@vardario/cognito-client 4.0.4 → 4.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/lib/bigint-math.d.ts +10 -0
- package/lib/bigint-math.js +67 -0
- package/lib/browser.js +1208 -0
- package/lib/cognito-client.js +18 -20
- package/lib/utils.d.ts +19 -14
- package/lib/utils.js +83 -59
- package/package.json +7 -11
package/lib/browser.js
ADDED
|
@@ -0,0 +1,1208 @@
|
|
|
1
|
+
// src/error.ts
|
|
2
|
+
var CommonException = /* @__PURE__ */ ((CommonException3) => {
|
|
3
|
+
CommonException3["AccessDeniedException"] = "AccessDeniedException";
|
|
4
|
+
CommonException3["IncompleteSignature"] = "IncompleteSignature";
|
|
5
|
+
CommonException3["InternalFailure"] = "InternalFailure";
|
|
6
|
+
CommonException3["InvalidAction"] = "InvalidAction";
|
|
7
|
+
CommonException3["InvalidClientTokenId"] = "InvalidClientTokenId";
|
|
8
|
+
CommonException3["NotAuthorized"] = "NotAuthorized";
|
|
9
|
+
CommonException3["OptInRequired"] = "OptInRequired";
|
|
10
|
+
CommonException3["RequestExpired"] = "RequestExpired";
|
|
11
|
+
CommonException3["ServiceUnavailable"] = "ServiceUnavailable";
|
|
12
|
+
CommonException3["ThrottlingException"] = "ThrottlingException";
|
|
13
|
+
CommonException3["ValidationError"] = "ValidationError";
|
|
14
|
+
return CommonException3;
|
|
15
|
+
})(CommonException || {});
|
|
16
|
+
var COMMON_EXCEPTIONS = [
|
|
17
|
+
"AccessDeniedException" /* AccessDeniedException */,
|
|
18
|
+
"IncompleteSignature" /* IncompleteSignature */,
|
|
19
|
+
"InternalFailure" /* InternalFailure */,
|
|
20
|
+
"InvalidAction" /* InvalidAction */,
|
|
21
|
+
"InvalidClientTokenId" /* InvalidClientTokenId */,
|
|
22
|
+
"NotAuthorized" /* NotAuthorized */,
|
|
23
|
+
"OptInRequired" /* OptInRequired */,
|
|
24
|
+
"RequestExpired" /* RequestExpired */,
|
|
25
|
+
"ServiceUnavailable" /* ServiceUnavailable */,
|
|
26
|
+
"ThrottlingException" /* ThrottlingException */,
|
|
27
|
+
"ValidationError" /* ValidationError */
|
|
28
|
+
];
|
|
29
|
+
var AssociateSoftwareTokenException = /* @__PURE__ */ ((AssociateSoftwareTokenException2) => {
|
|
30
|
+
AssociateSoftwareTokenException2["ConcurrentModificationException"] = "ConcurrentModificationException";
|
|
31
|
+
AssociateSoftwareTokenException2["ForbiddenException"] = "ForbiddenException";
|
|
32
|
+
AssociateSoftwareTokenException2["InternalErrorException"] = "InternalErrorException";
|
|
33
|
+
AssociateSoftwareTokenException2["InvalidParameterException"] = "InvalidParameterException";
|
|
34
|
+
AssociateSoftwareTokenException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
35
|
+
AssociateSoftwareTokenException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
36
|
+
AssociateSoftwareTokenException2["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
|
|
37
|
+
return AssociateSoftwareTokenException2;
|
|
38
|
+
})(AssociateSoftwareTokenException || {});
|
|
39
|
+
var ChangePasswordException = /* @__PURE__ */ ((ChangePasswordException3) => {
|
|
40
|
+
ChangePasswordException3["ForbiddenException"] = "ForbiddenException";
|
|
41
|
+
ChangePasswordException3["InternalErrorException"] = "InternalErrorException";
|
|
42
|
+
ChangePasswordException3["InvalidParameterException"] = "InvalidParameterException";
|
|
43
|
+
ChangePasswordException3["InvalidPasswordException"] = "InvalidPasswordException";
|
|
44
|
+
ChangePasswordException3["LimitExceededException"] = "LimitExceededException";
|
|
45
|
+
ChangePasswordException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
46
|
+
ChangePasswordException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
47
|
+
ChangePasswordException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
48
|
+
ChangePasswordException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
49
|
+
ChangePasswordException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
50
|
+
ChangePasswordException3["UserNotFoundException"] = "UserNotFoundException";
|
|
51
|
+
return ChangePasswordException3;
|
|
52
|
+
})(ChangePasswordException || {});
|
|
53
|
+
var ConfirmDeviceException = /* @__PURE__ */ ((ConfirmDeviceException2) => {
|
|
54
|
+
ConfirmDeviceException2["ForbiddenException"] = "ForbiddenException";
|
|
55
|
+
ConfirmDeviceException2["InternalErrorException"] = "InternalErrorException";
|
|
56
|
+
ConfirmDeviceException2["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
57
|
+
ConfirmDeviceException2["InvalidParameterException"] = "InvalidParameterException";
|
|
58
|
+
ConfirmDeviceException2["InvalidPasswordException"] = "InvalidPasswordException";
|
|
59
|
+
ConfirmDeviceException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
60
|
+
ConfirmDeviceException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
61
|
+
ConfirmDeviceException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
62
|
+
ConfirmDeviceException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
63
|
+
ConfirmDeviceException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
64
|
+
ConfirmDeviceException2["UsernameExistsException"] = "UsernameExistsException";
|
|
65
|
+
ConfirmDeviceException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
66
|
+
ConfirmDeviceException2["UserNotFoundException"] = "UserNotFoundException";
|
|
67
|
+
return ConfirmDeviceException2;
|
|
68
|
+
})(ConfirmDeviceException || {});
|
|
69
|
+
var ConfirmForgotPasswordException = /* @__PURE__ */ ((ConfirmForgotPasswordException3) => {
|
|
70
|
+
ConfirmForgotPasswordException3["CodeMismatchException"] = "CodeMismatchException";
|
|
71
|
+
ConfirmForgotPasswordException3["ExpiredCodeException"] = "ExpiredCodeException";
|
|
72
|
+
ConfirmForgotPasswordException3["ForbiddenException"] = "ForbiddenException";
|
|
73
|
+
ConfirmForgotPasswordException3["InternalErrorException"] = "InternalErrorException";
|
|
74
|
+
ConfirmForgotPasswordException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
75
|
+
ConfirmForgotPasswordException3["InvalidParameterException"] = "InvalidParameterException";
|
|
76
|
+
ConfirmForgotPasswordException3["InvalidPasswordException"] = "InvalidPasswordException";
|
|
77
|
+
ConfirmForgotPasswordException3["LimitExceededException"] = "LimitExceededException";
|
|
78
|
+
ConfirmForgotPasswordException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
79
|
+
ConfirmForgotPasswordException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
80
|
+
ConfirmForgotPasswordException3["TooManyFailedAttemptsException"] = "TooManyFailedAttemptsException";
|
|
81
|
+
ConfirmForgotPasswordException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
82
|
+
ConfirmForgotPasswordException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
83
|
+
ConfirmForgotPasswordException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
84
|
+
ConfirmForgotPasswordException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
85
|
+
ConfirmForgotPasswordException3["UserNotFoundException"] = "UserNotFoundException";
|
|
86
|
+
return ConfirmForgotPasswordException3;
|
|
87
|
+
})(ConfirmForgotPasswordException || {});
|
|
88
|
+
var ConfirmSignUpException = /* @__PURE__ */ ((ConfirmSignUpException3) => {
|
|
89
|
+
ConfirmSignUpException3["AliasExistsException"] = "AliasExistsException";
|
|
90
|
+
ConfirmSignUpException3["CodeMismatchException"] = "CodeMismatchException";
|
|
91
|
+
ConfirmSignUpException3["ExpiredCodeException"] = "ExpiredCodeException";
|
|
92
|
+
ConfirmSignUpException3["ForbiddenException"] = "ForbiddenException";
|
|
93
|
+
ConfirmSignUpException3["InternalErrorException"] = "InternalErrorException";
|
|
94
|
+
ConfirmSignUpException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
95
|
+
ConfirmSignUpException3["InvalidParameterException"] = "InvalidParameterException";
|
|
96
|
+
ConfirmSignUpException3["LimitExceededException"] = "LimitExceededException";
|
|
97
|
+
ConfirmSignUpException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
98
|
+
ConfirmSignUpException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
99
|
+
ConfirmSignUpException3["TooManyFailedAttemptsException"] = "TooManyFailedAttemptsException";
|
|
100
|
+
ConfirmSignUpException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
101
|
+
ConfirmSignUpException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
102
|
+
ConfirmSignUpException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
103
|
+
ConfirmSignUpException3["UserNotFoundException"] = "UserNotFoundException";
|
|
104
|
+
return ConfirmSignUpException3;
|
|
105
|
+
})(ConfirmSignUpException || {});
|
|
106
|
+
var DeleteUserAttributesException = /* @__PURE__ */ ((DeleteUserAttributesException2) => {
|
|
107
|
+
DeleteUserAttributesException2["ForbiddenException"] = "ForbiddenException";
|
|
108
|
+
DeleteUserAttributesException2["InternalErrorException"] = "InternalErrorException";
|
|
109
|
+
DeleteUserAttributesException2["InvalidParameterException"] = "InvalidParameterException";
|
|
110
|
+
DeleteUserAttributesException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
111
|
+
DeleteUserAttributesException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
112
|
+
DeleteUserAttributesException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
113
|
+
DeleteUserAttributesException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
114
|
+
DeleteUserAttributesException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
115
|
+
DeleteUserAttributesException2["UserNotFoundException"] = "UserNotFoundException";
|
|
116
|
+
return DeleteUserAttributesException2;
|
|
117
|
+
})(DeleteUserAttributesException || {});
|
|
118
|
+
var DeleteUserException = /* @__PURE__ */ ((DeleteUserException2) => {
|
|
119
|
+
DeleteUserException2["ForbiddenException"] = "ForbiddenException";
|
|
120
|
+
DeleteUserException2["InternalErrorException"] = "InternalErrorException";
|
|
121
|
+
DeleteUserException2["InvalidParameterException"] = "InvalidParameterException";
|
|
122
|
+
DeleteUserException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
123
|
+
DeleteUserException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
124
|
+
DeleteUserException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
125
|
+
DeleteUserException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
126
|
+
DeleteUserException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
127
|
+
DeleteUserException2["UserNotFoundException"] = "UserNotFoundException";
|
|
128
|
+
return DeleteUserException2;
|
|
129
|
+
})(DeleteUserException || {});
|
|
130
|
+
var ForgetDeviceException = /* @__PURE__ */ ((ForgetDeviceException2) => {
|
|
131
|
+
ForgetDeviceException2["ForbiddenException"] = "ForbiddenException";
|
|
132
|
+
ForgetDeviceException2["InternalErrorException"] = "InternalErrorException";
|
|
133
|
+
ForgetDeviceException2["InvalidParameterException"] = "InvalidParameterException";
|
|
134
|
+
ForgetDeviceException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
135
|
+
ForgetDeviceException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
136
|
+
ForgetDeviceException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
137
|
+
ForgetDeviceException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
138
|
+
ForgetDeviceException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
139
|
+
ForgetDeviceException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
140
|
+
ForgetDeviceException2["UserNotFoundException"] = "UserNotFoundException";
|
|
141
|
+
return ForgetDeviceException2;
|
|
142
|
+
})(ForgetDeviceException || {});
|
|
143
|
+
var ForgotPasswordException = /* @__PURE__ */ ((ForgotPasswordException3) => {
|
|
144
|
+
ForgotPasswordException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
145
|
+
ForgotPasswordException3["ForbiddenException"] = "ForbiddenException";
|
|
146
|
+
ForgotPasswordException3["InternalErrorException"] = "InternalErrorException";
|
|
147
|
+
ForgotPasswordException3["InvalidEmailRoleAccessPolicyException"] = "InvalidEmailRoleAccessPolicyException";
|
|
148
|
+
ForgotPasswordException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
149
|
+
ForgotPasswordException3["InvalidParameterException"] = "InvalidParameterException";
|
|
150
|
+
ForgotPasswordException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
151
|
+
ForgotPasswordException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
152
|
+
ForgotPasswordException3["LimitExceededException"] = "LimitExceededException";
|
|
153
|
+
ForgotPasswordException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
154
|
+
ForgotPasswordException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
155
|
+
ForgotPasswordException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
156
|
+
ForgotPasswordException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
157
|
+
ForgotPasswordException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
158
|
+
ForgotPasswordException3["UserNotFoundException"] = "UserNotFoundException";
|
|
159
|
+
return ForgotPasswordException3;
|
|
160
|
+
})(ForgotPasswordException || {});
|
|
161
|
+
var GetUserException = /* @__PURE__ */ ((GetUserException2) => {
|
|
162
|
+
GetUserException2["ForbiddenException"] = "ForbiddenException";
|
|
163
|
+
GetUserException2["InternalErrorException"] = "InternalErrorException";
|
|
164
|
+
GetUserException2["InvalidParameterException"] = "InvalidParameterException";
|
|
165
|
+
GetUserException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
166
|
+
GetUserException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
167
|
+
GetUserException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
168
|
+
GetUserException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
169
|
+
GetUserException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
170
|
+
GetUserException2["UserNotFoundException"] = "UserNotFoundException";
|
|
171
|
+
return GetUserException2;
|
|
172
|
+
})(GetUserException || {});
|
|
173
|
+
var GetIdException = /* @__PURE__ */ ((GetIdException2) => {
|
|
174
|
+
GetIdException2["ExternalServiceException"] = "ExternalServiceException";
|
|
175
|
+
GetIdException2["InternalErrorException"] = "InternalErrorException";
|
|
176
|
+
GetIdException2["InvalidParameterException"] = "InvalidParameterException";
|
|
177
|
+
GetIdException2["LimitExceededException"] = "LimitExceededException";
|
|
178
|
+
GetIdException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
179
|
+
GetIdException2["ResourceConflictException"] = "ResourceConflictException";
|
|
180
|
+
GetIdException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
181
|
+
GetIdException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
182
|
+
return GetIdException2;
|
|
183
|
+
})(GetIdException || {});
|
|
184
|
+
var GetCredentialsForIdentityException = /* @__PURE__ */ ((GetCredentialsForIdentityException2) => {
|
|
185
|
+
GetCredentialsForIdentityException2["ExternalServiceException"] = "ExternalServiceException";
|
|
186
|
+
GetCredentialsForIdentityException2["InternalErrorException"] = "InternalErrorException";
|
|
187
|
+
GetCredentialsForIdentityException2["InvalidIdentityPoolConfigurationException"] = "InvalidIdentityPoolConfigurationException";
|
|
188
|
+
GetCredentialsForIdentityException2["InvalidParameterException"] = "InvalidParameterException";
|
|
189
|
+
GetCredentialsForIdentityException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
190
|
+
GetCredentialsForIdentityException2["ResourceConflictException"] = "ResourceConflictException";
|
|
191
|
+
GetCredentialsForIdentityException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
192
|
+
GetCredentialsForIdentityException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
193
|
+
return GetCredentialsForIdentityException2;
|
|
194
|
+
})(GetCredentialsForIdentityException || {});
|
|
195
|
+
var GetUserAttributeVerificationException = /* @__PURE__ */ ((GetUserAttributeVerificationException2) => {
|
|
196
|
+
GetUserAttributeVerificationException2["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
197
|
+
GetUserAttributeVerificationException2["ForbiddenException"] = "ForbiddenException";
|
|
198
|
+
GetUserAttributeVerificationException2["InternalErrorException"] = "InternalErrorException";
|
|
199
|
+
GetUserAttributeVerificationException2["InvalidEmailRoleAccessPolicyException"] = "InvalidEmailRoleAccessPolicyException";
|
|
200
|
+
GetUserAttributeVerificationException2["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
201
|
+
GetUserAttributeVerificationException2["InvalidParameterException"] = "InvalidParameterException";
|
|
202
|
+
GetUserAttributeVerificationException2["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
203
|
+
GetUserAttributeVerificationException2["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
204
|
+
GetUserAttributeVerificationException2["LimitExceededException"] = "LimitExceededException";
|
|
205
|
+
GetUserAttributeVerificationException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
206
|
+
GetUserAttributeVerificationException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
207
|
+
GetUserAttributeVerificationException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
208
|
+
GetUserAttributeVerificationException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
209
|
+
GetUserAttributeVerificationException2["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
210
|
+
GetUserAttributeVerificationException2["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
211
|
+
GetUserAttributeVerificationException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
212
|
+
GetUserAttributeVerificationException2["UserNotFoundException"] = "UserNotFoundException";
|
|
213
|
+
return GetUserAttributeVerificationException2;
|
|
214
|
+
})(GetUserAttributeVerificationException || {});
|
|
215
|
+
var GlobalSignOutException = /* @__PURE__ */ ((GlobalSignOutException3) => {
|
|
216
|
+
GlobalSignOutException3["ForbiddenException"] = "ForbiddenException";
|
|
217
|
+
GlobalSignOutException3["InternalErrorException"] = "InternalErrorException";
|
|
218
|
+
GlobalSignOutException3["InvalidParameterException"] = "InvalidParameterException";
|
|
219
|
+
GlobalSignOutException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
220
|
+
GlobalSignOutException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
221
|
+
GlobalSignOutException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
222
|
+
GlobalSignOutException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
223
|
+
GlobalSignOutException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
224
|
+
return GlobalSignOutException3;
|
|
225
|
+
})(GlobalSignOutException || {});
|
|
226
|
+
var InitiateAuthException = /* @__PURE__ */ ((InitiateAuthException3) => {
|
|
227
|
+
InitiateAuthException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
228
|
+
InitiateAuthException3["ForbiddenException"] = "ForbiddenException";
|
|
229
|
+
InitiateAuthException3["InternalErrorException"] = "InternalErrorException";
|
|
230
|
+
InitiateAuthException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
231
|
+
InitiateAuthException3["InvalidParameterException"] = "InvalidParameterException";
|
|
232
|
+
InitiateAuthException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
233
|
+
InitiateAuthException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
234
|
+
InitiateAuthException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
235
|
+
InitiateAuthException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
236
|
+
InitiateAuthException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
237
|
+
InitiateAuthException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
238
|
+
InitiateAuthException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
239
|
+
InitiateAuthException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
240
|
+
InitiateAuthException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
241
|
+
InitiateAuthException3["UserNotFoundException"] = "UserNotFoundException";
|
|
242
|
+
return InitiateAuthException3;
|
|
243
|
+
})(InitiateAuthException || {});
|
|
244
|
+
var ResendConfirmationException = /* @__PURE__ */ ((ResendConfirmationException3) => {
|
|
245
|
+
ResendConfirmationException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
246
|
+
ResendConfirmationException3["ForbiddenException"] = "ForbiddenException";
|
|
247
|
+
ResendConfirmationException3["InternalErrorException"] = "InternalErrorException";
|
|
248
|
+
ResendConfirmationException3["InvalidEmailRoleAccessPolicyException"] = "InvalidEmailRoleAccessPolicyException";
|
|
249
|
+
ResendConfirmationException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
250
|
+
ResendConfirmationException3["InvalidParameterException"] = "InvalidParameterException";
|
|
251
|
+
ResendConfirmationException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
252
|
+
ResendConfirmationException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
253
|
+
ResendConfirmationException3["LimitExceededException"] = "LimitExceededException";
|
|
254
|
+
ResendConfirmationException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
255
|
+
ResendConfirmationException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
256
|
+
ResendConfirmationException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
257
|
+
ResendConfirmationException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
258
|
+
ResendConfirmationException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
259
|
+
ResendConfirmationException3["UserNotFoundException"] = "UserNotFoundException";
|
|
260
|
+
return ResendConfirmationException3;
|
|
261
|
+
})(ResendConfirmationException || {});
|
|
262
|
+
var RespondToAuthChallengeException = /* @__PURE__ */ ((RespondToAuthChallengeException3) => {
|
|
263
|
+
RespondToAuthChallengeException3["AliasExistsException"] = "AliasExistsException";
|
|
264
|
+
RespondToAuthChallengeException3["CodeMismatchException"] = "CodeMismatchException";
|
|
265
|
+
RespondToAuthChallengeException3["ExpiredCodeException"] = "ExpiredCodeException";
|
|
266
|
+
RespondToAuthChallengeException3["ForbiddenException"] = "ForbiddenException";
|
|
267
|
+
RespondToAuthChallengeException3["InternalErrorException"] = "InternalErrorException";
|
|
268
|
+
RespondToAuthChallengeException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
269
|
+
RespondToAuthChallengeException3["InvalidParameterException"] = "InvalidParameterException";
|
|
270
|
+
RespondToAuthChallengeException3["InvalidPasswordException"] = "InvalidPasswordException";
|
|
271
|
+
RespondToAuthChallengeException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
272
|
+
RespondToAuthChallengeException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
273
|
+
RespondToAuthChallengeException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
274
|
+
RespondToAuthChallengeException3["MFAMethodNotFoundException"] = "MFAMethodNotFoundException";
|
|
275
|
+
RespondToAuthChallengeException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
276
|
+
RespondToAuthChallengeException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
277
|
+
RespondToAuthChallengeException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
278
|
+
RespondToAuthChallengeException3["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
|
|
279
|
+
RespondToAuthChallengeException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
280
|
+
RespondToAuthChallengeException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
281
|
+
RespondToAuthChallengeException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
282
|
+
RespondToAuthChallengeException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
283
|
+
RespondToAuthChallengeException3["UserNotFoundException"] = "UserNotFoundException";
|
|
284
|
+
return RespondToAuthChallengeException3;
|
|
285
|
+
})(RespondToAuthChallengeException || {});
|
|
286
|
+
var SetUserMFAPreferenceException = /* @__PURE__ */ ((SetUserMFAPreferenceException2) => {
|
|
287
|
+
SetUserMFAPreferenceException2["ForbiddenException"] = "ForbiddenException";
|
|
288
|
+
SetUserMFAPreferenceException2["InternalErrorException"] = "InternalErrorException";
|
|
289
|
+
SetUserMFAPreferenceException2["InvalidParameterException"] = "InvalidParameterException";
|
|
290
|
+
SetUserMFAPreferenceException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
291
|
+
SetUserMFAPreferenceException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
292
|
+
SetUserMFAPreferenceException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
293
|
+
SetUserMFAPreferenceException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
294
|
+
SetUserMFAPreferenceException2["UserNotFoundException"] = "UserNotFoundException";
|
|
295
|
+
return SetUserMFAPreferenceException2;
|
|
296
|
+
})(SetUserMFAPreferenceException || {});
|
|
297
|
+
var SignUpException = /* @__PURE__ */ ((SignUpException3) => {
|
|
298
|
+
SignUpException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
299
|
+
SignUpException3["InternalErrorException"] = "InternalErrorException";
|
|
300
|
+
SignUpException3["InvalidEmailRoleAccessPolicyException"] = "InvalidEmailRoleAccessPolicyException";
|
|
301
|
+
SignUpException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
302
|
+
SignUpException3["InvalidParameterException"] = "InvalidParameterException";
|
|
303
|
+
SignUpException3["InvalidPasswordException"] = "InvalidPasswordException";
|
|
304
|
+
SignUpException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
305
|
+
SignUpException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
306
|
+
SignUpException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
307
|
+
SignUpException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
308
|
+
SignUpException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
309
|
+
SignUpException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
310
|
+
SignUpException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
311
|
+
SignUpException3["UsernameExistsException"] = "UsernameExistsException";
|
|
312
|
+
return SignUpException3;
|
|
313
|
+
})(SignUpException || {});
|
|
314
|
+
var UpdateUserAttributesException = /* @__PURE__ */ ((UpdateUserAttributesException3) => {
|
|
315
|
+
UpdateUserAttributesException3["AliasExistsException"] = "AliasExistsException";
|
|
316
|
+
UpdateUserAttributesException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
317
|
+
UpdateUserAttributesException3["CodeMismatchException"] = "CodeMismatchException";
|
|
318
|
+
UpdateUserAttributesException3["ExpiredCodeException"] = "ExpiredCodeException";
|
|
319
|
+
UpdateUserAttributesException3["ForbiddenException"] = "ForbiddenException";
|
|
320
|
+
UpdateUserAttributesException3["InternalErrorException"] = "InternalErrorException";
|
|
321
|
+
UpdateUserAttributesException3["InvalidEmailRoleAccessPolicyException"] = "InvalidEmailRoleAccessPolicyException";
|
|
322
|
+
UpdateUserAttributesException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
323
|
+
UpdateUserAttributesException3["InvalidParameterException"] = "InvalidParameterException";
|
|
324
|
+
UpdateUserAttributesException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
325
|
+
UpdateUserAttributesException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
326
|
+
UpdateUserAttributesException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
327
|
+
UpdateUserAttributesException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
328
|
+
UpdateUserAttributesException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
329
|
+
UpdateUserAttributesException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
330
|
+
UpdateUserAttributesException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
331
|
+
UpdateUserAttributesException3["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
332
|
+
UpdateUserAttributesException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
333
|
+
UpdateUserAttributesException3["UserNotFoundException"] = "UserNotFoundException";
|
|
334
|
+
return UpdateUserAttributesException3;
|
|
335
|
+
})(UpdateUserAttributesException || {});
|
|
336
|
+
var VerifySoftwareTokenException = /* @__PURE__ */ ((VerifySoftwareTokenException2) => {
|
|
337
|
+
VerifySoftwareTokenException2["CodeMismatchException"] = "CodeMismatchException";
|
|
338
|
+
VerifySoftwareTokenException2["EnableSoftwareTokenMFAException"] = "EnableSoftwareTokenMFAException";
|
|
339
|
+
VerifySoftwareTokenException2["ForbiddenException"] = "ForbiddenException";
|
|
340
|
+
VerifySoftwareTokenException2["InternalErrorException"] = "InternalErrorException";
|
|
341
|
+
VerifySoftwareTokenException2["InvalidParameterException"] = "InvalidParameterException";
|
|
342
|
+
VerifySoftwareTokenException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
343
|
+
VerifySoftwareTokenException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
344
|
+
VerifySoftwareTokenException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
345
|
+
VerifySoftwareTokenException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
346
|
+
VerifySoftwareTokenException2["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
|
|
347
|
+
VerifySoftwareTokenException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
348
|
+
VerifySoftwareTokenException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
349
|
+
VerifySoftwareTokenException2["UserNotFoundException"] = "UserNotFoundException";
|
|
350
|
+
return VerifySoftwareTokenException2;
|
|
351
|
+
})(VerifySoftwareTokenException || {});
|
|
352
|
+
var VerifyUserAttributeException = /* @__PURE__ */ ((VerifyUserAttributeException3) => {
|
|
353
|
+
VerifyUserAttributeException3["AliasExistsException"] = "AliasExistsException";
|
|
354
|
+
VerifyUserAttributeException3["CodeMismatchException"] = "CodeMismatchException";
|
|
355
|
+
VerifyUserAttributeException3["ExpiredCodeException"] = "ExpiredCodeException";
|
|
356
|
+
VerifyUserAttributeException3["ForbiddenException"] = "ForbiddenException";
|
|
357
|
+
VerifyUserAttributeException3["InternalErrorException"] = "InternalErrorException";
|
|
358
|
+
VerifyUserAttributeException3["InvalidParameterException"] = "InvalidParameterException";
|
|
359
|
+
VerifyUserAttributeException3["LimitExceededException"] = "LimitExceededException";
|
|
360
|
+
VerifyUserAttributeException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
361
|
+
VerifyUserAttributeException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
362
|
+
VerifyUserAttributeException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
363
|
+
VerifyUserAttributeException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
364
|
+
VerifyUserAttributeException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
365
|
+
VerifyUserAttributeException3["UserNotFoundException"] = "UserNotFoundException";
|
|
366
|
+
return VerifyUserAttributeException3;
|
|
367
|
+
})(VerifyUserAttributeException || {});
|
|
368
|
+
var UpdateDeviceStatusException = /* @__PURE__ */ ((UpdateDeviceStatusException2) => {
|
|
369
|
+
UpdateDeviceStatusException2["ForbiddenException"] = "ForbiddenException";
|
|
370
|
+
UpdateDeviceStatusException2["InternalErrorException"] = "InternalErrorException";
|
|
371
|
+
UpdateDeviceStatusException2["InvalidParameterException"] = "InvalidParameterException";
|
|
372
|
+
UpdateDeviceStatusException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
373
|
+
UpdateDeviceStatusException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
374
|
+
UpdateDeviceStatusException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
375
|
+
UpdateDeviceStatusException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
376
|
+
UpdateDeviceStatusException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
377
|
+
UpdateDeviceStatusException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
378
|
+
UpdateDeviceStatusException2["UserNotFoundException"] = "UserNotFoundException";
|
|
379
|
+
return UpdateDeviceStatusException2;
|
|
380
|
+
})(UpdateDeviceStatusException || {});
|
|
381
|
+
var ListDevicesException = /* @__PURE__ */ ((ListDevicesException2) => {
|
|
382
|
+
ListDevicesException2["ForbiddenException"] = "ForbiddenException";
|
|
383
|
+
ListDevicesException2["InternalErrorException"] = "InternalErrorException";
|
|
384
|
+
ListDevicesException2["InvalidParameterException"] = "InvalidParameterException";
|
|
385
|
+
ListDevicesException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
386
|
+
ListDevicesException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
387
|
+
ListDevicesException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
388
|
+
ListDevicesException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
389
|
+
ListDevicesException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
390
|
+
ListDevicesException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
391
|
+
ListDevicesException2["UserNotFoundException"] = "UserNotFoundException";
|
|
392
|
+
return ListDevicesException2;
|
|
393
|
+
})(ListDevicesException || {});
|
|
394
|
+
var RevokeTokenException = /* @__PURE__ */ ((RevokeTokenException3) => {
|
|
395
|
+
RevokeTokenException3["ForbiddenException"] = "ForbiddenException";
|
|
396
|
+
RevokeTokenException3["InternalErrorException"] = "InternalErrorException";
|
|
397
|
+
RevokeTokenException3["InvalidParameterException"] = "InvalidParameterException";
|
|
398
|
+
RevokeTokenException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
399
|
+
RevokeTokenException3["UnauthorizedException"] = "UnauthorizedException";
|
|
400
|
+
RevokeTokenException3["UnsupportedOperationException"] = "UnsupportedOperationException";
|
|
401
|
+
RevokeTokenException3["UnsupportedTokenTypeException"] = "UnsupportedTokenTypeException";
|
|
402
|
+
return RevokeTokenException3;
|
|
403
|
+
})(RevokeTokenException || {});
|
|
404
|
+
var CognitoError = class extends Error {
|
|
405
|
+
constructor(message, errorType, cognitoException) {
|
|
406
|
+
super(message);
|
|
407
|
+
this.errorType = errorType;
|
|
408
|
+
this.cognitoException = cognitoException;
|
|
409
|
+
}
|
|
410
|
+
};
|
|
411
|
+
var CommonError = class extends CognitoError {
|
|
412
|
+
constructor(message, cognitoException) {
|
|
413
|
+
super(message, "CommonError", cognitoException);
|
|
414
|
+
this.cognitoException = cognitoException;
|
|
415
|
+
}
|
|
416
|
+
};
|
|
417
|
+
var InitAuthError = class extends CognitoError {
|
|
418
|
+
constructor(message, cognitoException) {
|
|
419
|
+
super(message, "InitAuthError", cognitoException);
|
|
420
|
+
this.cognitoException = cognitoException;
|
|
421
|
+
}
|
|
422
|
+
};
|
|
423
|
+
var RespondToAuthChallengeError = class extends CognitoError {
|
|
424
|
+
constructor(message, cognitoException) {
|
|
425
|
+
super(message, "RespondToAuthChallengeError", cognitoException);
|
|
426
|
+
this.cognitoException = cognitoException;
|
|
427
|
+
}
|
|
428
|
+
};
|
|
429
|
+
var SignUpError = class extends CognitoError {
|
|
430
|
+
constructor(message, cognitoException) {
|
|
431
|
+
super(message, "SignUpError", cognitoException);
|
|
432
|
+
this.cognitoException = cognitoException;
|
|
433
|
+
}
|
|
434
|
+
};
|
|
435
|
+
var ConfirmSignUpError = class extends CognitoError {
|
|
436
|
+
constructor(message, cognitoException) {
|
|
437
|
+
super(message, "ConfirmSignUpError", cognitoException);
|
|
438
|
+
this.cognitoException = cognitoException;
|
|
439
|
+
}
|
|
440
|
+
};
|
|
441
|
+
var ChangePasswordError = class extends CognitoError {
|
|
442
|
+
constructor(message, cognitoException) {
|
|
443
|
+
super(message, "ChangePasswordError", cognitoException);
|
|
444
|
+
this.cognitoException = cognitoException;
|
|
445
|
+
}
|
|
446
|
+
};
|
|
447
|
+
var RevokeTokenError = class extends CognitoError {
|
|
448
|
+
constructor(message, cognitoException) {
|
|
449
|
+
super(message, "RevokeTokenError", cognitoException);
|
|
450
|
+
this.cognitoException = cognitoException;
|
|
451
|
+
}
|
|
452
|
+
};
|
|
453
|
+
var ForgotPasswordError = class extends CognitoError {
|
|
454
|
+
constructor(message, cognitoException) {
|
|
455
|
+
super(message, "ForgotPasswordError", cognitoException);
|
|
456
|
+
this.cognitoException = cognitoException;
|
|
457
|
+
}
|
|
458
|
+
};
|
|
459
|
+
var ConfirmForgotPasswordError = class extends CognitoError {
|
|
460
|
+
constructor(message, cognitoException) {
|
|
461
|
+
super(message, "ConfirmForgotPasswordError", cognitoException);
|
|
462
|
+
this.cognitoException = cognitoException;
|
|
463
|
+
}
|
|
464
|
+
};
|
|
465
|
+
var ResendConfirmationCodeError = class extends CognitoError {
|
|
466
|
+
constructor(message, cognitoException) {
|
|
467
|
+
super(message, "ResendConfirmationCodeError", cognitoException);
|
|
468
|
+
this.cognitoException = cognitoException;
|
|
469
|
+
}
|
|
470
|
+
};
|
|
471
|
+
var UpdateUserAttributesError = class extends CognitoError {
|
|
472
|
+
constructor(message, cognitoException) {
|
|
473
|
+
super(message, "UpdateUserAttributesError", cognitoException);
|
|
474
|
+
this.cognitoException = cognitoException;
|
|
475
|
+
}
|
|
476
|
+
};
|
|
477
|
+
var VerifyUserAttributeError = class extends CognitoError {
|
|
478
|
+
constructor(message, cognitoException) {
|
|
479
|
+
super(message, "VerifyUserAttributeError", cognitoException);
|
|
480
|
+
this.cognitoException = cognitoException;
|
|
481
|
+
}
|
|
482
|
+
};
|
|
483
|
+
var GlobalSignOutError = class extends CognitoError {
|
|
484
|
+
constructor(message, cognitoException) {
|
|
485
|
+
super(message, "GlobalSignOutError", cognitoException);
|
|
486
|
+
this.cognitoException = cognitoException;
|
|
487
|
+
}
|
|
488
|
+
};
|
|
489
|
+
|
|
490
|
+
// src/bigint-math.ts
|
|
491
|
+
var abs = (n) => n < 0n ? -n : n;
|
|
492
|
+
function eGcd(a, b) {
|
|
493
|
+
if (typeof a === "number")
|
|
494
|
+
a = BigInt(a);
|
|
495
|
+
if (typeof b === "number")
|
|
496
|
+
b = BigInt(b);
|
|
497
|
+
if (a <= 0n || b <= 0n)
|
|
498
|
+
throw new RangeError("a and b MUST be > 0");
|
|
499
|
+
let x = 0n;
|
|
500
|
+
let y = 1n;
|
|
501
|
+
let u = 1n;
|
|
502
|
+
let v = 0n;
|
|
503
|
+
while (a !== 0n) {
|
|
504
|
+
const q = b / a;
|
|
505
|
+
const r = b % a;
|
|
506
|
+
const m = x - u * q;
|
|
507
|
+
const n = y - v * q;
|
|
508
|
+
b = a;
|
|
509
|
+
a = r;
|
|
510
|
+
x = u;
|
|
511
|
+
y = v;
|
|
512
|
+
u = m;
|
|
513
|
+
v = n;
|
|
514
|
+
}
|
|
515
|
+
return {
|
|
516
|
+
g: b,
|
|
517
|
+
x,
|
|
518
|
+
y
|
|
519
|
+
};
|
|
520
|
+
}
|
|
521
|
+
function modInv(a, n) {
|
|
522
|
+
const egcd = eGcd(toZn(a, n), n);
|
|
523
|
+
if (egcd.g !== 1n) {
|
|
524
|
+
throw new RangeError(`${a.toString()} does not have inverse modulo ${n.toString()}`);
|
|
525
|
+
} else {
|
|
526
|
+
return toZn(egcd.x, n);
|
|
527
|
+
}
|
|
528
|
+
}
|
|
529
|
+
function toZn(a, n) {
|
|
530
|
+
if (n <= 0n) {
|
|
531
|
+
throw new RangeError("n must be > 0");
|
|
532
|
+
}
|
|
533
|
+
const aZn = a % n;
|
|
534
|
+
return aZn < 0n ? aZn + n : aZn;
|
|
535
|
+
}
|
|
536
|
+
function modPow(b, e, n) {
|
|
537
|
+
if (n <= 0n) {
|
|
538
|
+
throw new RangeError("n must be > 0");
|
|
539
|
+
} else if (n === 1n) {
|
|
540
|
+
return 0n;
|
|
541
|
+
}
|
|
542
|
+
b = toZn(b, n);
|
|
543
|
+
if (e < 0n) {
|
|
544
|
+
return modInv(modPow(b, abs(e), n), n);
|
|
545
|
+
}
|
|
546
|
+
let r = 1n;
|
|
547
|
+
while (e > 0) {
|
|
548
|
+
if (e % 2n === 1n) {
|
|
549
|
+
r = r * b % n;
|
|
550
|
+
}
|
|
551
|
+
e = e / 2n;
|
|
552
|
+
b = b ** 2n % n;
|
|
553
|
+
}
|
|
554
|
+
return r;
|
|
555
|
+
}
|
|
556
|
+
|
|
557
|
+
// src/utils.ts
|
|
558
|
+
var WEEK_DAYS = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
|
|
559
|
+
var MONTHS = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
|
|
560
|
+
function uint8ArrayFromHexString(hexString) {
|
|
561
|
+
return Uint8Array.from(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
|
|
562
|
+
}
|
|
563
|
+
function uint8ArrayFromString(str) {
|
|
564
|
+
const textEncoder = new TextEncoder();
|
|
565
|
+
return textEncoder.encode(str);
|
|
566
|
+
}
|
|
567
|
+
function uint8ArrayFromBase64String(str) {
|
|
568
|
+
const binaryString = atob(str);
|
|
569
|
+
const bytes = new Uint8Array(binaryString.length);
|
|
570
|
+
for (let i = 0; i < binaryString.length; i++) {
|
|
571
|
+
bytes[i] = binaryString.charCodeAt(i);
|
|
572
|
+
}
|
|
573
|
+
return bytes;
|
|
574
|
+
}
|
|
575
|
+
function uint8ArrayToHexString(bytes) {
|
|
576
|
+
return bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, "0"), "");
|
|
577
|
+
}
|
|
578
|
+
function uint8ArrayToBase64String(bytes) {
|
|
579
|
+
return btoa(String.fromCharCode(...bytes));
|
|
580
|
+
}
|
|
581
|
+
var N = BigInt(
|
|
582
|
+
"0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
|
|
583
|
+
);
|
|
584
|
+
var g = BigInt("0x2");
|
|
585
|
+
var k = BigInt("0x538282c4354742d7cbbde2359fcf67f9f5b3a6b08791e5011b43b8a5b66d9ee6");
|
|
586
|
+
function padHex(bigInt) {
|
|
587
|
+
const HEX_MSB_REGEX = /^[89a-f]/i;
|
|
588
|
+
const isNegative = bigInt < 0n;
|
|
589
|
+
let hexStr = abs(bigInt).toString(16);
|
|
590
|
+
hexStr = hexStr.length % 2 !== 0 ? `0${hexStr}` : hexStr;
|
|
591
|
+
hexStr = HEX_MSB_REGEX.test(hexStr) ? `00${hexStr}` : hexStr;
|
|
592
|
+
if (isNegative) {
|
|
593
|
+
const invertedNibbles = hexStr.split("").map((x) => {
|
|
594
|
+
const invertedNibble = ~parseInt(x, 16) & 15;
|
|
595
|
+
return "0123456789ABCDEF".charAt(invertedNibble);
|
|
596
|
+
}).join("");
|
|
597
|
+
const flippedBitsBI = BigInt("0x" + invertedNibbles) + 1n;
|
|
598
|
+
hexStr = flippedBitsBI.toString(16);
|
|
599
|
+
if (hexStr.toUpperCase().startsWith("FF8")) {
|
|
600
|
+
hexStr = hexStr.substring(2);
|
|
601
|
+
}
|
|
602
|
+
}
|
|
603
|
+
return hexStr;
|
|
604
|
+
}
|
|
605
|
+
async function hashHexString(str) {
|
|
606
|
+
return hashBuffer(uint8ArrayFromHexString(str));
|
|
607
|
+
}
|
|
608
|
+
async function hashBuffer(buffer) {
|
|
609
|
+
const hashArray = await digest("SHA-256", buffer);
|
|
610
|
+
return uint8ArrayToHexString(hashArray);
|
|
611
|
+
}
|
|
612
|
+
async function generateSmallA() {
|
|
613
|
+
return BigInt("0x" + (await randomBytes(128)).toString("hex"));
|
|
614
|
+
}
|
|
615
|
+
function generateA(smallA) {
|
|
616
|
+
const A = modPow(g, smallA, N);
|
|
617
|
+
return A;
|
|
618
|
+
}
|
|
619
|
+
async function calculateU(A, B) {
|
|
620
|
+
return BigInt("0x" + await hashHexString(padHex(A) + padHex(B)));
|
|
621
|
+
}
|
|
622
|
+
function calculateS(X, B, U, smallA) {
|
|
623
|
+
const gModPowXN = modPow(g, X, N);
|
|
624
|
+
const bMinusKMult = B - k * gModPowXN;
|
|
625
|
+
return modPow(bMinusKMult, smallA + U * X, N) % N;
|
|
626
|
+
}
|
|
627
|
+
async function calculateHKDF(ikm, salt) {
|
|
628
|
+
const infoBitsBuffer = new Uint8Array([
|
|
629
|
+
...uint8ArrayFromString("Caldera Derived Key"),
|
|
630
|
+
...uint8ArrayFromString(String.fromCharCode(1))
|
|
631
|
+
]);
|
|
632
|
+
const prk = await hmac("SHA-256", salt, ikm);
|
|
633
|
+
const hmacResult = await hmac("SHA-256", prk, infoBitsBuffer);
|
|
634
|
+
return hmacResult.slice(0, 16);
|
|
635
|
+
}
|
|
636
|
+
async function getPasswordAuthenticationKey(poolName, username, password, B, U, smallA, salt) {
|
|
637
|
+
const usernamePassword = `${poolName}${username}:${password}`;
|
|
638
|
+
const usernamePasswordHash = await hashBuffer(uint8ArrayFromString(usernamePassword));
|
|
639
|
+
const X = BigInt("0x" + await hashHexString(padHex(salt) + usernamePasswordHash));
|
|
640
|
+
const S = calculateS(X, B, U, smallA);
|
|
641
|
+
return calculateHKDF(uint8ArrayFromHexString(padHex(S)), uint8ArrayFromHexString(padHex(U)));
|
|
642
|
+
}
|
|
643
|
+
async function calculateSignature(poolName, userId, secretBlock, hkdf, date = /* @__PURE__ */ new Date()) {
|
|
644
|
+
const timeStamp = formatTimestamp(date);
|
|
645
|
+
const concatBuffer = new Uint8Array([
|
|
646
|
+
...uint8ArrayFromString(poolName),
|
|
647
|
+
...uint8ArrayFromString(userId),
|
|
648
|
+
...uint8ArrayFromBase64String(secretBlock),
|
|
649
|
+
...uint8ArrayFromString(timeStamp)
|
|
650
|
+
]);
|
|
651
|
+
const signature = uint8ArrayToBase64String(await hmac("SHA-256", hkdf, concatBuffer));
|
|
652
|
+
return {
|
|
653
|
+
signature,
|
|
654
|
+
timeStamp
|
|
655
|
+
};
|
|
656
|
+
}
|
|
657
|
+
function decodeJwt(jwt) {
|
|
658
|
+
const [header, payload, signature] = jwt.split(".");
|
|
659
|
+
return {
|
|
660
|
+
header: JSON.parse(Buffer.from(header, "base64").toString("utf-8")),
|
|
661
|
+
payload: JSON.parse(Buffer.from(payload, "base64").toString("utf-8")),
|
|
662
|
+
signature
|
|
663
|
+
};
|
|
664
|
+
}
|
|
665
|
+
async function randomBytes(num) {
|
|
666
|
+
return Buffer.from(crypto.getRandomValues(new Uint8Array(num)));
|
|
667
|
+
}
|
|
668
|
+
function formatTimestamp(date) {
|
|
669
|
+
return `${WEEK_DAYS[date.getUTCDay()]} ${MONTHS[date.getUTCMonth()]} ${date.getUTCDate()} ${date.getUTCHours().toString().padStart(2, "0")}:${date.getUTCMinutes().toString().padStart(2, "0")}:${date.getUTCSeconds().toString().padStart(2, "0")} UTC ${date.getUTCFullYear()}`;
|
|
670
|
+
}
|
|
671
|
+
async function calculateSecretHash(clientSecret, userPoolClientId, username) {
|
|
672
|
+
const message = `${username}${userPoolClientId}`;
|
|
673
|
+
const hash = uint8ArrayToBase64String(
|
|
674
|
+
await hmac("SHA-256", uint8ArrayFromString(clientSecret), uint8ArrayFromString(message))
|
|
675
|
+
);
|
|
676
|
+
return hash;
|
|
677
|
+
}
|
|
678
|
+
async function digest(algorithm, data) {
|
|
679
|
+
const hashBuffer2 = await crypto.subtle.digest(algorithm, data);
|
|
680
|
+
return new Uint8Array(hashBuffer2);
|
|
681
|
+
}
|
|
682
|
+
async function hmac(algorithm, key, data) {
|
|
683
|
+
const cryptoKey = await crypto.subtle.importKey(
|
|
684
|
+
"raw",
|
|
685
|
+
key,
|
|
686
|
+
{
|
|
687
|
+
name: "HMAC",
|
|
688
|
+
hash: algorithm
|
|
689
|
+
},
|
|
690
|
+
false,
|
|
691
|
+
["sign"]
|
|
692
|
+
);
|
|
693
|
+
const signature = await crypto.subtle.sign("HMAC", cryptoKey, data);
|
|
694
|
+
return new Uint8Array(signature);
|
|
695
|
+
}
|
|
696
|
+
|
|
697
|
+
// src/cognito-client.ts
|
|
698
|
+
var ServiceTarget = /* @__PURE__ */ ((ServiceTarget2) => {
|
|
699
|
+
ServiceTarget2["InitiateAuth"] = "InitiateAuth";
|
|
700
|
+
ServiceTarget2["RespondToAuthChallenge"] = "RespondToAuthChallenge";
|
|
701
|
+
ServiceTarget2["SignUp"] = "SignUp";
|
|
702
|
+
ServiceTarget2["ConfirmSignUp"] = "ConfirmSignUp";
|
|
703
|
+
ServiceTarget2["ChangePassword"] = "ChangePassword";
|
|
704
|
+
ServiceTarget2["RevokeToken"] = "RevokeToken";
|
|
705
|
+
ServiceTarget2["ForgotPassword"] = "ForgotPassword";
|
|
706
|
+
ServiceTarget2["ConfirmForgotPassword"] = "ConfirmForgotPassword";
|
|
707
|
+
ServiceTarget2["ResendConfirmationCode"] = "ResendConfirmationCode";
|
|
708
|
+
ServiceTarget2["UpdateUserAttributes"] = "UpdateUserAttributes";
|
|
709
|
+
ServiceTarget2["VerifyUserAttribute"] = "VerifyUserAttribute";
|
|
710
|
+
ServiceTarget2["GlobalSignOut"] = "GlobalSignOut";
|
|
711
|
+
return ServiceTarget2;
|
|
712
|
+
})(ServiceTarget || {});
|
|
713
|
+
var IdentityProvider = /* @__PURE__ */ ((IdentityProvider2) => {
|
|
714
|
+
IdentityProvider2["Cognito"] = "COGNITO";
|
|
715
|
+
IdentityProvider2["Google"] = "Google";
|
|
716
|
+
IdentityProvider2["Facebook"] = "Facebook";
|
|
717
|
+
IdentityProvider2["Amazon"] = "LoginWithAmazon";
|
|
718
|
+
IdentityProvider2["Apple"] = "SignInWithApple";
|
|
719
|
+
return IdentityProvider2;
|
|
720
|
+
})(IdentityProvider || {});
|
|
721
|
+
function authResultToSession(authenticationResult) {
|
|
722
|
+
return {
|
|
723
|
+
accessToken: authenticationResult.AccessToken,
|
|
724
|
+
idToken: authenticationResult.IdToken,
|
|
725
|
+
expiresIn: (/* @__PURE__ */ new Date()).getTime() + authenticationResult.ExpiresIn * 1e3,
|
|
726
|
+
refreshToken: authenticationResult.RefreshToken
|
|
727
|
+
};
|
|
728
|
+
}
|
|
729
|
+
async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
730
|
+
const cognitoResponse = await fetch(cognitoEndpoint, {
|
|
731
|
+
headers: {
|
|
732
|
+
"x-amz-target": `AWSCognitoIdentityProviderService.${serviceTarget}`,
|
|
733
|
+
"content-type": "application/x-amz-json-1.1"
|
|
734
|
+
},
|
|
735
|
+
method: "POST",
|
|
736
|
+
body: JSON.stringify(body)
|
|
737
|
+
});
|
|
738
|
+
if (cognitoResponse && cognitoResponse.status < 300) {
|
|
739
|
+
return cognitoResponse.json();
|
|
740
|
+
}
|
|
741
|
+
const cognitoResponseBody = await cognitoResponse.json();
|
|
742
|
+
const sanitizeErrorType = (rawValue) => {
|
|
743
|
+
const [cleanValue] = rawValue.toString().split(/[,:]+/);
|
|
744
|
+
if (cleanValue.includes("#")) {
|
|
745
|
+
return cleanValue.split("#")[1];
|
|
746
|
+
}
|
|
747
|
+
return cleanValue;
|
|
748
|
+
};
|
|
749
|
+
const errorMessage = cognitoResponse.headers.get("X-Amzn-ErrorMessage") ?? cognitoResponseBody.message ?? cognitoResponseBody.Message ?? "Unknown error";
|
|
750
|
+
const cognitoException = sanitizeErrorType(
|
|
751
|
+
cognitoResponse.headers.get("X-Amzn-ErrorType") ?? cognitoResponseBody.code ?? cognitoResponseBody.__type ?? "Unknown"
|
|
752
|
+
);
|
|
753
|
+
if (COMMON_EXCEPTIONS.includes(cognitoException)) {
|
|
754
|
+
throw new CommonError(errorMessage, cognitoException);
|
|
755
|
+
}
|
|
756
|
+
switch (serviceTarget) {
|
|
757
|
+
case "InitiateAuth" /* InitiateAuth */:
|
|
758
|
+
throw new InitAuthError(errorMessage, cognitoException);
|
|
759
|
+
case "RespondToAuthChallenge" /* RespondToAuthChallenge */:
|
|
760
|
+
throw new RespondToAuthChallengeError(errorMessage, cognitoException);
|
|
761
|
+
case "SignUp" /* SignUp */:
|
|
762
|
+
throw new SignUpError(errorMessage, cognitoException);
|
|
763
|
+
case "ConfirmSignUp" /* ConfirmSignUp */:
|
|
764
|
+
throw new ConfirmSignUpError(errorMessage, cognitoException);
|
|
765
|
+
case "ChangePassword" /* ChangePassword */:
|
|
766
|
+
throw new ChangePasswordError(errorMessage, cognitoException);
|
|
767
|
+
case "RevokeToken" /* RevokeToken */:
|
|
768
|
+
throw new RevokeTokenError(errorMessage, cognitoException);
|
|
769
|
+
case "ForgotPassword" /* ForgotPassword */:
|
|
770
|
+
throw new ForgotPasswordError(errorMessage, cognitoException);
|
|
771
|
+
case "ConfirmForgotPassword" /* ConfirmForgotPassword */:
|
|
772
|
+
throw new ConfirmForgotPasswordError(errorMessage, cognitoException);
|
|
773
|
+
case "ResendConfirmationCode" /* ResendConfirmationCode */:
|
|
774
|
+
throw new ResendConfirmationCodeError(errorMessage, cognitoException);
|
|
775
|
+
case "UpdateUserAttributes" /* UpdateUserAttributes */:
|
|
776
|
+
throw new UpdateUserAttributesError(errorMessage, cognitoException);
|
|
777
|
+
case "VerifyUserAttribute" /* VerifyUserAttribute */:
|
|
778
|
+
throw new VerifyUserAttributeError(errorMessage, cognitoException);
|
|
779
|
+
case "GlobalSignOut" /* GlobalSignOut */:
|
|
780
|
+
throw new GlobalSignOutError(errorMessage, cognitoException);
|
|
781
|
+
}
|
|
782
|
+
}
|
|
783
|
+
var CognitoClient = class {
|
|
784
|
+
constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }) {
|
|
785
|
+
const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split("_");
|
|
786
|
+
this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, "");
|
|
787
|
+
this.cognitoPoolName = cognitoPoolName;
|
|
788
|
+
this.userPoolClientId = userPoolClientId;
|
|
789
|
+
this.oAuth = oAuth;
|
|
790
|
+
this.clientSecret = clientSecret;
|
|
791
|
+
}
|
|
792
|
+
static getDecodedTokenFromSession(session) {
|
|
793
|
+
const { payload: idToken } = decodeJwt(session.idToken);
|
|
794
|
+
const { payload: accessToken } = decodeJwt(session.accessToken);
|
|
795
|
+
return {
|
|
796
|
+
idToken,
|
|
797
|
+
accessToken
|
|
798
|
+
};
|
|
799
|
+
}
|
|
800
|
+
/**
|
|
801
|
+
*
|
|
802
|
+
* Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
|
|
803
|
+
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html for more details
|
|
804
|
+
*
|
|
805
|
+
* @param username Username
|
|
806
|
+
* @param password Password
|
|
807
|
+
*
|
|
808
|
+
* @throws {InitAuthError, CognitoRespondToAuthChallengeError}
|
|
809
|
+
*/
|
|
810
|
+
async authenticateUserSrp(username, password) {
|
|
811
|
+
const smallA = await generateSmallA();
|
|
812
|
+
const A = generateA(smallA);
|
|
813
|
+
const initiateAuthPayload = {
|
|
814
|
+
AuthFlow: "USER_SRP_AUTH",
|
|
815
|
+
ClientId: this.userPoolClientId,
|
|
816
|
+
AuthParameters: {
|
|
817
|
+
USERNAME: username,
|
|
818
|
+
SRP_A: A.toString(16),
|
|
819
|
+
SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
820
|
+
},
|
|
821
|
+
ClientMetadata: {}
|
|
822
|
+
};
|
|
823
|
+
const challenge = await cognitoRequest(
|
|
824
|
+
initiateAuthPayload,
|
|
825
|
+
"InitiateAuth" /* InitiateAuth */,
|
|
826
|
+
this.cognitoEndpoint
|
|
827
|
+
);
|
|
828
|
+
const B = BigInt("0x" + challenge.ChallengeParameters.SRP_B);
|
|
829
|
+
const salt = BigInt("0x" + challenge.ChallengeParameters.SALT);
|
|
830
|
+
const U = await calculateU(A, B);
|
|
831
|
+
const hkdf = await getPasswordAuthenticationKey(
|
|
832
|
+
this.cognitoPoolName,
|
|
833
|
+
challenge.ChallengeParameters.USER_ID_FOR_SRP,
|
|
834
|
+
password,
|
|
835
|
+
B,
|
|
836
|
+
U,
|
|
837
|
+
smallA,
|
|
838
|
+
salt
|
|
839
|
+
);
|
|
840
|
+
const { signature, timeStamp } = await calculateSignature(
|
|
841
|
+
this.cognitoPoolName,
|
|
842
|
+
challenge.ChallengeParameters.USER_ID_FOR_SRP,
|
|
843
|
+
challenge.ChallengeParameters.SECRET_BLOCK,
|
|
844
|
+
hkdf
|
|
845
|
+
);
|
|
846
|
+
const respondToAuthChallengeRequest = {
|
|
847
|
+
ChallengeName: "PASSWORD_VERIFIER",
|
|
848
|
+
ClientId: this.userPoolClientId,
|
|
849
|
+
ChallengeResponses: {
|
|
850
|
+
PASSWORD_CLAIM_SECRET_BLOCK: challenge.ChallengeParameters.SECRET_BLOCK,
|
|
851
|
+
PASSWORD_CLAIM_SIGNATURE: signature,
|
|
852
|
+
USERNAME: challenge.ChallengeParameters.USER_ID_FOR_SRP,
|
|
853
|
+
TIMESTAMP: timeStamp,
|
|
854
|
+
SECRET_HASH: this.clientSecret && await calculateSecretHash(
|
|
855
|
+
this.clientSecret,
|
|
856
|
+
this.userPoolClientId,
|
|
857
|
+
challenge.ChallengeParameters.USER_ID_FOR_SRP
|
|
858
|
+
)
|
|
859
|
+
},
|
|
860
|
+
ClientMetadata: {}
|
|
861
|
+
};
|
|
862
|
+
const { AuthenticationResult } = await cognitoRequest(
|
|
863
|
+
respondToAuthChallengeRequest,
|
|
864
|
+
"RespondToAuthChallenge" /* RespondToAuthChallenge */,
|
|
865
|
+
this.cognitoEndpoint
|
|
866
|
+
);
|
|
867
|
+
return authResultToSession(AuthenticationResult);
|
|
868
|
+
}
|
|
869
|
+
/**
|
|
870
|
+
*
|
|
871
|
+
* Performs user authentication with username and password through USER_PASSWORD_AUTH .
|
|
872
|
+
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html for more details
|
|
873
|
+
*
|
|
874
|
+
* @param username Username
|
|
875
|
+
* @param password Password
|
|
876
|
+
* @throws {InitAuthError}
|
|
877
|
+
*/
|
|
878
|
+
async authenticateUser(username, password) {
|
|
879
|
+
const initiateAuthPayload = {
|
|
880
|
+
AuthFlow: "USER_PASSWORD_AUTH",
|
|
881
|
+
ClientId: this.userPoolClientId,
|
|
882
|
+
AuthParameters: {
|
|
883
|
+
USERNAME: username,
|
|
884
|
+
PASSWORD: password,
|
|
885
|
+
SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
886
|
+
},
|
|
887
|
+
ClientMetadata: {}
|
|
888
|
+
};
|
|
889
|
+
const { AuthenticationResult } = await cognitoRequest(
|
|
890
|
+
initiateAuthPayload,
|
|
891
|
+
"InitiateAuth" /* InitiateAuth */,
|
|
892
|
+
this.cognitoEndpoint
|
|
893
|
+
);
|
|
894
|
+
const session = authResultToSession(AuthenticationResult);
|
|
895
|
+
return session;
|
|
896
|
+
}
|
|
897
|
+
/**
|
|
898
|
+
* Returns a new session based on the given refresh token.
|
|
899
|
+
*
|
|
900
|
+
* @param refreshToken Refresh token from a previous session.
|
|
901
|
+
* @param username Username is required when using a client secret and needs to be the cognito user id.
|
|
902
|
+
* @returns @see Session
|
|
903
|
+
* @throws {InitAuthError}
|
|
904
|
+
*/
|
|
905
|
+
async refreshSession(refreshToken, username) {
|
|
906
|
+
const refreshTokenPayload = {
|
|
907
|
+
AuthFlow: "REFRESH_TOKEN_AUTH",
|
|
908
|
+
ClientId: this.userPoolClientId,
|
|
909
|
+
AuthParameters: {
|
|
910
|
+
REFRESH_TOKEN: refreshToken,
|
|
911
|
+
SECRET_HASH: this.clientSecret && username && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
912
|
+
},
|
|
913
|
+
ClientMetadata: {}
|
|
914
|
+
};
|
|
915
|
+
const { AuthenticationResult } = await cognitoRequest(
|
|
916
|
+
refreshTokenPayload,
|
|
917
|
+
"InitiateAuth" /* InitiateAuth */,
|
|
918
|
+
this.cognitoEndpoint
|
|
919
|
+
);
|
|
920
|
+
if (!AuthenticationResult.RefreshToken) {
|
|
921
|
+
AuthenticationResult.RefreshToken = refreshToken;
|
|
922
|
+
}
|
|
923
|
+
return authResultToSession(AuthenticationResult);
|
|
924
|
+
}
|
|
925
|
+
/**
|
|
926
|
+
*
|
|
927
|
+
* @param username Username
|
|
928
|
+
* @param password Password
|
|
929
|
+
*
|
|
930
|
+
* @throws {SignUpError}
|
|
931
|
+
*/
|
|
932
|
+
async signUp(username, password, userAttributes) {
|
|
933
|
+
const signUpRequest = {
|
|
934
|
+
ClientId: this.userPoolClientId,
|
|
935
|
+
Username: username,
|
|
936
|
+
Password: password,
|
|
937
|
+
UserAttributes: userAttributes,
|
|
938
|
+
SecretHash: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
939
|
+
};
|
|
940
|
+
const data = await cognitoRequest(signUpRequest, "SignUp" /* SignUp */, this.cognitoEndpoint);
|
|
941
|
+
return {
|
|
942
|
+
id: data.UserSub,
|
|
943
|
+
confirmed: data.UserConfirmed
|
|
944
|
+
};
|
|
945
|
+
}
|
|
946
|
+
/**
|
|
947
|
+
* Confirms the user registration via verification code.
|
|
948
|
+
*
|
|
949
|
+
* @param username Username
|
|
950
|
+
* @param code Confirmation code the user gets through the registration E-Mail
|
|
951
|
+
*
|
|
952
|
+
* @throws {ConfirmSignUpError}
|
|
953
|
+
*/
|
|
954
|
+
async confirmSignUp(username, code) {
|
|
955
|
+
const confirmSignUpRequest = {
|
|
956
|
+
ClientId: this.userPoolClientId,
|
|
957
|
+
ConfirmationCode: code,
|
|
958
|
+
Username: username,
|
|
959
|
+
SecretHash: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
960
|
+
};
|
|
961
|
+
await cognitoRequest(confirmSignUpRequest, "ConfirmSignUp" /* ConfirmSignUp */, this.cognitoEndpoint);
|
|
962
|
+
}
|
|
963
|
+
/**
|
|
964
|
+
*
|
|
965
|
+
* @param currentPassword Current user password.
|
|
966
|
+
* @param newPassword New user password.
|
|
967
|
+
*
|
|
968
|
+
* @throws {ChangePasswordError}
|
|
969
|
+
*/
|
|
970
|
+
async changePassword(currentPassword, newPassword, accessToken) {
|
|
971
|
+
const changePasswordPayload = {
|
|
972
|
+
PreviousPassword: currentPassword,
|
|
973
|
+
ProposedPassword: newPassword,
|
|
974
|
+
AccessToken: accessToken
|
|
975
|
+
};
|
|
976
|
+
await cognitoRequest(changePasswordPayload, "ChangePassword" /* ChangePassword */, this.cognitoEndpoint);
|
|
977
|
+
}
|
|
978
|
+
/**
|
|
979
|
+
* Updates the user attributes.
|
|
980
|
+
*
|
|
981
|
+
* @param userAttributes List of user attributes to update.
|
|
982
|
+
* @param accessToken Access token of the current user.
|
|
983
|
+
*
|
|
984
|
+
* @throws {UpdateUserAttributesError}
|
|
985
|
+
*/
|
|
986
|
+
async updateUserAttributes(userAttributes, accessToken) {
|
|
987
|
+
const updateUserAttributesPayload = {
|
|
988
|
+
UserAttributes: userAttributes,
|
|
989
|
+
AccessToken: accessToken
|
|
990
|
+
};
|
|
991
|
+
await cognitoRequest(updateUserAttributesPayload, "UpdateUserAttributes" /* UpdateUserAttributes */, this.cognitoEndpoint);
|
|
992
|
+
}
|
|
993
|
+
/**
|
|
994
|
+
* Verifies a given user attribute
|
|
995
|
+
*
|
|
996
|
+
* @param attributeName Name of the attribute to verify
|
|
997
|
+
* @param code Verification code
|
|
998
|
+
* @param accessToken Access token of the current user.
|
|
999
|
+
*
|
|
1000
|
+
* @throws {VerifyUserAttributeError}
|
|
1001
|
+
*/
|
|
1002
|
+
async verifyUserAttribute(attributeName, code, accessToken) {
|
|
1003
|
+
const verifyUserAttributePayload = {
|
|
1004
|
+
AttributeName: attributeName,
|
|
1005
|
+
Code: code,
|
|
1006
|
+
AccessToken: accessToken
|
|
1007
|
+
};
|
|
1008
|
+
await cognitoRequest(verifyUserAttributePayload, "VerifyUserAttribute" /* VerifyUserAttribute */, this.cognitoEndpoint);
|
|
1009
|
+
}
|
|
1010
|
+
/**
|
|
1011
|
+
* Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
|
|
1012
|
+
*
|
|
1013
|
+
* @param refreshToken Refresh token from a previous session.
|
|
1014
|
+
* @param username Username is required when using a client secret and needs to be the cognito user id.
|
|
1015
|
+
* @throws {RevokeTokenError}
|
|
1016
|
+
*/
|
|
1017
|
+
async revokeToken(refreshToken) {
|
|
1018
|
+
const revokeTokenPayload = {
|
|
1019
|
+
Token: refreshToken,
|
|
1020
|
+
ClientId: this.userPoolClientId,
|
|
1021
|
+
ClientSecret: this.clientSecret
|
|
1022
|
+
};
|
|
1023
|
+
await cognitoRequest(revokeTokenPayload, "RevokeToken" /* RevokeToken */, this.cognitoEndpoint);
|
|
1024
|
+
}
|
|
1025
|
+
/**
|
|
1026
|
+
* Request forgot password.
|
|
1027
|
+
* @param username Username
|
|
1028
|
+
*
|
|
1029
|
+
* @throws {ForgotPasswordError}
|
|
1030
|
+
*/
|
|
1031
|
+
async forgotPassword(username) {
|
|
1032
|
+
const forgotPasswordRequest = {
|
|
1033
|
+
ClientId: this.userPoolClientId,
|
|
1034
|
+
Username: username,
|
|
1035
|
+
SecretHash: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
1036
|
+
};
|
|
1037
|
+
await cognitoRequest(forgotPasswordRequest, "ForgotPassword" /* ForgotPassword */, this.cognitoEndpoint);
|
|
1038
|
+
}
|
|
1039
|
+
/**
|
|
1040
|
+
* Confirms the new password via the given code send via cognito triggered by @see forgotPassword .
|
|
1041
|
+
*
|
|
1042
|
+
* @param username Username
|
|
1043
|
+
* @param newPassword New password
|
|
1044
|
+
* @param confirmationCode Confirmation code which the user got through E-mail
|
|
1045
|
+
*
|
|
1046
|
+
* @throws {ConfirmForgotPasswordError}
|
|
1047
|
+
*/
|
|
1048
|
+
async confirmForgotPassword(username, newPassword, confirmationCode) {
|
|
1049
|
+
const confirmForgotPasswordRequest = {
|
|
1050
|
+
ClientId: this.userPoolClientId,
|
|
1051
|
+
Username: username,
|
|
1052
|
+
ConfirmationCode: confirmationCode,
|
|
1053
|
+
Password: newPassword,
|
|
1054
|
+
SecretHash: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
1055
|
+
};
|
|
1056
|
+
await cognitoRequest(confirmForgotPasswordRequest, "ConfirmForgotPassword" /* ConfirmForgotPassword */, this.cognitoEndpoint);
|
|
1057
|
+
}
|
|
1058
|
+
/**
|
|
1059
|
+
* Triggers cognito to resend the confirmation code
|
|
1060
|
+
* @param username Username
|
|
1061
|
+
*
|
|
1062
|
+
* @throws {ResendConfirmationCodeError}
|
|
1063
|
+
*/
|
|
1064
|
+
async resendConfirmationCode(username) {
|
|
1065
|
+
const resendConfirmationCodeRequest = {
|
|
1066
|
+
ClientId: this.userPoolClientId,
|
|
1067
|
+
Username: username,
|
|
1068
|
+
SecretHash: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
1069
|
+
};
|
|
1070
|
+
await cognitoRequest(resendConfirmationCodeRequest, "ResendConfirmationCode" /* ResendConfirmationCode */, this.cognitoEndpoint);
|
|
1071
|
+
}
|
|
1072
|
+
/**
|
|
1073
|
+
* Returns a link to Cognito`s Hosted UI for OAuth2 authentication.
|
|
1074
|
+
* This method works in conjunction with @see handleCodeFlow .
|
|
1075
|
+
*
|
|
1076
|
+
* @param identityProvider When provided, this will generate a link which
|
|
1077
|
+
* tells Cognito`s Hosted UI to redirect to the given federated identity provider.
|
|
1078
|
+
*
|
|
1079
|
+
* @throws {Error}
|
|
1080
|
+
*/
|
|
1081
|
+
async generateOAuthSignInUrl(identityProvider) {
|
|
1082
|
+
if (this.oAuth === void 0) {
|
|
1083
|
+
throw Error("You have to define oAuth options to use generateFederatedSignUrl");
|
|
1084
|
+
}
|
|
1085
|
+
const state = (await randomBytes(32)).toString("hex");
|
|
1086
|
+
const pkce = (await randomBytes(128)).toString("hex");
|
|
1087
|
+
const code_challenge = uint8ArrayToBase64String(await digest("SHA-256", uint8ArrayFromString(pkce))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1088
|
+
const queryParams = new URLSearchParams();
|
|
1089
|
+
queryParams.append("redirect_uri", this.oAuth.redirectUrl);
|
|
1090
|
+
queryParams.append("response_type", this.oAuth.responseType);
|
|
1091
|
+
queryParams.append("client_id", this.userPoolClientId);
|
|
1092
|
+
identityProvider && queryParams.append("identity_provider", identityProvider);
|
|
1093
|
+
queryParams.append("scope", this.oAuth.scopes.join(" "));
|
|
1094
|
+
queryParams.append("state", state);
|
|
1095
|
+
queryParams.append("code_challenge", code_challenge);
|
|
1096
|
+
queryParams.append("code_challenge_method", "S256");
|
|
1097
|
+
return {
|
|
1098
|
+
url: `${this.oAuth.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
|
|
1099
|
+
state,
|
|
1100
|
+
pkce
|
|
1101
|
+
};
|
|
1102
|
+
}
|
|
1103
|
+
/**
|
|
1104
|
+
*
|
|
1105
|
+
* Handles Cognito`s OAuth2 code flow after redirection from Cognito`s Hosted UI.
|
|
1106
|
+
* The method call assumes that @see generateOAuthSignInUrl was used to
|
|
1107
|
+
* generated the link to the Hosted UI.
|
|
1108
|
+
*
|
|
1109
|
+
* @param returnUrl The full return URL from redirection after a successful OAuth2
|
|
1110
|
+
* authentication.
|
|
1111
|
+
*
|
|
1112
|
+
* @throws {Error}
|
|
1113
|
+
*/
|
|
1114
|
+
async handleCodeFlow(returnUrl, pkce) {
|
|
1115
|
+
if (this.oAuth === void 0) {
|
|
1116
|
+
throw Error("You have to define oAuth options to use handleCodeFlow");
|
|
1117
|
+
}
|
|
1118
|
+
const url = new URL(returnUrl);
|
|
1119
|
+
const code = url.searchParams.get("code");
|
|
1120
|
+
const state = url.searchParams.get("state");
|
|
1121
|
+
if (code === null || state === null) {
|
|
1122
|
+
throw Error("code or state parameter is missing from return url.");
|
|
1123
|
+
}
|
|
1124
|
+
const urlParams = new URLSearchParams();
|
|
1125
|
+
urlParams.append("grant_type", "authorization_code");
|
|
1126
|
+
urlParams.append("code", code);
|
|
1127
|
+
urlParams.append("client_id", this.userPoolClientId);
|
|
1128
|
+
urlParams.append("redirect_uri", this.oAuth.redirectUrl);
|
|
1129
|
+
urlParams.append("code_verifier", pkce);
|
|
1130
|
+
const tokenEndpoint = `${this.oAuth.cognitoDomain}/oauth2/token`;
|
|
1131
|
+
const response = await fetch(tokenEndpoint, {
|
|
1132
|
+
method: "POST",
|
|
1133
|
+
headers: {
|
|
1134
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
1135
|
+
},
|
|
1136
|
+
body: urlParams.toString()
|
|
1137
|
+
});
|
|
1138
|
+
const { access_token, refresh_token, id_token, expires_in, error } = await response.json();
|
|
1139
|
+
if (error) {
|
|
1140
|
+
throw new Error(error);
|
|
1141
|
+
}
|
|
1142
|
+
const session = authResultToSession({
|
|
1143
|
+
AccessToken: access_token,
|
|
1144
|
+
RefreshToken: refresh_token,
|
|
1145
|
+
IdToken: id_token,
|
|
1146
|
+
ExpiresIn: expires_in
|
|
1147
|
+
});
|
|
1148
|
+
return session;
|
|
1149
|
+
}
|
|
1150
|
+
/**
|
|
1151
|
+
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
|
|
1152
|
+
* @param accessToken Access token of the current user.
|
|
1153
|
+
*/
|
|
1154
|
+
async globalSignOut(accessToken) {
|
|
1155
|
+
const globalSignOutPayload = {
|
|
1156
|
+
AccessToken: accessToken
|
|
1157
|
+
};
|
|
1158
|
+
await cognitoRequest(globalSignOutPayload, "GlobalSignOut" /* GlobalSignOut */, this.cognitoEndpoint);
|
|
1159
|
+
}
|
|
1160
|
+
};
|
|
1161
|
+
export {
|
|
1162
|
+
AssociateSoftwareTokenException,
|
|
1163
|
+
COMMON_EXCEPTIONS,
|
|
1164
|
+
ChangePasswordError,
|
|
1165
|
+
ChangePasswordException,
|
|
1166
|
+
CognitoClient,
|
|
1167
|
+
CognitoError,
|
|
1168
|
+
CommonError,
|
|
1169
|
+
CommonException,
|
|
1170
|
+
ConfirmDeviceException,
|
|
1171
|
+
ConfirmForgotPasswordError,
|
|
1172
|
+
ConfirmForgotPasswordException,
|
|
1173
|
+
ConfirmSignUpError,
|
|
1174
|
+
ConfirmSignUpException,
|
|
1175
|
+
DeleteUserAttributesException,
|
|
1176
|
+
DeleteUserException,
|
|
1177
|
+
ForgetDeviceException,
|
|
1178
|
+
ForgotPasswordError,
|
|
1179
|
+
ForgotPasswordException,
|
|
1180
|
+
GetCredentialsForIdentityException,
|
|
1181
|
+
GetIdException,
|
|
1182
|
+
GetUserAttributeVerificationException,
|
|
1183
|
+
GetUserException,
|
|
1184
|
+
GlobalSignOutError,
|
|
1185
|
+
GlobalSignOutException,
|
|
1186
|
+
IdentityProvider,
|
|
1187
|
+
InitAuthError,
|
|
1188
|
+
InitiateAuthException,
|
|
1189
|
+
ListDevicesException,
|
|
1190
|
+
ResendConfirmationCodeError,
|
|
1191
|
+
ResendConfirmationException,
|
|
1192
|
+
RespondToAuthChallengeError,
|
|
1193
|
+
RespondToAuthChallengeException,
|
|
1194
|
+
RevokeTokenError,
|
|
1195
|
+
RevokeTokenException,
|
|
1196
|
+
ServiceTarget,
|
|
1197
|
+
SetUserMFAPreferenceException,
|
|
1198
|
+
SignUpError,
|
|
1199
|
+
SignUpException,
|
|
1200
|
+
UpdateDeviceStatusException,
|
|
1201
|
+
UpdateUserAttributesError,
|
|
1202
|
+
UpdateUserAttributesException,
|
|
1203
|
+
VerifySoftwareTokenException,
|
|
1204
|
+
VerifyUserAttributeError,
|
|
1205
|
+
VerifyUserAttributeException,
|
|
1206
|
+
authResultToSession,
|
|
1207
|
+
cognitoRequest
|
|
1208
|
+
};
|