@vardario/cognito-client 1.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,3 +1,4 @@
1
1
  # Cognito Client
2
2
 
3
3
  A lightweight cognito client implementation which support SRP authentication.
4
+ Works in node and the browser.
@@ -1,7 +1,158 @@
1
+ export interface CognitoBaseRequest {
2
+ ClientId: string;
3
+ ClientMetadata?: Record<string, string>;
4
+ AnalyticsMetadata?: {
5
+ AnalyticsEndpointId: string;
6
+ };
7
+ UserContextData?: {
8
+ EncodedData?: string;
9
+ IpAddress?: string;
10
+ };
11
+ }
12
+ export interface AuthIntiUserSrpRequest extends CognitoBaseRequest {
13
+ AuthFlow: 'USER_SRP_AUTH';
14
+ AuthParameters: {
15
+ USERNAME: string;
16
+ SRP_A: string;
17
+ SECRET_HASH?: string;
18
+ };
19
+ }
20
+ export interface AuthIntiUserPasswordRequest extends CognitoBaseRequest {
21
+ AuthFlow: 'USER_PASSWORD_AUTH';
22
+ AuthParameters: {
23
+ USERNAME: string;
24
+ PASSWORD: string;
25
+ SECRET_HASH?: string;
26
+ };
27
+ }
28
+ export interface AuthIntiRefreshTokenRequest extends CognitoBaseRequest {
29
+ AuthFlow: 'REFRESH_TOKEN_AUTH';
30
+ AuthParameters: {
31
+ REFRESH_TOKEN: string;
32
+ SECRET_HASH?: string;
33
+ };
34
+ }
35
+ export interface AuthIntiCustomAuthRequest extends CognitoBaseRequest {
36
+ AuthFlow: 'CUSTOM_AUTH';
37
+ AuthParameters: {
38
+ USERNAME: string;
39
+ SECRET_HASH?: string;
40
+ };
41
+ }
42
+ export type AuthIntiRequest = AuthIntiUserSrpRequest | AuthIntiRefreshTokenRequest | AuthIntiCustomAuthRequest | AuthIntiUserPasswordRequest;
43
+ export interface RespondToAuthChallengeBaseRequest extends CognitoBaseRequest {
44
+ Session?: string;
45
+ }
46
+ export interface RespondToAuthChallengePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
47
+ ChallengeName: 'PASSWORD_VERIFIER';
48
+ ChallengeResponses: {
49
+ USERNAME: string;
50
+ PASSWORD_CLAIM_SECRET_BLOCK: string;
51
+ PASSWORD_CLAIM_SIGNATURE: string;
52
+ TIMESTAMP: string;
53
+ SECRET_HASH?: string;
54
+ };
55
+ }
56
+ export interface RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChallengeBaseRequest {
57
+ ChallengeName: 'SMS_MFA';
58
+ ChallengeResponses: {
59
+ USERNAME: string;
60
+ SMS_MFA_CODE: string;
61
+ SECRET_HASH?: string;
62
+ };
63
+ }
64
+ export interface RespondToAuthChallengeCustomChallengeNameRequest extends RespondToAuthChallengeBaseRequest {
65
+ ChallengeName: 'CUSTOM_CHALLENGE';
66
+ ChallengeResponses: {
67
+ USERNAME: string;
68
+ ANSWER: string;
69
+ SECRET_HASH?: string;
70
+ };
71
+ }
72
+ export interface RespondToAuthChallengeNewPasswordRequiredRequest extends RespondToAuthChallengeBaseRequest {
73
+ ChallengeName: 'NEW_PASSWORD_REQUIRED';
74
+ ChallengeResponses: {
75
+ USERNAME: string;
76
+ NEW_PASSWORD: string;
77
+ SECRET_HASH?: string;
78
+ };
79
+ }
80
+ export interface RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondToAuthChallengeBaseRequest {
81
+ ChallengeName: 'SOFTWARE_TOKEN_MFA';
82
+ ChallengeResponses: {
83
+ USERNAME: string;
84
+ SOFTWARE_TOKEN_MFA_CODE: string;
85
+ SECRET_HASH?: string;
86
+ };
87
+ }
88
+ export interface RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAuthChallengeBaseRequest {
89
+ ChallengeName: 'DEVICE_SRP_AUTH';
90
+ ChallengeResponses: {
91
+ USERNAME: string;
92
+ SRP_A: string;
93
+ SECRET_HASH?: string;
94
+ };
95
+ }
96
+ export interface RespondToAuthChallengeDevicePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
97
+ ChallengeName: 'DEVICE_PASSWORD_VERIFIER';
98
+ ChallengeResponses: {
99
+ USERNAME: string;
100
+ PASSWORD_CLAIM_SECRET_BLOCK: string;
101
+ PASSWORD_CLAIM_SIGNATURE: string;
102
+ TIMESTAMP: string;
103
+ DEVICE_KEY: string;
104
+ SECRET_HASH?: string;
105
+ };
106
+ }
107
+ export interface RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChallengeBaseRequest {
108
+ ChallengeName: 'MFA_SETUP';
109
+ ChallengeResponses: {
110
+ USERNAME: string;
111
+ SMS_MFA_CODE?: string;
112
+ SOFTWARE_TOKEN_MFA_CODE?: string;
113
+ SECRET_HASH?: string;
114
+ };
115
+ }
116
+ export interface RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAuthChallengeBaseRequest {
117
+ ChallengeName: 'SELECT_MFA_TYPE';
118
+ ChallengeResponses: {
119
+ USERNAME: string;
120
+ SOFTWARE_TOKEN_MFA_CODE?: string;
121
+ SECRET_HASH?: string;
122
+ };
123
+ }
124
+ export type RespondToAuthChallengeRequest = RespondToAuthChallengePasswordVerifierRequest | RespondToAuthChallengeSmsMfaRequest | RespondToAuthChallengeCustomChallengeNameRequest | RespondToAuthChallengeNewPasswordRequiredRequest | RespondToAuthChallengeSoftwareTokenMfaRequest | RespondToAuthChallengeDeviceSrpAuthRequest | RespondToAuthChallengeDevicePasswordVerifierRequest | RespondToAuthChallengeMfaSetupRequest | RespondToAuthChallengeSelectMfaTypeRequest;
1
125
  export interface UserAttribute {
2
126
  Name: string;
3
127
  Value: string;
4
128
  }
129
+ export interface ConfirmForgotPasswordRequest extends CognitoBaseRequest {
130
+ ConfirmationCode: string;
131
+ Password: string;
132
+ Username: string;
133
+ SecretHash?: string;
134
+ }
135
+ export interface ConfirmSignUpRequest extends CognitoBaseRequest {
136
+ ConfirmationCode: string;
137
+ Username: string;
138
+ SecretHash?: string;
139
+ ForceAliasCreation?: boolean;
140
+ }
141
+ export interface ForgotPasswordRequest extends CognitoBaseRequest {
142
+ Username: string;
143
+ SecretHash?: string;
144
+ }
145
+ export interface SignUpRequest extends CognitoBaseRequest {
146
+ Username: string;
147
+ Password: string;
148
+ SecretHash?: string;
149
+ UserAttributes?: UserAttribute[];
150
+ ValidationData?: UserAttribute[];
151
+ }
152
+ export interface ResendConfirmationCodeRequest extends CognitoBaseRequest {
153
+ Username: string;
154
+ SecretHash?: string;
155
+ }
5
156
  /**
6
157
  * Cognito related OAuth props.
7
158
  */
@@ -43,6 +194,10 @@ export interface CognitoClientProps {
43
194
  * Cognito OAuth related options. See @see OAuthProps .
44
195
  */
45
196
  oAuth2?: OAuth2Props;
197
+ /**
198
+ * Optional Cognito User Pool Client Secret.
199
+ */
200
+ clientSecret?: string;
46
201
  }
47
202
  /**
48
203
  * Cognito User Session
@@ -150,6 +305,7 @@ export interface ChallengeResponse {
150
305
  };
151
306
  }
152
307
  export declare function authResultToSession(authenticationResult: AuthenticationResult): Session;
308
+ export declare function cognitoRequest(body: object, serviceTarget: CognitoServiceTarget, cognitoEndpoint: string): Promise<any>;
153
309
  /**
154
310
  * Lightweight AWS Cogito client without any AWS SDK dependencies.
155
311
  */
@@ -158,9 +314,9 @@ export declare class CognitoClient {
158
314
  private readonly cognitoPoolName;
159
315
  private readonly userPoolClientId;
160
316
  private readonly oAuth?;
161
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth }: CognitoClientProps);
317
+ private readonly clientSecret?;
318
+ constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }: CognitoClientProps);
162
319
  static getDecodedTokenFromSession(session: Session): DecodedTokens;
163
- private cognitoRequest;
164
320
  /**
165
321
  *
166
322
  * Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
@@ -168,7 +324,8 @@ export declare class CognitoClient {
168
324
  *
169
325
  * @param username Username
170
326
  * @param password Password
171
- * @throws {CognitoException}
327
+ *
328
+ * @throws {InitiateAuthException}
172
329
  */
173
330
  authenticateUserSrp(username: string, password: string): Promise<Session>;
174
331
  /**
@@ -178,23 +335,24 @@ export declare class CognitoClient {
178
335
  *
179
336
  * @param username Username
180
337
  * @param password Password
181
- * @throws {CognitoException}
338
+ * @throws {InitiateAuthException}
182
339
  */
183
340
  authenticateUser(username: string, password: string): Promise<Session>;
184
341
  /**
185
342
  * Returns a new session based on the given refresh token.
186
343
  *
187
344
  * @param refreshToken
345
+ * @param username
188
346
  * @returns @see Session
189
- * @throws {CognitoError}
347
+ * @throws {InitiateAuthException}
190
348
  */
191
- refreshSession(refreshToken: string): Promise<Session>;
349
+ refreshSession(refreshToken: string, username?: string): Promise<Session>;
192
350
  /**
193
351
  *
194
352
  * @param username Username
195
353
  * @param password Password
196
354
  *
197
- * @throws {CognitoException}
355
+ * @throws {SignUpException}
198
356
  */
199
357
  signUp(username: string, password: string, userAttributes?: UserAttribute[]): Promise<{
200
358
  id: string;
@@ -206,7 +364,7 @@ export declare class CognitoClient {
206
364
  * @param username Username
207
365
  * @param code Confirmation code the user gets through the registration E-Mail
208
366
  *
209
- * @throws {CognitoException}
367
+ * @throws {ConfirmSignUpException}
210
368
  */
211
369
  confirmSignUp(username: string, code: string): Promise<void>;
212
370
  /**
@@ -214,22 +372,39 @@ export declare class CognitoClient {
214
372
  * @param currentPassword Current user password.
215
373
  * @param newPassword New user password.
216
374
  *
217
- * @throws {CognitoException}
375
+ * @throws {ChangePasswordException}
218
376
  */
219
377
  changePassword(currentPassword: string, newPassword: string, accessToken: string): Promise<void>;
378
+ /**
379
+ * Updates the user attributes.
380
+ *
381
+ * @param userAttributes List of user attributes to update.
382
+ * @param accessToken Access token of the current user.
383
+ *
384
+ * @throws {UpdateUserAttributesException}
385
+ */
220
386
  updateUserAttributes(userAttributes: UserAttribute[], accessToken: string): Promise<void>;
387
+ /**
388
+ * Verifies a given user attribute
389
+ *
390
+ * @param attributeName Name of the attribute to verify
391
+ * @param code Verification code
392
+ * @param accessToken Access token of the current user.
393
+ *
394
+ * @throws {VerifyUserAttributeException}
395
+ */
221
396
  verifyUserAttribute(attributeName: string, code: string, accessToken: string): Promise<void>;
222
397
  /**
223
398
  * Sign out the user and remove the current user session.
224
399
  *
225
- * @throws {CognitoException}
400
+ * @throws {RevokeTokenException}
226
401
  */
227
402
  signOut(refreshToken: string): Promise<void>;
228
403
  /**
229
404
  * Request forgot password.
230
405
  * @param username Username
231
406
  *
232
- * @throws {CognitoException}
407
+ * @throws {ForgotPasswordException}
233
408
  */
234
409
  forgotPassword(username: string): Promise<void>;
235
410
  /**
@@ -239,12 +414,14 @@ export declare class CognitoClient {
239
414
  * @param newPassword New password
240
415
  * @param confirmationCode Confirmation code which the user got through E-mail
241
416
  *
242
- * @throws {CognitoException}
417
+ * @throws {ConfirmForgotPasswordException}
243
418
  */
244
419
  confirmForgotPassword(username: string, newPassword: string, confirmationCode: string): Promise<void>;
245
420
  /**
246
421
  * Triggers cognito to resend the confirmation code
247
422
  * @param username Username
423
+ *
424
+ * @throws {ResendConfirmationCodeException}
248
425
  */
249
426
  resendConfirmationCode(username: string): Promise<void>;
250
427
  /**
@@ -1,8 +1,8 @@
1
1
  import hashJs from 'hash.js';
2
2
  import { BigInteger } from 'jsbn';
3
3
  import { Buffer } from 'buffer';
4
- import { CognitoError, CognitoException } from './error.js';
5
- import { calculateSignature, calculateU, decodeJwt, generateA, generateSmallA, getPasswordAuthenticationKey, randomBytes } from './utils.js';
4
+ import { CognitoCommonException, CognitoError } from './error.js';
5
+ import { calculateSecretHash, calculateSignature, calculateU, decodeJwt, generateA, generateSmallA, getPasswordAuthenticationKey, randomBytes } from './utils.js';
6
6
  /**
7
7
  * List of used and supported Cognito API calls.
8
8
  * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_Operations.html for more details
@@ -41,16 +41,51 @@ export function authResultToSession(authenticationResult) {
41
41
  refreshToken: authenticationResult.RefreshToken
42
42
  };
43
43
  }
44
+ export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
45
+ const cognitoResponse = await fetch(cognitoEndpoint, {
46
+ headers: {
47
+ 'x-amz-target': `AWSCognitoIdentityProviderService.${serviceTarget}`,
48
+ 'content-type': 'application/x-amz-json-1.1'
49
+ },
50
+ method: 'POST',
51
+ body: JSON.stringify(body)
52
+ });
53
+ if (cognitoResponse && cognitoResponse.status < 300) {
54
+ return cognitoResponse.json();
55
+ }
56
+ const cognitoResponseBody = await cognitoResponse.json();
57
+ /**
58
+ * The whole error handling and value sanitization was inspired
59
+ * by @see https://github.com/aws-amplify/amplify-js/blob/1f5eefd9c40285eb99e57764ac8fca1f9519e2c6/packages/core/src/clients/serde/json.ts#L14
60
+ */
61
+ const sanitizeErrorType = (rawValue) => {
62
+ const [cleanValue] = rawValue.toString().split(/[,:]+/);
63
+ if (cleanValue.includes('#')) {
64
+ return cleanValue.split('#')[1];
65
+ }
66
+ return cleanValue;
67
+ };
68
+ const errorMessage = cognitoResponse.headers.get('X-Amzn-ErrorMessage') ??
69
+ cognitoResponseBody.message ??
70
+ cognitoResponseBody.Message ??
71
+ 'Unknown error';
72
+ const cognitoException = sanitizeErrorType(cognitoResponse.headers.get('X-Amzn-ErrorType') ??
73
+ cognitoResponseBody.code ??
74
+ cognitoResponseBody.__type ??
75
+ CognitoCommonException.Unknown);
76
+ throw new CognitoError(errorMessage, cognitoException);
77
+ }
44
78
  /**
45
79
  * Lightweight AWS Cogito client without any AWS SDK dependencies.
46
80
  */
47
81
  export class CognitoClient {
48
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth }) {
82
+ constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }) {
49
83
  const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split('_');
50
84
  this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, '');
51
85
  this.cognitoPoolName = cognitoPoolName;
52
86
  this.userPoolClientId = userPoolClientId;
53
87
  this.oAuth = oAuth;
88
+ this.clientSecret = clientSecret;
54
89
  }
55
90
  static getDecodedTokenFromSession(session) {
56
91
  const { payload: idToken } = decodeJwt(session.idToken);
@@ -60,22 +95,6 @@ export class CognitoClient {
60
95
  accessToken
61
96
  };
62
97
  }
63
- async cognitoRequest(body, serviceTarget) {
64
- const cognitoResponse = await fetch(this.cognitoEndpoint, {
65
- headers: {
66
- 'x-amz-target': `AWSCognitoIdentityProviderService.${serviceTarget}`,
67
- 'content-type': 'application/x-amz-json-1.1'
68
- },
69
- method: 'POST',
70
- body: JSON.stringify(body)
71
- });
72
- if (cognitoResponse.status < 200 || cognitoResponse.status > 299) {
73
- const errorMessage = cognitoResponse.headers.get('X-Amzn-ErrorMessage') ?? 'Unknown';
74
- const cognitoException = cognitoResponse.headers.get('X-Amzn-ErrorType') ?? CognitoException.Unknown;
75
- throw new CognitoError(errorMessage, cognitoException);
76
- }
77
- return cognitoResponse.json();
78
- }
79
98
  /**
80
99
  *
81
100
  * Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
@@ -83,7 +102,8 @@ export class CognitoClient {
83
102
  *
84
103
  * @param username Username
85
104
  * @param password Password
86
- * @throws {CognitoException}
105
+ *
106
+ * @throws {InitiateAuthException}
87
107
  */
88
108
  async authenticateUserSrp(username, password) {
89
109
  const smallA = await generateSmallA();
@@ -93,28 +113,31 @@ export class CognitoClient {
93
113
  ClientId: this.userPoolClientId,
94
114
  AuthParameters: {
95
115
  USERNAME: username,
96
- SRP_A: A.toString(16)
116
+ SRP_A: A.toString(16),
117
+ SECRET_HASH: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
97
118
  },
98
119
  ClientMetadata: {}
99
120
  };
100
- const challenge = (await this.cognitoRequest(initiateAuthPayload, CognitoServiceTarget.InitiateAuth));
121
+ const challenge = (await cognitoRequest(initiateAuthPayload, CognitoServiceTarget.InitiateAuth, this.cognitoEndpoint));
101
122
  const B = new BigInteger(challenge.ChallengeParameters.SRP_B, 16);
102
123
  const salt = new BigInteger(challenge.ChallengeParameters.SALT, 16);
103
124
  const U = calculateU(A, B);
104
125
  const hkdf = getPasswordAuthenticationKey(this.cognitoPoolName, challenge.ChallengeParameters.USER_ID_FOR_SRP, password, B, U, smallA, salt);
105
126
  const { signature, timeStamp } = calculateSignature(this.cognitoPoolName, challenge.ChallengeParameters.USER_ID_FOR_SRP, challenge.ChallengeParameters.SECRET_BLOCK, hkdf);
106
- const respondToAuthChallengePayload = {
127
+ const respondToAuthChallengeRequest = {
107
128
  ChallengeName: 'PASSWORD_VERIFIER',
108
129
  ClientId: this.userPoolClientId,
109
130
  ChallengeResponses: {
110
131
  PASSWORD_CLAIM_SECRET_BLOCK: challenge.ChallengeParameters.SECRET_BLOCK,
111
132
  PASSWORD_CLAIM_SIGNATURE: signature,
112
133
  USERNAME: challenge.ChallengeParameters.USER_ID_FOR_SRP,
113
- TIMESTAMP: timeStamp
134
+ TIMESTAMP: timeStamp,
135
+ SECRET_HASH: this.clientSecret &&
136
+ calculateSecretHash(this.clientSecret, this.userPoolClientId, challenge.ChallengeParameters.USER_ID_FOR_SRP)
114
137
  },
115
138
  ClientMetadata: {}
116
139
  };
117
- const { AuthenticationResult } = await this.cognitoRequest(respondToAuthChallengePayload, CognitoServiceTarget.RespondToAuthChallenge);
140
+ const { AuthenticationResult } = await cognitoRequest(respondToAuthChallengeRequest, CognitoServiceTarget.RespondToAuthChallenge, this.cognitoEndpoint);
118
141
  return authResultToSession(AuthenticationResult);
119
142
  }
120
143
  /**
@@ -124,7 +147,7 @@ export class CognitoClient {
124
147
  *
125
148
  * @param username Username
126
149
  * @param password Password
127
- * @throws {CognitoException}
150
+ * @throws {InitiateAuthException}
128
151
  */
129
152
  async authenticateUser(username, password) {
130
153
  const initiateAuthPayload = {
@@ -132,11 +155,12 @@ export class CognitoClient {
132
155
  ClientId: this.userPoolClientId,
133
156
  AuthParameters: {
134
157
  USERNAME: username,
135
- PASSWORD: password
158
+ PASSWORD: password,
159
+ SECRET_HASH: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
136
160
  },
137
161
  ClientMetadata: {}
138
162
  };
139
- const { AuthenticationResult } = (await this.cognitoRequest(initiateAuthPayload, CognitoServiceTarget.InitiateAuth));
163
+ const { AuthenticationResult } = (await cognitoRequest(initiateAuthPayload, CognitoServiceTarget.InitiateAuth, this.cognitoEndpoint));
140
164
  const session = authResultToSession(AuthenticationResult);
141
165
  return session;
142
166
  }
@@ -144,19 +168,21 @@ export class CognitoClient {
144
168
  * Returns a new session based on the given refresh token.
145
169
  *
146
170
  * @param refreshToken
171
+ * @param username
147
172
  * @returns @see Session
148
- * @throws {CognitoError}
173
+ * @throws {InitiateAuthException}
149
174
  */
150
- async refreshSession(refreshToken) {
175
+ async refreshSession(refreshToken, username) {
151
176
  const refreshTokenPayload = {
152
177
  AuthFlow: 'REFRESH_TOKEN_AUTH',
153
178
  ClientId: this.userPoolClientId,
154
179
  AuthParameters: {
155
- REFRESH_TOKEN: refreshToken
180
+ REFRESH_TOKEN: refreshToken,
181
+ SECRET_HASH: this.clientSecret && username && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
156
182
  },
157
183
  ClientMetadata: {}
158
184
  };
159
- const { AuthenticationResult } = (await this.cognitoRequest(refreshTokenPayload, CognitoServiceTarget.InitiateAuth));
185
+ const { AuthenticationResult } = (await cognitoRequest(refreshTokenPayload, CognitoServiceTarget.InitiateAuth, this.cognitoEndpoint));
160
186
  if (!AuthenticationResult.RefreshToken) {
161
187
  AuthenticationResult.RefreshToken = refreshToken;
162
188
  }
@@ -167,16 +193,17 @@ export class CognitoClient {
167
193
  * @param username Username
168
194
  * @param password Password
169
195
  *
170
- * @throws {CognitoException}
196
+ * @throws {SignUpException}
171
197
  */
172
198
  async signUp(username, password, userAttributes) {
173
- const signUpPayload = {
199
+ const signUpRequest = {
174
200
  ClientId: this.userPoolClientId,
175
201
  Username: username,
176
202
  Password: password,
177
- UserAttributes: userAttributes
203
+ UserAttributes: userAttributes,
204
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
178
205
  };
179
- const data = await this.cognitoRequest(signUpPayload, CognitoServiceTarget.SignUp);
206
+ const data = await cognitoRequest(signUpRequest, CognitoServiceTarget.SignUp, this.cognitoEndpoint);
180
207
  return {
181
208
  id: data.UserSub,
182
209
  confirmed: data.UserConfirmed
@@ -188,22 +215,23 @@ export class CognitoClient {
188
215
  * @param username Username
189
216
  * @param code Confirmation code the user gets through the registration E-Mail
190
217
  *
191
- * @throws {CognitoException}
218
+ * @throws {ConfirmSignUpException}
192
219
  */
193
220
  async confirmSignUp(username, code) {
194
- const confirmSignUpPayload = {
221
+ const confirmSignUpRequest = {
195
222
  ClientId: this.userPoolClientId,
196
223
  ConfirmationCode: code,
197
- Username: username
224
+ Username: username,
225
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
198
226
  };
199
- await this.cognitoRequest(confirmSignUpPayload, CognitoServiceTarget.ConfirmSignUp);
227
+ await cognitoRequest(confirmSignUpRequest, CognitoServiceTarget.ConfirmSignUp, this.cognitoEndpoint);
200
228
  }
201
229
  /**
202
230
  *
203
231
  * @param currentPassword Current user password.
204
232
  * @param newPassword New user password.
205
233
  *
206
- * @throws {CognitoException}
234
+ * @throws {ChangePasswordException}
207
235
  */
208
236
  async changePassword(currentPassword, newPassword, accessToken) {
209
237
  const changePasswordPayload = {
@@ -211,47 +239,65 @@ export class CognitoClient {
211
239
  ProposedPassword: newPassword,
212
240
  AccessToken: accessToken
213
241
  };
214
- await this.cognitoRequest(changePasswordPayload, CognitoServiceTarget.ChangePassword);
242
+ await cognitoRequest(changePasswordPayload, CognitoServiceTarget.ChangePassword, this.cognitoEndpoint);
215
243
  }
244
+ /**
245
+ * Updates the user attributes.
246
+ *
247
+ * @param userAttributes List of user attributes to update.
248
+ * @param accessToken Access token of the current user.
249
+ *
250
+ * @throws {UpdateUserAttributesException}
251
+ */
216
252
  async updateUserAttributes(userAttributes, accessToken) {
217
253
  const updateUserAttributesPayload = {
218
254
  UserAttributes: userAttributes,
219
255
  AccessToken: accessToken
220
256
  };
221
- await this.cognitoRequest(updateUserAttributesPayload, CognitoServiceTarget.UpdateUserAttributes);
257
+ await cognitoRequest(updateUserAttributesPayload, CognitoServiceTarget.UpdateUserAttributes, this.cognitoEndpoint);
222
258
  }
259
+ /**
260
+ * Verifies a given user attribute
261
+ *
262
+ * @param attributeName Name of the attribute to verify
263
+ * @param code Verification code
264
+ * @param accessToken Access token of the current user.
265
+ *
266
+ * @throws {VerifyUserAttributeException}
267
+ */
223
268
  async verifyUserAttribute(attributeName, code, accessToken) {
224
269
  const verifyUserAttributePayload = {
225
270
  AttributeName: attributeName,
226
271
  Code: code,
227
272
  AccessToken: accessToken
228
273
  };
229
- await this.cognitoRequest(verifyUserAttributePayload, CognitoServiceTarget.VerifyUserAttribute);
274
+ await cognitoRequest(verifyUserAttributePayload, CognitoServiceTarget.VerifyUserAttribute, this.cognitoEndpoint);
230
275
  }
231
276
  /**
232
277
  * Sign out the user and remove the current user session.
233
278
  *
234
- * @throws {CognitoException}
279
+ * @throws {RevokeTokenException}
235
280
  */
236
281
  async signOut(refreshToken) {
237
282
  const revokeTokenPayload = {
238
283
  Token: refreshToken,
239
284
  ClientId: this.userPoolClientId
240
285
  };
241
- await this.cognitoRequest(revokeTokenPayload, CognitoServiceTarget.RevokeToken);
286
+ await cognitoRequest(revokeTokenPayload, CognitoServiceTarget.RevokeToken, this.cognitoEndpoint);
242
287
  }
243
288
  /**
244
289
  * Request forgot password.
245
290
  * @param username Username
246
291
  *
247
- * @throws {CognitoException}
292
+ * @throws {ForgotPasswordException}
248
293
  */
249
294
  async forgotPassword(username) {
250
- const forgotPasswordPayload = {
295
+ const forgotPasswordRequest = {
251
296
  ClientId: this.userPoolClientId,
252
- Username: username
297
+ Username: username,
298
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
253
299
  };
254
- await this.cognitoRequest(forgotPasswordPayload, CognitoServiceTarget.ForgotPassword);
300
+ await cognitoRequest(forgotPasswordRequest, CognitoServiceTarget.ForgotPassword, this.cognitoEndpoint);
255
301
  }
256
302
  /**
257
303
  * Confirms the new password via the given code send via cognito triggered by @see forgotPassword .
@@ -260,27 +306,31 @@ export class CognitoClient {
260
306
  * @param newPassword New password
261
307
  * @param confirmationCode Confirmation code which the user got through E-mail
262
308
  *
263
- * @throws {CognitoException}
309
+ * @throws {ConfirmForgotPasswordException}
264
310
  */
265
311
  async confirmForgotPassword(username, newPassword, confirmationCode) {
266
- const confirmForgotPasswordPayload = {
312
+ const confirmForgotPasswordRequest = {
267
313
  ClientId: this.userPoolClientId,
268
314
  Username: username,
269
315
  ConfirmationCode: confirmationCode,
270
- Password: newPassword
316
+ Password: newPassword,
317
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
271
318
  };
272
- await this.cognitoRequest(confirmForgotPasswordPayload, CognitoServiceTarget.ConfirmForgotPassword);
319
+ await cognitoRequest(confirmForgotPasswordRequest, CognitoServiceTarget.ConfirmForgotPassword, this.cognitoEndpoint);
273
320
  }
274
321
  /**
275
322
  * Triggers cognito to resend the confirmation code
276
323
  * @param username Username
324
+ *
325
+ * @throws {ResendConfirmationCodeException}
277
326
  */
278
327
  async resendConfirmationCode(username) {
279
- const resendConfirmationCodePayLoad = {
328
+ const resendConfirmationCodeRequest = {
280
329
  ClientId: this.userPoolClientId,
281
- Username: username
330
+ Username: username,
331
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
282
332
  };
283
- await this.cognitoRequest(resendConfirmationCodePayLoad, CognitoServiceTarget.ResendConfirmationCode);
333
+ await cognitoRequest(resendConfirmationCodeRequest, CognitoServiceTarget.ResendConfirmationCode, this.cognitoEndpoint);
284
334
  }
285
335
  /**
286
336
  * Returns a link to Cognito`s Hosted UI for OAuth2 authentication.