@vardario/cognito-client 4.0.7 → 5.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/browser.js +236 -123
- package/lib/cognito-client.d.ts +222 -46
- package/lib/cognito-client.js +106 -31
- package/lib/error.d.ts +23 -3
- package/lib/error.js +30 -0
- package/package.json +5 -5
package/lib/browser.js
CHANGED
|
@@ -26,15 +26,15 @@ var COMMON_EXCEPTIONS = [
|
|
|
26
26
|
"ThrottlingException" /* ThrottlingException */,
|
|
27
27
|
"ValidationError" /* ValidationError */
|
|
28
28
|
];
|
|
29
|
-
var AssociateSoftwareTokenException = /* @__PURE__ */ ((
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
return
|
|
29
|
+
var AssociateSoftwareTokenException = /* @__PURE__ */ ((AssociateSoftwareTokenException3) => {
|
|
30
|
+
AssociateSoftwareTokenException3["ConcurrentModificationException"] = "ConcurrentModificationException";
|
|
31
|
+
AssociateSoftwareTokenException3["ForbiddenException"] = "ForbiddenException";
|
|
32
|
+
AssociateSoftwareTokenException3["InternalErrorException"] = "InternalErrorException";
|
|
33
|
+
AssociateSoftwareTokenException3["InvalidParameterException"] = "InvalidParameterException";
|
|
34
|
+
AssociateSoftwareTokenException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
35
|
+
AssociateSoftwareTokenException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
36
|
+
AssociateSoftwareTokenException3["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
|
|
37
|
+
return AssociateSoftwareTokenException3;
|
|
38
38
|
})(AssociateSoftwareTokenException || {});
|
|
39
39
|
var ChangePasswordException = /* @__PURE__ */ ((ChangePasswordException3) => {
|
|
40
40
|
ChangePasswordException3["ForbiddenException"] = "ForbiddenException";
|
|
@@ -158,17 +158,17 @@ var ForgotPasswordException = /* @__PURE__ */ ((ForgotPasswordException3) => {
|
|
|
158
158
|
ForgotPasswordException3["UserNotFoundException"] = "UserNotFoundException";
|
|
159
159
|
return ForgotPasswordException3;
|
|
160
160
|
})(ForgotPasswordException || {});
|
|
161
|
-
var GetUserException = /* @__PURE__ */ ((
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
return
|
|
161
|
+
var GetUserException = /* @__PURE__ */ ((GetUserException3) => {
|
|
162
|
+
GetUserException3["ForbiddenException"] = "ForbiddenException";
|
|
163
|
+
GetUserException3["InternalErrorException"] = "InternalErrorException";
|
|
164
|
+
GetUserException3["InvalidParameterException"] = "InvalidParameterException";
|
|
165
|
+
GetUserException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
166
|
+
GetUserException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
167
|
+
GetUserException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
168
|
+
GetUserException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
169
|
+
GetUserException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
170
|
+
GetUserException3["UserNotFoundException"] = "UserNotFoundException";
|
|
171
|
+
return GetUserException3;
|
|
172
172
|
})(GetUserException || {});
|
|
173
173
|
var GetIdException = /* @__PURE__ */ ((GetIdException2) => {
|
|
174
174
|
GetIdException2["ExternalServiceException"] = "ExternalServiceException";
|
|
@@ -223,23 +223,23 @@ var GlobalSignOutException = /* @__PURE__ */ ((GlobalSignOutException3) => {
|
|
|
223
223
|
GlobalSignOutException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
224
224
|
return GlobalSignOutException3;
|
|
225
225
|
})(GlobalSignOutException || {});
|
|
226
|
-
var InitiateAuthException = /* @__PURE__ */ ((
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
return
|
|
226
|
+
var InitiateAuthException = /* @__PURE__ */ ((InitiateAuthException2) => {
|
|
227
|
+
InitiateAuthException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
228
|
+
InitiateAuthException2["ForbiddenException"] = "ForbiddenException";
|
|
229
|
+
InitiateAuthException2["InternalErrorException"] = "InternalErrorException";
|
|
230
|
+
InitiateAuthException2["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
231
|
+
InitiateAuthException2["InvalidParameterException"] = "InvalidParameterException";
|
|
232
|
+
InitiateAuthException2["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
233
|
+
InitiateAuthException2["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
234
|
+
InitiateAuthException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
235
|
+
InitiateAuthException2["NotAuthorizedException"] = "NotAuthorizedException";
|
|
236
|
+
InitiateAuthException2["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
237
|
+
InitiateAuthException2["TooManyRequestsException"] = "TooManyRequestsException";
|
|
238
|
+
InitiateAuthException2["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
239
|
+
InitiateAuthException2["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
240
|
+
InitiateAuthException2["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
241
|
+
InitiateAuthException2["UserNotFoundException"] = "UserNotFoundException";
|
|
242
|
+
return InitiateAuthException2;
|
|
243
243
|
})(InitiateAuthException || {});
|
|
244
244
|
var ResendConfirmationException = /* @__PURE__ */ ((ResendConfirmationException3) => {
|
|
245
245
|
ResendConfirmationException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
@@ -283,16 +283,16 @@ var RespondToAuthChallengeException = /* @__PURE__ */ ((RespondToAuthChallengeEx
|
|
|
283
283
|
RespondToAuthChallengeException3["UserNotFoundException"] = "UserNotFoundException";
|
|
284
284
|
return RespondToAuthChallengeException3;
|
|
285
285
|
})(RespondToAuthChallengeException || {});
|
|
286
|
-
var SetUserMFAPreferenceException = /* @__PURE__ */ ((
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
return
|
|
286
|
+
var SetUserMFAPreferenceException = /* @__PURE__ */ ((SetUserMFAPreferenceException3) => {
|
|
287
|
+
SetUserMFAPreferenceException3["ForbiddenException"] = "ForbiddenException";
|
|
288
|
+
SetUserMFAPreferenceException3["InternalErrorException"] = "InternalErrorException";
|
|
289
|
+
SetUserMFAPreferenceException3["InvalidParameterException"] = "InvalidParameterException";
|
|
290
|
+
SetUserMFAPreferenceException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
291
|
+
SetUserMFAPreferenceException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
292
|
+
SetUserMFAPreferenceException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
293
|
+
SetUserMFAPreferenceException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
294
|
+
SetUserMFAPreferenceException3["UserNotFoundException"] = "UserNotFoundException";
|
|
295
|
+
return SetUserMFAPreferenceException3;
|
|
296
296
|
})(SetUserMFAPreferenceException || {});
|
|
297
297
|
var SignUpException = /* @__PURE__ */ ((SignUpException3) => {
|
|
298
298
|
SignUpException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
@@ -333,21 +333,21 @@ var UpdateUserAttributesException = /* @__PURE__ */ ((UpdateUserAttributesExcept
|
|
|
333
333
|
UpdateUserAttributesException3["UserNotFoundException"] = "UserNotFoundException";
|
|
334
334
|
return UpdateUserAttributesException3;
|
|
335
335
|
})(UpdateUserAttributesException || {});
|
|
336
|
-
var VerifySoftwareTokenException = /* @__PURE__ */ ((
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
return
|
|
336
|
+
var VerifySoftwareTokenException = /* @__PURE__ */ ((VerifySoftwareTokenException3) => {
|
|
337
|
+
VerifySoftwareTokenException3["CodeMismatchException"] = "CodeMismatchException";
|
|
338
|
+
VerifySoftwareTokenException3["EnableSoftwareTokenMFAException"] = "EnableSoftwareTokenMFAException";
|
|
339
|
+
VerifySoftwareTokenException3["ForbiddenException"] = "ForbiddenException";
|
|
340
|
+
VerifySoftwareTokenException3["InternalErrorException"] = "InternalErrorException";
|
|
341
|
+
VerifySoftwareTokenException3["InvalidParameterException"] = "InvalidParameterException";
|
|
342
|
+
VerifySoftwareTokenException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
343
|
+
VerifySoftwareTokenException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
344
|
+
VerifySoftwareTokenException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
345
|
+
VerifySoftwareTokenException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
346
|
+
VerifySoftwareTokenException3["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
|
|
347
|
+
VerifySoftwareTokenException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
348
|
+
VerifySoftwareTokenException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
349
|
+
VerifySoftwareTokenException3["UserNotFoundException"] = "UserNotFoundException";
|
|
350
|
+
return VerifySoftwareTokenException3;
|
|
351
351
|
})(VerifySoftwareTokenException || {});
|
|
352
352
|
var VerifyUserAttributeException = /* @__PURE__ */ ((VerifyUserAttributeException3) => {
|
|
353
353
|
VerifyUserAttributeException3["AliasExistsException"] = "AliasExistsException";
|
|
@@ -378,18 +378,18 @@ var UpdateDeviceStatusException = /* @__PURE__ */ ((UpdateDeviceStatusException2
|
|
|
378
378
|
UpdateDeviceStatusException2["UserNotFoundException"] = "UserNotFoundException";
|
|
379
379
|
return UpdateDeviceStatusException2;
|
|
380
380
|
})(UpdateDeviceStatusException || {});
|
|
381
|
-
var ListDevicesException = /* @__PURE__ */ ((
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
return
|
|
381
|
+
var ListDevicesException = /* @__PURE__ */ ((ListDevicesException3) => {
|
|
382
|
+
ListDevicesException3["ForbiddenException"] = "ForbiddenException";
|
|
383
|
+
ListDevicesException3["InternalErrorException"] = "InternalErrorException";
|
|
384
|
+
ListDevicesException3["InvalidParameterException"] = "InvalidParameterException";
|
|
385
|
+
ListDevicesException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
386
|
+
ListDevicesException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
387
|
+
ListDevicesException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
388
|
+
ListDevicesException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
389
|
+
ListDevicesException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
390
|
+
ListDevicesException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
391
|
+
ListDevicesException3["UserNotFoundException"] = "UserNotFoundException";
|
|
392
|
+
return ListDevicesException3;
|
|
393
393
|
})(ListDevicesException || {});
|
|
394
394
|
var RevokeTokenException = /* @__PURE__ */ ((RevokeTokenException3) => {
|
|
395
395
|
RevokeTokenException3["ForbiddenException"] = "ForbiddenException";
|
|
@@ -486,16 +486,43 @@ var GlobalSignOutError = class extends CognitoError {
|
|
|
486
486
|
this.cognitoException = cognitoException;
|
|
487
487
|
}
|
|
488
488
|
};
|
|
489
|
+
var VerifySoftwareTokenError = class extends CognitoError {
|
|
490
|
+
constructor(message, cognitoException) {
|
|
491
|
+
super(message, "VerifySoftwareTokenError", cognitoException);
|
|
492
|
+
this.cognitoException = cognitoException;
|
|
493
|
+
}
|
|
494
|
+
};
|
|
495
|
+
var AssociateSoftwareTokenError = class extends CognitoError {
|
|
496
|
+
constructor(message, cognitoException) {
|
|
497
|
+
super(message, "AssociateSoftwareTokenError", cognitoException);
|
|
498
|
+
this.cognitoException = cognitoException;
|
|
499
|
+
}
|
|
500
|
+
};
|
|
501
|
+
var SetUserMFAPreferenceError = class extends CognitoError {
|
|
502
|
+
constructor(message, cognitoException) {
|
|
503
|
+
super(message, "SetUserMFAPreferenceError", cognitoException);
|
|
504
|
+
this.cognitoException = cognitoException;
|
|
505
|
+
}
|
|
506
|
+
};
|
|
507
|
+
var ListDevicesError = class extends CognitoError {
|
|
508
|
+
constructor(message, cognitoException) {
|
|
509
|
+
super(message, "ListDevicesError", cognitoException);
|
|
510
|
+
this.cognitoException = cognitoException;
|
|
511
|
+
}
|
|
512
|
+
};
|
|
513
|
+
var GetUserError = class extends CognitoError {
|
|
514
|
+
constructor(message, cognitoException) {
|
|
515
|
+
super(message, "GetUserError", cognitoException);
|
|
516
|
+
this.cognitoException = cognitoException;
|
|
517
|
+
}
|
|
518
|
+
};
|
|
489
519
|
|
|
490
520
|
// src/bigint-math.ts
|
|
491
521
|
var abs = (n) => n < 0n ? -n : n;
|
|
492
522
|
function eGcd(a, b) {
|
|
493
|
-
if (typeof a === "number")
|
|
494
|
-
|
|
495
|
-
if (
|
|
496
|
-
b = BigInt(b);
|
|
497
|
-
if (a <= 0n || b <= 0n)
|
|
498
|
-
throw new RangeError("a and b MUST be > 0");
|
|
523
|
+
if (typeof a === "number") a = BigInt(a);
|
|
524
|
+
if (typeof b === "number") b = BigInt(b);
|
|
525
|
+
if (a <= 0n || b <= 0n) throw new RangeError("a and b MUST be > 0");
|
|
499
526
|
let x = 0n;
|
|
500
527
|
let y = 1n;
|
|
501
528
|
let u = 1n;
|
|
@@ -708,6 +735,11 @@ var ServiceTarget = /* @__PURE__ */ ((ServiceTarget2) => {
|
|
|
708
735
|
ServiceTarget2["UpdateUserAttributes"] = "UpdateUserAttributes";
|
|
709
736
|
ServiceTarget2["VerifyUserAttribute"] = "VerifyUserAttribute";
|
|
710
737
|
ServiceTarget2["GlobalSignOut"] = "GlobalSignOut";
|
|
738
|
+
ServiceTarget2["GetUser"] = "GetUser";
|
|
739
|
+
ServiceTarget2["AssociateSoftwareToken"] = "AssociateSoftwareToken";
|
|
740
|
+
ServiceTarget2["VerifySoftwareToken"] = "VerifySoftwareToken";
|
|
741
|
+
ServiceTarget2["ListDevices"] = "ListDevices";
|
|
742
|
+
ServiceTarget2["SetUserMFAPreference"] = "SetUserMFAPreference";
|
|
711
743
|
return ServiceTarget2;
|
|
712
744
|
})(ServiceTarget || {});
|
|
713
745
|
var IdentityProvider = /* @__PURE__ */ ((IdentityProvider2) => {
|
|
@@ -718,12 +750,10 @@ var IdentityProvider = /* @__PURE__ */ ((IdentityProvider2) => {
|
|
|
718
750
|
IdentityProvider2["Apple"] = "SignInWithApple";
|
|
719
751
|
return IdentityProvider2;
|
|
720
752
|
})(IdentityProvider || {});
|
|
721
|
-
function
|
|
753
|
+
function adaptExpiresIn(auth) {
|
|
722
754
|
return {
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
expiresIn: (/* @__PURE__ */ new Date()).getTime() + authenticationResult.ExpiresIn * 1e3,
|
|
726
|
-
refreshToken: authenticationResult.RefreshToken
|
|
755
|
+
...auth,
|
|
756
|
+
ExpiresIn: (/* @__PURE__ */ new Date()).getTime() + auth.ExpiresIn * 1e3
|
|
727
757
|
};
|
|
728
758
|
}
|
|
729
759
|
async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
@@ -778,6 +808,16 @@ async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
|
778
808
|
throw new VerifyUserAttributeError(errorMessage, cognitoException);
|
|
779
809
|
case "GlobalSignOut" /* GlobalSignOut */:
|
|
780
810
|
throw new GlobalSignOutError(errorMessage, cognitoException);
|
|
811
|
+
case "AssociateSoftwareToken" /* AssociateSoftwareToken */:
|
|
812
|
+
throw new AssociateSoftwareTokenError(errorMessage, cognitoException);
|
|
813
|
+
case "VerifySoftwareToken" /* VerifySoftwareToken */:
|
|
814
|
+
throw new VerifySoftwareTokenError(errorMessage, cognitoException);
|
|
815
|
+
case "SetUserMFAPreference" /* SetUserMFAPreference */:
|
|
816
|
+
throw new SetUserMFAPreferenceError(errorMessage, cognitoException);
|
|
817
|
+
case "ListDevices" /* ListDevices */:
|
|
818
|
+
throw new ListDevicesError(errorMessage, cognitoException);
|
|
819
|
+
case "GetUser" /* GetUser */:
|
|
820
|
+
throw new GetUserError(errorMessage, cognitoException);
|
|
781
821
|
}
|
|
782
822
|
}
|
|
783
823
|
var CognitoClient = class {
|
|
@@ -789,9 +829,9 @@ var CognitoClient = class {
|
|
|
789
829
|
this.oAuth = oAuth;
|
|
790
830
|
this.clientSecret = clientSecret;
|
|
791
831
|
}
|
|
792
|
-
static getDecodedTokenFromSession(
|
|
793
|
-
const { payload: idToken } = decodeJwt(
|
|
794
|
-
const { payload: accessToken } = decodeJwt(
|
|
832
|
+
static getDecodedTokenFromSession(auth) {
|
|
833
|
+
const { payload: idToken } = decodeJwt(auth.IdToken);
|
|
834
|
+
const { payload: accessToken } = decodeJwt(auth.AccessToken);
|
|
795
835
|
return {
|
|
796
836
|
idToken,
|
|
797
837
|
accessToken
|
|
@@ -810,27 +850,29 @@ var CognitoClient = class {
|
|
|
810
850
|
async authenticateUserSrp(username, password) {
|
|
811
851
|
const smallA = await generateSmallA();
|
|
812
852
|
const A = generateA(smallA);
|
|
813
|
-
const
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
853
|
+
const initUserSrpAuthResponse = await cognitoRequest(
|
|
854
|
+
{
|
|
855
|
+
AuthFlow: "USER_SRP_AUTH",
|
|
856
|
+
ClientId: this.userPoolClientId,
|
|
857
|
+
AuthParameters: {
|
|
858
|
+
USERNAME: username,
|
|
859
|
+
SRP_A: A.toString(16),
|
|
860
|
+
SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
861
|
+
},
|
|
862
|
+
ClientMetadata: {}
|
|
820
863
|
},
|
|
821
|
-
ClientMetadata: {}
|
|
822
|
-
};
|
|
823
|
-
const challenge = await cognitoRequest(
|
|
824
|
-
initiateAuthPayload,
|
|
825
864
|
"InitiateAuth" /* InitiateAuth */,
|
|
826
865
|
this.cognitoEndpoint
|
|
827
866
|
);
|
|
828
|
-
|
|
829
|
-
|
|
867
|
+
if (initUserSrpAuthResponse.ChallengeName !== "PASSWORD_VERIFIER") {
|
|
868
|
+
return initUserSrpAuthResponse;
|
|
869
|
+
}
|
|
870
|
+
const B = BigInt("0x" + initUserSrpAuthResponse.ChallengeParameters.SRP_B);
|
|
871
|
+
const salt = BigInt("0x" + initUserSrpAuthResponse.ChallengeParameters.SALT);
|
|
830
872
|
const U = await calculateU(A, B);
|
|
831
873
|
const hkdf = await getPasswordAuthenticationKey(
|
|
832
874
|
this.cognitoPoolName,
|
|
833
|
-
|
|
875
|
+
initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
|
|
834
876
|
password,
|
|
835
877
|
B,
|
|
836
878
|
U,
|
|
@@ -839,32 +881,31 @@ var CognitoClient = class {
|
|
|
839
881
|
);
|
|
840
882
|
const { signature, timeStamp } = await calculateSignature(
|
|
841
883
|
this.cognitoPoolName,
|
|
842
|
-
|
|
843
|
-
|
|
884
|
+
initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
|
|
885
|
+
initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK,
|
|
844
886
|
hkdf
|
|
845
887
|
);
|
|
846
|
-
const
|
|
888
|
+
const passwordAuthChallengeResponse = await this.respondToAuthChallenge({
|
|
847
889
|
ChallengeName: "PASSWORD_VERIFIER",
|
|
848
|
-
ClientId: this.userPoolClientId,
|
|
849
890
|
ChallengeResponses: {
|
|
850
|
-
PASSWORD_CLAIM_SECRET_BLOCK:
|
|
891
|
+
PASSWORD_CLAIM_SECRET_BLOCK: initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK,
|
|
851
892
|
PASSWORD_CLAIM_SIGNATURE: signature,
|
|
852
|
-
USERNAME:
|
|
893
|
+
USERNAME: initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
|
|
853
894
|
TIMESTAMP: timeStamp,
|
|
854
895
|
SECRET_HASH: this.clientSecret && await calculateSecretHash(
|
|
855
896
|
this.clientSecret,
|
|
856
897
|
this.userPoolClientId,
|
|
857
|
-
|
|
898
|
+
initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP
|
|
858
899
|
)
|
|
859
900
|
},
|
|
860
901
|
ClientMetadata: {}
|
|
861
|
-
};
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
return
|
|
902
|
+
});
|
|
903
|
+
if (passwordAuthChallengeResponse.AuthenticationResult) {
|
|
904
|
+
passwordAuthChallengeResponse.AuthenticationResult = adaptExpiresIn(
|
|
905
|
+
passwordAuthChallengeResponse.AuthenticationResult
|
|
906
|
+
);
|
|
907
|
+
}
|
|
908
|
+
return passwordAuthChallengeResponse;
|
|
868
909
|
}
|
|
869
910
|
/**
|
|
870
911
|
*
|
|
@@ -886,13 +927,18 @@ var CognitoClient = class {
|
|
|
886
927
|
},
|
|
887
928
|
ClientMetadata: {}
|
|
888
929
|
};
|
|
889
|
-
const
|
|
930
|
+
const initUserPasswordAuthResponse = await cognitoRequest(
|
|
890
931
|
initiateAuthPayload,
|
|
891
932
|
"InitiateAuth" /* InitiateAuth */,
|
|
892
933
|
this.cognitoEndpoint
|
|
893
934
|
);
|
|
894
|
-
|
|
895
|
-
|
|
935
|
+
if (!initUserPasswordAuthResponse.AuthenticationResult) {
|
|
936
|
+
return initUserPasswordAuthResponse;
|
|
937
|
+
}
|
|
938
|
+
initUserPasswordAuthResponse.AuthenticationResult = adaptExpiresIn(
|
|
939
|
+
initUserPasswordAuthResponse.AuthenticationResult
|
|
940
|
+
);
|
|
941
|
+
return initUserPasswordAuthResponse;
|
|
896
942
|
}
|
|
897
943
|
/**
|
|
898
944
|
* Returns a new session based on the given refresh token.
|
|
@@ -917,10 +963,16 @@ var CognitoClient = class {
|
|
|
917
963
|
"InitiateAuth" /* InitiateAuth */,
|
|
918
964
|
this.cognitoEndpoint
|
|
919
965
|
);
|
|
966
|
+
if (!AuthenticationResult) {
|
|
967
|
+
throw new InitAuthError(
|
|
968
|
+
"Authentication failed, no authentication result returned",
|
|
969
|
+
"InternalErrorException" /* InternalErrorException */
|
|
970
|
+
);
|
|
971
|
+
}
|
|
920
972
|
if (!AuthenticationResult.RefreshToken) {
|
|
921
973
|
AuthenticationResult.RefreshToken = refreshToken;
|
|
922
974
|
}
|
|
923
|
-
return
|
|
975
|
+
return adaptExpiresIn(AuthenticationResult);
|
|
924
976
|
}
|
|
925
977
|
/**
|
|
926
978
|
*
|
|
@@ -975,6 +1027,63 @@ var CognitoClient = class {
|
|
|
975
1027
|
};
|
|
976
1028
|
await cognitoRequest(changePasswordPayload, "ChangePassword" /* ChangePassword */, this.cognitoEndpoint);
|
|
977
1029
|
}
|
|
1030
|
+
async getUser(accessToken) {
|
|
1031
|
+
const getUserPayload = {
|
|
1032
|
+
AccessToken: accessToken
|
|
1033
|
+
};
|
|
1034
|
+
return cognitoRequest(getUserPayload, "GetUser" /* GetUser */, this.cognitoEndpoint);
|
|
1035
|
+
}
|
|
1036
|
+
async associateSoftwareToken(params) {
|
|
1037
|
+
return cognitoRequest(params, "AssociateSoftwareToken" /* AssociateSoftwareToken */, this.cognitoEndpoint);
|
|
1038
|
+
}
|
|
1039
|
+
async verifySoftwareToken(params) {
|
|
1040
|
+
return cognitoRequest(params, "VerifySoftwareToken" /* VerifySoftwareToken */, this.cognitoEndpoint);
|
|
1041
|
+
}
|
|
1042
|
+
/**
|
|
1043
|
+
* Responds to an authentication challenge.
|
|
1044
|
+
* @param params Request to respond to an authentication challenge.
|
|
1045
|
+
* @param params.ChallengeName Name of the challenge to respond to.
|
|
1046
|
+
* @param params.ChallengeResponses Responses to the challenge.
|
|
1047
|
+
* @param params.Session Session identifier for the authentication process.
|
|
1048
|
+
* @param params.ClientMetadata Optional metadata to pass to the service.
|
|
1049
|
+
* @param params.AccessToken Access token of the current user.
|
|
1050
|
+
* @param params.SecretHash Optional secret hash for the user pool client.
|
|
1051
|
+
* @returns
|
|
1052
|
+
*/
|
|
1053
|
+
async respondToAuthChallenge(params) {
|
|
1054
|
+
return cognitoRequest(
|
|
1055
|
+
{
|
|
1056
|
+
...params,
|
|
1057
|
+
ClientId: this.userPoolClientId
|
|
1058
|
+
},
|
|
1059
|
+
"RespondToAuthChallenge" /* RespondToAuthChallenge */,
|
|
1060
|
+
this.cognitoEndpoint
|
|
1061
|
+
);
|
|
1062
|
+
}
|
|
1063
|
+
/**
|
|
1064
|
+
* Lists the devices associated with the user.
|
|
1065
|
+
* @param request Request to list devices.
|
|
1066
|
+
* @param request.AccessToken Access token of the current user.
|
|
1067
|
+
* @param request.Limit Maximum number of devices to return.
|
|
1068
|
+
* @param request.PaginationToken Pagination token to continue listing devices.
|
|
1069
|
+
* @returns
|
|
1070
|
+
*/
|
|
1071
|
+
async listDevices(request) {
|
|
1072
|
+
return cognitoRequest(request, "ListDevices" /* ListDevices */, this.cognitoEndpoint);
|
|
1073
|
+
}
|
|
1074
|
+
/**
|
|
1075
|
+
*
|
|
1076
|
+
* @param request Request to set user MFA preferences.
|
|
1077
|
+
* @param request.AccessToken Access token of the current user.
|
|
1078
|
+
* @param request.EmailMfaSettings Optional settings for email MFA.
|
|
1079
|
+
* @param request.SMSMfaSettings Optional settings for SMS MFA.
|
|
1080
|
+
* @param request.SoftwareTokenMfaSettings Optional settings for software token MFA.
|
|
1081
|
+
|
|
1082
|
+
* @returns
|
|
1083
|
+
*/
|
|
1084
|
+
async setUserMFAPreference(request) {
|
|
1085
|
+
return cognitoRequest(request, "SetUserMFAPreference" /* SetUserMFAPreference */, this.cognitoEndpoint);
|
|
1086
|
+
}
|
|
978
1087
|
/**
|
|
979
1088
|
* Updates the user attributes.
|
|
980
1089
|
*
|
|
@@ -1141,13 +1250,12 @@ var CognitoClient = class {
|
|
|
1141
1250
|
if (error) {
|
|
1142
1251
|
throw new Error(error);
|
|
1143
1252
|
}
|
|
1144
|
-
|
|
1253
|
+
return adaptExpiresIn({
|
|
1145
1254
|
AccessToken: access_token,
|
|
1146
1255
|
RefreshToken: refresh_token,
|
|
1147
1256
|
IdToken: id_token,
|
|
1148
1257
|
ExpiresIn: expires_in
|
|
1149
1258
|
});
|
|
1150
|
-
return session;
|
|
1151
1259
|
}
|
|
1152
1260
|
/**
|
|
1153
1261
|
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
|
|
@@ -1161,6 +1269,7 @@ var CognitoClient = class {
|
|
|
1161
1269
|
}
|
|
1162
1270
|
};
|
|
1163
1271
|
export {
|
|
1272
|
+
AssociateSoftwareTokenError,
|
|
1164
1273
|
AssociateSoftwareTokenException,
|
|
1165
1274
|
COMMON_EXCEPTIONS,
|
|
1166
1275
|
ChangePasswordError,
|
|
@@ -1182,12 +1291,14 @@ export {
|
|
|
1182
1291
|
GetCredentialsForIdentityException,
|
|
1183
1292
|
GetIdException,
|
|
1184
1293
|
GetUserAttributeVerificationException,
|
|
1294
|
+
GetUserError,
|
|
1185
1295
|
GetUserException,
|
|
1186
1296
|
GlobalSignOutError,
|
|
1187
1297
|
GlobalSignOutException,
|
|
1188
1298
|
IdentityProvider,
|
|
1189
1299
|
InitAuthError,
|
|
1190
1300
|
InitiateAuthException,
|
|
1301
|
+
ListDevicesError,
|
|
1191
1302
|
ListDevicesException,
|
|
1192
1303
|
ResendConfirmationCodeError,
|
|
1193
1304
|
ResendConfirmationException,
|
|
@@ -1196,15 +1307,17 @@ export {
|
|
|
1196
1307
|
RevokeTokenError,
|
|
1197
1308
|
RevokeTokenException,
|
|
1198
1309
|
ServiceTarget,
|
|
1310
|
+
SetUserMFAPreferenceError,
|
|
1199
1311
|
SetUserMFAPreferenceException,
|
|
1200
1312
|
SignUpError,
|
|
1201
1313
|
SignUpException,
|
|
1202
1314
|
UpdateDeviceStatusException,
|
|
1203
1315
|
UpdateUserAttributesError,
|
|
1204
1316
|
UpdateUserAttributesException,
|
|
1317
|
+
VerifySoftwareTokenError,
|
|
1205
1318
|
VerifySoftwareTokenException,
|
|
1206
1319
|
VerifyUserAttributeError,
|
|
1207
1320
|
VerifyUserAttributeException,
|
|
1208
|
-
|
|
1321
|
+
adaptExpiresIn,
|
|
1209
1322
|
cognitoRequest
|
|
1210
1323
|
};
|
package/lib/cognito-client.d.ts
CHANGED
|
@@ -9,7 +9,7 @@ export interface CognitoBaseRequest {
|
|
|
9
9
|
IpAddress?: string;
|
|
10
10
|
};
|
|
11
11
|
}
|
|
12
|
-
export interface
|
|
12
|
+
export interface InitiateAuthUserSrpAuthRequest extends CognitoBaseRequest {
|
|
13
13
|
AuthFlow: 'USER_SRP_AUTH';
|
|
14
14
|
AuthParameters: {
|
|
15
15
|
USERNAME: string;
|
|
@@ -17,7 +17,7 @@ export interface AuthIntiUserSrpRequest extends CognitoBaseRequest {
|
|
|
17
17
|
SECRET_HASH?: string;
|
|
18
18
|
};
|
|
19
19
|
}
|
|
20
|
-
export interface
|
|
20
|
+
export interface InitiateAuthUserPasswordAuthRequest extends CognitoBaseRequest {
|
|
21
21
|
AuthFlow: 'USER_PASSWORD_AUTH';
|
|
22
22
|
AuthParameters: {
|
|
23
23
|
USERNAME: string;
|
|
@@ -25,25 +25,25 @@ export interface AuthIntiUserPasswordRequest extends CognitoBaseRequest {
|
|
|
25
25
|
SECRET_HASH?: string;
|
|
26
26
|
};
|
|
27
27
|
}
|
|
28
|
-
export interface
|
|
28
|
+
export interface InitiateAuthRefreshTokenAuthRequest extends CognitoBaseRequest {
|
|
29
29
|
AuthFlow: 'REFRESH_TOKEN_AUTH';
|
|
30
30
|
AuthParameters: {
|
|
31
31
|
REFRESH_TOKEN: string;
|
|
32
32
|
SECRET_HASH?: string;
|
|
33
33
|
};
|
|
34
34
|
}
|
|
35
|
-
export interface
|
|
35
|
+
export interface InitiateAuthCustomAuthRequest extends CognitoBaseRequest {
|
|
36
36
|
AuthFlow: 'CUSTOM_AUTH';
|
|
37
37
|
AuthParameters: {
|
|
38
38
|
USERNAME: string;
|
|
39
39
|
SECRET_HASH?: string;
|
|
40
40
|
};
|
|
41
41
|
}
|
|
42
|
-
export type
|
|
42
|
+
export type InitiateAuthRequest = InitiateAuthUserSrpAuthRequest | InitiateAuthRefreshTokenAuthRequest | InitiateAuthCustomAuthRequest | InitiateAuthUserPasswordAuthRequest;
|
|
43
43
|
export interface RespondToAuthChallengeBaseRequest extends CognitoBaseRequest {
|
|
44
44
|
Session?: string;
|
|
45
45
|
}
|
|
46
|
-
export interface
|
|
46
|
+
export interface _RespondToAuthChallengePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
|
|
47
47
|
ChallengeName: 'PASSWORD_VERIFIER';
|
|
48
48
|
ChallengeResponses: {
|
|
49
49
|
USERNAME: string;
|
|
@@ -53,7 +53,7 @@ export interface RespondToAuthChallengePasswordVerifierRequest extends RespondTo
|
|
|
53
53
|
SECRET_HASH?: string;
|
|
54
54
|
};
|
|
55
55
|
}
|
|
56
|
-
export interface
|
|
56
|
+
export interface _RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChallengeBaseRequest {
|
|
57
57
|
ChallengeName: 'SMS_MFA';
|
|
58
58
|
ChallengeResponses: {
|
|
59
59
|
USERNAME: string;
|
|
@@ -61,7 +61,7 @@ export interface RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChalle
|
|
|
61
61
|
SECRET_HASH?: string;
|
|
62
62
|
};
|
|
63
63
|
}
|
|
64
|
-
export interface
|
|
64
|
+
export interface _RespondToAuthChallengeCustomChallengeNameRequest extends RespondToAuthChallengeBaseRequest {
|
|
65
65
|
ChallengeName: 'CUSTOM_CHALLENGE';
|
|
66
66
|
ChallengeResponses: {
|
|
67
67
|
USERNAME: string;
|
|
@@ -69,7 +69,7 @@ export interface RespondToAuthChallengeCustomChallengeNameRequest extends Respon
|
|
|
69
69
|
SECRET_HASH?: string;
|
|
70
70
|
};
|
|
71
71
|
}
|
|
72
|
-
export interface
|
|
72
|
+
export interface _RespondToAuthChallengeNewPasswordRequiredRequest extends RespondToAuthChallengeBaseRequest {
|
|
73
73
|
ChallengeName: 'NEW_PASSWORD_REQUIRED';
|
|
74
74
|
ChallengeResponses: {
|
|
75
75
|
USERNAME: string;
|
|
@@ -77,7 +77,7 @@ export interface RespondToAuthChallengeNewPasswordRequiredRequest extends Respon
|
|
|
77
77
|
SECRET_HASH?: string;
|
|
78
78
|
};
|
|
79
79
|
}
|
|
80
|
-
export interface
|
|
80
|
+
export interface _RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondToAuthChallengeBaseRequest {
|
|
81
81
|
ChallengeName: 'SOFTWARE_TOKEN_MFA';
|
|
82
82
|
ChallengeResponses: {
|
|
83
83
|
USERNAME: string;
|
|
@@ -85,7 +85,7 @@ export interface RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondTo
|
|
|
85
85
|
SECRET_HASH?: string;
|
|
86
86
|
};
|
|
87
87
|
}
|
|
88
|
-
export interface
|
|
88
|
+
export interface _RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAuthChallengeBaseRequest {
|
|
89
89
|
ChallengeName: 'DEVICE_SRP_AUTH';
|
|
90
90
|
ChallengeResponses: {
|
|
91
91
|
USERNAME: string;
|
|
@@ -93,7 +93,7 @@ export interface RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAut
|
|
|
93
93
|
SECRET_HASH?: string;
|
|
94
94
|
};
|
|
95
95
|
}
|
|
96
|
-
export interface
|
|
96
|
+
export interface _RespondToAuthChallengeDevicePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
|
|
97
97
|
ChallengeName: 'DEVICE_PASSWORD_VERIFIER';
|
|
98
98
|
ChallengeResponses: {
|
|
99
99
|
USERNAME: string;
|
|
@@ -104,7 +104,7 @@ export interface RespondToAuthChallengeDevicePasswordVerifierRequest extends Res
|
|
|
104
104
|
SECRET_HASH?: string;
|
|
105
105
|
};
|
|
106
106
|
}
|
|
107
|
-
export interface
|
|
107
|
+
export interface _RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChallengeBaseRequest {
|
|
108
108
|
ChallengeName: 'MFA_SETUP';
|
|
109
109
|
ChallengeResponses: {
|
|
110
110
|
USERNAME: string;
|
|
@@ -113,7 +113,7 @@ export interface RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChal
|
|
|
113
113
|
SECRET_HASH?: string;
|
|
114
114
|
};
|
|
115
115
|
}
|
|
116
|
-
export interface
|
|
116
|
+
export interface _RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAuthChallengeBaseRequest {
|
|
117
117
|
ChallengeName: 'SELECT_MFA_TYPE';
|
|
118
118
|
ChallengeResponses: {
|
|
119
119
|
USERNAME: string;
|
|
@@ -121,7 +121,8 @@ export interface RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAut
|
|
|
121
121
|
SECRET_HASH?: string;
|
|
122
122
|
};
|
|
123
123
|
}
|
|
124
|
-
|
|
124
|
+
type _RespondToAuthChallengeRequest = _RespondToAuthChallengePasswordVerifierRequest | _RespondToAuthChallengeSmsMfaRequest | _RespondToAuthChallengeCustomChallengeNameRequest | _RespondToAuthChallengeNewPasswordRequiredRequest | _RespondToAuthChallengeSoftwareTokenMfaRequest | _RespondToAuthChallengeDeviceSrpAuthRequest | _RespondToAuthChallengeDevicePasswordVerifierRequest | _RespondToAuthChallengeMfaSetupRequest | _RespondToAuthChallengeSelectMfaTypeRequest;
|
|
125
|
+
export type RespondToAuthChallengeRequest = Omit<_RespondToAuthChallengePasswordVerifierRequest, 'ClientId'> | Omit<_RespondToAuthChallengeSmsMfaRequest, 'ClientId'> | Omit<_RespondToAuthChallengeCustomChallengeNameRequest, 'ClientId'> | Omit<_RespondToAuthChallengeNewPasswordRequiredRequest, 'ClientId'> | Omit<_RespondToAuthChallengeSoftwareTokenMfaRequest, 'ClientId'> | Omit<_RespondToAuthChallengeDeviceSrpAuthRequest, 'ClientId'> | Omit<_RespondToAuthChallengeDevicePasswordVerifierRequest, 'ClientId'> | Omit<_RespondToAuthChallengeMfaSetupRequest, 'ClientId'> | Omit<_RespondToAuthChallengeSelectMfaTypeRequest, 'ClientId'>;
|
|
125
126
|
export interface UserAttribute {
|
|
126
127
|
Name: string;
|
|
127
128
|
Value: string;
|
|
@@ -199,27 +200,6 @@ export interface CognitoClientProps {
|
|
|
199
200
|
*/
|
|
200
201
|
clientSecret?: string;
|
|
201
202
|
}
|
|
202
|
-
/**
|
|
203
|
-
* Cognito User Session
|
|
204
|
-
*/
|
|
205
|
-
export interface Session {
|
|
206
|
-
/**
|
|
207
|
-
* JWT Access Token
|
|
208
|
-
*/
|
|
209
|
-
accessToken: string;
|
|
210
|
-
/**
|
|
211
|
-
* JWT ID Token
|
|
212
|
-
*/
|
|
213
|
-
idToken: string;
|
|
214
|
-
/**
|
|
215
|
-
* JWT refresh token
|
|
216
|
-
*/
|
|
217
|
-
refreshToken: string;
|
|
218
|
-
/**
|
|
219
|
-
* Validity of the session in time stamp as milliseconds.
|
|
220
|
-
*/
|
|
221
|
-
expiresIn: number;
|
|
222
|
-
}
|
|
223
203
|
/**
|
|
224
204
|
* Represents the decoded values from a JWT ID token.
|
|
225
205
|
*/
|
|
@@ -273,7 +253,51 @@ export declare enum ServiceTarget {
|
|
|
273
253
|
ResendConfirmationCode = "ResendConfirmationCode",
|
|
274
254
|
UpdateUserAttributes = "UpdateUserAttributes",
|
|
275
255
|
VerifyUserAttribute = "VerifyUserAttribute",
|
|
276
|
-
GlobalSignOut = "GlobalSignOut"
|
|
256
|
+
GlobalSignOut = "GlobalSignOut",
|
|
257
|
+
GetUser = "GetUser",
|
|
258
|
+
AssociateSoftwareToken = "AssociateSoftwareToken",
|
|
259
|
+
VerifySoftwareToken = "VerifySoftwareToken",
|
|
260
|
+
ListDevices = "ListDevices",
|
|
261
|
+
SetUserMFAPreference = "SetUserMFAPreference"
|
|
262
|
+
}
|
|
263
|
+
export interface AssociateSoftwareTokenRequest {
|
|
264
|
+
AccessToken?: string;
|
|
265
|
+
Session?: string;
|
|
266
|
+
}
|
|
267
|
+
export interface AssociateSoftwareResponse {
|
|
268
|
+
SecretCode: string;
|
|
269
|
+
Session: string;
|
|
270
|
+
}
|
|
271
|
+
export interface VerifySoftwareTokenRequest {
|
|
272
|
+
AccessToken?: string;
|
|
273
|
+
FriendlyDeviceName?: string;
|
|
274
|
+
Session?: string;
|
|
275
|
+
UserCode: string;
|
|
276
|
+
}
|
|
277
|
+
export interface VerifySoftwareTokenResponse {
|
|
278
|
+
Session: string;
|
|
279
|
+
Status: 'SUCCESS' | 'ERROR';
|
|
280
|
+
}
|
|
281
|
+
export interface ListDevicesRequest {
|
|
282
|
+
AccessToken: string;
|
|
283
|
+
Limit: number;
|
|
284
|
+
PaginationToken?: 'string';
|
|
285
|
+
}
|
|
286
|
+
export interface Device {
|
|
287
|
+
DeviceAttributes: [
|
|
288
|
+
{
|
|
289
|
+
Name: string;
|
|
290
|
+
Value: string;
|
|
291
|
+
}
|
|
292
|
+
];
|
|
293
|
+
DeviceCreateDate: number;
|
|
294
|
+
DeviceKey: string;
|
|
295
|
+
DeviceLastAuthenticatedDate: number;
|
|
296
|
+
DeviceLastModifiedDate: number;
|
|
297
|
+
}
|
|
298
|
+
export interface ListDevicesResponse {
|
|
299
|
+
Devices: Device[];
|
|
300
|
+
PaginationToken?: string;
|
|
277
301
|
}
|
|
278
302
|
/**
|
|
279
303
|
* Cognito supported federated identities public providers.
|
|
@@ -291,11 +315,19 @@ export interface AuthenticationResult {
|
|
|
291
315
|
ExpiresIn: number;
|
|
292
316
|
IdToken: string;
|
|
293
317
|
RefreshToken: string;
|
|
318
|
+
NewDeviceMetadata?: NewDeviceMetadata;
|
|
319
|
+
}
|
|
320
|
+
export interface NewDeviceMetadata {
|
|
321
|
+
DeviceKey?: string;
|
|
322
|
+
DeviceGroupKey?: string;
|
|
294
323
|
}
|
|
295
|
-
export interface
|
|
324
|
+
export interface InitiateAuthAuthenticationResponse {
|
|
296
325
|
AuthenticationResult: AuthenticationResult;
|
|
326
|
+
ChallengeName?: never;
|
|
327
|
+
session?: never;
|
|
297
328
|
}
|
|
298
|
-
export interface
|
|
329
|
+
export interface InitiateAuthPasswordVerifierChallengeResponse {
|
|
330
|
+
AuthenticationResult?: never;
|
|
299
331
|
ChallengeName: 'PASSWORD_VERIFIER';
|
|
300
332
|
ChallengeParameters: {
|
|
301
333
|
SALT: string;
|
|
@@ -304,9 +336,117 @@ export interface ChallengeResponse {
|
|
|
304
336
|
USERNAME: string;
|
|
305
337
|
USER_ID_FOR_SRP: string;
|
|
306
338
|
};
|
|
339
|
+
session?: never;
|
|
340
|
+
}
|
|
341
|
+
export interface InitiateAuthSoftwareTokenMfaChallengeResponse {
|
|
342
|
+
AuthenticationResult?: never;
|
|
343
|
+
ChallengeName: 'SOFTWARE_TOKEN_MFA';
|
|
344
|
+
Session: string;
|
|
345
|
+
}
|
|
346
|
+
export interface InitiateEmailOtpChallengeResponse {
|
|
347
|
+
ChallengeName: 'EMAIL_OTP';
|
|
348
|
+
ChallengeParameters: {
|
|
349
|
+
CODE_DELIVERY_DELIVERY_MEDIUM: string;
|
|
350
|
+
CODE_DELIVERY_DESTINATION: string;
|
|
351
|
+
};
|
|
352
|
+
session: string;
|
|
353
|
+
}
|
|
354
|
+
export interface MfaOption {
|
|
355
|
+
DeliveryMedium: 'SMS' | 'EMAIL';
|
|
356
|
+
AttributeName: string;
|
|
357
|
+
}
|
|
358
|
+
export interface GetUserResponse {
|
|
359
|
+
UserAttributes: UserAttribute[];
|
|
360
|
+
Username: string;
|
|
361
|
+
UserMFASettingList?: string[];
|
|
362
|
+
MFAOptions?: MfaOption[];
|
|
363
|
+
PreferredMfaSetting: string;
|
|
364
|
+
}
|
|
365
|
+
export interface SetUserMFAPreferenceRequest {
|
|
366
|
+
AccessToken: string;
|
|
367
|
+
EmailMfaSettings?: {
|
|
368
|
+
Enabled?: boolean;
|
|
369
|
+
PreferredMfa?: boolean;
|
|
370
|
+
};
|
|
371
|
+
SMSMfaSettings?: {
|
|
372
|
+
Enabled?: boolean;
|
|
373
|
+
PreferredMfa?: boolean;
|
|
374
|
+
};
|
|
375
|
+
SoftwareTokenMfaSettings?: {
|
|
376
|
+
Enabled?: boolean;
|
|
377
|
+
PreferredMfa?: boolean;
|
|
378
|
+
};
|
|
307
379
|
}
|
|
308
|
-
export
|
|
309
|
-
export
|
|
380
|
+
export type InitiateAuthChallengeResponse = InitiateAuthPasswordVerifierChallengeResponse | InitiateAuthSoftwareTokenMfaChallengeResponse;
|
|
381
|
+
export type InitiateAuthResponse = InitiateAuthAuthenticationResponse | InitiateAuthPasswordVerifierChallengeResponse | InitiateAuthChallengeResponse;
|
|
382
|
+
type CognitoResponseMap = {
|
|
383
|
+
[ServiceTarget.InitiateAuth]: InitiateAuthResponse;
|
|
384
|
+
[ServiceTarget.RespondToAuthChallenge]: InitiateAuthResponse;
|
|
385
|
+
[ServiceTarget.SignUp]: {
|
|
386
|
+
UserConfirmed: boolean;
|
|
387
|
+
UserSub: string;
|
|
388
|
+
};
|
|
389
|
+
[ServiceTarget.ConfirmSignUp]: void;
|
|
390
|
+
[ServiceTarget.ChangePassword]: void;
|
|
391
|
+
[ServiceTarget.RevokeToken]: void;
|
|
392
|
+
[ServiceTarget.ForgotPassword]: void;
|
|
393
|
+
[ServiceTarget.ConfirmForgotPassword]: void;
|
|
394
|
+
[ServiceTarget.ResendConfirmationCode]: void;
|
|
395
|
+
[ServiceTarget.UpdateUserAttributes]: void;
|
|
396
|
+
[ServiceTarget.VerifyUserAttribute]: void;
|
|
397
|
+
[ServiceTarget.GlobalSignOut]: void;
|
|
398
|
+
[ServiceTarget.GetUser]: GetUserResponse;
|
|
399
|
+
[ServiceTarget.AssociateSoftwareToken]: AssociateSoftwareResponse;
|
|
400
|
+
[ServiceTarget.VerifySoftwareToken]: VerifySoftwareTokenResponse;
|
|
401
|
+
[ServiceTarget.ListDevices]: ListDevicesResponse;
|
|
402
|
+
[ServiceTarget.SetUserMFAPreference]: void;
|
|
403
|
+
};
|
|
404
|
+
type CognitoRequestMap = {
|
|
405
|
+
[ServiceTarget.InitiateAuth]: InitiateAuthRequest;
|
|
406
|
+
[ServiceTarget.RespondToAuthChallenge]: _RespondToAuthChallengeRequest;
|
|
407
|
+
[ServiceTarget.SignUp]: SignUpRequest;
|
|
408
|
+
[ServiceTarget.ConfirmSignUp]: ConfirmSignUpRequest;
|
|
409
|
+
[ServiceTarget.ChangePassword]: {
|
|
410
|
+
PreviousPassword: string;
|
|
411
|
+
ProposedPassword: string;
|
|
412
|
+
AccessToken: string;
|
|
413
|
+
};
|
|
414
|
+
[ServiceTarget.RevokeToken]: {
|
|
415
|
+
Token: string;
|
|
416
|
+
ClientId: string;
|
|
417
|
+
ClientSecret?: string;
|
|
418
|
+
};
|
|
419
|
+
[ServiceTarget.ForgotPassword]: ForgotPasswordRequest;
|
|
420
|
+
[ServiceTarget.ConfirmForgotPassword]: ConfirmForgotPasswordRequest;
|
|
421
|
+
[ServiceTarget.ResendConfirmationCode]: ResendConfirmationCodeRequest;
|
|
422
|
+
[ServiceTarget.UpdateUserAttributes]: {
|
|
423
|
+
UserAttributes: UserAttribute[];
|
|
424
|
+
AccessToken: string;
|
|
425
|
+
};
|
|
426
|
+
[ServiceTarget.VerifyUserAttribute]: {
|
|
427
|
+
AttributeName: string;
|
|
428
|
+
Code: string;
|
|
429
|
+
AccessToken: string;
|
|
430
|
+
};
|
|
431
|
+
[ServiceTarget.GlobalSignOut]: {
|
|
432
|
+
AccessToken: string;
|
|
433
|
+
};
|
|
434
|
+
[ServiceTarget.GetUser]: {
|
|
435
|
+
AccessToken: string;
|
|
436
|
+
};
|
|
437
|
+
[ServiceTarget.AssociateSoftwareToken]: AssociateSoftwareTokenRequest;
|
|
438
|
+
[ServiceTarget.VerifySoftwareToken]: VerifySoftwareTokenRequest;
|
|
439
|
+
[ServiceTarget.ListDevices]: ListDevicesRequest;
|
|
440
|
+
[ServiceTarget.SetUserMFAPreference]: SetUserMFAPreferenceRequest;
|
|
441
|
+
};
|
|
442
|
+
export declare function adaptExpiresIn(auth: AuthenticationResult): {
|
|
443
|
+
ExpiresIn: number;
|
|
444
|
+
AccessToken: string;
|
|
445
|
+
IdToken: string;
|
|
446
|
+
RefreshToken: string;
|
|
447
|
+
NewDeviceMetadata?: NewDeviceMetadata | undefined;
|
|
448
|
+
};
|
|
449
|
+
export declare function cognitoRequest<T extends ServiceTarget>(body: CognitoRequestMap[T], serviceTarget: T, cognitoEndpoint: string): Promise<CognitoResponseMap[T]>;
|
|
310
450
|
/**
|
|
311
451
|
* Lightweight AWS Cogito client without any AWS SDK dependencies.
|
|
312
452
|
*/
|
|
@@ -317,7 +457,7 @@ export declare class CognitoClient {
|
|
|
317
457
|
private readonly oAuth?;
|
|
318
458
|
private readonly clientSecret?;
|
|
319
459
|
constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }: CognitoClientProps);
|
|
320
|
-
static getDecodedTokenFromSession(
|
|
460
|
+
static getDecodedTokenFromSession(auth: AuthenticationResult): DecodedTokens;
|
|
321
461
|
/**
|
|
322
462
|
*
|
|
323
463
|
* Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
|
|
@@ -328,7 +468,7 @@ export declare class CognitoClient {
|
|
|
328
468
|
*
|
|
329
469
|
* @throws {InitAuthError, CognitoRespondToAuthChallengeError}
|
|
330
470
|
*/
|
|
331
|
-
authenticateUserSrp(username: string, password: string): Promise<
|
|
471
|
+
authenticateUserSrp(username: string, password: string): Promise<InitiateAuthResponse>;
|
|
332
472
|
/**
|
|
333
473
|
*
|
|
334
474
|
* Performs user authentication with username and password through USER_PASSWORD_AUTH .
|
|
@@ -338,7 +478,7 @@ export declare class CognitoClient {
|
|
|
338
478
|
* @param password Password
|
|
339
479
|
* @throws {InitAuthError}
|
|
340
480
|
*/
|
|
341
|
-
authenticateUser(username: string, password: string): Promise<
|
|
481
|
+
authenticateUser(username: string, password: string): Promise<InitiateAuthResponse>;
|
|
342
482
|
/**
|
|
343
483
|
* Returns a new session based on the given refresh token.
|
|
344
484
|
*
|
|
@@ -347,7 +487,7 @@ export declare class CognitoClient {
|
|
|
347
487
|
* @returns @see Session
|
|
348
488
|
* @throws {InitAuthError}
|
|
349
489
|
*/
|
|
350
|
-
refreshSession(refreshToken: string, username?: string): Promise<
|
|
490
|
+
refreshSession(refreshToken: string, username?: string): Promise<AuthenticationResult>;
|
|
351
491
|
/**
|
|
352
492
|
*
|
|
353
493
|
* @param username Username
|
|
@@ -376,6 +516,41 @@ export declare class CognitoClient {
|
|
|
376
516
|
* @throws {ChangePasswordError}
|
|
377
517
|
*/
|
|
378
518
|
changePassword(currentPassword: string, newPassword: string, accessToken: string): Promise<void>;
|
|
519
|
+
getUser(accessToken: string): Promise<GetUserResponse>;
|
|
520
|
+
associateSoftwareToken(params: AssociateSoftwareTokenRequest): Promise<AssociateSoftwareResponse>;
|
|
521
|
+
verifySoftwareToken(params: VerifySoftwareTokenRequest): Promise<VerifySoftwareTokenResponse>;
|
|
522
|
+
/**
|
|
523
|
+
* Responds to an authentication challenge.
|
|
524
|
+
* @param params Request to respond to an authentication challenge.
|
|
525
|
+
* @param params.ChallengeName Name of the challenge to respond to.
|
|
526
|
+
* @param params.ChallengeResponses Responses to the challenge.
|
|
527
|
+
* @param params.Session Session identifier for the authentication process.
|
|
528
|
+
* @param params.ClientMetadata Optional metadata to pass to the service.
|
|
529
|
+
* @param params.AccessToken Access token of the current user.
|
|
530
|
+
* @param params.SecretHash Optional secret hash for the user pool client.
|
|
531
|
+
* @returns
|
|
532
|
+
*/
|
|
533
|
+
respondToAuthChallenge(params: RespondToAuthChallengeRequest): Promise<InitiateAuthResponse>;
|
|
534
|
+
/**
|
|
535
|
+
* Lists the devices associated with the user.
|
|
536
|
+
* @param request Request to list devices.
|
|
537
|
+
* @param request.AccessToken Access token of the current user.
|
|
538
|
+
* @param request.Limit Maximum number of devices to return.
|
|
539
|
+
* @param request.PaginationToken Pagination token to continue listing devices.
|
|
540
|
+
* @returns
|
|
541
|
+
*/
|
|
542
|
+
listDevices(request: ListDevicesRequest): Promise<ListDevicesResponse>;
|
|
543
|
+
/**
|
|
544
|
+
*
|
|
545
|
+
* @param request Request to set user MFA preferences.
|
|
546
|
+
* @param request.AccessToken Access token of the current user.
|
|
547
|
+
* @param request.EmailMfaSettings Optional settings for email MFA.
|
|
548
|
+
* @param request.SMSMfaSettings Optional settings for SMS MFA.
|
|
549
|
+
* @param request.SoftwareTokenMfaSettings Optional settings for software token MFA.
|
|
550
|
+
|
|
551
|
+
* @returns
|
|
552
|
+
*/
|
|
553
|
+
setUserMFAPreference(request: SetUserMFAPreferenceRequest): Promise<void>;
|
|
379
554
|
/**
|
|
380
555
|
* Updates the user attributes.
|
|
381
556
|
*
|
|
@@ -452,10 +627,11 @@ export declare class CognitoClient {
|
|
|
452
627
|
*
|
|
453
628
|
* @throws {Error}
|
|
454
629
|
*/
|
|
455
|
-
handleCodeFlow(returnUrl: string, pkce: string, state: string): Promise<
|
|
630
|
+
handleCodeFlow(returnUrl: string, pkce: string, state: string): Promise<AuthenticationResult>;
|
|
456
631
|
/**
|
|
457
632
|
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
|
|
458
633
|
* @param accessToken Access token of the current user.
|
|
459
634
|
*/
|
|
460
635
|
globalSignOut(accessToken: string): Promise<void>;
|
|
461
636
|
}
|
|
637
|
+
export {};
|
package/lib/cognito-client.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ChangePasswordError, ConfirmForgotPasswordError, ConfirmSignUpError, ForgotPasswordError, GlobalSignOutError, InitAuthError, ResendConfirmationCodeError, RespondToAuthChallengeError, RevokeTokenError, SignUpError, UpdateUserAttributesError, VerifyUserAttributeError, COMMON_EXCEPTIONS, CommonError } from './error.js';
|
|
1
|
+
import { ChangePasswordError, ConfirmForgotPasswordError, ConfirmSignUpError, ForgotPasswordError, GlobalSignOutError, InitAuthError, ResendConfirmationCodeError, RespondToAuthChallengeError, RevokeTokenError, SignUpError, UpdateUserAttributesError, VerifyUserAttributeError, InitiateAuthException, COMMON_EXCEPTIONS, CommonError, VerifySoftwareTokenError, AssociateSoftwareTokenError, SetUserMFAPreferenceError, ListDevicesError, GetUserError } from './error.js';
|
|
2
2
|
import { calculateSecretHash, calculateSignature, calculateU, decodeJwt, digest, generateA, generateSmallA, getPasswordAuthenticationKey, randomBytes, uint8ArrayFromString, uint8ArrayToBase64String } from './utils.js';
|
|
3
3
|
/**
|
|
4
4
|
* List of used and supported Cognito API calls.
|
|
@@ -18,6 +18,11 @@ export var ServiceTarget;
|
|
|
18
18
|
ServiceTarget["UpdateUserAttributes"] = "UpdateUserAttributes";
|
|
19
19
|
ServiceTarget["VerifyUserAttribute"] = "VerifyUserAttribute";
|
|
20
20
|
ServiceTarget["GlobalSignOut"] = "GlobalSignOut";
|
|
21
|
+
ServiceTarget["GetUser"] = "GetUser";
|
|
22
|
+
ServiceTarget["AssociateSoftwareToken"] = "AssociateSoftwareToken";
|
|
23
|
+
ServiceTarget["VerifySoftwareToken"] = "VerifySoftwareToken";
|
|
24
|
+
ServiceTarget["ListDevices"] = "ListDevices";
|
|
25
|
+
ServiceTarget["SetUserMFAPreference"] = "SetUserMFAPreference";
|
|
21
26
|
})(ServiceTarget || (ServiceTarget = {}));
|
|
22
27
|
/**
|
|
23
28
|
* Cognito supported federated identities public providers.
|
|
@@ -31,12 +36,11 @@ export var IdentityProvider;
|
|
|
31
36
|
IdentityProvider["Amazon"] = "LoginWithAmazon";
|
|
32
37
|
IdentityProvider["Apple"] = "SignInWithApple";
|
|
33
38
|
})(IdentityProvider || (IdentityProvider = {}));
|
|
34
|
-
export function
|
|
39
|
+
export function adaptExpiresIn(auth) {
|
|
40
|
+
// Cognito returns expiresIn in seconds, but we want it in milliseconds from now
|
|
35
41
|
return {
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
expiresIn: new Date().getTime() + authenticationResult.ExpiresIn * 1000,
|
|
39
|
-
refreshToken: authenticationResult.RefreshToken
|
|
42
|
+
...auth,
|
|
43
|
+
ExpiresIn: new Date().getTime() + auth.ExpiresIn * 1000
|
|
40
44
|
};
|
|
41
45
|
}
|
|
42
46
|
export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
@@ -99,6 +103,16 @@ export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
|
99
103
|
throw new VerifyUserAttributeError(errorMessage, cognitoException);
|
|
100
104
|
case ServiceTarget.GlobalSignOut:
|
|
101
105
|
throw new GlobalSignOutError(errorMessage, cognitoException);
|
|
106
|
+
case ServiceTarget.AssociateSoftwareToken:
|
|
107
|
+
throw new AssociateSoftwareTokenError(errorMessage, cognitoException);
|
|
108
|
+
case ServiceTarget.VerifySoftwareToken:
|
|
109
|
+
throw new VerifySoftwareTokenError(errorMessage, cognitoException);
|
|
110
|
+
case ServiceTarget.SetUserMFAPreference:
|
|
111
|
+
throw new SetUserMFAPreferenceError(errorMessage, cognitoException);
|
|
112
|
+
case ServiceTarget.ListDevices:
|
|
113
|
+
throw new ListDevicesError(errorMessage, cognitoException);
|
|
114
|
+
case ServiceTarget.GetUser:
|
|
115
|
+
throw new GetUserError(errorMessage, cognitoException);
|
|
102
116
|
}
|
|
103
117
|
}
|
|
104
118
|
/**
|
|
@@ -113,9 +127,9 @@ export class CognitoClient {
|
|
|
113
127
|
this.oAuth = oAuth;
|
|
114
128
|
this.clientSecret = clientSecret;
|
|
115
129
|
}
|
|
116
|
-
static getDecodedTokenFromSession(
|
|
117
|
-
const { payload: idToken } = decodeJwt(
|
|
118
|
-
const { payload: accessToken } = decodeJwt(
|
|
130
|
+
static getDecodedTokenFromSession(auth) {
|
|
131
|
+
const { payload: idToken } = decodeJwt(auth.IdToken);
|
|
132
|
+
const { payload: accessToken } = decodeJwt(auth.AccessToken);
|
|
119
133
|
return {
|
|
120
134
|
idToken,
|
|
121
135
|
accessToken
|
|
@@ -134,7 +148,7 @@ export class CognitoClient {
|
|
|
134
148
|
async authenticateUserSrp(username, password) {
|
|
135
149
|
const smallA = await generateSmallA();
|
|
136
150
|
const A = generateA(smallA);
|
|
137
|
-
const
|
|
151
|
+
const initUserSrpAuthResponse = await cognitoRequest({
|
|
138
152
|
AuthFlow: 'USER_SRP_AUTH',
|
|
139
153
|
ClientId: this.userPoolClientId,
|
|
140
154
|
AuthParameters: {
|
|
@@ -143,28 +157,31 @@ export class CognitoClient {
|
|
|
143
157
|
SECRET_HASH: this.clientSecret && (await calculateSecretHash(this.clientSecret, this.userPoolClientId, username))
|
|
144
158
|
},
|
|
145
159
|
ClientMetadata: {}
|
|
146
|
-
};
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
160
|
+
}, ServiceTarget.InitiateAuth, this.cognitoEndpoint);
|
|
161
|
+
if (initUserSrpAuthResponse.ChallengeName !== 'PASSWORD_VERIFIER') {
|
|
162
|
+
return initUserSrpAuthResponse;
|
|
163
|
+
}
|
|
164
|
+
const B = BigInt('0x' + initUserSrpAuthResponse.ChallengeParameters.SRP_B);
|
|
165
|
+
const salt = BigInt('0x' + initUserSrpAuthResponse.ChallengeParameters.SALT);
|
|
150
166
|
const U = await calculateU(A, B);
|
|
151
|
-
const hkdf = await getPasswordAuthenticationKey(this.cognitoPoolName,
|
|
152
|
-
const { signature, timeStamp } = await calculateSignature(this.cognitoPoolName,
|
|
153
|
-
const
|
|
167
|
+
const hkdf = await getPasswordAuthenticationKey(this.cognitoPoolName, initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP, password, B, U, smallA, salt);
|
|
168
|
+
const { signature, timeStamp } = await calculateSignature(this.cognitoPoolName, initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP, initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK, hkdf);
|
|
169
|
+
const passwordAuthChallengeResponse = await this.respondToAuthChallenge({
|
|
154
170
|
ChallengeName: 'PASSWORD_VERIFIER',
|
|
155
|
-
ClientId: this.userPoolClientId,
|
|
156
171
|
ChallengeResponses: {
|
|
157
|
-
PASSWORD_CLAIM_SECRET_BLOCK:
|
|
172
|
+
PASSWORD_CLAIM_SECRET_BLOCK: initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK,
|
|
158
173
|
PASSWORD_CLAIM_SIGNATURE: signature,
|
|
159
|
-
USERNAME:
|
|
174
|
+
USERNAME: initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
|
|
160
175
|
TIMESTAMP: timeStamp,
|
|
161
176
|
SECRET_HASH: this.clientSecret &&
|
|
162
|
-
(await calculateSecretHash(this.clientSecret, this.userPoolClientId,
|
|
177
|
+
(await calculateSecretHash(this.clientSecret, this.userPoolClientId, initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP))
|
|
163
178
|
},
|
|
164
179
|
ClientMetadata: {}
|
|
165
|
-
};
|
|
166
|
-
|
|
167
|
-
|
|
180
|
+
});
|
|
181
|
+
if (passwordAuthChallengeResponse.AuthenticationResult) {
|
|
182
|
+
passwordAuthChallengeResponse.AuthenticationResult = adaptExpiresIn(passwordAuthChallengeResponse.AuthenticationResult);
|
|
183
|
+
}
|
|
184
|
+
return passwordAuthChallengeResponse;
|
|
168
185
|
}
|
|
169
186
|
/**
|
|
170
187
|
*
|
|
@@ -186,9 +203,12 @@ export class CognitoClient {
|
|
|
186
203
|
},
|
|
187
204
|
ClientMetadata: {}
|
|
188
205
|
};
|
|
189
|
-
const
|
|
190
|
-
|
|
191
|
-
|
|
206
|
+
const initUserPasswordAuthResponse = await cognitoRequest(initiateAuthPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint);
|
|
207
|
+
if (!initUserPasswordAuthResponse.AuthenticationResult) {
|
|
208
|
+
return initUserPasswordAuthResponse;
|
|
209
|
+
}
|
|
210
|
+
initUserPasswordAuthResponse.AuthenticationResult = adaptExpiresIn(initUserPasswordAuthResponse.AuthenticationResult);
|
|
211
|
+
return initUserPasswordAuthResponse;
|
|
192
212
|
}
|
|
193
213
|
/**
|
|
194
214
|
* Returns a new session based on the given refresh token.
|
|
@@ -210,11 +230,14 @@ export class CognitoClient {
|
|
|
210
230
|
},
|
|
211
231
|
ClientMetadata: {}
|
|
212
232
|
};
|
|
213
|
-
const { AuthenticationResult } =
|
|
233
|
+
const { AuthenticationResult } = await cognitoRequest(refreshTokenPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint);
|
|
234
|
+
if (!AuthenticationResult) {
|
|
235
|
+
throw new InitAuthError('Authentication failed, no authentication result returned', InitiateAuthException.InternalErrorException);
|
|
236
|
+
}
|
|
214
237
|
if (!AuthenticationResult.RefreshToken) {
|
|
215
238
|
AuthenticationResult.RefreshToken = refreshToken;
|
|
216
239
|
}
|
|
217
|
-
return
|
|
240
|
+
return adaptExpiresIn(AuthenticationResult);
|
|
218
241
|
}
|
|
219
242
|
/**
|
|
220
243
|
*
|
|
@@ -269,6 +292,59 @@ export class CognitoClient {
|
|
|
269
292
|
};
|
|
270
293
|
await cognitoRequest(changePasswordPayload, ServiceTarget.ChangePassword, this.cognitoEndpoint);
|
|
271
294
|
}
|
|
295
|
+
async getUser(accessToken) {
|
|
296
|
+
const getUserPayload = {
|
|
297
|
+
AccessToken: accessToken
|
|
298
|
+
};
|
|
299
|
+
return cognitoRequest(getUserPayload, ServiceTarget.GetUser, this.cognitoEndpoint);
|
|
300
|
+
}
|
|
301
|
+
async associateSoftwareToken(params) {
|
|
302
|
+
return cognitoRequest(params, ServiceTarget.AssociateSoftwareToken, this.cognitoEndpoint);
|
|
303
|
+
}
|
|
304
|
+
async verifySoftwareToken(params) {
|
|
305
|
+
return cognitoRequest(params, ServiceTarget.VerifySoftwareToken, this.cognitoEndpoint);
|
|
306
|
+
}
|
|
307
|
+
/**
|
|
308
|
+
* Responds to an authentication challenge.
|
|
309
|
+
* @param params Request to respond to an authentication challenge.
|
|
310
|
+
* @param params.ChallengeName Name of the challenge to respond to.
|
|
311
|
+
* @param params.ChallengeResponses Responses to the challenge.
|
|
312
|
+
* @param params.Session Session identifier for the authentication process.
|
|
313
|
+
* @param params.ClientMetadata Optional metadata to pass to the service.
|
|
314
|
+
* @param params.AccessToken Access token of the current user.
|
|
315
|
+
* @param params.SecretHash Optional secret hash for the user pool client.
|
|
316
|
+
* @returns
|
|
317
|
+
*/
|
|
318
|
+
async respondToAuthChallenge(params) {
|
|
319
|
+
return cognitoRequest({
|
|
320
|
+
...params,
|
|
321
|
+
ClientId: this.userPoolClientId
|
|
322
|
+
}, ServiceTarget.RespondToAuthChallenge, this.cognitoEndpoint);
|
|
323
|
+
}
|
|
324
|
+
/**
|
|
325
|
+
* Lists the devices associated with the user.
|
|
326
|
+
* @param request Request to list devices.
|
|
327
|
+
* @param request.AccessToken Access token of the current user.
|
|
328
|
+
* @param request.Limit Maximum number of devices to return.
|
|
329
|
+
* @param request.PaginationToken Pagination token to continue listing devices.
|
|
330
|
+
* @returns
|
|
331
|
+
*/
|
|
332
|
+
async listDevices(request) {
|
|
333
|
+
return cognitoRequest(request, ServiceTarget.ListDevices, this.cognitoEndpoint);
|
|
334
|
+
}
|
|
335
|
+
/**
|
|
336
|
+
*
|
|
337
|
+
* @param request Request to set user MFA preferences.
|
|
338
|
+
* @param request.AccessToken Access token of the current user.
|
|
339
|
+
* @param request.EmailMfaSettings Optional settings for email MFA.
|
|
340
|
+
* @param request.SMSMfaSettings Optional settings for SMS MFA.
|
|
341
|
+
* @param request.SoftwareTokenMfaSettings Optional settings for software token MFA.
|
|
342
|
+
|
|
343
|
+
* @returns
|
|
344
|
+
*/
|
|
345
|
+
async setUserMFAPreference(request) {
|
|
346
|
+
return cognitoRequest(request, ServiceTarget.SetUserMFAPreference, this.cognitoEndpoint);
|
|
347
|
+
}
|
|
272
348
|
/**
|
|
273
349
|
* Updates the user attributes.
|
|
274
350
|
*
|
|
@@ -438,13 +514,12 @@ export class CognitoClient {
|
|
|
438
514
|
if (error) {
|
|
439
515
|
throw new Error(error);
|
|
440
516
|
}
|
|
441
|
-
|
|
517
|
+
return adaptExpiresIn({
|
|
442
518
|
AccessToken: access_token,
|
|
443
519
|
RefreshToken: refresh_token,
|
|
444
520
|
IdToken: id_token,
|
|
445
521
|
ExpiresIn: expires_in
|
|
446
522
|
});
|
|
447
|
-
return session;
|
|
448
523
|
}
|
|
449
524
|
/**
|
|
450
525
|
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
|
package/lib/error.d.ts
CHANGED
|
@@ -362,11 +362,11 @@ export declare enum RevokeTokenException {
|
|
|
362
362
|
UnsupportedOperationException = "UnsupportedOperationException",
|
|
363
363
|
UnsupportedTokenTypeException = "UnsupportedTokenTypeException"
|
|
364
364
|
}
|
|
365
|
-
export type CognitoErrorType = 'CommonError' | 'InitAuthError' | 'RespondToAuthChallengeError' | 'SignUpError' | 'ConfirmSignUpError' | 'ChangePasswordError' | 'RevokeTokenError' | 'ForgotPasswordError' | 'ConfirmForgotPasswordError' | 'ResendConfirmationCodeError' | 'UpdateUserAttributesError' | 'VerifyUserAttributeError' | 'GlobalSignOutError';
|
|
365
|
+
export type CognitoErrorType = 'CommonError' | 'InitAuthError' | 'RespondToAuthChallengeError' | 'SignUpError' | 'ConfirmSignUpError' | 'VerifySoftwareTokenError' | 'ChangePasswordError' | 'RevokeTokenError' | 'ForgotPasswordError' | 'ConfirmForgotPasswordError' | 'ResendConfirmationCodeError' | 'UpdateUserAttributesError' | 'VerifyUserAttributeError' | 'AssociateSoftwareTokenError' | 'GlobalSignOutError' | 'SetUserMFAPreferenceError' | 'GetUserError' | 'ListDevicesError';
|
|
366
366
|
export declare class CognitoError extends Error {
|
|
367
367
|
readonly errorType: CognitoErrorType;
|
|
368
|
-
readonly cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException;
|
|
369
|
-
constructor(message: string, errorType: CognitoErrorType, cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException);
|
|
368
|
+
readonly cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException | VerifySoftwareTokenException | AssociateSoftwareTokenException | SetUserMFAPreferenceException | ListDevicesException | GetUserException;
|
|
369
|
+
constructor(message: string, errorType: CognitoErrorType, cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException | VerifySoftwareTokenException | AssociateSoftwareTokenException | SetUserMFAPreferenceException | ListDevicesException | GetUserException);
|
|
370
370
|
}
|
|
371
371
|
export declare class CommonError extends CognitoError {
|
|
372
372
|
readonly cognitoException: CommonException;
|
|
@@ -420,3 +420,23 @@ export declare class GlobalSignOutError extends CognitoError {
|
|
|
420
420
|
readonly cognitoException: GlobalSignOutException;
|
|
421
421
|
constructor(message: string, cognitoException: GlobalSignOutException);
|
|
422
422
|
}
|
|
423
|
+
export declare class VerifySoftwareTokenError extends CognitoError {
|
|
424
|
+
readonly cognitoException: VerifySoftwareTokenException;
|
|
425
|
+
constructor(message: string, cognitoException: VerifySoftwareTokenException);
|
|
426
|
+
}
|
|
427
|
+
export declare class AssociateSoftwareTokenError extends CognitoError {
|
|
428
|
+
readonly cognitoException: AssociateSoftwareTokenException;
|
|
429
|
+
constructor(message: string, cognitoException: AssociateSoftwareTokenException);
|
|
430
|
+
}
|
|
431
|
+
export declare class SetUserMFAPreferenceError extends CognitoError {
|
|
432
|
+
readonly cognitoException: SetUserMFAPreferenceException;
|
|
433
|
+
constructor(message: string, cognitoException: SetUserMFAPreferenceException);
|
|
434
|
+
}
|
|
435
|
+
export declare class ListDevicesError extends CognitoError {
|
|
436
|
+
readonly cognitoException: ListDevicesException;
|
|
437
|
+
constructor(message: string, cognitoException: ListDevicesException);
|
|
438
|
+
}
|
|
439
|
+
export declare class GetUserError extends CognitoError {
|
|
440
|
+
readonly cognitoException: GetUserException;
|
|
441
|
+
constructor(message: string, cognitoException: GetUserException);
|
|
442
|
+
}
|
package/lib/error.js
CHANGED
|
@@ -485,3 +485,33 @@ export class GlobalSignOutError extends CognitoError {
|
|
|
485
485
|
this.cognitoException = cognitoException;
|
|
486
486
|
}
|
|
487
487
|
}
|
|
488
|
+
export class VerifySoftwareTokenError extends CognitoError {
|
|
489
|
+
constructor(message, cognitoException) {
|
|
490
|
+
super(message, 'VerifySoftwareTokenError', cognitoException);
|
|
491
|
+
this.cognitoException = cognitoException;
|
|
492
|
+
}
|
|
493
|
+
}
|
|
494
|
+
export class AssociateSoftwareTokenError extends CognitoError {
|
|
495
|
+
constructor(message, cognitoException) {
|
|
496
|
+
super(message, 'AssociateSoftwareTokenError', cognitoException);
|
|
497
|
+
this.cognitoException = cognitoException;
|
|
498
|
+
}
|
|
499
|
+
}
|
|
500
|
+
export class SetUserMFAPreferenceError extends CognitoError {
|
|
501
|
+
constructor(message, cognitoException) {
|
|
502
|
+
super(message, 'SetUserMFAPreferenceError', cognitoException);
|
|
503
|
+
this.cognitoException = cognitoException;
|
|
504
|
+
}
|
|
505
|
+
}
|
|
506
|
+
export class ListDevicesError extends CognitoError {
|
|
507
|
+
constructor(message, cognitoException) {
|
|
508
|
+
super(message, 'ListDevicesError', cognitoException);
|
|
509
|
+
this.cognitoException = cognitoException;
|
|
510
|
+
}
|
|
511
|
+
}
|
|
512
|
+
export class GetUserError extends CognitoError {
|
|
513
|
+
constructor(message, cognitoException) {
|
|
514
|
+
super(message, 'GetUserError', cognitoException);
|
|
515
|
+
this.cognitoException = cognitoException;
|
|
516
|
+
}
|
|
517
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vardario/cognito-client",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "5.1.0",
|
|
4
4
|
"description": "",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Sahin Vardar",
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
],
|
|
17
17
|
"scripts": {
|
|
18
18
|
"build": "pnpm build:lib && pnpm build:browser",
|
|
19
|
-
"build:browser": "esbuild src/index.ts --bundle --outfile=lib/browser.js --platform=neutral
|
|
19
|
+
"build:browser": "esbuild src/index.ts --bundle --outfile=lib/browser.js --platform=neutral",
|
|
20
20
|
"build:lib": "tsc --build",
|
|
21
21
|
"format": "prettier --plugin-search-dir . --write . && prettier-package-json --write && eslint --fix .",
|
|
22
22
|
"integration-test": "vitest run integration",
|
|
@@ -30,10 +30,10 @@
|
|
|
30
30
|
"@types/node": "^20",
|
|
31
31
|
"@typescript-eslint/eslint-plugin": "^6.11.0",
|
|
32
32
|
"@typescript-eslint/parser": "^6.11.0",
|
|
33
|
-
"esbuild": "^0.
|
|
33
|
+
"esbuild": "^0.25.8",
|
|
34
34
|
"eslint": "^8.54.0",
|
|
35
|
-
"eslint-config-prettier": "^
|
|
36
|
-
"eslint-plugin-unused-imports": "^
|
|
35
|
+
"eslint-config-prettier": "^10.1.8",
|
|
36
|
+
"eslint-plugin-unused-imports": "^4.1.4",
|
|
37
37
|
"husky": "^8.0.3",
|
|
38
38
|
"isomorphic-fetch": "^3.0.0",
|
|
39
39
|
"jsdom": "^22.1.0",
|