@liflig/cdk-vy 1.0.0

package/lib/cognito-app-client/cognito-app-client.js

@@ -0,0 +1,183 @@
+/**
+ * CDK Construct for Cognito App Client
+ */
+import { createRequire } from "node:module";
+import * as path from "node:path";
+import { fileURLToPath } from "node:url";
+import * as cdk from "aws-cdk-lib";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
+import * as logs from "aws-cdk-lib/aws-logs";
+import * as secretsmanager from "aws-cdk-lib/aws-secretsmanager";
+import * as cr from "aws-cdk-lib/custom-resources";
+import { Construct } from "constructs";
+const require = createRequire(import.meta.url);
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+/**
+ * Type of app client
+ */
+export var AppClientType;
+(function (AppClientType) {
+    /**
+     * Backend app client for machine-to-machine (M2M) authentication
+     * Uses OAuth 2.0 Client Credentials grant type
+     * Generates a client secret for authentication
+     */
+    AppClientType["BACKEND"] = "backend";
+    /**
+     * Frontend app client for user authentication
+     * Uses OAuth 2.0 Authorization Code or Implicit grant types
+     * Supports callback URLs and logout URLs for browser-based flows
+     */
+    AppClientType["FRONTEND"] = "frontend";
+})(AppClientType || (AppClientType = {}));
+/**
+ * A Cognito App Client managed through Vy's central Cognito service
+ *
+ * App clients are the user pool authentication resources attached to your app.
+ * Use an app client to configure the permitted authentication actions for an app.
+ *
+ * There are two types of app clients:
+ * - **Backend**: Machine-to-machine authentication using OAuth 2.0 Client Credentials
+ * - **Frontend**: User authentication using OAuth 2.0 Authorization Code or Implicit Grant
+ *
+ * @example
+ * // Backend app client for M2M authentication
+ * const backendClient = new CognitoAppClient(this, 'BackendClient', {
+ *   environment: VyEnvironment.TEST,
+ *   name: 'my-backend-service',
+ *   type: AppClientType.BACKEND,
+ *   scopes: ['https://api.vydev.io/read', 'https://api.vydev.io/write']
+ * });
+ *
+ * // Access credentials
+ * const clientId = backendClient.clientId;
+ * const clientSecret = backendClient.clientSecret; // Stored in Secrets Manager
+ *
+ * @example
+ * // Frontend app client for user authentication
+ * const frontendClient = new CognitoAppClient(this, 'FrontendClient', {
+ *   environment: VyEnvironment.PROD,
+ *   name: 'my-web-app',
+ *   type: AppClientType.FRONTEND,
+ *   scopes: ['email', 'openid', 'profile'],
+ *   callbackUrls: ['https://my-app.vydev.io/auth/callback'],
+ *   logoutUrls: ['https://my-app.vydev.io/logout']
+ * });
+ */
+export class CognitoAppClient extends Construct {
+    /**
+     * The name of the app client
+     */
+    name;
+    /**
+     * The underlying custom resource
+     */
+    resource;
+    /**
+     * The logGroup for the event handler lambda
+     */
+    lambdaLogGroup;
+    /**
+     * The logGroup for the custom resource provider
+     */
+    providerLogGroup;
+    /**
+     * The client ID for authentication
+     */
+    clientId;
+    /**
+     * The client secret (only for backend clients)
+     * If storeSecretInSecretsManager is true, this returns a reference to the secret value
+     */
+    clientSecret;
+    /**
+     * The Secrets Manager secret containing the client secret
+     * Only available if storeSecretInSecretsManager is true and type is backend
+     */
+    clientSecretSecret;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.name = props.name;
+        if (props.type === AppClientType.FRONTEND &&
+            props.callbackUrls &&
+            props.callbackUrls.length === 0) {
+            cdk.Annotations.of(this).addWarning("Frontend app clients typically require callbackUrls for OAuth flows");
+        }
+        this.lambdaLogGroup = new logs.LogGroup(this, "LambdaLogGroup", {
+            retention: props.logsRetention ?? logs.RetentionDays.ONE_WEEK,
+        });
+        const onEventHandler = new NodejsFunction(this, "OnEventHandler", {
+            runtime: lambda.Runtime.NODEJS_22_X,
+            handler: "handler",
+            entry: require.resolve(`${__dirname}/handler`),
+            timeout: cdk.Duration.minutes(2),
+            memorySize: 256,
+            logGroup: this.lambdaLogGroup,
+            environment: props.cognitoBaseDomain
+                ? {
+                    COGNITO_BASE_DOMAIN: props.cognitoBaseDomain,
+                }
+                : undefined,
+            bundling: {
+                minify: true,
+                sourceMap: true,
+                target: "es2020",
+                externalModules: ["aws-sdk"],
+            },
+        });
+        onEventHandler.addToRolePolicy(new iam.PolicyStatement({
+            effect: iam.Effect.ALLOW,
+            actions: ["execute-api:Invoke"],
+            resources: ["*"], // Can be scoped down if API Gateway ARN is known
+        }));
+        this.providerLogGroup = new logs.LogGroup(this, "ProviderLogGroup", {
+            retention: props.logsRetention ?? logs.RetentionDays.ONE_WEEK,
+        });
+        const provider = new cr.Provider(this, "Provider", {
+            onEventHandler,
+            logGroup: this.providerLogGroup,
+        });
+        this.resource = new cdk.CustomResource(this, "Resource", {
+            serviceToken: provider.serviceToken,
+            properties: {
+                Environment: props.environment,
+                Name: props.name,
+                Type: props.type,
+                Scopes: props.scopes || [],
+                CallbackUrls: props.callbackUrls || [],
+                LogoutUrls: props.logoutUrls || [],
+                GenerateSecret: props.generateSecret,
+            },
+            // Force replacement if type changes
+            resourceType: "Custom::VyCognitoAppClient",
+        });
+        this.clientId = this.resource.getAttString("ClientId");
+        const shouldStoreSecret = props.storeSecretInSecretsManager !== false;
+        if (props.type === AppClientType.BACKEND && shouldStoreSecret) {
+            const secretValue = this.resource.getAttString("ClientSecret");
+            this.clientSecretSecret = new secretsmanager.Secret(this, "ClientSecret", {
+                secretName: props.secretName ??
+                    `vy/${props.environment}/cognito/app-client/${props.name}`,
+                description: `Client secret for Vy Cognito app client ${props.name}`,
+                secretStringValue: cdk.SecretValue.unsafePlainText(secretValue),
+            });
+            this.clientSecret = this.clientSecretSecret.secretValue.unsafeUnwrap();
+        }
+        else if (props.type === AppClientType.BACKEND) {
+            this.clientSecret = this.resource.getAttString("ClientSecret");
+        }
+    }
+    /**
+     * Grant read access to the client secret (if it exists in Secrets Manager)
+     */
+    grantReadSecret(grantee) {
+        if (!this.clientSecretSecret) {
+            throw new Error("Client secret is not stored in Secrets Manager");
+        }
+        return this.clientSecretSecret.grantRead(grantee);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by1hcHAtY2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvZ25pdG8tYXBwLWNsaWVudC9jb2duaXRvLWFwcC1jbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sYUFBYSxDQUFBO0FBQzNDLE9BQU8sS0FBSyxJQUFJLE1BQU0sV0FBVyxDQUFBO0FBQ2pDLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxVQUFVLENBQUE7QUFDeEMsT0FBTyxLQUFLLEdBQUcsTUFBTSxhQUFhLENBQUE7QUFDbEMsT0FBTyxLQUFLLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQTtBQUMxQyxPQUFPLEtBQUssTUFBTSxNQUFNLHdCQUF3QixDQUFBO0FBQ2hELE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQTtBQUM5RCxPQUFPLEtBQUssSUFBSSxNQUFNLHNCQUFzQixDQUFBO0FBQzVDLE9BQU8sS0FBSyxjQUFjLE1BQU0sZ0NBQWdDLENBQUE7QUFDaEUsT0FBTyxLQUFLLEVBQUUsTUFBTSw4QkFBOEIsQ0FBQTtBQUNsRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sWUFBWSxDQUFBO0FBR3RDLE1BQU0sT0FBTyxHQUFHLGFBQWEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0FBQzlDLE1BQU0sVUFBVSxHQUFHLGFBQWEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0FBQ2pELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUE7QUFFMUM7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxhQWNYO0FBZEQsV0FBWSxhQUFhO0lBQ3ZCOzs7O09BSUc7SUFDSCxvQ0FBbUIsQ0FBQTtJQUVuQjs7OztPQUlHO0lBQ0gsc0NBQXFCLENBQUE7QUFDdkIsQ0FBQyxFQWRXLGFBQWEsS0FBYixhQUFhLFFBY3hCO0FBaUZEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQ0c7QUFDSCxNQUFNLE9BQU8sZ0JBQWlCLFNBQVEsU0FBUztJQUM3Qzs7T0FFRztJQUNhLElBQUksQ0FBUTtJQUU1Qjs7T0FFRztJQUNhLFFBQVEsQ0FBb0I7SUFFNUM7O09BRUc7SUFDYSxjQUFjLENBQWU7SUFFN0M7O09BRUc7SUFDYSxnQkFBZ0IsQ0FBZTtJQUUvQzs7T0FFRztJQUNhLFFBQVEsQ0FBUTtJQUVoQzs7O09BR0c7SUFDYSxZQUFZLENBQVM7SUFFckM7OztPQUdHO0lBQ2Esa0JBQWtCLENBQXlCO0lBRTNELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNEI7UUFDcEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsSUFBSSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUE7UUFFdEIsSUFDRSxLQUFLLENBQUMsSUFBSSxLQUFLLGFBQWEsQ0FBQyxRQUFRO1lBQ3JDLEtBQUssQ0FBQyxZQUFZO1lBQ2xCLEtBQUssQ0FBQyxZQUFZLENBQUMsTUFBTSxLQUFLLENBQUMsRUFDL0IsQ0FBQztZQUNELEdBQUcsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLFVBQVUsQ0FDakMscUVBQXFFLENBQ3RFLENBQUE7UUFDSCxDQUFDO1FBRUQsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQzlELFNBQVMsRUFBRSxLQUFLLENBQUMsYUFBYSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsUUFBUTtTQUM5RCxDQUFDLENBQUE7UUFFRixNQUFNLGNBQWMsR0FBRyxJQUFJLGNBQWMsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7WUFDaEUsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUMsV0FBVztZQUNuQyxPQUFPLEVBQUUsU0FBUztZQUNsQixLQUFLLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLFNBQVMsVUFBVSxDQUFDO1lBQzlDLE9BQU8sRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7WUFDaEMsVUFBVSxFQUFFLEdBQUc7WUFDZixRQUFRLEVBQUUsSUFBSSxDQUFDLGNBQWM7WUFDN0IsV0FBVyxFQUFFLEtBQUssQ0FBQyxpQkFBaUI7Z0JBQ2xDLENBQUMsQ0FBQztvQkFDRSxtQkFBbUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO2lCQUM3QztnQkFDSCxDQUFDLENBQUMsU0FBUztZQUNiLFFBQVEsRUFBRTtnQkFDUixNQUFNLEVBQUUsSUFBSTtnQkFDWixTQUFTLEVBQUUsSUFBSTtnQkFDZixNQUFNLEVBQUUsUUFBUTtnQkFDaEIsZUFBZSxFQUFFLENBQUMsU0FBUyxDQUFDO2FBQzdCO1NBQ0YsQ0FBQyxDQUFBO1FBRUYsY0FBYyxDQUFDLGVBQWUsQ0FDNUIsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7WUFDeEIsT0FBTyxFQUFFLENBQUMsb0JBQW9CLENBQUM7WUFDL0IsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDLEVBQUUsaURBQWlEO1NBQ3BFLENBQUMsQ0FDSCxDQUFBO1FBRUQsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsa0JBQWtCLEVBQUU7WUFDbEUsU0FBUyxFQUFFLEtBQUssQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRO1NBQzlELENBQUMsQ0FBQTtRQUVGLE1BQU0sUUFBUSxHQUFHLElBQUksRUFBRSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ2pELGNBQWM7WUFDZCxRQUFRLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtTQUNoQyxDQUFDLENBQUE7UUFFRixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksR0FBRyxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3ZELFlBQVksRUFBRSxRQUFRLENBQUMsWUFBWTtZQUNuQyxVQUFVLEVBQUU7Z0JBQ1YsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7Z0JBQ2hCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtnQkFDaEIsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksRUFBRTtnQkFDMUIsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZLElBQUksRUFBRTtnQkFDdEMsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVLElBQUksRUFBRTtnQkFDbEMsY0FBYyxFQUFFLEtBQUssQ0FBQyxjQUFjO2FBQ3JDO1lBQ0Qsb0NBQW9DO1lBQ3BDLFlBQVksRUFBRSw0QkFBNEI7U0FDM0MsQ0FBQyxDQUFBO1FBRUYsSUFBSSxDQUFDLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsQ0FBQTtRQUV0RCxNQUFNLGlCQUFpQixHQUFHLEtBQUssQ0FBQywyQkFBMkIsS0FBSyxLQUFLLENBQUE7UUFDckUsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLGFBQWEsQ0FBQyxPQUFPLElBQUksaUJBQWlCLEVBQUUsQ0FBQztZQUM5RCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUU5RCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsSUFBSSxjQUFjLENBQUMsTUFBTSxDQUNqRCxJQUFJLEVBQ0osY0FBYyxFQUNkO2dCQUNFLFVBQVUsRUFDUixLQUFLLENBQUMsVUFBVTtvQkFDaEIsTUFBTSxLQUFLLENBQUMsV0FBVyx1QkFBdUIsS0FBSyxDQUFDLElBQUksRUFBRTtnQkFDNUQsV0FBVyxFQUFFLDJDQUEyQyxLQUFLLENBQUMsSUFBSSxFQUFFO2dCQUNwRSxpQkFBaUIsRUFBRSxHQUFHLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUM7YUFDaEUsQ0FDRixDQUFBO1lBRUQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLFlBQVksRUFBRSxDQUFBO1FBQ3hFLENBQUM7YUFBTSxJQUFJLEtBQUssQ0FBQyxJQUFJLEtBQUssYUFBYSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2hELElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDaEUsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLGVBQWUsQ0FBQyxPQUF1QjtRQUM1QyxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDN0IsTUFBTSxJQUFJLEtBQUssQ0FBQyxnREFBZ0QsQ0FBQyxDQUFBO1FBQ25FLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUE7SUFDbkQsQ0FBQztDQUNGIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBDREsgQ29uc3RydWN0IGZvciBDb2duaXRvIEFwcCBDbGllbnRcbiAqL1xuXG5pbXBvcnQgeyBjcmVhdGVSZXF1aXJlIH0gZnJvbSBcIm5vZGU6bW9kdWxlXCJcbmltcG9ydCAqIGFzIHBhdGggZnJvbSBcIm5vZGU6cGF0aFwiXG5pbXBvcnQgeyBmaWxlVVJMVG9QYXRoIH0gZnJvbSBcIm5vZGU6dXJsXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0ICogYXMgaWFtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCJcbmltcG9ydCAqIGFzIGxhbWJkYSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxhbWJkYVwiXG5pbXBvcnQgeyBOb2RlanNGdW5jdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhLW5vZGVqc1wiXG5pbXBvcnQgKiBhcyBsb2dzIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbG9nc1wiXG5pbXBvcnQgKiBhcyBzZWNyZXRzbWFuYWdlciBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyXCJcbmltcG9ydCAqIGFzIGNyIGZyb20gXCJhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzXCJcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCJcbmltcG9ydCB0eXBlIHsgVnlFbnZpcm9ubWVudCB9IGZyb20gXCIuLi9zaGFyZWQvdHlwZXNcIlxuXG5jb25zdCByZXF1aXJlID0gY3JlYXRlUmVxdWlyZShpbXBvcnQubWV0YS51cmwpXG5jb25zdCBfX2ZpbGVuYW1lID0gZmlsZVVSTFRvUGF0aChpbXBvcnQubWV0YS51cmwpXG5jb25zdCBfX2Rpcm5hbWUgPSBwYXRoLmRpcm5hbWUoX19maWxlbmFtZSlcblxuLyoqXG4gKiBUeXBlIG9mIGFwcCBjbGllbnRcbiAqL1xuZXhwb3J0IGVudW0gQXBwQ2xpZW50VHlwZSB7XG4gIC8qKlxuICAgKiBCYWNrZW5kIGFwcCBjbGllbnQgZm9yIG1hY2hpbmUtdG8tbWFjaGluZSAoTTJNKSBhdXRoZW50aWNhdGlvblxuICAgKiBVc2VzIE9BdXRoIDIuMCBDbGllbnQgQ3JlZGVudGlhbHMgZ3JhbnQgdHlwZVxuICAgKiBHZW5lcmF0ZXMgYSBjbGllbnQgc2VjcmV0IGZvciBhdXRoZW50aWNhdGlvblxuICAgKi9cbiAgQkFDS0VORCA9IFwiYmFja2VuZFwiLFxuXG4gIC8qKlxuICAgKiBGcm9udGVuZCBhcHAgY2xpZW50IGZvciB1c2VyIGF1dGhlbnRpY2F0aW9uXG4gICAqIFVzZXMgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gQ29kZSBvciBJbXBsaWNpdCBncmFudCB0eXBlc1xuICAgKiBTdXBwb3J0cyBjYWxsYmFjayBVUkxzIGFuZCBsb2dvdXQgVVJMcyBmb3IgYnJvd3Nlci1iYXNlZCBmbG93c1xuICAgKi9cbiAgRlJPTlRFTkQgPSBcImZyb250ZW5kXCIsXG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29nbml0b0FwcENsaWVudFByb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBWeSBlbnZpcm9ubWVudCB0byBwcm92aXNpb24gaW4gKGUuZy4sIFZ5RW52aXJvbm1lbnQuUFJPRCwgVnlFbnZpcm9ubWVudC5TVEFHRSwgVnlFbnZpcm9ubWVudC5URVNUKVxuICAgKi9cbiAgcmVhZG9ubHkgZW52aXJvbm1lbnQ6IFZ5RW52aXJvbm1lbnRcblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIGFwcCBjbGllbnRcbiAgICogTXVzdCBiZSB1bmlxdWUgd2l0aGluIHRoZSBlbnZpcm9ubWVudFxuICAgKi9cbiAgcmVhZG9ubHkgbmFtZTogc3RyaW5nXG5cbiAgLyoqXG4gICAqIFRoZSB0eXBlIG9mIGFwcCBjbGllbnRcbiAgICogLSBiYWNrZW5kOiBNYWNoaW5lLXRvLW1hY2hpbmUgYXV0aGVudGljYXRpb24gd2l0aCBjbGllbnQgY3JlZGVudGlhbHNcbiAgICogLSBmcm9udGVuZDogVXNlciBhdXRoZW50aWNhdGlvbiB3aXRoIGF1dGhvcml6YXRpb24gY29kZSBvciBpbXBsaWNpdCBncmFudFxuICAgKi9cbiAgcmVhZG9ubHkgdHlwZTogQXBwQ2xpZW50VHlwZVxuXG4gIC8qKlxuICAgKiBPQXV0aCBzY29wZXMgZm9yIHRoaXMgY2xpZW50XG4gICAqXG4gICAqIEZvciBiYWNrZW5kIGNsaWVudHM6IFVzZSByZXNvdXJjZSBzZXJ2ZXIgc2NvcGVzIChlLmcuLCAnaHR0cHM6Ly9hcGkudnlkZXYuaW8vcmVhZCcpXG4gICAqIEZvciBmcm9udGVuZCBjbGllbnRzOiBVc2UgT0lEQyBzY29wZXMgKGUuZy4sICdlbWFpbCcsICdvcGVuaWQnLCAncHJvZmlsZScpXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRW1wdHkgYXJyYXlcbiAgICovXG4gIHJlYWRvbmx5IHNjb3Blcz86IHN0cmluZ1tdXG5cbiAgLyoqXG4gICAqIENhbGxiYWNrIFVSTHMgZm9yIE9BdXRoIGZsb3dzXG4gICAqIE9ubHkgdXNlZCB3aXRoIGZyb250ZW5kIGNsaWVudHNcbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBjYWxsYmFjayBVUkxzXG4gICAqL1xuICByZWFkb25seSBjYWxsYmFja1VybHM/OiBzdHJpbmdbXVxuXG4gIC8qKlxuICAgKiBMb2dvdXQgVVJMcyBmb3IgT0F1dGggZmxvd3NcbiAgICogT25seSB1c2VkIHdpdGggZnJvbnRlbmQgY2xpZW50c1xuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIGxvZ291dCBVUkxzXG4gICAqL1xuICByZWFkb25seSBsb2dvdXRVcmxzPzogc3RyaW5nW11cblxuICAvKipcbiAgICogV2hldGhlciB0byBnZW5lcmF0ZSBhIGNsaWVudCBzZWNyZXRcbiAgICogQXV0b21hdGljYWxseSBzZXQgYmFzZWQgb24gdHlwZSwgYnV0IGNhbiBiZSBvdmVycmlkZGVuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZSBmb3IgYmFja2VuZCwgZmFsc2UgZm9yIGZyb250ZW5kXG4gICAqL1xuICByZWFkb25seSBnZW5lcmF0ZVNlY3JldD86IGJvb2xlYW5cblxuICAvKipcbiAgICogV2hldGhlciB0byBzdG9yZSB0aGUgY2xpZW50IHNlY3JldCBpbiBBV1MgU2VjcmV0cyBNYW5hZ2VyXG4gICAqIE9ubHkgYXBwbGljYWJsZSBpZiBnZW5lcmF0ZVNlY3JldCBpcyB0cnVlXG4gICAqXG4gICAqIEBkZWZhdWx0IHRydWVcbiAgICovXG4gIHJlYWRvbmx5IHN0b3JlU2VjcmV0SW5TZWNyZXRzTWFuYWdlcj86IGJvb2xlYW5cblxuICAvKipcbiAgICogTmFtZSBvZiB0aGUgc2VjcmV0IGluIEFXUyBTZWNyZXRzIE1hbmFnZXJcbiAgICogT25seSBhcHBsaWNhYmxlIGlmIGdlbmVyYXRlU2VjcmV0IGlzIHRydWVcbiAgICovXG4gIHJlYWRvbmx5IHNlY3JldE5hbWU/OiBzdHJpbmdcblxuICAvKipcbiAgICogQmFzZSBkb21haW4gZm9yIENvZ25pdG8gc2VydmljZVxuICAgKiBAZGVmYXVsdCAnY29nbml0by52eWRldi5pbydcbiAgICovXG4gIHJlYWRvbmx5IGNvZ25pdG9CYXNlRG9tYWluPzogc3RyaW5nXG5cbiAgLyoqXG4gICAqIEBkZWZhdWx0IGxvZ3MuUmV0ZW50aW9uRGF5cy5PTkVfV0VFS1xuICAgKi9cbiAgcmVhZG9ubHkgbG9nc1JldGVudGlvbj86IGxvZ3MuUmV0ZW50aW9uRGF5c1xufVxuXG4vKipcbiAqIEEgQ29nbml0byBBcHAgQ2xpZW50IG1hbmFnZWQgdGhyb3VnaCBWeSdzIGNlbnRyYWwgQ29nbml0byBzZXJ2aWNlXG4gKlxuICogQXBwIGNsaWVudHMgYXJlIHRoZSB1c2VyIHBvb2wgYXV0aGVudGljYXRpb24gcmVzb3VyY2VzIGF0dGFjaGVkIHRvIHlvdXIgYXBwLlxuICogVXNlIGFuIGFwcCBjbGllbnQgdG8gY29uZmlndXJlIHRoZSBwZXJtaXR0ZWQgYXV0aGVudGljYXRpb24gYWN0aW9ucyBmb3IgYW4gYXBwLlxuICpcbiAqIFRoZXJlIGFyZSB0d28gdHlwZXMgb2YgYXBwIGNsaWVudHM6XG4gKiAtICoqQmFja2VuZCoqOiBNYWNoaW5lLXRvLW1hY2hpbmUgYXV0aGVudGljYXRpb24gdXNpbmcgT0F1dGggMi4wIENsaWVudCBDcmVkZW50aWFsc1xuICogLSAqKkZyb250ZW5kKio6IFVzZXIgYXV0aGVudGljYXRpb24gdXNpbmcgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gQ29kZSBvciBJbXBsaWNpdCBHcmFudFxuICpcbiAqIEBleGFtcGxlXG4gKiAvLyBCYWNrZW5kIGFwcCBjbGllbnQgZm9yIE0yTSBhdXRoZW50aWNhdGlvblxuICogY29uc3QgYmFja2VuZENsaWVudCA9IG5ldyBDb2duaXRvQXBwQ2xpZW50KHRoaXMsICdCYWNrZW5kQ2xpZW50Jywge1xuICogICBlbnZpcm9ubWVudDogVnlFbnZpcm9ubWVudC5URVNULFxuICogICBuYW1lOiAnbXktYmFja2VuZC1zZXJ2aWNlJyxcbiAqICAgdHlwZTogQXBwQ2xpZW50VHlwZS5CQUNLRU5ELFxuICogICBzY29wZXM6IFsnaHR0cHM6Ly9hcGkudnlkZXYuaW8vcmVhZCcsICdodHRwczovL2FwaS52eWRldi5pby93cml0ZSddXG4gKiB9KTtcbiAqXG4gKiAvLyBBY2Nlc3MgY3JlZGVudGlhbHNcbiAqIGNvbnN0IGNsaWVudElkID0gYmFja2VuZENsaWVudC5jbGllbnRJZDtcbiAqIGNvbnN0IGNsaWVudFNlY3JldCA9IGJhY2tlbmRDbGllbnQuY2xpZW50U2VjcmV0OyAvLyBTdG9yZWQgaW4gU2VjcmV0cyBNYW5hZ2VyXG4gKlxuICogQGV4YW1wbGVcbiAqIC8vIEZyb250ZW5kIGFwcCBjbGllbnQgZm9yIHVzZXIgYXV0aGVudGljYXRpb25cbiAqIGNvbnN0IGZyb250ZW5kQ2xpZW50ID0gbmV3IENvZ25pdG9BcHBDbGllbnQodGhpcywgJ0Zyb250ZW5kQ2xpZW50Jywge1xuICogICBlbnZpcm9ubWVudDogVnlFbnZpcm9ubWVudC5QUk9ELFxuICogICBuYW1lOiAnbXktd2ViLWFwcCcsXG4gKiAgIHR5cGU6IEFwcENsaWVudFR5cGUuRlJPTlRFTkQsXG4gKiAgIHNjb3BlczogWydlbWFpbCcsICdvcGVuaWQnLCAncHJvZmlsZSddLFxuICogICBjYWxsYmFja1VybHM6IFsnaHR0cHM6Ly9teS1hcHAudnlkZXYuaW8vYXV0aC9jYWxsYmFjayddLFxuICogICBsb2dvdXRVcmxzOiBbJ2h0dHBzOi8vbXktYXBwLnZ5ZGV2LmlvL2xvZ291dCddXG4gKiB9KTtcbiAqL1xuZXhwb3J0IGNsYXNzIENvZ25pdG9BcHBDbGllbnQgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIGFwcCBjbGllbnRcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBuYW1lOiBzdHJpbmdcblxuICAvKipcbiAgICogVGhlIHVuZGVybHlpbmcgY3VzdG9tIHJlc291cmNlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcmVzb3VyY2U6IGNkay5DdXN0b21SZXNvdXJjZVxuXG4gIC8qKlxuICAgKiBUaGUgbG9nR3JvdXAgZm9yIHRoZSBldmVudCBoYW5kbGVyIGxhbWJkYVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGxhbWJkYUxvZ0dyb3VwOiBsb2dzLkxvZ0dyb3VwXG5cbiAgLyoqXG4gICAqIFRoZSBsb2dHcm91cCBmb3IgdGhlIGN1c3RvbSByZXNvdXJjZSBwcm92aWRlclxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IHByb3ZpZGVyTG9nR3JvdXA6IGxvZ3MuTG9nR3JvdXBcblxuICAvKipcbiAgICogVGhlIGNsaWVudCBJRCBmb3IgYXV0aGVudGljYXRpb25cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBjbGllbnRJZDogc3RyaW5nXG5cbiAgLyoqXG4gICAqIFRoZSBjbGllbnQgc2VjcmV0IChvbmx5IGZvciBiYWNrZW5kIGNsaWVudHMpXG4gICAqIElmIHN0b3JlU2VjcmV0SW5TZWNyZXRzTWFuYWdlciBpcyB0cnVlLCB0aGlzIHJldHVybnMgYSByZWZlcmVuY2UgdG8gdGhlIHNlY3JldCB2YWx1ZVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGNsaWVudFNlY3JldD86IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBUaGUgU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBjb250YWluaW5nIHRoZSBjbGllbnQgc2VjcmV0XG4gICAqIE9ubHkgYXZhaWxhYmxlIGlmIHN0b3JlU2VjcmV0SW5TZWNyZXRzTWFuYWdlciBpcyB0cnVlIGFuZCB0eXBlIGlzIGJhY2tlbmRcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBjbGllbnRTZWNyZXRTZWNyZXQ/OiBzZWNyZXRzbWFuYWdlci5JU2VjcmV0XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IENvZ25pdG9BcHBDbGllbnRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIHRoaXMubmFtZSA9IHByb3BzLm5hbWVcblxuICAgIGlmIChcbiAgICAgIHByb3BzLnR5cGUgPT09IEFwcENsaWVudFR5cGUuRlJPTlRFTkQgJiZcbiAgICAgIHByb3BzLmNhbGxiYWNrVXJscyAmJlxuICAgICAgcHJvcHMuY2FsbGJhY2tVcmxzLmxlbmd0aCA9PT0gMFxuICAgICkge1xuICAgICAgY2RrLkFubm90YXRpb25zLm9mKHRoaXMpLmFkZFdhcm5pbmcoXG4gICAgICAgIFwiRnJvbnRlbmQgYXBwIGNsaWVudHMgdHlwaWNhbGx5IHJlcXVpcmUgY2FsbGJhY2tVcmxzIGZvciBPQXV0aCBmbG93c1wiLFxuICAgICAgKVxuICAgIH1cblxuICAgIHRoaXMubGFtYmRhTG9nR3JvdXAgPSBuZXcgbG9ncy5Mb2dHcm91cCh0aGlzLCBcIkxhbWJkYUxvZ0dyb3VwXCIsIHtcbiAgICAgIHJldGVudGlvbjogcHJvcHMubG9nc1JldGVudGlvbiA/PyBsb2dzLlJldGVudGlvbkRheXMuT05FX1dFRUssXG4gICAgfSlcblxuICAgIGNvbnN0IG9uRXZlbnRIYW5kbGVyID0gbmV3IE5vZGVqc0Z1bmN0aW9uKHRoaXMsIFwiT25FdmVudEhhbmRsZXJcIiwge1xuICAgICAgcnVudGltZTogbGFtYmRhLlJ1bnRpbWUuTk9ERUpTXzIyX1gsXG4gICAgICBoYW5kbGVyOiBcImhhbmRsZXJcIixcbiAgICAgIGVudHJ5OiByZXF1aXJlLnJlc29sdmUoYCR7X19kaXJuYW1lfS9oYW5kbGVyYCksXG4gICAgICB0aW1lb3V0OiBjZGsuRHVyYXRpb24ubWludXRlcygyKSxcbiAgICAgIG1lbW9yeVNpemU6IDI1NixcbiAgICAgIGxvZ0dyb3VwOiB0aGlzLmxhbWJkYUxvZ0dyb3VwLFxuICAgICAgZW52aXJvbm1lbnQ6IHByb3BzLmNvZ25pdG9CYXNlRG9tYWluXG4gICAgICAgID8ge1xuICAgICAgICAgICAgQ09HTklUT19CQVNFX0RPTUFJTjogcHJvcHMuY29nbml0b0Jhc2VEb21haW4sXG4gICAgICAgICAgfVxuICAgICAgICA6IHVuZGVmaW5lZCxcbiAgICAgIGJ1bmRsaW5nOiB7XG4gICAgICAgIG1pbmlmeTogdHJ1ZSxcbiAgICAgICAgc291cmNlTWFwOiB0cnVlLFxuICAgICAgICB0YXJnZXQ6IFwiZXMyMDIwXCIsXG4gICAgICAgIGV4dGVybmFsTW9kdWxlczogW1wiYXdzLXNka1wiXSxcbiAgICAgIH0sXG4gICAgfSlcblxuICAgIG9uRXZlbnRIYW5kbGVyLmFkZFRvUm9sZVBvbGljeShcbiAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgICBhY3Rpb25zOiBbXCJleGVjdXRlLWFwaTpJbnZva2VcIl0sXG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXSwgLy8gQ2FuIGJlIHNjb3BlZCBkb3duIGlmIEFQSSBHYXRld2F5IEFSTiBpcyBrbm93blxuICAgICAgfSksXG4gICAgKVxuXG4gICAgdGhpcy5wcm92aWRlckxvZ0dyb3VwID0gbmV3IGxvZ3MuTG9nR3JvdXAodGhpcywgXCJQcm92aWRlckxvZ0dyb3VwXCIsIHtcbiAgICAgIHJldGVudGlvbjogcHJvcHMubG9nc1JldGVudGlvbiA/PyBsb2dzLlJldGVudGlvbkRheXMuT05FX1dFRUssXG4gICAgfSlcblxuICAgIGNvbnN0IHByb3ZpZGVyID0gbmV3IGNyLlByb3ZpZGVyKHRoaXMsIFwiUHJvdmlkZXJcIiwge1xuICAgICAgb25FdmVudEhhbmRsZXIsXG4gICAgICBsb2dHcm91cDogdGhpcy5wcm92aWRlckxvZ0dyb3VwLFxuICAgIH0pXG5cbiAgICB0aGlzLnJlc291cmNlID0gbmV3IGNkay5DdXN0b21SZXNvdXJjZSh0aGlzLCBcIlJlc291cmNlXCIsIHtcbiAgICAgIHNlcnZpY2VUb2tlbjogcHJvdmlkZXIuc2VydmljZVRva2VuLFxuICAgICAgcHJvcGVydGllczoge1xuICAgICAgICBFbnZpcm9ubWVudDogcHJvcHMuZW52aXJvbm1lbnQsXG4gICAgICAgIE5hbWU6IHByb3BzLm5hbWUsXG4gICAgICAgIFR5cGU6IHByb3BzLnR5cGUsXG4gICAgICAgIFNjb3BlczogcHJvcHMuc2NvcGVzIHx8IFtdLFxuICAgICAgICBDYWxsYmFja1VybHM6IHByb3BzLmNhbGxiYWNrVXJscyB8fCBbXSxcbiAgICAgICAgTG9nb3V0VXJsczogcHJvcHMubG9nb3V0VXJscyB8fCBbXSxcbiAgICAgICAgR2VuZXJhdGVTZWNyZXQ6IHByb3BzLmdlbmVyYXRlU2VjcmV0LFxuICAgICAgfSxcbiAgICAgIC8vIEZvcmNlIHJlcGxhY2VtZW50IGlmIHR5cGUgY2hhbmdlc1xuICAgICAgcmVzb3VyY2VUeXBlOiBcIkN1c3RvbTo6VnlDb2duaXRvQXBwQ2xpZW50XCIsXG4gICAgfSlcblxuICAgIHRoaXMuY2xpZW50SWQgPSB0aGlzLnJlc291cmNlLmdldEF0dFN0cmluZyhcIkNsaWVudElkXCIpXG5cbiAgICBjb25zdCBzaG91bGRTdG9yZVNlY3JldCA9IHByb3BzLnN0b3JlU2VjcmV0SW5TZWNyZXRzTWFuYWdlciAhPT0gZmFsc2VcbiAgICBpZiAocHJvcHMudHlwZSA9PT0gQXBwQ2xpZW50VHlwZS5CQUNLRU5EICYmIHNob3VsZFN0b3JlU2VjcmV0KSB7XG4gICAgICBjb25zdCBzZWNyZXRWYWx1ZSA9IHRoaXMucmVzb3VyY2UuZ2V0QXR0U3RyaW5nKFwiQ2xpZW50U2VjcmV0XCIpXG5cbiAgICAgIHRoaXMuY2xpZW50U2VjcmV0U2VjcmV0ID0gbmV3IHNlY3JldHNtYW5hZ2VyLlNlY3JldChcbiAgICAgICAgdGhpcyxcbiAgICAgICAgXCJDbGllbnRTZWNyZXRcIixcbiAgICAgICAge1xuICAgICAgICAgIHNlY3JldE5hbWU6XG4gICAgICAgICAgICBwcm9wcy5zZWNyZXROYW1lID8/XG4gICAgICAgICAgICBgdnkvJHtwcm9wcy5lbnZpcm9ubWVudH0vY29nbml0by9hcHAtY2xpZW50LyR7cHJvcHMubmFtZX1gLFxuICAgICAgICAgIGRlc2NyaXB0aW9uOiBgQ2xpZW50IHNlY3JldCBmb3IgVnkgQ29nbml0byBhcHAgY2xpZW50ICR7cHJvcHMubmFtZX1gLFxuICAgICAgICAgIHNlY3JldFN0cmluZ1ZhbHVlOiBjZGsuU2VjcmV0VmFsdWUudW5zYWZlUGxhaW5UZXh0KHNlY3JldFZhbHVlKSxcbiAgICAgICAgfSxcbiAgICAgIClcblxuICAgICAgdGhpcy5jbGllbnRTZWNyZXQgPSB0aGlzLmNsaWVudFNlY3JldFNlY3JldC5zZWNyZXRWYWx1ZS51bnNhZmVVbndyYXAoKVxuICAgIH0gZWxzZSBpZiAocHJvcHMudHlwZSA9PT0gQXBwQ2xpZW50VHlwZS5CQUNLRU5EKSB7XG4gICAgICB0aGlzLmNsaWVudFNlY3JldCA9IHRoaXMucmVzb3VyY2UuZ2V0QXR0U3RyaW5nKFwiQ2xpZW50U2VjcmV0XCIpXG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50IHJlYWQgYWNjZXNzIHRvIHRoZSBjbGllbnQgc2VjcmV0IChpZiBpdCBleGlzdHMgaW4gU2VjcmV0cyBNYW5hZ2VyKVxuICAgKi9cbiAgcHVibGljIGdyYW50UmVhZFNlY3JldChncmFudGVlOiBpYW0uSUdyYW50YWJsZSk6IGlhbS5HcmFudCB7XG4gICAgaWYgKCF0aGlzLmNsaWVudFNlY3JldFNlY3JldCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFwiQ2xpZW50IHNlY3JldCBpcyBub3Qgc3RvcmVkIGluIFNlY3JldHMgTWFuYWdlclwiKVxuICAgIH1cbiAgICByZXR1cm4gdGhpcy5jbGllbnRTZWNyZXRTZWNyZXQuZ3JhbnRSZWFkKGdyYW50ZWUpXG4gIH1cbn1cbiJdfQ==

package/lib/cognito-app-client/handler.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Lambda handler for CognitoAppClient custom resource
+ */
+import type { CustomResourceRequest, CustomResourceResponse } from "../shared/types";
+export declare function handler(event: CustomResourceRequest): Promise<CustomResourceResponse>;

package/lib/cognito-app-client/handler.js

@@ -0,0 +1,114 @@
+/**
+ * Lambda handler for CognitoAppClient custom resource
+ */
+import { createFailureResponse, createSuccessResponse, handleError, } from "../shared/custom-resource-handler";
+import { createUrlFromEnvironment, signedRequest } from "../shared/sigv4-client";
+const COGNITO_BASE_DOMAIN = process.env.COGNITO_BASE_DOMAIN || "cognito.vydev.io";
+async function createAppClient(baseUrl, client) {
+    const response = await signedRequest({
+        method: "POST",
+        hostname: baseUrl,
+        path: "/app-clients",
+        body: JSON.stringify(client),
+    });
+    if (response.statusCode !== 201) {
+        throw new Error(`Could not create resource: ${response.statusCode} - ${response.body}`);
+    }
+    return JSON.parse(response.body);
+}
+async function readAppClient(baseUrl, name) {
+    const encodedName = encodeURIComponent(name);
+    const response = await signedRequest({
+        method: "GET",
+        hostname: baseUrl,
+        path: `/app-clients/${encodedName}`,
+    });
+    if (response.statusCode !== 200) {
+        throw new Error(`Could not read resource: ${response.statusCode} - ${response.body}`);
+    }
+    return JSON.parse(response.body);
+}
+async function updateAppClient(baseUrl, update) {
+    const encodedName = encodeURIComponent(update.name);
+    const response = await signedRequest({
+        method: "PUT",
+        hostname: baseUrl,
+        path: `/app-clients/${encodedName}`,
+        body: JSON.stringify(update),
+    });
+    if (response.statusCode !== 200) {
+        throw new Error(`Could not update resource: ${response.statusCode} - ${response.body}`);
+    }
+}
+async function deleteAppClient(baseUrl, name) {
+    const encodedName = encodeURIComponent(name);
+    const response = await signedRequest({
+        method: "DELETE",
+        hostname: baseUrl,
+        path: `/app-clients/${encodedName}`,
+    });
+    if (response.statusCode !== 200) {
+        throw new Error(`Could not delete resource: ${response.statusCode} - ${response.body}`);
+    }
+}
+export async function handler(event) {
+    const props = event.ResourceProperties;
+    const baseUrl = createUrlFromEnvironment(COGNITO_BASE_DOMAIN, "delegated", props.Environment);
+    try {
+        switch (event.RequestType) {
+            case "Create": {
+                // We receive a string value for GenerateSecret, but we need a boolean
+                // See https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1037
+                const generate_secret = typeof props.GenerateSecret === "boolean"
+                    ? props.GenerateSecret
+                    : props.GenerateSecret === "true";
+                const client = {
+                    name: props.Name,
+                    type: props.Type,
+                    scopes: props.Scopes || [],
+                    callback_urls: props.CallbackUrls || [],
+                    logout_urls: props.LogoutUrls || [],
+                    generate_secret,
+                };
+                const created = await createAppClient(baseUrl, client);
+                return createSuccessResponse(event.PhysicalResourceId ?? created.name, {
+                    Name: created.name,
+                    ClientId: created.client_id || "",
+                    ClientSecret: created.client_secret || "",
+                    Type: created.type,
+                });
+            }
+            case "Update": {
+                // Check if Type changed (requires replacement)
+                const oldProps = event.OldResourceProperties;
+                if (oldProps && oldProps.Type !== props.Type) {
+                    throw new Error("Cannot change app client type. This requires resource replacement.");
+                }
+                const update = {
+                    name: props.Name,
+                    scopes: props.Scopes || [],
+                    callback_urls: props.CallbackUrls || [],
+                    logout_urls: props.LogoutUrls || [],
+                };
+                await updateAppClient(baseUrl, update);
+                const updated = await readAppClient(baseUrl, props.Name);
+                return createSuccessResponse(event.PhysicalResourceId ?? updated.name, {
+                    Name: updated.name,
+                    ClientId: updated.client_id || "",
+                    ClientSecret: updated.client_secret || "",
+                    Type: updated.type,
+                });
+            }
+            case "Delete": {
+                const name = event.PhysicalResourceId || props.Name;
+                await deleteAppClient(baseUrl, name);
+                return createSuccessResponse(name, {});
+            }
+        }
+    }
+    catch (error) {
+        console.error("Error:", error);
+        return createFailureResponse(event.PhysicalResourceId || props.Name || "unknown", handleError(error));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jb2duaXRvLWFwcC1jbGllbnQvaGFuZGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUVILE9BQU8sRUFDTCxxQkFBcUIsRUFDckIscUJBQXFCLEVBQ3JCLFdBQVcsR0FDWixNQUFNLG1DQUFtQyxDQUFBO0FBQzFDLE9BQU8sRUFBRSx3QkFBd0IsRUFBRSxhQUFhLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQTtBQVFoRixNQUFNLG1CQUFtQixHQUN2QixPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQixJQUFJLGtCQUFrQixDQUFBO0FBWXZELEtBQUssVUFBVSxlQUFlLENBQzVCLE9BQWUsRUFDZixNQUFpQjtJQUVqQixNQUFNLFFBQVEsR0FBRyxNQUFNLGFBQWEsQ0FBQztRQUNuQyxNQUFNLEVBQUUsTUFBTTtRQUNkLFFBQVEsRUFBRSxPQUFPO1FBQ2pCLElBQUksRUFBRSxjQUFjO1FBQ3BCLElBQUksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQztLQUM3QixDQUFDLENBQUE7SUFFRixJQUFJLFFBQVEsQ0FBQyxVQUFVLEtBQUssR0FBRyxFQUFFLENBQUM7UUFDaEMsTUFBTSxJQUFJLEtBQUssQ0FDYiw4QkFBOEIsUUFBUSxDQUFDLFVBQVUsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQ3ZFLENBQUE7SUFDSCxDQUFDO0lBRUQsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtBQUNsQyxDQUFDO0FBRUQsS0FBSyxVQUFVLGFBQWEsQ0FDMUIsT0FBZSxFQUNmLElBQVk7SUFFWixNQUFNLFdBQVcsR0FBRyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUM1QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGFBQWEsQ0FBQztRQUNuQyxNQUFNLEVBQUUsS0FBSztRQUNiLFFBQVEsRUFBRSxPQUFPO1FBQ2pCLElBQUksRUFBRSxnQkFBZ0IsV0FBVyxFQUFFO0tBQ3BDLENBQUMsQ0FBQTtJQUVGLElBQUksUUFBUSxDQUFDLFVBQVUsS0FBSyxHQUFHLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksS0FBSyxDQUNiLDRCQUE0QixRQUFRLENBQUMsVUFBVSxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FDckUsQ0FBQTtJQUNILENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFBO0FBQ2xDLENBQUM7QUFFRCxLQUFLLFVBQVUsZUFBZSxDQUM1QixPQUFlLEVBQ2YsTUFBOEI7SUFFOUIsTUFBTSxXQUFXLEdBQUcsa0JBQWtCLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ25ELE1BQU0sUUFBUSxHQUFHLE1BQU0sYUFBYSxDQUFDO1FBQ25DLE1BQU0sRUFBRSxLQUFLO1FBQ2IsUUFBUSxFQUFFLE9BQU87UUFDakIsSUFBSSxFQUFFLGdCQUFnQixXQUFXLEVBQUU7UUFDbkMsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO0tBQzdCLENBQUMsQ0FBQTtJQUVGLElBQUksUUFBUSxDQUFDLFVBQVUsS0FBSyxHQUFHLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksS0FBSyxDQUNiLDhCQUE4QixRQUFRLENBQUMsVUFBVSxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FDdkUsQ0FBQTtJQUNILENBQUM7QUFDSCxDQUFDO0FBRUQsS0FBSyxVQUFVLGVBQWUsQ0FBQyxPQUFlLEVBQUUsSUFBWTtJQUMxRCxNQUFNLFdBQVcsR0FBRyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUM1QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGFBQWEsQ0FBQztRQUNuQyxNQUFNLEVBQUUsUUFBUTtRQUNoQixRQUFRLEVBQUUsT0FBTztRQUNqQixJQUFJLEVBQUUsZ0JBQWdCLFdBQVcsRUFBRTtLQUNwQyxDQUFDLENBQUE7SUFFRixJQUFJLFFBQVEsQ0FBQyxVQUFVLEtBQUssR0FBRyxFQUFFLENBQUM7UUFDaEMsTUFBTSxJQUFJLEtBQUssQ0FDYiw4QkFBOEIsUUFBUSxDQUFDLFVBQVUsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQ3ZFLENBQUE7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsT0FBTyxDQUMzQixLQUE0QjtJQUU1QixNQUFNLEtBQUssR0FBRyxLQUFLLENBQUMsa0JBQXlDLENBQUE7SUFDN0QsTUFBTSxPQUFPLEdBQUcsd0JBQXdCLENBQ3RDLG1CQUFtQixFQUNuQixXQUFXLEVBQ1gsS0FBSyxDQUFDLFdBQVcsQ0FDbEIsQ0FBQTtJQUVELElBQUksQ0FBQztRQUNILFFBQVEsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzFCLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQztnQkFDZCxzRUFBc0U7Z0JBQ3RFLHdGQUF3RjtnQkFDeEYsTUFBTSxlQUFlLEdBQ25CLE9BQU8sS0FBSyxDQUFDLGNBQWMsS0FBSyxTQUFTO29CQUN2QyxDQUFDLENBQUMsS0FBSyxDQUFDLGNBQWM7b0JBQ3RCLENBQUMsQ0FBQyxLQUFLLENBQUMsY0FBYyxLQUFLLE1BQU0sQ0FBQTtnQkFFckMsTUFBTSxNQUFNLEdBQWM7b0JBQ3hCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtvQkFDaEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO29CQUNoQixNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU0sSUFBSSxFQUFFO29CQUMxQixhQUFhLEVBQUUsS0FBSyxDQUFDLFlBQVksSUFBSSxFQUFFO29CQUN2QyxXQUFXLEVBQUUsS0FBSyxDQUFDLFVBQVUsSUFBSSxFQUFFO29CQUNuQyxlQUFlO2lCQUNoQixDQUFBO2dCQUVELE1BQU0sT0FBTyxHQUFHLE1BQU0sZUFBZSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQTtnQkFFdEQsT0FBTyxxQkFBcUIsQ0FBQyxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLElBQUksRUFBRTtvQkFDckUsSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJO29CQUNsQixRQUFRLEVBQUUsT0FBTyxDQUFDLFNBQVMsSUFBSSxFQUFFO29CQUNqQyxZQUFZLEVBQUUsT0FBTyxDQUFDLGFBQWEsSUFBSSxFQUFFO29CQUN6QyxJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUk7aUJBQ25CLENBQTJCLENBQUE7WUFDOUIsQ0FBQztZQUVELEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQztnQkFDZCwrQ0FBK0M7Z0JBQy9DLE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxxQkFBNEMsQ0FBQTtnQkFDbkUsSUFBSSxRQUFRLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBQzdDLE1BQU0sSUFBSSxLQUFLLENBQ2Isb0VBQW9FLENBQ3JFLENBQUE7Z0JBQ0gsQ0FBQztnQkFFRCxNQUFNLE1BQU0sR0FBMkI7b0JBQ3JDLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtvQkFDaEIsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksRUFBRTtvQkFDMUIsYUFBYSxFQUFFLEtBQUssQ0FBQyxZQUFZLElBQUksRUFBRTtvQkFDdkMsV0FBVyxFQUFFLEtBQUssQ0FBQyxVQUFVLElBQUksRUFBRTtpQkFDcEMsQ0FBQTtnQkFFRCxNQUFNLGVBQWUsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLENBQUE7Z0JBQ3RDLE1BQU0sT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUE7Z0JBRXhELE9BQU8scUJBQXFCLENBQUMsS0FBSyxDQUFDLGtCQUFrQixJQUFJLE9BQU8sQ0FBQyxJQUFJLEVBQUU7b0JBQ3JFLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtvQkFDbEIsUUFBUSxFQUFFLE9BQU8sQ0FBQyxTQUFTLElBQUksRUFBRTtvQkFDakMsWUFBWSxFQUFFLE9BQU8sQ0FBQyxhQUFhLElBQUksRUFBRTtvQkFDekMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJO2lCQUNuQixDQUEyQixDQUFBO1lBQzlCLENBQUM7WUFFRCxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUM7Z0JBQ2QsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUE7Z0JBQ25ELE1BQU0sZUFBZSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQTtnQkFFcEMsT0FBTyxxQkFBcUIsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUEyQixDQUFBO1lBQ2xFLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDZixPQUFPLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQTtRQUM5QixPQUFPLHFCQUFxQixDQUMxQixLQUFLLENBQUMsa0JBQWtCLElBQUksS0FBSyxDQUFDLElBQUksSUFBSSxTQUFTLEVBQ25ELFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FDTyxDQUFBO0lBQzdCLENBQUM7QUFDSCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBMYW1iZGEgaGFuZGxlciBmb3IgQ29nbml0b0FwcENsaWVudCBjdXN0b20gcmVzb3VyY2VcbiAqL1xuXG5pbXBvcnQge1xuICBjcmVhdGVGYWlsdXJlUmVzcG9uc2UsXG4gIGNyZWF0ZVN1Y2Nlc3NSZXNwb25zZSxcbiAgaGFuZGxlRXJyb3IsXG59IGZyb20gXCIuLi9zaGFyZWQvY3VzdG9tLXJlc291cmNlLWhhbmRsZXJcIlxuaW1wb3J0IHsgY3JlYXRlVXJsRnJvbUVudmlyb25tZW50LCBzaWduZWRSZXF1ZXN0IH0gZnJvbSBcIi4uL3NoYXJlZC9zaWd2NC1jbGllbnRcIlxuaW1wb3J0IHR5cGUge1xuICBBcHBDbGllbnQsXG4gIEFwcENsaWVudFVwZGF0ZVJlcXVlc3QsXG4gIEN1c3RvbVJlc291cmNlUmVxdWVzdCxcbiAgQ3VzdG9tUmVzb3VyY2VSZXNwb25zZSxcbn0gZnJvbSBcIi4uL3NoYXJlZC90eXBlc1wiXG5cbmNvbnN0IENPR05JVE9fQkFTRV9ET01BSU4gPVxuICBwcm9jZXNzLmVudi5DT0dOSVRPX0JBU0VfRE9NQUlOIHx8IFwiY29nbml0by52eWRldi5pb1wiXG5cbmludGVyZmFjZSBBcHBDbGllbnRQcm9wZXJ0aWVzIHtcbiAgRW52aXJvbm1lbnQ6IHN0cmluZ1xuICBOYW1lOiBzdHJpbmdcbiAgVHlwZTogXCJmcm9udGVuZFwiIHwgXCJiYWNrZW5kXCJcbiAgU2NvcGVzPzogc3RyaW5nW11cbiAgQ2FsbGJhY2tVcmxzPzogc3RyaW5nW11cbiAgTG9nb3V0VXJscz86IHN0cmluZ1tdXG4gIEdlbmVyYXRlU2VjcmV0PzogYm9vbGVhblxufVxuXG5hc3luYyBmdW5jdGlvbiBjcmVhdGVBcHBDbGllbnQoXG4gIGJhc2VVcmw6IHN0cmluZyxcbiAgY2xpZW50OiBBcHBDbGllbnQsXG4pOiBQcm9taXNlPEFwcENsaWVudD4ge1xuICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHNpZ25lZFJlcXVlc3Qoe1xuICAgIG1ldGhvZDogXCJQT1NUXCIsXG4gICAgaG9zdG5hbWU6IGJhc2VVcmwsXG4gICAgcGF0aDogXCIvYXBwLWNsaWVudHNcIixcbiAgICBib2R5OiBKU09OLnN0cmluZ2lmeShjbGllbnQpLFxuICB9KVxuXG4gIGlmIChyZXNwb25zZS5zdGF0dXNDb2RlICE9PSAyMDEpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgICBgQ291bGQgbm90IGNyZWF0ZSByZXNvdXJjZTogJHtyZXNwb25zZS5zdGF0dXNDb2RlfSAtICR7cmVzcG9uc2UuYm9keX1gLFxuICAgIClcbiAgfVxuXG4gIHJldHVybiBKU09OLnBhcnNlKHJlc3BvbnNlLmJvZHkpXG59XG5cbmFzeW5jIGZ1bmN0aW9uIHJlYWRBcHBDbGllbnQoXG4gIGJhc2VVcmw6IHN0cmluZyxcbiAgbmFtZTogc3RyaW5nLFxuKTogUHJvbWlzZTxBcHBDbGllbnQ+IHtcbiAgY29uc3QgZW5jb2RlZE5hbWUgPSBlbmNvZGVVUklDb21wb25lbnQobmFtZSlcbiAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBzaWduZWRSZXF1ZXN0KHtcbiAgICBtZXRob2Q6IFwiR0VUXCIsXG4gICAgaG9zdG5hbWU6IGJhc2VVcmwsXG4gICAgcGF0aDogYC9hcHAtY2xpZW50cy8ke2VuY29kZWROYW1lfWAsXG4gIH0pXG5cbiAgaWYgKHJlc3BvbnNlLnN0YXR1c0NvZGUgIT09IDIwMCkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBDb3VsZCBub3QgcmVhZCByZXNvdXJjZTogJHtyZXNwb25zZS5zdGF0dXNDb2RlfSAtICR7cmVzcG9uc2UuYm9keX1gLFxuICAgIClcbiAgfVxuXG4gIHJldHVybiBKU09OLnBhcnNlKHJlc3BvbnNlLmJvZHkpXG59XG5cbmFzeW5jIGZ1bmN0aW9uIHVwZGF0ZUFwcENsaWVudChcbiAgYmFzZVVybDogc3RyaW5nLFxuICB1cGRhdGU6IEFwcENsaWVudFVwZGF0ZVJlcXVlc3QsXG4pOiBQcm9taXNlPHZvaWQ+IHtcbiAgY29uc3QgZW5jb2RlZE5hbWUgPSBlbmNvZGVVUklDb21wb25lbnQodXBkYXRlLm5hbWUpXG4gIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgc2lnbmVkUmVxdWVzdCh7XG4gICAgbWV0aG9kOiBcIlBVVFwiLFxuICAgIGhvc3RuYW1lOiBiYXNlVXJsLFxuICAgIHBhdGg6IGAvYXBwLWNsaWVudHMvJHtlbmNvZGVkTmFtZX1gLFxuICAgIGJvZHk6IEpTT04uc3RyaW5naWZ5KHVwZGF0ZSksXG4gIH0pXG5cbiAgaWYgKHJlc3BvbnNlLnN0YXR1c0NvZGUgIT09IDIwMCkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBDb3VsZCBub3QgdXBkYXRlIHJlc291cmNlOiAke3Jlc3BvbnNlLnN0YXR1c0NvZGV9IC0gJHtyZXNwb25zZS5ib2R5fWAsXG4gICAgKVxuICB9XG59XG5cbmFzeW5jIGZ1bmN0aW9uIGRlbGV0ZUFwcENsaWVudChiYXNlVXJsOiBzdHJpbmcsIG5hbWU6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICBjb25zdCBlbmNvZGVkTmFtZSA9IGVuY29kZVVSSUNvbXBvbmVudChuYW1lKVxuICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHNpZ25lZFJlcXVlc3Qoe1xuICAgIG1ldGhvZDogXCJERUxFVEVcIixcbiAgICBob3N0bmFtZTogYmFzZVVybCxcbiAgICBwYXRoOiBgL2FwcC1jbGllbnRzLyR7ZW5jb2RlZE5hbWV9YCxcbiAgfSlcblxuICBpZiAocmVzcG9uc2Uuc3RhdHVzQ29kZSAhPT0gMjAwKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgYENvdWxkIG5vdCBkZWxldGUgcmVzb3VyY2U6ICR7cmVzcG9uc2Uuc3RhdHVzQ29kZX0gLSAke3Jlc3BvbnNlLmJvZHl9YCxcbiAgICApXG4gIH1cbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoXG4gIGV2ZW50OiBDdXN0b21SZXNvdXJjZVJlcXVlc3QsXG4pOiBQcm9taXNlPEN1c3RvbVJlc291cmNlUmVzcG9uc2U+IHtcbiAgY29uc3QgcHJvcHMgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMgYXMgQXBwQ2xpZW50UHJvcGVydGllc1xuICBjb25zdCBiYXNlVXJsID0gY3JlYXRlVXJsRnJvbUVudmlyb25tZW50KFxuICAgIENPR05JVE9fQkFTRV9ET01BSU4sXG4gICAgXCJkZWxlZ2F0ZWRcIixcbiAgICBwcm9wcy5FbnZpcm9ubWVudCxcbiAgKVxuXG4gIHRyeSB7XG4gICAgc3dpdGNoIChldmVudC5SZXF1ZXN0VHlwZSkge1xuICAgICAgY2FzZSBcIkNyZWF0ZVwiOiB7XG4gICAgICAgIC8vIFdlIHJlY2VpdmUgYSBzdHJpbmcgdmFsdWUgZm9yIEdlbmVyYXRlU2VjcmV0LCBidXQgd2UgbmVlZCBhIGJvb2xlYW5cbiAgICAgICAgLy8gU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MtY2xvdWRmb3JtYXRpb24vY2xvdWRmb3JtYXRpb24tY292ZXJhZ2Utcm9hZG1hcC9pc3N1ZXMvMTAzN1xuICAgICAgICBjb25zdCBnZW5lcmF0ZV9zZWNyZXQ6IGJvb2xlYW4gPVxuICAgICAgICAgIHR5cGVvZiBwcm9wcy5HZW5lcmF0ZVNlY3JldCA9PT0gXCJib29sZWFuXCJcbiAgICAgICAgICAgID8gcHJvcHMuR2VuZXJhdGVTZWNyZXRcbiAgICAgICAgICAgIDogcHJvcHMuR2VuZXJhdGVTZWNyZXQgPT09IFwidHJ1ZVwiXG5cbiAgICAgICAgY29uc3QgY2xpZW50OiBBcHBDbGllbnQgPSB7XG4gICAgICAgICAgbmFtZTogcHJvcHMuTmFtZSxcbiAgICAgICAgICB0eXBlOiBwcm9wcy5UeXBlLFxuICAgICAgICAgIHNjb3BlczogcHJvcHMuU2NvcGVzIHx8IFtdLFxuICAgICAgICAgIGNhbGxiYWNrX3VybHM6IHByb3BzLkNhbGxiYWNrVXJscyB8fCBbXSxcbiAgICAgICAgICBsb2dvdXRfdXJsczogcHJvcHMuTG9nb3V0VXJscyB8fCBbXSxcbiAgICAgICAgICBnZW5lcmF0ZV9zZWNyZXQsXG4gICAgICAgIH1cblxuICAgICAgICBjb25zdCBjcmVhdGVkID0gYXdhaXQgY3JlYXRlQXBwQ2xpZW50KGJhc2VVcmwsIGNsaWVudClcblxuICAgICAgICByZXR1cm4gY3JlYXRlU3VjY2Vzc1Jlc3BvbnNlKGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA/PyBjcmVhdGVkLm5hbWUsIHtcbiAgICAgICAgICBOYW1lOiBjcmVhdGVkLm5hbWUsXG4gICAgICAgICAgQ2xpZW50SWQ6IGNyZWF0ZWQuY2xpZW50X2lkIHx8IFwiXCIsXG4gICAgICAgICAgQ2xpZW50U2VjcmV0OiBjcmVhdGVkLmNsaWVudF9zZWNyZXQgfHwgXCJcIixcbiAgICAgICAgICBUeXBlOiBjcmVhdGVkLnR5cGUsXG4gICAgICAgIH0pIGFzIEN1c3RvbVJlc291cmNlUmVzcG9uc2VcbiAgICAgIH1cblxuICAgICAgY2FzZSBcIlVwZGF0ZVwiOiB7XG4gICAgICAgIC8vIENoZWNrIGlmIFR5cGUgY2hhbmdlZCAocmVxdWlyZXMgcmVwbGFjZW1lbnQpXG4gICAgICAgIGNvbnN0IG9sZFByb3BzID0gZXZlbnQuT2xkUmVzb3VyY2VQcm9wZXJ0aWVzIGFzIEFwcENsaWVudFByb3BlcnRpZXNcbiAgICAgICAgaWYgKG9sZFByb3BzICYmIG9sZFByb3BzLlR5cGUgIT09IHByb3BzLlR5cGUpIHtcbiAgICAgICAgICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgICAgICAgICBcIkNhbm5vdCBjaGFuZ2UgYXBwIGNsaWVudCB0eXBlLiBUaGlzIHJlcXVpcmVzIHJlc291cmNlIHJlcGxhY2VtZW50LlwiLFxuICAgICAgICAgIClcbiAgICAgICAgfVxuXG4gICAgICAgIGNvbnN0IHVwZGF0ZTogQXBwQ2xpZW50VXBkYXRlUmVxdWVzdCA9IHtcbiAgICAgICAgICBuYW1lOiBwcm9wcy5OYW1lLFxuICAgICAgICAgIHNjb3BlczogcHJvcHMuU2NvcGVzIHx8IFtdLFxuICAgICAgICAgIGNhbGxiYWNrX3VybHM6IHByb3BzLkNhbGxiYWNrVXJscyB8fCBbXSxcbiAgICAgICAgICBsb2dvdXRfdXJsczogcHJvcHMuTG9nb3V0VXJscyB8fCBbXSxcbiAgICAgICAgfVxuXG4gICAgICAgIGF3YWl0IHVwZGF0ZUFwcENsaWVudChiYXNlVXJsLCB1cGRhdGUpXG4gICAgICAgIGNvbnN0IHVwZGF0ZWQgPSBhd2FpdCByZWFkQXBwQ2xpZW50KGJhc2VVcmwsIHByb3BzLk5hbWUpXG5cbiAgICAgICAgcmV0dXJuIGNyZWF0ZVN1Y2Nlc3NSZXNwb25zZShldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gdXBkYXRlZC5uYW1lLCB7XG4gICAgICAgICAgTmFtZTogdXBkYXRlZC5uYW1lLFxuICAgICAgICAgIENsaWVudElkOiB1cGRhdGVkLmNsaWVudF9pZCB8fCBcIlwiLFxuICAgICAgICAgIENsaWVudFNlY3JldDogdXBkYXRlZC5jbGllbnRfc2VjcmV0IHx8IFwiXCIsXG4gICAgICAgICAgVHlwZTogdXBkYXRlZC50eXBlLFxuICAgICAgICB9KSBhcyBDdXN0b21SZXNvdXJjZVJlc3BvbnNlXG4gICAgICB9XG5cbiAgICAgIGNhc2UgXCJEZWxldGVcIjoge1xuICAgICAgICBjb25zdCBuYW1lID0gZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkIHx8IHByb3BzLk5hbWVcbiAgICAgICAgYXdhaXQgZGVsZXRlQXBwQ2xpZW50KGJhc2VVcmwsIG5hbWUpXG5cbiAgICAgICAgcmV0dXJuIGNyZWF0ZVN1Y2Nlc3NSZXNwb25zZShuYW1lLCB7fSkgYXMgQ3VzdG9tUmVzb3VyY2VSZXNwb25zZVxuICAgICAgfVxuICAgIH1cbiAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICBjb25zb2xlLmVycm9yKFwiRXJyb3I6XCIsIGVycm9yKVxuICAgIHJldHVybiBjcmVhdGVGYWlsdXJlUmVzcG9uc2UoXG4gICAgICBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgfHwgcHJvcHMuTmFtZSB8fCBcInVua25vd25cIixcbiAgICAgIGhhbmRsZUVycm9yKGVycm9yKSxcbiAgICApIGFzIEN1c3RvbVJlc291cmNlUmVzcG9uc2VcbiAgfVxufVxuIl19

package/lib/cognito-info.d.ts

@@ -0,0 +1,49 @@
+/**
+ * CDK Construct for Cognito Info data source
+ */
+import { Construct } from "constructs";
+import type { VyEnvironment } from "./shared/types";
+export interface CognitoInfoProps {
+    /**
+     * The environment to get Cognito info for (e.g., VyEnvironment.PROD, VyEnvironment.STAGE, VyEnvironment.TEST)
+     */
+    readonly environment: VyEnvironment;
+}
+/**
+ * Holds information about the centralized Cognito User Pool
+ *
+ * Use this to reference the shared Cognito User Pool in your CDK applications without
+ * hardcoding values.
+ *
+ * @example
+ * ```typescript
+ * const cognitoInfo = new CognitoInfo(this, 'CognitoInfo', {
+ *   environment: VyEnvironment.PROD
+ * });
+ *
+ * // Access authentication endpoints
+ * console.log('Auth URL:', cognitoInfo.authUrl);
+ * console.log('JWKS URL:', cognitoInfo.jwksUrl);
+ * console.log('OpenID URL:', cognitoInfo.openIdUrl);
+ * console.log('Issuer:', cognitoInfo.issuer);
+ * ```
+ */
+export declare class CognitoInfo extends Construct {
+    /**
+     * The URL where users can authenticate
+     */
+    readonly authUrl: string;
+    /**
+     * The URL for the /.well-known/jwks.json endpoint
+     */
+    readonly jwksUrl: string;
+    /**
+     * The URL for the /.well-known/openid-configuration endpoint
+     */
+    readonly openIdUrl: string;
+    /**
+     * The URI for the issuer
+     */
+    readonly issuer: string;
+    constructor(scope: Construct, id: string, props: CognitoInfoProps);
+}

package/lib/cognito-info.js

@@ -0,0 +1,76 @@
+/**
+ * CDK Construct for Cognito Info data source
+ */
+import { Construct } from "constructs";
+/**
+ * Holds information about the centralized Cognito User Pool
+ *
+ * Use this to reference the shared Cognito User Pool in your CDK applications without
+ * hardcoding values.
+ *
+ * @example
+ * ```typescript
+ * const cognitoInfo = new CognitoInfo(this, 'CognitoInfo', {
+ *   environment: VyEnvironment.PROD
+ * });
+ *
+ * // Access authentication endpoints
+ * console.log('Auth URL:', cognitoInfo.authUrl);
+ * console.log('JWKS URL:', cognitoInfo.jwksUrl);
+ * console.log('OpenID URL:', cognitoInfo.openIdUrl);
+ * console.log('Issuer:', cognitoInfo.issuer);
+ * ```
+ */
+export class CognitoInfo extends Construct {
+    /**
+     * The URL where users can authenticate
+     */
+    authUrl;
+    /**
+     * The URL for the /.well-known/jwks.json endpoint
+     */
+    jwksUrl;
+    /**
+     * The URL for the /.well-known/openid-configuration endpoint
+     */
+    openIdUrl;
+    /**
+     * The URI for the issuer
+     */
+    issuer;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.authUrl = getCognitoInfo(props.environment).authUrl;
+        this.jwksUrl = getCognitoInfo(props.environment).jwksUrl;
+        this.openIdUrl = getCognitoInfo(props.environment).openIdUrl;
+        this.issuer = getCognitoInfo(props.environment).issuer;
+    }
+}
+function getCognitoInfo(environment) {
+    const envConfigs = {
+        prod: {
+            authUrl: "https://auth.cognito.vydev.io",
+            jwksUrl: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_e6o46c1oE/.well-known/jwks.json",
+            openIdUrl: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_e6o46c1oE/.well-known/openid-configuration",
+            issuer: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_e6o46c1oE",
+        },
+        stage: {
+            authUrl: "https://auth.stage.cognito.vydev.io",
+            jwksUrl: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_AUYQ679zW/.well-known/jwks.json",
+            openIdUrl: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_AUYQ679zW/.well-known/openid-configuration",
+            issuer: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_AUYQ679zW",
+        },
+        test: {
+            authUrl: "https://auth.test.cognito.vydev.io",
+            jwksUrl: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_Z53b9AbeT/.well-known/jwks.json",
+            openIdUrl: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_Z53b9AbeT/.well-known/openid-configuration",
+            issuer: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_Z53b9AbeT",
+        },
+    };
+    const config = envConfigs[environment];
+    if (!config) {
+        throw new Error(`Unknown environment: ${environment}. Valid values are: prod, stage, test, dev`);
+    }
+    return config;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by1pbmZvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2NvZ25pdG8taW5mby50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUVILE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxZQUFZLENBQUE7QUFVdEM7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUNILE1BQU0sT0FBTyxXQUFZLFNBQVEsU0FBUztJQUN4Qzs7T0FFRztJQUNhLE9BQU8sQ0FBUTtJQUUvQjs7T0FFRztJQUNhLE9BQU8sQ0FBUTtJQUUvQjs7T0FFRztJQUNhLFNBQVMsQ0FBUTtJQUVqQzs7T0FFRztJQUNhLE1BQU0sQ0FBUTtJQUU5QixZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXVCO1FBQy9ELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFFaEIsSUFBSSxDQUFDLE9BQU8sR0FBRyxjQUFjLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDLE9BQU8sQ0FBQTtRQUN4RCxJQUFJLENBQUMsT0FBTyxHQUFHLGNBQWMsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUMsT0FBTyxDQUFBO1FBQ3hELElBQUksQ0FBQyxTQUFTLEdBQUcsY0FBYyxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQyxTQUFTLENBQUE7UUFDNUQsSUFBSSxDQUFDLE1BQU0sR0FBRyxjQUFjLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDLE1BQU0sQ0FBQTtJQUN4RCxDQUFDO0NBQ0Y7QUFFRCxTQUFTLGNBQWMsQ0FBQyxXQUFtQjtJQUN6QyxNQUFNLFVBQVUsR0FBbUM7UUFDakQsSUFBSSxFQUFFO1lBQ0osT0FBTyxFQUFFLCtCQUErQjtZQUN4QyxPQUFPLEVBQ0wsdUZBQXVGO1lBQ3pGLFNBQVMsRUFDUCxrR0FBa0c7WUFDcEcsTUFBTSxFQUFFLGlFQUFpRTtTQUMxRTtRQUNELEtBQUssRUFBRTtZQUNMLE9BQU8sRUFBRSxxQ0FBcUM7WUFDOUMsT0FBTyxFQUNMLHVGQUF1RjtZQUN6RixTQUFTLEVBQ1Asa0dBQWtHO1lBQ3BHLE1BQU0sRUFBRSxpRUFBaUU7U0FDMUU7UUFDRCxJQUFJLEVBQUU7WUFDSixPQUFPLEVBQUUsb0NBQW9DO1lBQzdDLE9BQU8sRUFDTCx1RkFBdUY7WUFDekYsU0FBUyxFQUNQLGtHQUFrRztZQUNwRyxNQUFNLEVBQUUsaUVBQWlFO1NBQzFFO0tBQ0YsQ0FBQTtJQUVELE1BQU0sTUFBTSxHQUFHLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQTtJQUN0QyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDWixNQUFNLElBQUksS0FBSyxDQUNiLHdCQUF3QixXQUFXLDRDQUE0QyxDQUNoRixDQUFBO0lBQ0gsQ0FBQztJQUVELE9BQU8sTUFBTSxDQUFBO0FBQ2YsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogQ0RLIENvbnN0cnVjdCBmb3IgQ29nbml0byBJbmZvIGRhdGEgc291cmNlXG4gKi9cblxuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0IHR5cGUgeyBDb2duaXRvRGV0YWlscywgVnlFbnZpcm9ubWVudCB9IGZyb20gXCIuL3NoYXJlZC90eXBlc1wiXG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29nbml0b0luZm9Qcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgZW52aXJvbm1lbnQgdG8gZ2V0IENvZ25pdG8gaW5mbyBmb3IgKGUuZy4sIFZ5RW52aXJvbm1lbnQuUFJPRCwgVnlFbnZpcm9ubWVudC5TVEFHRSwgVnlFbnZpcm9ubWVudC5URVNUKVxuICAgKi9cbiAgcmVhZG9ubHkgZW52aXJvbm1lbnQ6IFZ5RW52aXJvbm1lbnRcbn1cblxuLyoqXG4gKiBIb2xkcyBpbmZvcm1hdGlvbiBhYm91dCB0aGUgY2VudHJhbGl6ZWQgQ29nbml0byBVc2VyIFBvb2xcbiAqXG4gKiBVc2UgdGhpcyB0byByZWZlcmVuY2UgdGhlIHNoYXJlZCBDb2duaXRvIFVzZXIgUG9vbCBpbiB5b3VyIENESyBhcHBsaWNhdGlvbnMgd2l0aG91dFxuICogaGFyZGNvZGluZyB2YWx1ZXMuXG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIGNvbnN0IGNvZ25pdG9JbmZvID0gbmV3IENvZ25pdG9JbmZvKHRoaXMsICdDb2duaXRvSW5mbycsIHtcbiAqICAgZW52aXJvbm1lbnQ6IFZ5RW52aXJvbm1lbnQuUFJPRFxuICogfSk7XG4gKlxuICogLy8gQWNjZXNzIGF1dGhlbnRpY2F0aW9uIGVuZHBvaW50c1xuICogY29uc29sZS5sb2coJ0F1dGggVVJMOicsIGNvZ25pdG9JbmZvLmF1dGhVcmwpO1xuICogY29uc29sZS5sb2coJ0pXS1MgVVJMOicsIGNvZ25pdG9JbmZvLmp3a3NVcmwpO1xuICogY29uc29sZS5sb2coJ09wZW5JRCBVUkw6JywgY29nbml0b0luZm8ub3BlbklkVXJsKTtcbiAqIGNvbnNvbGUubG9nKCdJc3N1ZXI6JywgY29nbml0b0luZm8uaXNzdWVyKTtcbiAqIGBgYFxuICovXG5leHBvcnQgY2xhc3MgQ29nbml0b0luZm8gZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICAvKipcbiAgICogVGhlIFVSTCB3aGVyZSB1c2VycyBjYW4gYXV0aGVudGljYXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgYXV0aFVybDogc3RyaW5nXG5cbiAgLyoqXG4gICAqIFRoZSBVUkwgZm9yIHRoZSAvLndlbGwta25vd24vandrcy5qc29uIGVuZHBvaW50XG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgandrc1VybDogc3RyaW5nXG5cbiAgLyoqXG4gICAqIFRoZSBVUkwgZm9yIHRoZSAvLndlbGwta25vd24vb3BlbmlkLWNvbmZpZ3VyYXRpb24gZW5kcG9pbnRcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBvcGVuSWRVcmw6IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBUaGUgVVJJIGZvciB0aGUgaXNzdWVyXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgaXNzdWVyOiBzdHJpbmdcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQ29nbml0b0luZm9Qcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIHRoaXMuYXV0aFVybCA9IGdldENvZ25pdG9JbmZvKHByb3BzLmVudmlyb25tZW50KS5hdXRoVXJsXG4gICAgdGhpcy5qd2tzVXJsID0gZ2V0Q29nbml0b0luZm8ocHJvcHMuZW52aXJvbm1lbnQpLmp3a3NVcmxcbiAgICB0aGlzLm9wZW5JZFVybCA9IGdldENvZ25pdG9JbmZvKHByb3BzLmVudmlyb25tZW50KS5vcGVuSWRVcmxcbiAgICB0aGlzLmlzc3VlciA9IGdldENvZ25pdG9JbmZvKHByb3BzLmVudmlyb25tZW50KS5pc3N1ZXJcbiAgfVxufVxuXG5mdW5jdGlvbiBnZXRDb2duaXRvSW5mbyhlbnZpcm9ubWVudDogc3RyaW5nKTogQ29nbml0b0RldGFpbHMge1xuICBjb25zdCBlbnZDb25maWdzOiBSZWNvcmQ8c3RyaW5nLCBDb2duaXRvRGV0YWlscz4gPSB7XG4gICAgcHJvZDoge1xuICAgICAgYXV0aFVybDogXCJodHRwczovL2F1dGguY29nbml0by52eWRldi5pb1wiLFxuICAgICAgandrc1VybDpcbiAgICAgICAgXCJodHRwczovL2NvZ25pdG8taWRwLmV1LXdlc3QtMS5hbWF6b25hd3MuY29tL2V1LXdlc3QtMV9lNm80NmMxb0UvLndlbGwta25vd24vandrcy5qc29uXCIsXG4gICAgICBvcGVuSWRVcmw6XG4gICAgICAgIFwiaHR0cHM6Ly9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9ldS13ZXN0LTFfZTZvNDZjMW9FLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uXCIsXG4gICAgICBpc3N1ZXI6IFwiaHR0cHM6Ly9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9ldS13ZXN0LTFfZTZvNDZjMW9FXCIsXG4gICAgfSxcbiAgICBzdGFnZToge1xuICAgICAgYXV0aFVybDogXCJodHRwczovL2F1dGguc3RhZ2UuY29nbml0by52eWRldi5pb1wiLFxuICAgICAgandrc1VybDpcbiAgICAgICAgXCJodHRwczovL2NvZ25pdG8taWRwLmV1LXdlc3QtMS5hbWF6b25hd3MuY29tL2V1LXdlc3QtMV9BVVlRNjc5elcvLndlbGwta25vd24vandrcy5qc29uXCIsXG4gICAgICBvcGVuSWRVcmw6XG4gICAgICAgIFwiaHR0cHM6Ly9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9ldS13ZXN0LTFfQVVZUTY3OXpXLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uXCIsXG4gICAgICBpc3N1ZXI6IFwiaHR0cHM6Ly9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9ldS13ZXN0LTFfQVVZUTY3OXpXXCIsXG4gICAgfSxcbiAgICB0ZXN0OiB7XG4gICAgICBhdXRoVXJsOiBcImh0dHBzOi8vYXV0aC50ZXN0LmNvZ25pdG8udnlkZXYuaW9cIixcbiAgICAgIGp3a3NVcmw6XG4gICAgICAgIFwiaHR0cHM6Ly9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9ldS13ZXN0LTFfWjUzYjlBYmVULy53ZWxsLWtub3duL2p3a3MuanNvblwiLFxuICAgICAgb3BlbklkVXJsOlxuICAgICAgICBcImh0dHBzOi8vY29nbml0by1pZHAuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vZXUtd2VzdC0xX1o1M2I5QWJlVC8ud2VsbC1rbm93bi9vcGVuaWQtY29uZmlndXJhdGlvblwiLFxuICAgICAgaXNzdWVyOiBcImh0dHBzOi8vY29nbml0by1pZHAuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vZXUtd2VzdC0xX1o1M2I5QWJlVFwiLFxuICAgIH0sXG4gIH1cblxuICBjb25zdCBjb25maWcgPSBlbnZDb25maWdzW2Vudmlyb25tZW50XVxuICBpZiAoIWNvbmZpZykge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBVbmtub3duIGVudmlyb25tZW50OiAke2Vudmlyb25tZW50fS4gVmFsaWQgdmFsdWVzIGFyZTogcHJvZCwgc3RhZ2UsIHRlc3QsIGRldmAsXG4gICAgKVxuICB9XG5cbiAgcmV0dXJuIGNvbmZpZ1xufVxuIl19

package/lib/cognito-resource-server/__test__/index.test.d.ts

@@ -0,0 +1 @@
+import "jest-cdk-snapshot";

package/lib/cognito-resource-server/__test__/index.test.js

@@ -0,0 +1,23 @@
+import { App, Stack } from "aws-cdk-lib";
+import "jest-cdk-snapshot";
+import { VyEnvironment } from "../../shared/types";
+import { CognitoResourceServer } from "../cognito-resource-server";
+test("cognito resource server", () => {
+    const app = new App();
+    const stack = new Stack(app, "Stack");
+    new CognitoResourceServer(stack, "CognitoResourceServer", {
+        environment: VyEnvironment.TEST,
+        name: "testName",
+        identifier: "testIdentifier",
+        scopes: [
+            {
+                name: "testScopeName",
+                description: "testScopeDescription",
+            },
+        ],
+    });
+    expect(stack).toMatchCdkSnapshot({
+        ignoreAssets: true,
+    });
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXgudGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jb2duaXRvLXJlc291cmNlLXNlcnZlci9fX3Rlc3RfXy9pbmRleC50ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLE1BQU0sYUFBYSxDQUFBO0FBQ3hDLE9BQU8sbUJBQW1CLENBQUE7QUFDMUIsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLG9CQUFvQixDQUFBO0FBQ2xELE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLDRCQUE0QixDQUFBO0FBRWxFLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxHQUFHLEVBQUU7SUFDbkMsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLEVBQUUsQ0FBQTtJQUNyQixNQUFNLEtBQUssR0FBRyxJQUFJLEtBQUssQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFFckMsSUFBSSxxQkFBcUIsQ0FBQyxLQUFLLEVBQUUsdUJBQXVCLEVBQUU7UUFDeEQsV0FBVyxFQUFFLGFBQWEsQ0FBQyxJQUFJO1FBQy9CLElBQUksRUFBRSxVQUFVO1FBQ2hCLFVBQVUsRUFBRSxnQkFBZ0I7UUFDNUIsTUFBTSxFQUFFO1lBQ047Z0JBQ0UsSUFBSSxFQUFFLGVBQWU7Z0JBQ3JCLFdBQVcsRUFBRSxzQkFBc0I7YUFDcEM7U0FDRjtLQUNGLENBQUMsQ0FBQTtJQUVGLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQztRQUMvQixZQUFZLEVBQUUsSUFBSTtLQUNuQixDQUFDLENBQUE7QUFDSixDQUFDLENBQUMsQ0FBQSIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEFwcCwgU3RhY2sgfSBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0IFwiamVzdC1jZGstc25hcHNob3RcIlxuaW1wb3J0IHsgVnlFbnZpcm9ubWVudCB9IGZyb20gXCIuLi8uLi9zaGFyZWQvdHlwZXNcIlxuaW1wb3J0IHsgQ29nbml0b1Jlc291cmNlU2VydmVyIH0gZnJvbSBcIi4uL2NvZ25pdG8tcmVzb3VyY2Utc2VydmVyXCJcblxudGVzdChcImNvZ25pdG8gcmVzb3VyY2Ugc2VydmVyXCIsICgpID0+IHtcbiAgY29uc3QgYXBwID0gbmV3IEFwcCgpXG4gIGNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgXCJTdGFja1wiKVxuXG4gIG5ldyBDb2duaXRvUmVzb3VyY2VTZXJ2ZXIoc3RhY2ssIFwiQ29nbml0b1Jlc291cmNlU2VydmVyXCIsIHtcbiAgICBlbnZpcm9ubWVudDogVnlFbnZpcm9ubWVudC5URVNULFxuICAgIG5hbWU6IFwidGVzdE5hbWVcIixcbiAgICBpZGVudGlmaWVyOiBcInRlc3RJZGVudGlmaWVyXCIsXG4gICAgc2NvcGVzOiBbXG4gICAgICB7XG4gICAgICAgIG5hbWU6IFwidGVzdFNjb3BlTmFtZVwiLFxuICAgICAgICBkZXNjcmlwdGlvbjogXCJ0ZXN0U2NvcGVEZXNjcmlwdGlvblwiLFxuICAgICAgfSxcbiAgICBdLFxuICB9KVxuXG4gIGV4cGVjdChzdGFjaykudG9NYXRjaENka1NuYXBzaG90KHtcbiAgICBpZ25vcmVBc3NldHM6IHRydWUsXG4gIH0pXG59KVxuIl19

package/lib/cognito-resource-server/cognito-resource-server.d.ts

@@ -0,0 +1,96 @@
+/**
+ * CDK Construct for Cognito Resource Server
+ */
+import * as cdk from "aws-cdk-lib";
+import * as logs from "aws-cdk-lib/aws-logs";
+import { Construct } from "constructs";
+import type { VyEnvironment } from "../shared/types";
+export interface Scope {
+    /**
+     * The name of the scope
+     */
+    readonly name: string;
+    /**
+     * A description of what this scope is for
+     */
+    readonly description: string;
+}
+export interface CognitoResourceServerProps {
+    /**
+     * The Vy environment to provision in (e.g., VyEnvironment.PROD, VyEnvironment.STAGE, VyEnvironment.TEST)
+     */
+    readonly environment: VyEnvironment;
+    /**
+     * The name of the resource server
+     */
+    readonly name: string;
+    /**
+     * The identifier for this resource server (usually a URL)
+     * @example 'https://api.vydev.io'
+     */
+    readonly identifier: string;
+    /**
+     * Custom scopes for this resource server
+     * @default - No scopes
+     */
+    readonly scopes?: Scope[];
+    /**
+     * Base domain for Cognito service
+     * @default 'cognito.vydev.io'
+     */
+    readonly cognitoBaseDomain?: string;
+    /**
+     * @default logs.RetentionDays.ONE_WEEK
+     */
+    readonly logsRetention?: logs.RetentionDays;
+}
+/**
+ * A Cognito Resource Server managed through Vy's central Cognito service
+ *
+ * A resource server is an integration between a user pool and an API.
+ * Each resource server has custom scopes that you must activate in your app client.
+ * When you configure a resource server, your app can generate access tokens with
+ * OAuth scopes that authorize read and write operations to an API server.
+ *
+ * @example
+ * ```typescript
+ * const resourceServer = new CognitoResourceServer(this, 'ApiResourceServer', {
+ *   environment: VyEnvironment.PROD,
+ *   name: 'my-api',
+ *   identifier: 'https://my-api.vydev.io',
+ *   scopes: [
+ *     { name: 'read', description: 'Read access to the API' },
+ *     { name: 'write', description: 'Write access to the API' }
+ *   ]
+ * });
+ * ```
+ */
+export declare class CognitoResourceServer extends Construct {
+    /**
+     * The identifier of the resource server
+     */
+    readonly identifier: string;
+    /**
+     * The name of the resource server
+     */
+    readonly name: string;
+    /**
+     * The underlying custom resource
+     */
+    readonly resource: cdk.CustomResource;
+    /**
+     * The logGroup for the event handler lambda
+     */
+    readonly lambdaLogGroup: logs.LogGroup;
+    /**
+     * The logGroup for the custom resource provider
+     */
+    readonly providerLogGroup: logs.LogGroup;
+    constructor(scope: Construct, id: string, props: CognitoResourceServerProps);
+    /**
+     * Get a reference to a scope in the format expected by app clients
+     * @param scopeName The name of the scope
+     * @returns The full scope identifier (e.g., 'https://api.vydev.io/read')
+     */
+    scopeIdentifier(scopeName: string): string;
+}