@vardario/cognito-client 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/lib/cognito-client.d.ts +292 -0
- package/lib/cognito-client.js +623 -0
- package/lib/cognito-client.test.d.ts +1 -0
- package/lib/cognito-client.test.js +210 -0
- package/lib/error.d.ts +55 -0
- package/lib/error.js +93 -0
- package/lib/index.d.ts +3 -0
- package/lib/index.js +19 -0
- package/lib/session-storage/cookie-session-storage/cookie-session-storage.d.ts +21 -0
- package/lib/session-storage/cookie-session-storage/cookie-session-storage.js +66 -0
- package/lib/session-storage/cookie-session-storage/index.d.ts +1 -0
- package/lib/session-storage/cookie-session-storage/index.js +17 -0
- package/lib/session-storage/index.d.ts +4 -0
- package/lib/session-storage/index.js +20 -0
- package/lib/session-storage/local-storage-session-storage.d.ts +20 -0
- package/lib/session-storage/local-storage-session-storage.js +60 -0
- package/lib/session-storage/memory-session-storage.d.ts +13 -0
- package/lib/session-storage/memory-session-storage.js +42 -0
- package/lib/session-storage/session-storage.d.ts +14 -0
- package/lib/session-storage/session-storage.js +12 -0
- package/lib/session-storage/session-storage.test.d.ts +1 -0
- package/lib/session-storage/session-storage.test.js +34 -0
- package/lib/test-utils.d.ts +17 -0
- package/lib/test-utils.js +138 -0
- package/lib/utils.d.ts +20 -0
- package/lib/utils.js +128 -0
- package/package.json +37 -0
- package/workflows/npm-publish.yml +35 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2023 Sahin Vardar
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,292 @@
|
|
|
1
|
+
import { SessionStorage } from './session-storage';
|
|
2
|
+
export interface UserAttribute {
|
|
3
|
+
Name: string;
|
|
4
|
+
Value: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Cognito related OAuth props.
|
|
8
|
+
*/
|
|
9
|
+
export interface OAuth2Props {
|
|
10
|
+
/**
|
|
11
|
+
* Cognito domain for OAuth2 token endpoints.
|
|
12
|
+
*/
|
|
13
|
+
cognitoDomain: string;
|
|
14
|
+
/**
|
|
15
|
+
* Requested OAuth scopes
|
|
16
|
+
* @example ['email', 'openid']
|
|
17
|
+
*/
|
|
18
|
+
scopes: string[];
|
|
19
|
+
/**
|
|
20
|
+
* Redirect URL after a successful OAuth2 authentication.
|
|
21
|
+
*/
|
|
22
|
+
redirectUrl: string;
|
|
23
|
+
/**
|
|
24
|
+
* Response type.
|
|
25
|
+
*/
|
|
26
|
+
responseType: 'code';
|
|
27
|
+
}
|
|
28
|
+
export interface CognitoClientProps {
|
|
29
|
+
/**
|
|
30
|
+
* Cognito User Pool ID
|
|
31
|
+
* @example eu-central-1_lv6wixN9f
|
|
32
|
+
*/
|
|
33
|
+
userPoolId: string;
|
|
34
|
+
/**
|
|
35
|
+
* Cognito User Pool Client ID
|
|
36
|
+
*/
|
|
37
|
+
userPoolClientId: string;
|
|
38
|
+
/**
|
|
39
|
+
* Optional Cognito endpoint. Useful for local testing.
|
|
40
|
+
* If not defined the endpoint will be determined by @see userPoolId .
|
|
41
|
+
*/
|
|
42
|
+
endpoint?: string;
|
|
43
|
+
/**
|
|
44
|
+
* Session storage.
|
|
45
|
+
* You can either choose on of the provided build in session
|
|
46
|
+
* storages. Or provider your own one based on @see SessionStorage .
|
|
47
|
+
*
|
|
48
|
+
* <ul>
|
|
49
|
+
* <li>
|
|
50
|
+
* @see CookieSessionStorage
|
|
51
|
+
* </li>
|
|
52
|
+
* <li>
|
|
53
|
+
* @see MemorySessionStorage
|
|
54
|
+
* </li>
|
|
55
|
+
* </ul>
|
|
56
|
+
*/
|
|
57
|
+
sessionStorage: SessionStorage;
|
|
58
|
+
/**
|
|
59
|
+
* Cognito OAuth related options. See @see OAuthProps .
|
|
60
|
+
*/
|
|
61
|
+
oAuth2?: OAuth2Props;
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Cognito User Session
|
|
65
|
+
*/
|
|
66
|
+
export interface Session {
|
|
67
|
+
/**
|
|
68
|
+
* JWT Access Token
|
|
69
|
+
*/
|
|
70
|
+
accessToken: string;
|
|
71
|
+
/**
|
|
72
|
+
* JWT ID Token
|
|
73
|
+
*/
|
|
74
|
+
idToken: string;
|
|
75
|
+
/**
|
|
76
|
+
* JWT refresh token
|
|
77
|
+
*/
|
|
78
|
+
refreshToken: string;
|
|
79
|
+
/**
|
|
80
|
+
* Validity of the session in time stamp as milliseconds.
|
|
81
|
+
*/
|
|
82
|
+
expiresIn: number;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Represents the decoded values from a JWT ID token.
|
|
86
|
+
*/
|
|
87
|
+
export interface IdToken extends Record<string, string | string[] | number | boolean> {
|
|
88
|
+
'cognito:username': string;
|
|
89
|
+
'cognito:groups': string[];
|
|
90
|
+
email_verified: boolean;
|
|
91
|
+
email: string;
|
|
92
|
+
iss: string;
|
|
93
|
+
origin_jti: string;
|
|
94
|
+
aud: string;
|
|
95
|
+
event_id: string;
|
|
96
|
+
token_use: 'id';
|
|
97
|
+
auth_time: number;
|
|
98
|
+
exp: number;
|
|
99
|
+
iat: number;
|
|
100
|
+
jti: string;
|
|
101
|
+
sub: string;
|
|
102
|
+
}
|
|
103
|
+
export interface AccessToken extends Record<string, string | string[] | number | boolean> {
|
|
104
|
+
auth_time: number;
|
|
105
|
+
client_id: string;
|
|
106
|
+
event_id: string;
|
|
107
|
+
exp: number;
|
|
108
|
+
iat: number;
|
|
109
|
+
iss: string;
|
|
110
|
+
jti: string;
|
|
111
|
+
origin_jti: string;
|
|
112
|
+
scope: string;
|
|
113
|
+
sub: string;
|
|
114
|
+
token_use: 'access';
|
|
115
|
+
username: string;
|
|
116
|
+
}
|
|
117
|
+
export interface DecodedTokens {
|
|
118
|
+
idToken: IdToken;
|
|
119
|
+
accessToken: AccessToken;
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* List of used and supported Cognito API calls.
|
|
123
|
+
* @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_Operations.html for more details
|
|
124
|
+
*/
|
|
125
|
+
export declare enum CognitoServiceTarget {
|
|
126
|
+
InitiateAuth = "InitiateAuth",
|
|
127
|
+
RespondToAuthChallenge = "RespondToAuthChallenge",
|
|
128
|
+
SignUp = "SignUp",
|
|
129
|
+
ConfirmSignUp = "ConfirmSignUp",
|
|
130
|
+
ChangePassword = "ChangePassword",
|
|
131
|
+
RevokeToken = "RevokeToken",
|
|
132
|
+
ForgotPassword = "ForgotPassword",
|
|
133
|
+
ConfirmForgotPassword = "ConfirmForgotPassword",
|
|
134
|
+
ResendConfirmationCode = "ResendConfirmationCode",
|
|
135
|
+
UpdateUserAttributes = "UpdateUserAttributes",
|
|
136
|
+
VerifyUserAttribute = "VerifyUserAttribute"
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Cognito supported federated identities public providers.
|
|
140
|
+
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html for more information.
|
|
141
|
+
*/
|
|
142
|
+
export declare enum CognitoIdentityProvider {
|
|
143
|
+
Cognito = "COGNITO",
|
|
144
|
+
Google = "Google",
|
|
145
|
+
Facebook = "Facebook",
|
|
146
|
+
Amazon = "LoginWithAmazon",
|
|
147
|
+
Apple = "SignInWithApple"
|
|
148
|
+
}
|
|
149
|
+
export interface AuthenticationResult {
|
|
150
|
+
AccessToken: string;
|
|
151
|
+
ExpiresIn: number;
|
|
152
|
+
IdToken: string;
|
|
153
|
+
TokenType: string;
|
|
154
|
+
RefreshToken: string;
|
|
155
|
+
}
|
|
156
|
+
export interface AuthenticationResponse {
|
|
157
|
+
AuthenticationResult: AuthenticationResult;
|
|
158
|
+
}
|
|
159
|
+
export interface ChallengeResponse {
|
|
160
|
+
ChallengeName: 'PASSWORD_VERIFIER';
|
|
161
|
+
ChallengeParameters: {
|
|
162
|
+
SALT: string;
|
|
163
|
+
SECRET_BLOCK: string;
|
|
164
|
+
SRP_B: string;
|
|
165
|
+
USERNAME: string;
|
|
166
|
+
USER_ID_FOR_SRP: string;
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Lightweight AWS Cogito client without any AWS SDK dependencies.
|
|
171
|
+
*/
|
|
172
|
+
export declare class CognitoClient {
|
|
173
|
+
private readonly cognitoEndpoint;
|
|
174
|
+
private readonly cognitoPoolName;
|
|
175
|
+
private readonly userPoolClientId;
|
|
176
|
+
private readonly sessionStorage;
|
|
177
|
+
private readonly oAuth?;
|
|
178
|
+
constructor({ userPoolId, userPoolClientId, endpoint, sessionStorage, oAuth2: oAuth }: CognitoClientProps);
|
|
179
|
+
static getDecodedTokenFromSession(session: Session): DecodedTokens;
|
|
180
|
+
private cognitoRequest;
|
|
181
|
+
private static authResultToSession;
|
|
182
|
+
/**
|
|
183
|
+
*
|
|
184
|
+
* Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
|
|
185
|
+
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html for more details
|
|
186
|
+
*
|
|
187
|
+
* @param username Username
|
|
188
|
+
* @param password Password
|
|
189
|
+
* @throws {AuthException}
|
|
190
|
+
*/
|
|
191
|
+
authenticateUserSrp(username: string, password: string): Promise<Session>;
|
|
192
|
+
/**
|
|
193
|
+
*
|
|
194
|
+
* Performs user authentication with username and password through USER_PASSWORD_AUTH .
|
|
195
|
+
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html for more details
|
|
196
|
+
*
|
|
197
|
+
* @param username Username
|
|
198
|
+
* @param password Password
|
|
199
|
+
* @throws {AuthException}
|
|
200
|
+
*/
|
|
201
|
+
authenticateUser(username: string, password: string): Promise<Session>;
|
|
202
|
+
private refreshSession;
|
|
203
|
+
/**
|
|
204
|
+
* Returns the current auth session.
|
|
205
|
+
* The auth session is only defined when we previously had a successful user authentication.
|
|
206
|
+
* This function will also take care to refresh the session with the refresh token in case
|
|
207
|
+
* the current session has expired.
|
|
208
|
+
*
|
|
209
|
+
* @throws {AuthException}
|
|
210
|
+
*/
|
|
211
|
+
getSession(): Promise<Session | undefined>;
|
|
212
|
+
/**
|
|
213
|
+
*
|
|
214
|
+
* @param username Username
|
|
215
|
+
* @param password Password
|
|
216
|
+
*
|
|
217
|
+
* @throws {AuthException}
|
|
218
|
+
*/
|
|
219
|
+
signUp(username: string, password: string, userAttributes?: UserAttribute[]): Promise<{
|
|
220
|
+
id: string;
|
|
221
|
+
confirmed: boolean;
|
|
222
|
+
}>;
|
|
223
|
+
/**
|
|
224
|
+
* Confirms the user registration via verification code.
|
|
225
|
+
*
|
|
226
|
+
* @param username Username
|
|
227
|
+
* @param code Confirmation code the user gets through the registration E-Mail
|
|
228
|
+
*
|
|
229
|
+
* @throws {AuthException}
|
|
230
|
+
*/
|
|
231
|
+
confirmSignUp(username: string, code: string): Promise<void>;
|
|
232
|
+
/**
|
|
233
|
+
*
|
|
234
|
+
* @param currentPassword Current user password.
|
|
235
|
+
* @param newPassword New user password.
|
|
236
|
+
*
|
|
237
|
+
* @throws {AuthException}
|
|
238
|
+
*/
|
|
239
|
+
changePassword(currentPassword: string, newPassword: string): Promise<void>;
|
|
240
|
+
updateUserAttributes(userAttributes: UserAttribute[]): Promise<void>;
|
|
241
|
+
verifyUserAttribute(attributeName: string, code: string): Promise<void>;
|
|
242
|
+
/**
|
|
243
|
+
* Sign out the user and remove the current user session.
|
|
244
|
+
*
|
|
245
|
+
* @throws {AuthException}
|
|
246
|
+
*/
|
|
247
|
+
signOut(): Promise<void>;
|
|
248
|
+
/**
|
|
249
|
+
* Request forgot password.
|
|
250
|
+
* @param username Username
|
|
251
|
+
*
|
|
252
|
+
* @throws {AuthException}
|
|
253
|
+
*/
|
|
254
|
+
forgotPassword(username: string): Promise<void>;
|
|
255
|
+
/**
|
|
256
|
+
* Confirms the new password via the given code send via cognito triggered by @see forgotPassword .
|
|
257
|
+
*
|
|
258
|
+
* @param username Username
|
|
259
|
+
* @param newPassword New password
|
|
260
|
+
* @param confirmationCode Confirmation code which the user got through E-mail
|
|
261
|
+
*
|
|
262
|
+
* @throws {AuthException}
|
|
263
|
+
*/
|
|
264
|
+
confirmForgotPassword(username: string, newPassword: string, confirmationCode: string): Promise<void>;
|
|
265
|
+
/**
|
|
266
|
+
* Triggers cognito to resend the confirmation code
|
|
267
|
+
* @param username Username
|
|
268
|
+
*/
|
|
269
|
+
resendConfirmationCode(username: string): Promise<void>;
|
|
270
|
+
/**
|
|
271
|
+
* Returns a link to Cognito`s Hosted UI for OAuth2 authentication.
|
|
272
|
+
* This method works in conjunction with @see handleCodeFlow .
|
|
273
|
+
*
|
|
274
|
+
* @param identityProvider When provided, this will generate a link which
|
|
275
|
+
* tells Cognito`s Hosted UI to redirect to the given federated identity provider.
|
|
276
|
+
*
|
|
277
|
+
* @throws {Error}
|
|
278
|
+
*/
|
|
279
|
+
generateOAuthSignInUrl(identityProvider?: CognitoIdentityProvider): string;
|
|
280
|
+
/**
|
|
281
|
+
*
|
|
282
|
+
* Handles Cognito`s OAuth2 code flow after redirection from Cognito`s Hosted UI.
|
|
283
|
+
* The method call assumes that @see generateOAuthSignInUrl was used to
|
|
284
|
+
* generated the link to the Hosted UI.
|
|
285
|
+
*
|
|
286
|
+
* @param returnUrl The full return URL from redirection after a successful OAuth2
|
|
287
|
+
* authentication.
|
|
288
|
+
*
|
|
289
|
+
* @throws {Error}
|
|
290
|
+
*/
|
|
291
|
+
handleCodeFlow(returnUrl: string): Promise<Session>;
|
|
292
|
+
}
|