@vardario/cognito-client 4.0.6 → 4.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/browser.js CHANGED
@@ -1111,15 +1111,17 @@ var CognitoClient = class {
1111
1111
  *
1112
1112
  * @throws {Error}
1113
1113
  */
1114
- async handleCodeFlow(returnUrl, pkce) {
1114
+ async handleCodeFlow(returnUrl, pkce, state) {
1115
1115
  if (this.oAuth === void 0) {
1116
1116
  throw Error("You have to define oAuth options to use handleCodeFlow");
1117
1117
  }
1118
1118
  const url = new URL(returnUrl);
1119
1119
  const code = url.searchParams.get("code");
1120
- const state = url.searchParams.get("state");
1121
- if (code === null || state === null) {
1122
- throw Error("code or state parameter is missing from return url.");
1120
+ if (code === null) {
1121
+ throw Error("code parameter is missing from return url.");
1122
+ }
1123
+ if (url.searchParams.get("state") !== state) {
1124
+ throw Error("State parameter does not match.");
1123
1125
  }
1124
1126
  const urlParams = new URLSearchParams();
1125
1127
  urlParams.append("grant_type", "authorization_code");
@@ -452,7 +452,7 @@ export declare class CognitoClient {
452
452
  *
453
453
  * @throws {Error}
454
454
  */
455
- handleCodeFlow(returnUrl: string, pkce: string): Promise<Session>;
455
+ handleCodeFlow(returnUrl: string, pkce: string, state: string): Promise<Session>;
456
456
  /**
457
457
  * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
458
458
  * @param accessToken Access token of the current user.
@@ -408,15 +408,17 @@ export class CognitoClient {
408
408
  *
409
409
  * @throws {Error}
410
410
  */
411
- async handleCodeFlow(returnUrl, pkce) {
411
+ async handleCodeFlow(returnUrl, pkce, state) {
412
412
  if (this.oAuth === undefined) {
413
413
  throw Error('You have to define oAuth options to use handleCodeFlow');
414
414
  }
415
415
  const url = new URL(returnUrl);
416
416
  const code = url.searchParams.get('code');
417
- const state = url.searchParams.get('state');
418
- if (code === null || state === null) {
419
- throw Error('code or state parameter is missing from return url.');
417
+ if (code === null) {
418
+ throw Error('code parameter is missing from return url.');
419
+ }
420
+ if (url.searchParams.get('state') !== state) {
421
+ throw Error('State parameter does not match.');
420
422
  }
421
423
  const urlParams = new URLSearchParams();
422
424
  urlParams.append('grant_type', 'authorization_code');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vardario/cognito-client",
3
- "version": "4.0.6",
3
+ "version": "4.0.7",
4
4
  "description": "",
5
5
  "license": "MIT",
6
6
  "author": "Sahin Vardar",
@@ -27,6 +27,7 @@
27
27
  "devDependencies": {
28
28
  "@aws-sdk/client-cognito-identity-provider": "^3.465.0",
29
29
  "@types/jsdom": "^21.1.5",
30
+ "@types/node": "^20",
30
31
  "@typescript-eslint/eslint-plugin": "^6.11.0",
31
32
  "@typescript-eslint/parser": "^6.11.0",
32
33
  "esbuild": "^0.20.2",