,WAAW,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,gBAAgB,CACxB,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC"}
|
|
@@ -76,6 +76,89 @@ describe("isExpiring — expiresAt shape tolerance", () => {
|
|
|
76
76
|
});
|
|
77
77
|
});
|
|
78
78
|
// ---------------------------------------------------------------------------
|
|
79
|
+
// Stale-pool detection — decodeAccessTokenClientId + getValidAccessToken
|
|
80
|
+
// self-evicts cached tokens minted by a different App Client (e.g. dev pool
|
|
81
|
+
// tokens left over from before the 2026-04-25 cutover).
|
|
82
|
+
// ---------------------------------------------------------------------------
|
|
83
|
+
/** Build a minimal unsigned JWT carrying the given claims. Cognito's real */
|
|
84
|
+
/** tokens are RS256-signed; we don't verify here so the signature can be */
|
|
85
|
+
/** anything — only the base64url-encoded payload matters. */
|
|
86
|
+
function makeAccessToken(claims) {
|
|
87
|
+
const header = Buffer.from(JSON.stringify({ alg: "RS256", typ: "JWT" }))
|
|
88
|
+
.toString("base64")
|
|
89
|
+
.replace(/=+$/, "");
|
|
90
|
+
const payload = Buffer.from(JSON.stringify(claims))
|
|
91
|
+
.toString("base64")
|
|
92
|
+
.replace(/=+$/, "");
|
|
93
|
+
return `${header}.${payload}.signature`;
|
|
94
|
+
}
|
|
95
|
+
const DEV_CLIENT = "4mmujmjq3srakdueg656b9m0mp";
|
|
96
|
+
const PROD_CLIENT = "7acei2c8v870enheptb1j5foln";
|
|
97
|
+
const baseConfig = {
|
|
98
|
+
region: "us-east-1",
|
|
99
|
+
userPoolDomain: "vault-indigo-hq-prod",
|
|
100
|
+
clientId: PROD_CLIENT,
|
|
101
|
+
};
|
|
102
|
+
describe("decodeAccessTokenClientId", () => {
|
|
103
|
+
it("returns the client_id claim from a well-formed JWT", async () => {
|
|
104
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
105
|
+
const token = makeAccessToken({ client_id: DEV_CLIENT, sub: "abc" });
|
|
106
|
+
expect(decodeAccessTokenClientId(token)).toBe(DEV_CLIENT);
|
|
107
|
+
});
|
|
108
|
+
it("returns null when client_id is absent", async () => {
|
|
109
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
110
|
+
const token = makeAccessToken({ sub: "abc" });
|
|
111
|
+
expect(decodeAccessTokenClientId(token)).toBeNull();
|
|
112
|
+
});
|
|
113
|
+
it("returns null when the token has fewer than two segments", async () => {
|
|
114
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
115
|
+
expect(decodeAccessTokenClientId("not-a-jwt")).toBeNull();
|
|
116
|
+
});
|
|
117
|
+
it("returns null when the payload isn't valid JSON", async () => {
|
|
118
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
119
|
+
expect(decodeAccessTokenClientId("aaa.bbb.ccc")).toBeNull();
|
|
120
|
+
});
|
|
121
|
+
});
|
|
122
|
+
describe("getValidAccessToken stale-pool detection", () => {
|
|
123
|
+
it("evicts a cached token whose client_id mismatches the current config", async () => {
|
|
124
|
+
const { saveCachedTokens, loadCachedTokens, getValidAccessToken } = await importModule();
|
|
125
|
+
const devToken = makeAccessToken({ client_id: DEV_CLIENT, sub: "abc" });
|
|
126
|
+
saveCachedTokens({
|
|
127
|
+
...baseTokens,
|
|
128
|
+
accessToken: devToken,
|
|
129
|
+
expiresAt: Date.now() + 60 * 60 * 1000,
|
|
130
|
+
});
|
|
131
|
+
expect(loadCachedTokens()).not.toBeNull();
|
|
132
|
+
await expect(getValidAccessToken(baseConfig, { interactive: false })).rejects.toThrow(/No valid HQ session/);
|
|
133
|
+
expect(loadCachedTokens()).toBeNull();
|
|
134
|
+
});
|
|
135
|
+
it("keeps a cached token whose client_id matches", async () => {
|
|
136
|
+
const { saveCachedTokens, getValidAccessToken } = await importModule();
|
|
137
|
+
const prodToken = makeAccessToken({ client_id: PROD_CLIENT, sub: "abc" });
|
|
138
|
+
saveCachedTokens({
|
|
139
|
+
...baseTokens,
|
|
140
|
+
accessToken: prodToken,
|
|
141
|
+
expiresAt: Date.now() + 60 * 60 * 1000,
|
|
142
|
+
});
|
|
143
|
+
const access = await getValidAccessToken(baseConfig, {
|
|
144
|
+
interactive: false,
|
|
145
|
+
});
|
|
146
|
+
expect(access).toBe(prodToken);
|
|
147
|
+
});
|
|
148
|
+
it("keeps a cached token when client_id can't be decoded (back-compat)", async () => {
|
|
149
|
+
const { saveCachedTokens, getValidAccessToken } = await importModule();
|
|
150
|
+
saveCachedTokens({
|
|
151
|
+
...baseTokens,
|
|
152
|
+
accessToken: "opaque-non-jwt",
|
|
153
|
+
expiresAt: Date.now() + 60 * 60 * 1000,
|
|
154
|
+
});
|
|
155
|
+
const access = await getValidAccessToken(baseConfig, {
|
|
156
|
+
interactive: false,
|
|
157
|
+
});
|
|
158
|
+
expect(access).toBe("opaque-non-jwt");
|
|
159
|
+
});
|
|
160
|
+
});
|
|
161
|
+
// ---------------------------------------------------------------------------
|
|
79
162
|
// Round-trip: writers emit epoch-ms, readers read epoch-ms
|
|
80
163
|
// ---------------------------------------------------------------------------
|
|
81
164
|
describe("expiresAt shape round-trip", () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito-auth.test.js","sourceRoot":"","sources":["../src/cognito-auth.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzE,6EAA6E;AAC7E,uCAAuC;AACvC,IAAI,YAAgC,CAAC;AACrC,IAAI,OAAe,CAAC;AAEpB,UAAU,CAAC,GAAG,EAAE;IACd,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;IAC3B,EAAE,CAAC,YAAY,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;;QACnD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC;IACrC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACtB,EAAE,CAAC,eAAe,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,YAAY;IACzB,OAAO,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,GAAG;IACjB,WAAW,EAAE,QAAQ;IACrB,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,SAAS;IACvB,SAAS,EAAE,QAAiB;CAC7B,CAAC;AAEF,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAE9E,QAAQ,CAAC,wCAAwC,EAAE,GAAG,EAAE;IACtD,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnE,MAAM,CAAC,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5D,MAAM,CAAC,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC3C,qEAAqE;QACrE,MAAM,CACJ,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,MAA2B,EAAE,CAAC,CACtE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACpC,MAAM,CACJ,UAAU,CACR,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,IAAyB,EAAE,EACvD,EAAE,CACH,CACF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,CACJ,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CACvD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,CACJ,UAAU,CAAC;YACT,GAAG,UAAU;YACb,SAAS,EAAE,SAA8B;SAC1C,CAAC,CACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,CACJ,UAAU,CAAC;YACT,GAAG,UAAU;YACb,SAAS,EAAE,MAAM,CAAC,GAAwB;SAC3C,CAAC,CACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAE9E,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;QACzC,gBAAgB,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACpE,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7D,gBAAgB,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,EAAE,CAAC,UAAU,CACX,OAAO,EACP,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CACf,IAAI,QAAQ,CACV,IAAI,CAAC,SAAS,CAAC;YACb,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,QAAQ;YAClB,aAAa,EAAE,aAAa;YAC5B,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,QAAQ;SACrB,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CACF,CACF,CAAC;QAEF,MAAM,EAAE,aAAa,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC;YACE,MAAM,EAAE,WAAW;YACnB,cAAc,EAAE,qBAAqB;YACrC,QAAQ,EAAE,aAAa;SACxB,EACD,qBAAqB,CACtB,CAAC;QACF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,CAAC,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;QACtE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"cognito-auth.test.js","sourceRoot":"","sources":["../src/cognito-auth.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzE,6EAA6E;AAC7E,uCAAuC;AACvC,IAAI,YAAgC,CAAC;AACrC,IAAI,OAAe,CAAC;AAEpB,UAAU,CAAC,GAAG,EAAE;IACd,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;IAC3B,EAAE,CAAC,YAAY,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;;QACnD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC;IACrC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACtB,EAAE,CAAC,eAAe,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,YAAY;IACzB,OAAO,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,GAAG;IACjB,WAAW,EAAE,QAAQ;IACrB,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,SAAS;IACvB,SAAS,EAAE,QAAiB;CAC7B,CAAC;AAEF,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAE9E,QAAQ,CAAC,wCAAwC,EAAE,GAAG,EAAE;IACtD,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnE,MAAM,CAAC,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5D,MAAM,CAAC,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC3C,qEAAqE;QACrE,MAAM,CACJ,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,MAA2B,EAAE,CAAC,CACtE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACpC,MAAM,CACJ,UAAU,CACR,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,IAAyB,EAAE,EACvD,EAAE,CACH,CACF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC5C,MAAM,CACJ,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CACvD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,CACJ,UAAU,CAAC;YACT,GAAG,UAAU;YACb,SAAS,EAAE,SAA8B;SAC1C,CAAC,CACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,CACJ,UAAU,CAAC;YACT,GAAG,UAAU;YACb,SAAS,EAAE,MAAM,CAAC,GAAwB;SAC3C,CAAC,CACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,yEAAyE;AACzE,4EAA4E;AAC5E,wDAAwD;AACxD,8EAA8E;AAE9E,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,SAAS,eAAe,CAAC,MAA+B;IACtD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;SACrE,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;SAChD,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtB,OAAO,GAAG,MAAM,IAAI,OAAO,YAAY,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,WAAW,GAAG,4BAA4B,CAAC;AAEjD,MAAM,UAAU,GAAG;IACjB,MAAM,EAAE,WAAW;IACnB,cAAc,EAAE,sBAAsB;IACtC,QAAQ,EAAE,WAAW;CACtB,CAAC;AAEF,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC3D,MAAM,KAAK,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC3D,MAAM,KAAK,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,MAAM,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC3D,MAAM,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAC3D,MAAM,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,0CAA0C,EAAE,GAAG,EAAE;IACxD,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,GAC/D,MAAM,YAAY,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QACxE,gBAAgB,CAAC;YACf,GAAG,UAAU;YACb,WAAW,EAAE,QAAQ;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACvC,CAAC,CAAC;QACH,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAE1C,MAAM,MAAM,CACV,mBAAmB,CAAC,UAAU,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CACxD,CAAC,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEzC,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACvE,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1E,gBAAgB,CAAC;YACf,GAAG,UAAU;YACb,WAAW,EAAE,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACvC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,UAAU,EAAE;YACnD,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACvE,gBAAgB,CAAC;YACf,GAAG,UAAU;YACb,WAAW,EAAE,gBAAgB;YAC7B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACvC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,UAAU,EAAE;YACnD,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAE9E,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;QACzC,gBAAgB,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACpE,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7D,gBAAgB,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,EAAE,CAAC,UAAU,CACX,OAAO,EACP,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CACf,IAAI,QAAQ,CACV,IAAI,CAAC,SAAS,CAAC;YACb,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,QAAQ;YAClB,aAAa,EAAE,aAAa;YAC5B,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,QAAQ;SACrB,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CACF,CACF,CAAC;QAEF,MAAM,EAAE,aAAa,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC;YACE,MAAM,EAAE,WAAW;YACnB,cAAc,EAAE,qBAAqB;YACrC,QAAQ,EAAE,aAAa;SACxB,EACD,qBAAqB,CACtB,CAAC;QACF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,CAAC,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;QACtE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
package/src/cli/share.ts
CHANGED
|
@@ -500,10 +500,25 @@ function walkDir(
|
|
|
500
500
|
}
|
|
501
501
|
|
|
502
502
|
function isWithin(parent: string, child: string): boolean {
|
|
503
|
-
|
|
503
|
+
// Canonicalize both ends so the comparison survives case-insensitive
|
|
504
|
+
// filesystems (macOS APFS, Windows NTFS): `path.relative('/Users/x/hq',
|
|
505
|
+
// '/Users/x/HQ/foo')` returns `'../HQ/foo'`, which would falsely report
|
|
506
|
+
// `child` as outside `parent`. `realpathSync.native` resolves to the
|
|
507
|
+
// on-disk canonical case so the relative path lands inside.
|
|
508
|
+
const parentCanon = realpathSafe(parent);
|
|
509
|
+
const childCanon = realpathSafe(child);
|
|
510
|
+
const rel = path.relative(parentCanon, childCanon);
|
|
504
511
|
return rel === "" || (!rel.startsWith("..") && !path.isAbsolute(rel));
|
|
505
512
|
}
|
|
506
513
|
|
|
514
|
+
function realpathSafe(p: string): string {
|
|
515
|
+
try {
|
|
516
|
+
return fs.realpathSync.native(p);
|
|
517
|
+
} catch {
|
|
518
|
+
return p;
|
|
519
|
+
}
|
|
520
|
+
}
|
|
521
|
+
|
|
507
522
|
/**
|
|
508
523
|
* Returns true when the remote object appears to have moved since the
|
|
509
524
|
* journal entry's last-recorded sync. Prefers ETag equality; falls back to
|
package/src/cognito-auth.test.ts
CHANGED
|
@@ -99,6 +99,105 @@ describe("isExpiring — expiresAt shape tolerance", () => {
|
|
|
99
99
|
});
|
|
100
100
|
});
|
|
101
101
|
|
|
102
|
+
// ---------------------------------------------------------------------------
|
|
103
|
+
// Stale-pool detection — decodeAccessTokenClientId + getValidAccessToken
|
|
104
|
+
// self-evicts cached tokens minted by a different App Client (e.g. dev pool
|
|
105
|
+
// tokens left over from before the 2026-04-25 cutover).
|
|
106
|
+
// ---------------------------------------------------------------------------
|
|
107
|
+
|
|
108
|
+
/** Build a minimal unsigned JWT carrying the given claims. Cognito's real */
|
|
109
|
+
/** tokens are RS256-signed; we don't verify here so the signature can be */
|
|
110
|
+
/** anything — only the base64url-encoded payload matters. */
|
|
111
|
+
function makeAccessToken(claims: Record<string, unknown>): string {
|
|
112
|
+
const header = Buffer.from(JSON.stringify({ alg: "RS256", typ: "JWT" }))
|
|
113
|
+
.toString("base64")
|
|
114
|
+
.replace(/=+$/, "");
|
|
115
|
+
const payload = Buffer.from(JSON.stringify(claims))
|
|
116
|
+
.toString("base64")
|
|
117
|
+
.replace(/=+$/, "");
|
|
118
|
+
return `${header}.${payload}.signature`;
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
const DEV_CLIENT = "4mmujmjq3srakdueg656b9m0mp";
|
|
122
|
+
const PROD_CLIENT = "7acei2c8v870enheptb1j5foln";
|
|
123
|
+
|
|
124
|
+
const baseConfig = {
|
|
125
|
+
region: "us-east-1",
|
|
126
|
+
userPoolDomain: "vault-indigo-hq-prod",
|
|
127
|
+
clientId: PROD_CLIENT,
|
|
128
|
+
};
|
|
129
|
+
|
|
130
|
+
describe("decodeAccessTokenClientId", () => {
|
|
131
|
+
it("returns the client_id claim from a well-formed JWT", async () => {
|
|
132
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
133
|
+
const token = makeAccessToken({ client_id: DEV_CLIENT, sub: "abc" });
|
|
134
|
+
expect(decodeAccessTokenClientId(token)).toBe(DEV_CLIENT);
|
|
135
|
+
});
|
|
136
|
+
|
|
137
|
+
it("returns null when client_id is absent", async () => {
|
|
138
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
139
|
+
const token = makeAccessToken({ sub: "abc" });
|
|
140
|
+
expect(decodeAccessTokenClientId(token)).toBeNull();
|
|
141
|
+
});
|
|
142
|
+
|
|
143
|
+
it("returns null when the token has fewer than two segments", async () => {
|
|
144
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
145
|
+
expect(decodeAccessTokenClientId("not-a-jwt")).toBeNull();
|
|
146
|
+
});
|
|
147
|
+
|
|
148
|
+
it("returns null when the payload isn't valid JSON", async () => {
|
|
149
|
+
const { decodeAccessTokenClientId } = await importModule();
|
|
150
|
+
expect(decodeAccessTokenClientId("aaa.bbb.ccc")).toBeNull();
|
|
151
|
+
});
|
|
152
|
+
});
|
|
153
|
+
|
|
154
|
+
describe("getValidAccessToken stale-pool detection", () => {
|
|
155
|
+
it("evicts a cached token whose client_id mismatches the current config", async () => {
|
|
156
|
+
const { saveCachedTokens, loadCachedTokens, getValidAccessToken } =
|
|
157
|
+
await importModule();
|
|
158
|
+
const devToken = makeAccessToken({ client_id: DEV_CLIENT, sub: "abc" });
|
|
159
|
+
saveCachedTokens({
|
|
160
|
+
...baseTokens,
|
|
161
|
+
accessToken: devToken,
|
|
162
|
+
expiresAt: Date.now() + 60 * 60 * 1000,
|
|
163
|
+
});
|
|
164
|
+
expect(loadCachedTokens()).not.toBeNull();
|
|
165
|
+
|
|
166
|
+
await expect(
|
|
167
|
+
getValidAccessToken(baseConfig, { interactive: false }),
|
|
168
|
+
).rejects.toThrow(/No valid HQ session/);
|
|
169
|
+
|
|
170
|
+
expect(loadCachedTokens()).toBeNull();
|
|
171
|
+
});
|
|
172
|
+
|
|
173
|
+
it("keeps a cached token whose client_id matches", async () => {
|
|
174
|
+
const { saveCachedTokens, getValidAccessToken } = await importModule();
|
|
175
|
+
const prodToken = makeAccessToken({ client_id: PROD_CLIENT, sub: "abc" });
|
|
176
|
+
saveCachedTokens({
|
|
177
|
+
...baseTokens,
|
|
178
|
+
accessToken: prodToken,
|
|
179
|
+
expiresAt: Date.now() + 60 * 60 * 1000,
|
|
180
|
+
});
|
|
181
|
+
const access = await getValidAccessToken(baseConfig, {
|
|
182
|
+
interactive: false,
|
|
183
|
+
});
|
|
184
|
+
expect(access).toBe(prodToken);
|
|
185
|
+
});
|
|
186
|
+
|
|
187
|
+
it("keeps a cached token when client_id can't be decoded (back-compat)", async () => {
|
|
188
|
+
const { saveCachedTokens, getValidAccessToken } = await importModule();
|
|
189
|
+
saveCachedTokens({
|
|
190
|
+
...baseTokens,
|
|
191
|
+
accessToken: "opaque-non-jwt",
|
|
192
|
+
expiresAt: Date.now() + 60 * 60 * 1000,
|
|
193
|
+
});
|
|
194
|
+
const access = await getValidAccessToken(baseConfig, {
|
|
195
|
+
interactive: false,
|
|
196
|
+
});
|
|
197
|
+
expect(access).toBe("opaque-non-jwt");
|
|
198
|
+
});
|
|
199
|
+
});
|
|
200
|
+
|
|
102
201
|
// ---------------------------------------------------------------------------
|
|
103
202
|
// Round-trip: writers emit epoch-ms, readers read epoch-ms
|
|
104
203
|
// ---------------------------------------------------------------------------
|
package/src/cognito-auth.ts
CHANGED
|
@@ -120,6 +120,33 @@ export function isExpiring(tokens: CognitoTokens, bufferSeconds = 60): boolean {
|
|
|
120
120
|
return expiresAt - Date.now() < bufferSeconds * 1000;
|
|
121
121
|
}
|
|
122
122
|
|
|
123
|
+
/**
|
|
124
|
+
* Decode the `client_id` claim from a Cognito access token (no signature
|
|
125
|
+
* verification — we only need to identify which App Client minted it).
|
|
126
|
+
* Returns null when the token can't be parsed.
|
|
127
|
+
*
|
|
128
|
+
* Used by `getValidAccessToken` to detect stale cached sessions that target
|
|
129
|
+
* a different Cognito App Client. The canonical case is a pre-2026-04-25
|
|
130
|
+
* cache file holding a `hq-vault-dev` token after the user upgraded to a
|
|
131
|
+
* post-cutover CLI: the access token stays "non-expiring" for an hour but
|
|
132
|
+
* the prod vault API rejects it with 401, and the dev refresh token can't
|
|
133
|
+
* be exchanged at the prod token endpoint. Detecting the mismatch and
|
|
134
|
+
* forcing a re-login is the only safe self-heal.
|
|
135
|
+
*/
|
|
136
|
+
export function decodeAccessTokenClientId(accessToken: string): string | null {
|
|
137
|
+
try {
|
|
138
|
+
const parts = accessToken.split(".");
|
|
139
|
+
if (parts.length < 2) return null;
|
|
140
|
+
const payloadB64 = parts[1];
|
|
141
|
+
const padded = payloadB64 + "=".repeat((4 - (payloadB64.length % 4)) % 4);
|
|
142
|
+
const json = Buffer.from(padded, "base64").toString("utf-8");
|
|
143
|
+
const claims = JSON.parse(json) as { client_id?: unknown };
|
|
144
|
+
return typeof claims.client_id === "string" ? claims.client_id : null;
|
|
145
|
+
} catch {
|
|
146
|
+
return null;
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
|
|
123
150
|
// ---------------------------------------------------------------------------
|
|
124
151
|
// PKCE
|
|
125
152
|
// ---------------------------------------------------------------------------
|
|
@@ -375,7 +402,22 @@ export async function getValidAccessToken(
|
|
|
375
402
|
options: { interactive?: boolean } = {},
|
|
376
403
|
): Promise<string> {
|
|
377
404
|
const interactive = options.interactive ?? true;
|
|
378
|
-
|
|
405
|
+
let cached = loadCachedTokens();
|
|
406
|
+
|
|
407
|
+
// Stale-pool detection: if the cached access token was issued by a
|
|
408
|
+
// different Cognito App Client than the one we're talking to now, drop the
|
|
409
|
+
// cache and re-authenticate. Without this, a user holding a pre-cutover
|
|
410
|
+
// dev-pool token would either keep using a token the prod API rejects
|
|
411
|
+
// with 401, or attempt a refresh against the prod token endpoint with a
|
|
412
|
+
// dev refresh token (InvalidGrant). See `decodeAccessTokenClientId` for
|
|
413
|
+
// the full rationale.
|
|
414
|
+
if (cached) {
|
|
415
|
+
const cachedClientId = decodeAccessTokenClientId(cached.accessToken);
|
|
416
|
+
if (cachedClientId !== null && cachedClientId !== config.clientId) {
|
|
417
|
+
clearCachedTokens();
|
|
418
|
+
cached = null;
|
|
419
|
+
}
|
|
420
|
+
}
|
|
379
421
|
|
|
380
422
|
if (cached && !isExpiring(cached)) return cached.accessToken;
|
|
381
423
|
|