@vardario/cognito-client 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2023 Sahin Vardar
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,292 @@
1
+ import { SessionStorage } from './session-storage';
2
+ export interface UserAttribute {
3
+ Name: string;
4
+ Value: string;
5
+ }
6
+ /**
7
+ * Cognito related OAuth props.
8
+ */
9
+ export interface OAuth2Props {
10
+ /**
11
+ * Cognito domain for OAuth2 token endpoints.
12
+ */
13
+ cognitoDomain: string;
14
+ /**
15
+ * Requested OAuth scopes
16
+ * @example ['email', 'openid']
17
+ */
18
+ scopes: string[];
19
+ /**
20
+ * Redirect URL after a successful OAuth2 authentication.
21
+ */
22
+ redirectUrl: string;
23
+ /**
24
+ * Response type.
25
+ */
26
+ responseType: 'code';
27
+ }
28
+ export interface CognitoClientProps {
29
+ /**
30
+ * Cognito User Pool ID
31
+ * @example eu-central-1_lv6wixN9f
32
+ */
33
+ userPoolId: string;
34
+ /**
35
+ * Cognito User Pool Client ID
36
+ */
37
+ userPoolClientId: string;
38
+ /**
39
+ * Optional Cognito endpoint. Useful for local testing.
40
+ * If not defined the endpoint will be determined by @see userPoolId .
41
+ */
42
+ endpoint?: string;
43
+ /**
44
+ * Session storage.
45
+ * You can either choose on of the provided build in session
46
+ * storages. Or provider your own one based on @see SessionStorage .
47
+ *
48
+ * <ul>
49
+ * <li>
50
+ * @see CookieSessionStorage
51
+ * </li>
52
+ * <li>
53
+ * @see MemorySessionStorage
54
+ * </li>
55
+ * </ul>
56
+ */
57
+ sessionStorage: SessionStorage;
58
+ /**
59
+ * Cognito OAuth related options. See @see OAuthProps .
60
+ */
61
+ oAuth2?: OAuth2Props;
62
+ }
63
+ /**
64
+ * Cognito User Session
65
+ */
66
+ export interface Session {
67
+ /**
68
+ * JWT Access Token
69
+ */
70
+ accessToken: string;
71
+ /**
72
+ * JWT ID Token
73
+ */
74
+ idToken: string;
75
+ /**
76
+ * JWT refresh token
77
+ */
78
+ refreshToken: string;
79
+ /**
80
+ * Validity of the session in time stamp as milliseconds.
81
+ */
82
+ expiresIn: number;
83
+ }
84
+ /**
85
+ * Represents the decoded values from a JWT ID token.
86
+ */
87
+ export interface IdToken extends Record<string, string | string[] | number | boolean> {
88
+ 'cognito:username': string;
89
+ 'cognito:groups': string[];
90
+ email_verified: boolean;
91
+ email: string;
92
+ iss: string;
93
+ origin_jti: string;
94
+ aud: string;
95
+ event_id: string;
96
+ token_use: 'id';
97
+ auth_time: number;
98
+ exp: number;
99
+ iat: number;
100
+ jti: string;
101
+ sub: string;
102
+ }
103
+ export interface AccessToken extends Record<string, string | string[] | number | boolean> {
104
+ auth_time: number;
105
+ client_id: string;
106
+ event_id: string;
107
+ exp: number;
108
+ iat: number;
109
+ iss: string;
110
+ jti: string;
111
+ origin_jti: string;
112
+ scope: string;
113
+ sub: string;
114
+ token_use: 'access';
115
+ username: string;
116
+ }
117
+ export interface DecodedTokens {
118
+ idToken: IdToken;
119
+ accessToken: AccessToken;
120
+ }
121
+ /**
122
+ * List of used and supported Cognito API calls.
123
+ * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_Operations.html for more details
124
+ */
125
+ export declare enum CognitoServiceTarget {
126
+ InitiateAuth = "InitiateAuth",
127
+ RespondToAuthChallenge = "RespondToAuthChallenge",
128
+ SignUp = "SignUp",
129
+ ConfirmSignUp = "ConfirmSignUp",
130
+ ChangePassword = "ChangePassword",
131
+ RevokeToken = "RevokeToken",
132
+ ForgotPassword = "ForgotPassword",
133
+ ConfirmForgotPassword = "ConfirmForgotPassword",
134
+ ResendConfirmationCode = "ResendConfirmationCode",
135
+ UpdateUserAttributes = "UpdateUserAttributes",
136
+ VerifyUserAttribute = "VerifyUserAttribute"
137
+ }
138
+ /**
139
+ * Cognito supported federated identities public providers.
140
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html for more information.
141
+ */
142
+ export declare enum CognitoIdentityProvider {
143
+ Cognito = "COGNITO",
144
+ Google = "Google",
145
+ Facebook = "Facebook",
146
+ Amazon = "LoginWithAmazon",
147
+ Apple = "SignInWithApple"
148
+ }
149
+ export interface AuthenticationResult {
150
+ AccessToken: string;
151
+ ExpiresIn: number;
152
+ IdToken: string;
153
+ TokenType: string;
154
+ RefreshToken: string;
155
+ }
156
+ export interface AuthenticationResponse {
157
+ AuthenticationResult: AuthenticationResult;
158
+ }
159
+ export interface ChallengeResponse {
160
+ ChallengeName: 'PASSWORD_VERIFIER';
161
+ ChallengeParameters: {
162
+ SALT: string;
163
+ SECRET_BLOCK: string;
164
+ SRP_B: string;
165
+ USERNAME: string;
166
+ USER_ID_FOR_SRP: string;
167
+ };
168
+ }
169
+ /**
170
+ * Lightweight AWS Cogito client without any AWS SDK dependencies.
171
+ */
172
+ export declare class CognitoClient {
173
+ private readonly cognitoEndpoint;
174
+ private readonly cognitoPoolName;
175
+ private readonly userPoolClientId;
176
+ private readonly sessionStorage;
177
+ private readonly oAuth?;
178
+ constructor({ userPoolId, userPoolClientId, endpoint, sessionStorage, oAuth2: oAuth }: CognitoClientProps);
179
+ static getDecodedTokenFromSession(session: Session): DecodedTokens;
180
+ private cognitoRequest;
181
+ private static authResultToSession;
182
+ /**
183
+ *
184
+ * Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
185
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html for more details
186
+ *
187
+ * @param username Username
188
+ * @param password Password
189
+ * @throws {AuthException}
190
+ */
191
+ authenticateUserSrp(username: string, password: string): Promise<Session>;
192
+ /**
193
+ *
194
+ * Performs user authentication with username and password through USER_PASSWORD_AUTH .
195
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html for more details
196
+ *
197
+ * @param username Username
198
+ * @param password Password
199
+ * @throws {AuthException}
200
+ */
201
+ authenticateUser(username: string, password: string): Promise<Session>;
202
+ private refreshSession;
203
+ /**
204
+ * Returns the current auth session.
205
+ * The auth session is only defined when we previously had a successful user authentication.
206
+ * This function will also take care to refresh the session with the refresh token in case
207
+ * the current session has expired.
208
+ *
209
+ * @throws {AuthException}
210
+ */
211
+ getSession(): Promise<Session | undefined>;
212
+ /**
213
+ *
214
+ * @param username Username
215
+ * @param password Password
216
+ *
217
+ * @throws {AuthException}
218
+ */
219
+ signUp(username: string, password: string, userAttributes?: UserAttribute[]): Promise<{
220
+ id: string;
221
+ confirmed: boolean;
222
+ }>;
223
+ /**
224
+ * Confirms the user registration via verification code.
225
+ *
226
+ * @param username Username
227
+ * @param code Confirmation code the user gets through the registration E-Mail
228
+ *
229
+ * @throws {AuthException}
230
+ */
231
+ confirmSignUp(username: string, code: string): Promise<void>;
232
+ /**
233
+ *
234
+ * @param currentPassword Current user password.
235
+ * @param newPassword New user password.
236
+ *
237
+ * @throws {AuthException}
238
+ */
239
+ changePassword(currentPassword: string, newPassword: string): Promise<void>;
240
+ updateUserAttributes(userAttributes: UserAttribute[]): Promise<void>;
241
+ verifyUserAttribute(attributeName: string, code: string): Promise<void>;
242
+ /**
243
+ * Sign out the user and remove the current user session.
244
+ *
245
+ * @throws {AuthException}
246
+ */
247
+ signOut(): Promise<void>;
248
+ /**
249
+ * Request forgot password.
250
+ * @param username Username
251
+ *
252
+ * @throws {AuthException}
253
+ */
254
+ forgotPassword(username: string): Promise<void>;
255
+ /**
256
+ * Confirms the new password via the given code send via cognito triggered by @see forgotPassword .
257
+ *
258
+ * @param username Username
259
+ * @param newPassword New password
260
+ * @param confirmationCode Confirmation code which the user got through E-mail
261
+ *
262
+ * @throws {AuthException}
263
+ */
264
+ confirmForgotPassword(username: string, newPassword: string, confirmationCode: string): Promise<void>;
265
+ /**
266
+ * Triggers cognito to resend the confirmation code
267
+ * @param username Username
268
+ */
269
+ resendConfirmationCode(username: string): Promise<void>;
270
+ /**
271
+ * Returns a link to Cognito`s Hosted UI for OAuth2 authentication.
272
+ * This method works in conjunction with @see handleCodeFlow .
273
+ *
274
+ * @param identityProvider When provided, this will generate a link which
275
+ * tells Cognito`s Hosted UI to redirect to the given federated identity provider.
276
+ *
277
+ * @throws {Error}
278
+ */
279
+ generateOAuthSignInUrl(identityProvider?: CognitoIdentityProvider): string;
280
+ /**
281
+ *
282
+ * Handles Cognito`s OAuth2 code flow after redirection from Cognito`s Hosted UI.
283
+ * The method call assumes that @see generateOAuthSignInUrl was used to
284
+ * generated the link to the Hosted UI.
285
+ *
286
+ * @param returnUrl The full return URL from redirection after a successful OAuth2
287
+ * authentication.
288
+ *
289
+ * @throws {Error}
290
+ */
291
+ handleCodeFlow(returnUrl: string): Promise<Session>;
292
+ }