@vardario/cognito-client 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,158 @@
1
+ export interface CognitoBaseRequest {
2
+ ClientId: string;
3
+ ClientMetadata?: Record<string, string>;
4
+ AnalyticsMetadata?: {
5
+ AnalyticsEndpointId: string;
6
+ };
7
+ UserContextData?: {
8
+ EncodedData?: string;
9
+ IpAddress?: string;
10
+ };
11
+ }
12
+ export interface AuthIntiUserSrpRequest extends CognitoBaseRequest {
13
+ AuthFlow: 'USER_SRP_AUTH';
14
+ AuthParameters: {
15
+ USERNAME: string;
16
+ SRP_A: string;
17
+ SECRET_HASH?: string;
18
+ };
19
+ }
20
+ export interface AuthIntiUserPasswordRequest extends CognitoBaseRequest {
21
+ AuthFlow: 'USER_PASSWORD_AUTH';
22
+ AuthParameters: {
23
+ USERNAME: string;
24
+ PASSWORD: string;
25
+ SECRET_HASH?: string;
26
+ };
27
+ }
28
+ export interface AuthIntiRefreshTokenRequest extends CognitoBaseRequest {
29
+ AuthFlow: 'REFRESH_TOKEN_AUTH';
30
+ AuthParameters: {
31
+ REFRESH_TOKEN: string;
32
+ SECRET_HASH?: string;
33
+ };
34
+ }
35
+ export interface AuthIntiCustomAuthRequest extends CognitoBaseRequest {
36
+ AuthFlow: 'CUSTOM_AUTH';
37
+ AuthParameters: {
38
+ USERNAME: string;
39
+ SECRET_HASH?: string;
40
+ };
41
+ }
42
+ export type AuthIntiRequest = AuthIntiUserSrpRequest | AuthIntiRefreshTokenRequest | AuthIntiCustomAuthRequest | AuthIntiUserPasswordRequest;
43
+ export interface RespondToAuthChallengeBaseRequest extends CognitoBaseRequest {
44
+ Session?: string;
45
+ }
46
+ export interface RespondToAuthChallengePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
47
+ ChallengeName: 'PASSWORD_VERIFIER';
48
+ ChallengeResponses: {
49
+ USERNAME: string;
50
+ PASSWORD_CLAIM_SECRET_BLOCK: string;
51
+ PASSWORD_CLAIM_SIGNATURE: string;
52
+ TIMESTAMP: string;
53
+ SECRET_HASH?: string;
54
+ };
55
+ }
56
+ export interface RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChallengeBaseRequest {
57
+ ChallengeName: 'SMS_MFA';
58
+ ChallengeResponses: {
59
+ USERNAME: string;
60
+ SMS_MFA_CODE: string;
61
+ SECRET_HASH?: string;
62
+ };
63
+ }
64
+ export interface RespondToAuthChallengeCustomChallengeNameRequest extends RespondToAuthChallengeBaseRequest {
65
+ ChallengeName: 'CUSTOM_CHALLENGE';
66
+ ChallengeResponses: {
67
+ USERNAME: string;
68
+ ANSWER: string;
69
+ SECRET_HASH?: string;
70
+ };
71
+ }
72
+ export interface RespondToAuthChallengeNewPasswordRequiredRequest extends RespondToAuthChallengeBaseRequest {
73
+ ChallengeName: 'NEW_PASSWORD_REQUIRED';
74
+ ChallengeResponses: {
75
+ USERNAME: string;
76
+ NEW_PASSWORD: string;
77
+ SECRET_HASH?: string;
78
+ };
79
+ }
80
+ export interface RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondToAuthChallengeBaseRequest {
81
+ ChallengeName: 'SOFTWARE_TOKEN_MFA';
82
+ ChallengeResponses: {
83
+ USERNAME: string;
84
+ SOFTWARE_TOKEN_MFA_CODE: string;
85
+ SECRET_HASH?: string;
86
+ };
87
+ }
88
+ export interface RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAuthChallengeBaseRequest {
89
+ ChallengeName: 'DEVICE_SRP_AUTH';
90
+ ChallengeResponses: {
91
+ USERNAME: string;
92
+ SRP_A: string;
93
+ SECRET_HASH?: string;
94
+ };
95
+ }
96
+ export interface RespondToAuthChallengeDevicePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
97
+ ChallengeName: 'DEVICE_PASSWORD_VERIFIER';
98
+ ChallengeResponses: {
99
+ USERNAME: string;
100
+ PASSWORD_CLAIM_SECRET_BLOCK: string;
101
+ PASSWORD_CLAIM_SIGNATURE: string;
102
+ TIMESTAMP: string;
103
+ DEVICE_KEY: string;
104
+ SECRET_HASH?: string;
105
+ };
106
+ }
107
+ export interface RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChallengeBaseRequest {
108
+ ChallengeName: 'MFA_SETUP';
109
+ ChallengeResponses: {
110
+ USERNAME: string;
111
+ SMS_MFA_CODE?: string;
112
+ SOFTWARE_TOKEN_MFA_CODE?: string;
113
+ SECRET_HASH?: string;
114
+ };
115
+ }
116
+ export interface RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAuthChallengeBaseRequest {
117
+ ChallengeName: 'SELECT_MFA_TYPE';
118
+ ChallengeResponses: {
119
+ USERNAME: string;
120
+ SOFTWARE_TOKEN_MFA_CODE?: string;
121
+ SECRET_HASH?: string;
122
+ };
123
+ }
124
+ export type RespondToAuthChallengeRequest = RespondToAuthChallengePasswordVerifierRequest | RespondToAuthChallengeSmsMfaRequest | RespondToAuthChallengeCustomChallengeNameRequest | RespondToAuthChallengeNewPasswordRequiredRequest | RespondToAuthChallengeSoftwareTokenMfaRequest | RespondToAuthChallengeDeviceSrpAuthRequest | RespondToAuthChallengeDevicePasswordVerifierRequest | RespondToAuthChallengeMfaSetupRequest | RespondToAuthChallengeSelectMfaTypeRequest;
1
125
  export interface UserAttribute {
2
126
  Name: string;
3
127
  Value: string;
4
128
  }
129
+ export interface ConfirmForgotPasswordRequest extends CognitoBaseRequest {
130
+ ConfirmationCode: string;
131
+ Password: string;
132
+ Username: string;
133
+ SecretHash?: string;
134
+ }
135
+ export interface ConfirmSignUpRequest extends CognitoBaseRequest {
136
+ ConfirmationCode: string;
137
+ Username: string;
138
+ SecretHash?: string;
139
+ ForceAliasCreation?: boolean;
140
+ }
141
+ export interface ForgotPasswordRequest extends CognitoBaseRequest {
142
+ Username: string;
143
+ SecretHash?: string;
144
+ }
145
+ export interface SignUpRequest extends CognitoBaseRequest {
146
+ Username: string;
147
+ Password: string;
148
+ SecretHash?: string;
149
+ UserAttributes?: UserAttribute[];
150
+ ValidationData?: UserAttribute[];
151
+ }
152
+ export interface ResendConfirmationCodeRequest extends CognitoBaseRequest {
153
+ Username: string;
154
+ SecretHash?: string;
155
+ }
5
156
  /**
6
157
  * Cognito related OAuth props.
7
158
  */
@@ -43,6 +194,10 @@ export interface CognitoClientProps {
43
194
  * Cognito OAuth related options. See @see OAuthProps .
44
195
  */
45
196
  oAuth2?: OAuth2Props;
197
+ /**
198
+ * Optional Cognito User Pool Client Secret.
199
+ */
200
+ clientSecret?: string;
46
201
  }
47
202
  /**
48
203
  * Cognito User Session
@@ -117,7 +272,8 @@ export declare enum CognitoServiceTarget {
117
272
  ConfirmForgotPassword = "ConfirmForgotPassword",
118
273
  ResendConfirmationCode = "ResendConfirmationCode",
119
274
  UpdateUserAttributes = "UpdateUserAttributes",
120
- VerifyUserAttribute = "VerifyUserAttribute"
275
+ VerifyUserAttribute = "VerifyUserAttribute",
276
+ GlobalSignOut = "GlobalSignOut"
121
277
  }
122
278
  /**
123
279
  * Cognito supported federated identities public providers.
@@ -159,7 +315,8 @@ export declare class CognitoClient {
159
315
  private readonly cognitoPoolName;
160
316
  private readonly userPoolClientId;
161
317
  private readonly oAuth?;
162
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth }: CognitoClientProps);
318
+ private readonly clientSecret?;
319
+ constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }: CognitoClientProps);
163
320
  static getDecodedTokenFromSession(session: Session): DecodedTokens;
164
321
  /**
165
322
  *
@@ -185,11 +342,12 @@ export declare class CognitoClient {
185
342
  /**
186
343
  * Returns a new session based on the given refresh token.
187
344
  *
188
- * @param refreshToken
345
+ * @param refreshToken Refresh token from a previous session.
346
+ * @param username Username is required when using a client secret and needs to be the cognito user id.
189
347
  * @returns @see Session
190
348
  * @throws {InitiateAuthException}
191
349
  */
192
- refreshSession(refreshToken: string): Promise<Session>;
350
+ refreshSession(refreshToken: string, username?: string): Promise<Session>;
193
351
  /**
194
352
  *
195
353
  * @param username Username
@@ -238,11 +396,13 @@ export declare class CognitoClient {
238
396
  */
239
397
  verifyUserAttribute(attributeName: string, code: string, accessToken: string): Promise<void>;
240
398
  /**
241
- * Sign out the user and remove the current user session.
399
+ * Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
242
400
  *
401
+ * @param refreshToken Refresh token from a previous session.
402
+ * @param username Username is required when using a client secret and needs to be the cognito user id.
243
403
  * @throws {RevokeTokenException}
244
404
  */
245
- signOut(refreshToken: string): Promise<void>;
405
+ revokeToken(refreshToken: string): Promise<void>;
246
406
  /**
247
407
  * Request forgot password.
248
408
  * @param username Username
@@ -293,4 +453,9 @@ export declare class CognitoClient {
293
453
  * @throws {Error}
294
454
  */
295
455
  handleCodeFlow(returnUrl: string, pkce: string): Promise<Session>;
456
+ /**
457
+ * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
458
+ * @param accessToken Access token of the current user.
459
+ */
460
+ globalSignOut(accessToken: string): Promise<void>;
296
461
  }
@@ -2,7 +2,7 @@ import hashJs from 'hash.js';
2
2
  import { BigInteger } from 'jsbn';
3
3
  import { Buffer } from 'buffer';
4
4
  import { CognitoCommonException, CognitoError } from './error.js';
5
- import { calculateSignature, calculateU, decodeJwt, generateA, generateSmallA, getPasswordAuthenticationKey, randomBytes } from './utils.js';
5
+ import { calculateSecretHash, calculateSignature, calculateU, decodeJwt, generateA, generateSmallA, getPasswordAuthenticationKey, randomBytes } from './utils.js';
6
6
  /**
7
7
  * List of used and supported Cognito API calls.
8
8
  * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_Operations.html for more details
@@ -20,6 +20,7 @@ export var CognitoServiceTarget;
20
20
  CognitoServiceTarget["ResendConfirmationCode"] = "ResendConfirmationCode";
21
21
  CognitoServiceTarget["UpdateUserAttributes"] = "UpdateUserAttributes";
22
22
  CognitoServiceTarget["VerifyUserAttribute"] = "VerifyUserAttribute";
23
+ CognitoServiceTarget["GlobalSignOut"] = "GlobalSignOut";
23
24
  })(CognitoServiceTarget || (CognitoServiceTarget = {}));
24
25
  /**
25
26
  * Cognito supported federated identities public providers.
@@ -79,12 +80,13 @@ export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
79
80
  * Lightweight AWS Cogito client without any AWS SDK dependencies.
80
81
  */
81
82
  export class CognitoClient {
82
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth }) {
83
+ constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }) {
83
84
  const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split('_');
84
85
  this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, '');
85
86
  this.cognitoPoolName = cognitoPoolName;
86
87
  this.userPoolClientId = userPoolClientId;
87
88
  this.oAuth = oAuth;
89
+ this.clientSecret = clientSecret;
88
90
  }
89
91
  static getDecodedTokenFromSession(session) {
90
92
  const { payload: idToken } = decodeJwt(session.idToken);
@@ -112,7 +114,8 @@ export class CognitoClient {
112
114
  ClientId: this.userPoolClientId,
113
115
  AuthParameters: {
114
116
  USERNAME: username,
115
- SRP_A: A.toString(16)
117
+ SRP_A: A.toString(16),
118
+ SECRET_HASH: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
116
119
  },
117
120
  ClientMetadata: {}
118
121
  };
@@ -122,18 +125,20 @@ export class CognitoClient {
122
125
  const U = calculateU(A, B);
123
126
  const hkdf = getPasswordAuthenticationKey(this.cognitoPoolName, challenge.ChallengeParameters.USER_ID_FOR_SRP, password, B, U, smallA, salt);
124
127
  const { signature, timeStamp } = calculateSignature(this.cognitoPoolName, challenge.ChallengeParameters.USER_ID_FOR_SRP, challenge.ChallengeParameters.SECRET_BLOCK, hkdf);
125
- const respondToAuthChallengePayload = {
128
+ const respondToAuthChallengeRequest = {
126
129
  ChallengeName: 'PASSWORD_VERIFIER',
127
130
  ClientId: this.userPoolClientId,
128
131
  ChallengeResponses: {
129
132
  PASSWORD_CLAIM_SECRET_BLOCK: challenge.ChallengeParameters.SECRET_BLOCK,
130
133
  PASSWORD_CLAIM_SIGNATURE: signature,
131
134
  USERNAME: challenge.ChallengeParameters.USER_ID_FOR_SRP,
132
- TIMESTAMP: timeStamp
135
+ TIMESTAMP: timeStamp,
136
+ SECRET_HASH: this.clientSecret &&
137
+ calculateSecretHash(this.clientSecret, this.userPoolClientId, challenge.ChallengeParameters.USER_ID_FOR_SRP)
133
138
  },
134
139
  ClientMetadata: {}
135
140
  };
136
- const { AuthenticationResult } = await cognitoRequest(respondToAuthChallengePayload, CognitoServiceTarget.RespondToAuthChallenge, this.cognitoEndpoint);
141
+ const { AuthenticationResult } = await cognitoRequest(respondToAuthChallengeRequest, CognitoServiceTarget.RespondToAuthChallenge, this.cognitoEndpoint);
137
142
  return authResultToSession(AuthenticationResult);
138
143
  }
139
144
  /**
@@ -151,7 +156,8 @@ export class CognitoClient {
151
156
  ClientId: this.userPoolClientId,
152
157
  AuthParameters: {
153
158
  USERNAME: username,
154
- PASSWORD: password
159
+ PASSWORD: password,
160
+ SECRET_HASH: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
155
161
  },
156
162
  ClientMetadata: {}
157
163
  };
@@ -162,16 +168,18 @@ export class CognitoClient {
162
168
  /**
163
169
  * Returns a new session based on the given refresh token.
164
170
  *
165
- * @param refreshToken
171
+ * @param refreshToken Refresh token from a previous session.
172
+ * @param username Username is required when using a client secret and needs to be the cognito user id.
166
173
  * @returns @see Session
167
174
  * @throws {InitiateAuthException}
168
175
  */
169
- async refreshSession(refreshToken) {
176
+ async refreshSession(refreshToken, username) {
170
177
  const refreshTokenPayload = {
171
178
  AuthFlow: 'REFRESH_TOKEN_AUTH',
172
179
  ClientId: this.userPoolClientId,
173
180
  AuthParameters: {
174
- REFRESH_TOKEN: refreshToken
181
+ REFRESH_TOKEN: refreshToken,
182
+ SECRET_HASH: this.clientSecret && username && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
175
183
  },
176
184
  ClientMetadata: {}
177
185
  };
@@ -189,13 +197,14 @@ export class CognitoClient {
189
197
  * @throws {SignUpException}
190
198
  */
191
199
  async signUp(username, password, userAttributes) {
192
- const signUpPayload = {
200
+ const signUpRequest = {
193
201
  ClientId: this.userPoolClientId,
194
202
  Username: username,
195
203
  Password: password,
196
- UserAttributes: userAttributes
204
+ UserAttributes: userAttributes,
205
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
197
206
  };
198
- const data = await cognitoRequest(signUpPayload, CognitoServiceTarget.SignUp, this.cognitoEndpoint);
207
+ const data = await cognitoRequest(signUpRequest, CognitoServiceTarget.SignUp, this.cognitoEndpoint);
199
208
  return {
200
209
  id: data.UserSub,
201
210
  confirmed: data.UserConfirmed
@@ -210,12 +219,13 @@ export class CognitoClient {
210
219
  * @throws {ConfirmSignUpException}
211
220
  */
212
221
  async confirmSignUp(username, code) {
213
- const confirmSignUpPayload = {
222
+ const confirmSignUpRequest = {
214
223
  ClientId: this.userPoolClientId,
215
224
  ConfirmationCode: code,
216
- Username: username
225
+ Username: username,
226
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
217
227
  };
218
- await cognitoRequest(confirmSignUpPayload, CognitoServiceTarget.ConfirmSignUp, this.cognitoEndpoint);
228
+ await cognitoRequest(confirmSignUpRequest, CognitoServiceTarget.ConfirmSignUp, this.cognitoEndpoint);
219
229
  }
220
230
  /**
221
231
  *
@@ -265,14 +275,17 @@ export class CognitoClient {
265
275
  await cognitoRequest(verifyUserAttributePayload, CognitoServiceTarget.VerifyUserAttribute, this.cognitoEndpoint);
266
276
  }
267
277
  /**
268
- * Sign out the user and remove the current user session.
278
+ * Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
269
279
  *
280
+ * @param refreshToken Refresh token from a previous session.
281
+ * @param username Username is required when using a client secret and needs to be the cognito user id.
270
282
  * @throws {RevokeTokenException}
271
283
  */
272
- async signOut(refreshToken) {
284
+ async revokeToken(refreshToken) {
273
285
  const revokeTokenPayload = {
274
286
  Token: refreshToken,
275
- ClientId: this.userPoolClientId
287
+ ClientId: this.userPoolClientId,
288
+ ClientSecret: this.clientSecret
276
289
  };
277
290
  await cognitoRequest(revokeTokenPayload, CognitoServiceTarget.RevokeToken, this.cognitoEndpoint);
278
291
  }
@@ -283,11 +296,12 @@ export class CognitoClient {
283
296
  * @throws {ForgotPasswordException}
284
297
  */
285
298
  async forgotPassword(username) {
286
- const forgotPasswordPayload = {
299
+ const forgotPasswordRequest = {
287
300
  ClientId: this.userPoolClientId,
288
- Username: username
301
+ Username: username,
302
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
289
303
  };
290
- await cognitoRequest(forgotPasswordPayload, CognitoServiceTarget.ForgotPassword, this.cognitoEndpoint);
304
+ await cognitoRequest(forgotPasswordRequest, CognitoServiceTarget.ForgotPassword, this.cognitoEndpoint);
291
305
  }
292
306
  /**
293
307
  * Confirms the new password via the given code send via cognito triggered by @see forgotPassword .
@@ -299,13 +313,14 @@ export class CognitoClient {
299
313
  * @throws {ConfirmForgotPasswordException}
300
314
  */
301
315
  async confirmForgotPassword(username, newPassword, confirmationCode) {
302
- const confirmForgotPasswordPayload = {
316
+ const confirmForgotPasswordRequest = {
303
317
  ClientId: this.userPoolClientId,
304
318
  Username: username,
305
319
  ConfirmationCode: confirmationCode,
306
- Password: newPassword
320
+ Password: newPassword,
321
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
307
322
  };
308
- await cognitoRequest(confirmForgotPasswordPayload, CognitoServiceTarget.ConfirmForgotPassword, this.cognitoEndpoint);
323
+ await cognitoRequest(confirmForgotPasswordRequest, CognitoServiceTarget.ConfirmForgotPassword, this.cognitoEndpoint);
309
324
  }
310
325
  /**
311
326
  * Triggers cognito to resend the confirmation code
@@ -314,11 +329,12 @@ export class CognitoClient {
314
329
  * @throws {ResendConfirmationCodeException}
315
330
  */
316
331
  async resendConfirmationCode(username) {
317
- const resendConfirmationCodePayLoad = {
332
+ const resendConfirmationCodeRequest = {
318
333
  ClientId: this.userPoolClientId,
319
- Username: username
334
+ Username: username,
335
+ SecretHash: this.clientSecret && calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
320
336
  };
321
- await cognitoRequest(resendConfirmationCodePayLoad, CognitoServiceTarget.ResendConfirmationCode, this.cognitoEndpoint);
337
+ await cognitoRequest(resendConfirmationCodeRequest, CognitoServiceTarget.ResendConfirmationCode, this.cognitoEndpoint);
322
338
  }
323
339
  /**
324
340
  * Returns a link to Cognito`s Hosted UI for OAuth2 authentication.
@@ -402,4 +418,14 @@ export class CognitoClient {
402
418
  });
403
419
  return session;
404
420
  }
421
+ /**
422
+ * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
423
+ * @param accessToken Access token of the current user.
424
+ */
425
+ async globalSignOut(accessToken) {
426
+ const globalSignOutPayload = {
427
+ AccessToken: accessToken
428
+ };
429
+ await cognitoRequest(globalSignOutPayload, CognitoServiceTarget.GlobalSignOut, this.cognitoEndpoint);
430
+ }
405
431
  }
package/lib/utils.d.ts CHANGED
@@ -21,3 +21,4 @@ export declare function decodeJwt<T = unknown>(jwt: string): {
21
21
  };
22
22
  export declare function randomBytes(num: number): Promise<Buffer>;
23
23
  export declare function formatTimestamp(date: Date): string;
24
+ export declare function calculateSecretHash(clientSecret: string, userPoolClientId: string, username: string): string;
package/lib/utils.js CHANGED
@@ -123,3 +123,11 @@ export async function randomBytes(num) {
123
123
  export function formatTimestamp(date) {
124
124
  return formatInTimeZone(date, 'UTC', "EEE MMM d HH:mm:ss 'UTC' yyyy");
125
125
  }
126
+ export function calculateSecretHash(clientSecret, userPoolClientId, username) {
127
+ const message = `${username}${userPoolClientId}`;
128
+ const hash = Buffer.from(hashJs
129
+ .hmac(hashJs.sha256, clientSecret)
130
+ .update(message)
131
+ .digest()).toString('base64');
132
+ return hash;
133
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vardario/cognito-client",
3
- "version": "2.0.0",
3
+ "version": "3.0.0",
4
4
  "description": "",
5
5
  "license": "MIT",
6
6
  "author": "Sahin Vardar",
@@ -16,8 +16,9 @@
16
16
  "scripts": {
17
17
  "build": "tsc --build",
18
18
  "format": "prettier --plugin-search-dir . --write . && prettier-package-json --write && eslint --fix .",
19
+ "integration-test": "vitest run integration",
19
20
  "prepare": "husky install",
20
- "test": "vitest run",
21
+ "test": "vitest run unit",
21
22
  "watch": "tsc --build --watch"
22
23
  },
23
24
  "dependencies": {
@@ -27,7 +28,7 @@
27
28
  "jsbn": "^1.1.0"
28
29
  },
29
30
  "devDependencies": {
30
- "@aws-sdk/client-cognito-identity-provider": "^3.454.0",
31
+ "@aws-sdk/client-cognito-identity-provider": "^3.465.0",
31
32
  "@types/jsbn": "^1.2.33",
32
33
  "@types/jsdom": "^21.1.5",
33
34
  "@types/randombytes": "^2.0.3",