@vardario/cognito-client 4.0.7 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/browser.js CHANGED
@@ -26,15 +26,15 @@ var COMMON_EXCEPTIONS = [
26
26
  "ThrottlingException" /* ThrottlingException */,
27
27
  "ValidationError" /* ValidationError */
28
28
  ];
29
- var AssociateSoftwareTokenException = /* @__PURE__ */ ((AssociateSoftwareTokenException2) => {
30
- AssociateSoftwareTokenException2["ConcurrentModificationException"] = "ConcurrentModificationException";
31
- AssociateSoftwareTokenException2["ForbiddenException"] = "ForbiddenException";
32
- AssociateSoftwareTokenException2["InternalErrorException"] = "InternalErrorException";
33
- AssociateSoftwareTokenException2["InvalidParameterException"] = "InvalidParameterException";
34
- AssociateSoftwareTokenException2["NotAuthorizedException"] = "NotAuthorizedException";
35
- AssociateSoftwareTokenException2["ResourceNotFoundException"] = "ResourceNotFoundException";
36
- AssociateSoftwareTokenException2["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
37
- return AssociateSoftwareTokenException2;
29
+ var AssociateSoftwareTokenException = /* @__PURE__ */ ((AssociateSoftwareTokenException3) => {
30
+ AssociateSoftwareTokenException3["ConcurrentModificationException"] = "ConcurrentModificationException";
31
+ AssociateSoftwareTokenException3["ForbiddenException"] = "ForbiddenException";
32
+ AssociateSoftwareTokenException3["InternalErrorException"] = "InternalErrorException";
33
+ AssociateSoftwareTokenException3["InvalidParameterException"] = "InvalidParameterException";
34
+ AssociateSoftwareTokenException3["NotAuthorizedException"] = "NotAuthorizedException";
35
+ AssociateSoftwareTokenException3["ResourceNotFoundException"] = "ResourceNotFoundException";
36
+ AssociateSoftwareTokenException3["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
37
+ return AssociateSoftwareTokenException3;
38
38
  })(AssociateSoftwareTokenException || {});
39
39
  var ChangePasswordException = /* @__PURE__ */ ((ChangePasswordException3) => {
40
40
  ChangePasswordException3["ForbiddenException"] = "ForbiddenException";
@@ -158,17 +158,17 @@ var ForgotPasswordException = /* @__PURE__ */ ((ForgotPasswordException3) => {
158
158
  ForgotPasswordException3["UserNotFoundException"] = "UserNotFoundException";
159
159
  return ForgotPasswordException3;
160
160
  })(ForgotPasswordException || {});
161
- var GetUserException = /* @__PURE__ */ ((GetUserException2) => {
162
- GetUserException2["ForbiddenException"] = "ForbiddenException";
163
- GetUserException2["InternalErrorException"] = "InternalErrorException";
164
- GetUserException2["InvalidParameterException"] = "InvalidParameterException";
165
- GetUserException2["NotAuthorizedException"] = "NotAuthorizedException";
166
- GetUserException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
167
- GetUserException2["ResourceNotFoundException"] = "ResourceNotFoundException";
168
- GetUserException2["TooManyRequestsException"] = "TooManyRequestsException";
169
- GetUserException2["UserNotConfirmedException"] = "UserNotConfirmedException";
170
- GetUserException2["UserNotFoundException"] = "UserNotFoundException";
171
- return GetUserException2;
161
+ var GetUserException = /* @__PURE__ */ ((GetUserException3) => {
162
+ GetUserException3["ForbiddenException"] = "ForbiddenException";
163
+ GetUserException3["InternalErrorException"] = "InternalErrorException";
164
+ GetUserException3["InvalidParameterException"] = "InvalidParameterException";
165
+ GetUserException3["NotAuthorizedException"] = "NotAuthorizedException";
166
+ GetUserException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
167
+ GetUserException3["ResourceNotFoundException"] = "ResourceNotFoundException";
168
+ GetUserException3["TooManyRequestsException"] = "TooManyRequestsException";
169
+ GetUserException3["UserNotConfirmedException"] = "UserNotConfirmedException";
170
+ GetUserException3["UserNotFoundException"] = "UserNotFoundException";
171
+ return GetUserException3;
172
172
  })(GetUserException || {});
173
173
  var GetIdException = /* @__PURE__ */ ((GetIdException2) => {
174
174
  GetIdException2["ExternalServiceException"] = "ExternalServiceException";
@@ -223,23 +223,23 @@ var GlobalSignOutException = /* @__PURE__ */ ((GlobalSignOutException3) => {
223
223
  GlobalSignOutException3["UserNotConfirmedException"] = "UserNotConfirmedException";
224
224
  return GlobalSignOutException3;
225
225
  })(GlobalSignOutException || {});
226
- var InitiateAuthException = /* @__PURE__ */ ((InitiateAuthException3) => {
227
- InitiateAuthException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
228
- InitiateAuthException3["ForbiddenException"] = "ForbiddenException";
229
- InitiateAuthException3["InternalErrorException"] = "InternalErrorException";
230
- InitiateAuthException3["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
231
- InitiateAuthException3["InvalidParameterException"] = "InvalidParameterException";
232
- InitiateAuthException3["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
233
- InitiateAuthException3["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
234
- InitiateAuthException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
235
- InitiateAuthException3["NotAuthorizedException"] = "NotAuthorizedException";
236
- InitiateAuthException3["ResourceNotFoundException"] = "ResourceNotFoundException";
237
- InitiateAuthException3["TooManyRequestsException"] = "TooManyRequestsException";
238
- InitiateAuthException3["UnexpectedLambdaException"] = "UnexpectedLambdaException";
239
- InitiateAuthException3["UserLambdaValidationException"] = "UserLambdaValidationException";
240
- InitiateAuthException3["UserNotConfirmedException"] = "UserNotConfirmedException";
241
- InitiateAuthException3["UserNotFoundException"] = "UserNotFoundException";
242
- return InitiateAuthException3;
226
+ var InitiateAuthException = /* @__PURE__ */ ((InitiateAuthException2) => {
227
+ InitiateAuthException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
228
+ InitiateAuthException2["ForbiddenException"] = "ForbiddenException";
229
+ InitiateAuthException2["InternalErrorException"] = "InternalErrorException";
230
+ InitiateAuthException2["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
231
+ InitiateAuthException2["InvalidParameterException"] = "InvalidParameterException";
232
+ InitiateAuthException2["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
233
+ InitiateAuthException2["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
234
+ InitiateAuthException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
235
+ InitiateAuthException2["NotAuthorizedException"] = "NotAuthorizedException";
236
+ InitiateAuthException2["ResourceNotFoundException"] = "ResourceNotFoundException";
237
+ InitiateAuthException2["TooManyRequestsException"] = "TooManyRequestsException";
238
+ InitiateAuthException2["UnexpectedLambdaException"] = "UnexpectedLambdaException";
239
+ InitiateAuthException2["UserLambdaValidationException"] = "UserLambdaValidationException";
240
+ InitiateAuthException2["UserNotConfirmedException"] = "UserNotConfirmedException";
241
+ InitiateAuthException2["UserNotFoundException"] = "UserNotFoundException";
242
+ return InitiateAuthException2;
243
243
  })(InitiateAuthException || {});
244
244
  var ResendConfirmationException = /* @__PURE__ */ ((ResendConfirmationException3) => {
245
245
  ResendConfirmationException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
@@ -283,16 +283,16 @@ var RespondToAuthChallengeException = /* @__PURE__ */ ((RespondToAuthChallengeEx
283
283
  RespondToAuthChallengeException3["UserNotFoundException"] = "UserNotFoundException";
284
284
  return RespondToAuthChallengeException3;
285
285
  })(RespondToAuthChallengeException || {});
286
- var SetUserMFAPreferenceException = /* @__PURE__ */ ((SetUserMFAPreferenceException2) => {
287
- SetUserMFAPreferenceException2["ForbiddenException"] = "ForbiddenException";
288
- SetUserMFAPreferenceException2["InternalErrorException"] = "InternalErrorException";
289
- SetUserMFAPreferenceException2["InvalidParameterException"] = "InvalidParameterException";
290
- SetUserMFAPreferenceException2["NotAuthorizedException"] = "NotAuthorizedException";
291
- SetUserMFAPreferenceException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
292
- SetUserMFAPreferenceException2["ResourceNotFoundException"] = "ResourceNotFoundException";
293
- SetUserMFAPreferenceException2["UserNotConfirmedException"] = "UserNotConfirmedException";
294
- SetUserMFAPreferenceException2["UserNotFoundException"] = "UserNotFoundException";
295
- return SetUserMFAPreferenceException2;
286
+ var SetUserMFAPreferenceException = /* @__PURE__ */ ((SetUserMFAPreferenceException3) => {
287
+ SetUserMFAPreferenceException3["ForbiddenException"] = "ForbiddenException";
288
+ SetUserMFAPreferenceException3["InternalErrorException"] = "InternalErrorException";
289
+ SetUserMFAPreferenceException3["InvalidParameterException"] = "InvalidParameterException";
290
+ SetUserMFAPreferenceException3["NotAuthorizedException"] = "NotAuthorizedException";
291
+ SetUserMFAPreferenceException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
292
+ SetUserMFAPreferenceException3["ResourceNotFoundException"] = "ResourceNotFoundException";
293
+ SetUserMFAPreferenceException3["UserNotConfirmedException"] = "UserNotConfirmedException";
294
+ SetUserMFAPreferenceException3["UserNotFoundException"] = "UserNotFoundException";
295
+ return SetUserMFAPreferenceException3;
296
296
  })(SetUserMFAPreferenceException || {});
297
297
  var SignUpException = /* @__PURE__ */ ((SignUpException3) => {
298
298
  SignUpException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
@@ -333,21 +333,21 @@ var UpdateUserAttributesException = /* @__PURE__ */ ((UpdateUserAttributesExcept
333
333
  UpdateUserAttributesException3["UserNotFoundException"] = "UserNotFoundException";
334
334
  return UpdateUserAttributesException3;
335
335
  })(UpdateUserAttributesException || {});
336
- var VerifySoftwareTokenException = /* @__PURE__ */ ((VerifySoftwareTokenException2) => {
337
- VerifySoftwareTokenException2["CodeMismatchException"] = "CodeMismatchException";
338
- VerifySoftwareTokenException2["EnableSoftwareTokenMFAException"] = "EnableSoftwareTokenMFAException";
339
- VerifySoftwareTokenException2["ForbiddenException"] = "ForbiddenException";
340
- VerifySoftwareTokenException2["InternalErrorException"] = "InternalErrorException";
341
- VerifySoftwareTokenException2["InvalidParameterException"] = "InvalidParameterException";
342
- VerifySoftwareTokenException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
343
- VerifySoftwareTokenException2["NotAuthorizedException"] = "NotAuthorizedException";
344
- VerifySoftwareTokenException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
345
- VerifySoftwareTokenException2["ResourceNotFoundException"] = "ResourceNotFoundException";
346
- VerifySoftwareTokenException2["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
347
- VerifySoftwareTokenException2["TooManyRequestsException"] = "TooManyRequestsException";
348
- VerifySoftwareTokenException2["UserNotConfirmedException"] = "UserNotConfirmedException";
349
- VerifySoftwareTokenException2["UserNotFoundException"] = "UserNotFoundException";
350
- return VerifySoftwareTokenException2;
336
+ var VerifySoftwareTokenException = /* @__PURE__ */ ((VerifySoftwareTokenException3) => {
337
+ VerifySoftwareTokenException3["CodeMismatchException"] = "CodeMismatchException";
338
+ VerifySoftwareTokenException3["EnableSoftwareTokenMFAException"] = "EnableSoftwareTokenMFAException";
339
+ VerifySoftwareTokenException3["ForbiddenException"] = "ForbiddenException";
340
+ VerifySoftwareTokenException3["InternalErrorException"] = "InternalErrorException";
341
+ VerifySoftwareTokenException3["InvalidParameterException"] = "InvalidParameterException";
342
+ VerifySoftwareTokenException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
343
+ VerifySoftwareTokenException3["NotAuthorizedException"] = "NotAuthorizedException";
344
+ VerifySoftwareTokenException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
345
+ VerifySoftwareTokenException3["ResourceNotFoundException"] = "ResourceNotFoundException";
346
+ VerifySoftwareTokenException3["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
347
+ VerifySoftwareTokenException3["TooManyRequestsException"] = "TooManyRequestsException";
348
+ VerifySoftwareTokenException3["UserNotConfirmedException"] = "UserNotConfirmedException";
349
+ VerifySoftwareTokenException3["UserNotFoundException"] = "UserNotFoundException";
350
+ return VerifySoftwareTokenException3;
351
351
  })(VerifySoftwareTokenException || {});
352
352
  var VerifyUserAttributeException = /* @__PURE__ */ ((VerifyUserAttributeException3) => {
353
353
  VerifyUserAttributeException3["AliasExistsException"] = "AliasExistsException";
@@ -378,18 +378,18 @@ var UpdateDeviceStatusException = /* @__PURE__ */ ((UpdateDeviceStatusException2
378
378
  UpdateDeviceStatusException2["UserNotFoundException"] = "UserNotFoundException";
379
379
  return UpdateDeviceStatusException2;
380
380
  })(UpdateDeviceStatusException || {});
381
- var ListDevicesException = /* @__PURE__ */ ((ListDevicesException2) => {
382
- ListDevicesException2["ForbiddenException"] = "ForbiddenException";
383
- ListDevicesException2["InternalErrorException"] = "InternalErrorException";
384
- ListDevicesException2["InvalidParameterException"] = "InvalidParameterException";
385
- ListDevicesException2["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
386
- ListDevicesException2["NotAuthorizedException"] = "NotAuthorizedException";
387
- ListDevicesException2["PasswordResetRequiredException"] = "PasswordResetRequiredException";
388
- ListDevicesException2["ResourceNotFoundException"] = "ResourceNotFoundException";
389
- ListDevicesException2["TooManyRequestsException"] = "TooManyRequestsException";
390
- ListDevicesException2["UserNotConfirmedException"] = "UserNotConfirmedException";
391
- ListDevicesException2["UserNotFoundException"] = "UserNotFoundException";
392
- return ListDevicesException2;
381
+ var ListDevicesException = /* @__PURE__ */ ((ListDevicesException3) => {
382
+ ListDevicesException3["ForbiddenException"] = "ForbiddenException";
383
+ ListDevicesException3["InternalErrorException"] = "InternalErrorException";
384
+ ListDevicesException3["InvalidParameterException"] = "InvalidParameterException";
385
+ ListDevicesException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
386
+ ListDevicesException3["NotAuthorizedException"] = "NotAuthorizedException";
387
+ ListDevicesException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
388
+ ListDevicesException3["ResourceNotFoundException"] = "ResourceNotFoundException";
389
+ ListDevicesException3["TooManyRequestsException"] = "TooManyRequestsException";
390
+ ListDevicesException3["UserNotConfirmedException"] = "UserNotConfirmedException";
391
+ ListDevicesException3["UserNotFoundException"] = "UserNotFoundException";
392
+ return ListDevicesException3;
393
393
  })(ListDevicesException || {});
394
394
  var RevokeTokenException = /* @__PURE__ */ ((RevokeTokenException3) => {
395
395
  RevokeTokenException3["ForbiddenException"] = "ForbiddenException";
@@ -486,16 +486,43 @@ var GlobalSignOutError = class extends CognitoError {
486
486
  this.cognitoException = cognitoException;
487
487
  }
488
488
  };
489
+ var VerifySoftwareTokenError = class extends CognitoError {
490
+ constructor(message, cognitoException) {
491
+ super(message, "VerifySoftwareTokenError", cognitoException);
492
+ this.cognitoException = cognitoException;
493
+ }
494
+ };
495
+ var AssociateSoftwareTokenError = class extends CognitoError {
496
+ constructor(message, cognitoException) {
497
+ super(message, "AssociateSoftwareTokenError", cognitoException);
498
+ this.cognitoException = cognitoException;
499
+ }
500
+ };
501
+ var SetUserMFAPreferenceError = class extends CognitoError {
502
+ constructor(message, cognitoException) {
503
+ super(message, "SetUserMFAPreferenceError", cognitoException);
504
+ this.cognitoException = cognitoException;
505
+ }
506
+ };
507
+ var ListDevicesError = class extends CognitoError {
508
+ constructor(message, cognitoException) {
509
+ super(message, "ListDevicesError", cognitoException);
510
+ this.cognitoException = cognitoException;
511
+ }
512
+ };
513
+ var GetUserError = class extends CognitoError {
514
+ constructor(message, cognitoException) {
515
+ super(message, "GetUserError", cognitoException);
516
+ this.cognitoException = cognitoException;
517
+ }
518
+ };
489
519
 
490
520
  // src/bigint-math.ts
491
521
  var abs = (n) => n < 0n ? -n : n;
492
522
  function eGcd(a, b) {
493
- if (typeof a === "number")
494
- a = BigInt(a);
495
- if (typeof b === "number")
496
- b = BigInt(b);
497
- if (a <= 0n || b <= 0n)
498
- throw new RangeError("a and b MUST be > 0");
523
+ if (typeof a === "number") a = BigInt(a);
524
+ if (typeof b === "number") b = BigInt(b);
525
+ if (a <= 0n || b <= 0n) throw new RangeError("a and b MUST be > 0");
499
526
  let x = 0n;
500
527
  let y = 1n;
501
528
  let u = 1n;
@@ -708,6 +735,11 @@ var ServiceTarget = /* @__PURE__ */ ((ServiceTarget2) => {
708
735
  ServiceTarget2["UpdateUserAttributes"] = "UpdateUserAttributes";
709
736
  ServiceTarget2["VerifyUserAttribute"] = "VerifyUserAttribute";
710
737
  ServiceTarget2["GlobalSignOut"] = "GlobalSignOut";
738
+ ServiceTarget2["GetUser"] = "GetUser";
739
+ ServiceTarget2["AssociateSoftwareToken"] = "AssociateSoftwareToken";
740
+ ServiceTarget2["VerifySoftwareToken"] = "VerifySoftwareToken";
741
+ ServiceTarget2["ListDevices"] = "ListDevices";
742
+ ServiceTarget2["SetUserMFAPreference"] = "SetUserMFAPreference";
711
743
  return ServiceTarget2;
712
744
  })(ServiceTarget || {});
713
745
  var IdentityProvider = /* @__PURE__ */ ((IdentityProvider2) => {
@@ -718,12 +750,10 @@ var IdentityProvider = /* @__PURE__ */ ((IdentityProvider2) => {
718
750
  IdentityProvider2["Apple"] = "SignInWithApple";
719
751
  return IdentityProvider2;
720
752
  })(IdentityProvider || {});
721
- function authResultToSession(authenticationResult) {
753
+ function adaptExpiresIn(auth) {
722
754
  return {
723
- accessToken: authenticationResult.AccessToken,
724
- idToken: authenticationResult.IdToken,
725
- expiresIn: (/* @__PURE__ */ new Date()).getTime() + authenticationResult.ExpiresIn * 1e3,
726
- refreshToken: authenticationResult.RefreshToken
755
+ ...auth,
756
+ ExpiresIn: (/* @__PURE__ */ new Date()).getTime() + auth.ExpiresIn * 1e3
727
757
  };
728
758
  }
729
759
  async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
@@ -778,6 +808,16 @@ async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
778
808
  throw new VerifyUserAttributeError(errorMessage, cognitoException);
779
809
  case "GlobalSignOut" /* GlobalSignOut */:
780
810
  throw new GlobalSignOutError(errorMessage, cognitoException);
811
+ case "AssociateSoftwareToken" /* AssociateSoftwareToken */:
812
+ throw new AssociateSoftwareTokenError(errorMessage, cognitoException);
813
+ case "VerifySoftwareToken" /* VerifySoftwareToken */:
814
+ throw new VerifySoftwareTokenError(errorMessage, cognitoException);
815
+ case "SetUserMFAPreference" /* SetUserMFAPreference */:
816
+ throw new SetUserMFAPreferenceError(errorMessage, cognitoException);
817
+ case "ListDevices" /* ListDevices */:
818
+ throw new ListDevicesError(errorMessage, cognitoException);
819
+ case "GetUser" /* GetUser */:
820
+ throw new GetUserError(errorMessage, cognitoException);
781
821
  }
782
822
  }
783
823
  var CognitoClient = class {
@@ -789,9 +829,9 @@ var CognitoClient = class {
789
829
  this.oAuth = oAuth;
790
830
  this.clientSecret = clientSecret;
791
831
  }
792
- static getDecodedTokenFromSession(session) {
793
- const { payload: idToken } = decodeJwt(session.idToken);
794
- const { payload: accessToken } = decodeJwt(session.accessToken);
832
+ static getDecodedTokenFromSession(auth) {
833
+ const { payload: idToken } = decodeJwt(auth.IdToken);
834
+ const { payload: accessToken } = decodeJwt(auth.AccessToken);
795
835
  return {
796
836
  idToken,
797
837
  accessToken
@@ -810,27 +850,29 @@ var CognitoClient = class {
810
850
  async authenticateUserSrp(username, password) {
811
851
  const smallA = await generateSmallA();
812
852
  const A = generateA(smallA);
813
- const initiateAuthPayload = {
814
- AuthFlow: "USER_SRP_AUTH",
815
- ClientId: this.userPoolClientId,
816
- AuthParameters: {
817
- USERNAME: username,
818
- SRP_A: A.toString(16),
819
- SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
853
+ const initUserSrpAuthResponse = await cognitoRequest(
854
+ {
855
+ AuthFlow: "USER_SRP_AUTH",
856
+ ClientId: this.userPoolClientId,
857
+ AuthParameters: {
858
+ USERNAME: username,
859
+ SRP_A: A.toString(16),
860
+ SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
861
+ },
862
+ ClientMetadata: {}
820
863
  },
821
- ClientMetadata: {}
822
- };
823
- const challenge = await cognitoRequest(
824
- initiateAuthPayload,
825
864
  "InitiateAuth" /* InitiateAuth */,
826
865
  this.cognitoEndpoint
827
866
  );
828
- const B = BigInt("0x" + challenge.ChallengeParameters.SRP_B);
829
- const salt = BigInt("0x" + challenge.ChallengeParameters.SALT);
867
+ if (initUserSrpAuthResponse.ChallengeName !== "PASSWORD_VERIFIER") {
868
+ return initUserSrpAuthResponse;
869
+ }
870
+ const B = BigInt("0x" + initUserSrpAuthResponse.ChallengeParameters.SRP_B);
871
+ const salt = BigInt("0x" + initUserSrpAuthResponse.ChallengeParameters.SALT);
830
872
  const U = await calculateU(A, B);
831
873
  const hkdf = await getPasswordAuthenticationKey(
832
874
  this.cognitoPoolName,
833
- challenge.ChallengeParameters.USER_ID_FOR_SRP,
875
+ initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
834
876
  password,
835
877
  B,
836
878
  U,
@@ -839,32 +881,31 @@ var CognitoClient = class {
839
881
  );
840
882
  const { signature, timeStamp } = await calculateSignature(
841
883
  this.cognitoPoolName,
842
- challenge.ChallengeParameters.USER_ID_FOR_SRP,
843
- challenge.ChallengeParameters.SECRET_BLOCK,
884
+ initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
885
+ initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK,
844
886
  hkdf
845
887
  );
846
- const respondToAuthChallengeRequest = {
888
+ const passwordAuthChallengeResponse = await this.respondToAuthChallenge({
847
889
  ChallengeName: "PASSWORD_VERIFIER",
848
- ClientId: this.userPoolClientId,
849
890
  ChallengeResponses: {
850
- PASSWORD_CLAIM_SECRET_BLOCK: challenge.ChallengeParameters.SECRET_BLOCK,
891
+ PASSWORD_CLAIM_SECRET_BLOCK: initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK,
851
892
  PASSWORD_CLAIM_SIGNATURE: signature,
852
- USERNAME: challenge.ChallengeParameters.USER_ID_FOR_SRP,
893
+ USERNAME: initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
853
894
  TIMESTAMP: timeStamp,
854
895
  SECRET_HASH: this.clientSecret && await calculateSecretHash(
855
896
  this.clientSecret,
856
897
  this.userPoolClientId,
857
- challenge.ChallengeParameters.USER_ID_FOR_SRP
898
+ initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP
858
899
  )
859
900
  },
860
901
  ClientMetadata: {}
861
- };
862
- const { AuthenticationResult } = await cognitoRequest(
863
- respondToAuthChallengeRequest,
864
- "RespondToAuthChallenge" /* RespondToAuthChallenge */,
865
- this.cognitoEndpoint
866
- );
867
- return authResultToSession(AuthenticationResult);
902
+ });
903
+ if (passwordAuthChallengeResponse.AuthenticationResult) {
904
+ passwordAuthChallengeResponse.AuthenticationResult = adaptExpiresIn(
905
+ passwordAuthChallengeResponse.AuthenticationResult
906
+ );
907
+ }
908
+ return passwordAuthChallengeResponse;
868
909
  }
869
910
  /**
870
911
  *
@@ -886,13 +927,18 @@ var CognitoClient = class {
886
927
  },
887
928
  ClientMetadata: {}
888
929
  };
889
- const { AuthenticationResult } = await cognitoRequest(
930
+ const initUserPasswordAuthResponse = await cognitoRequest(
890
931
  initiateAuthPayload,
891
932
  "InitiateAuth" /* InitiateAuth */,
892
933
  this.cognitoEndpoint
893
934
  );
894
- const session = authResultToSession(AuthenticationResult);
895
- return session;
935
+ if (!initUserPasswordAuthResponse.AuthenticationResult) {
936
+ return initUserPasswordAuthResponse;
937
+ }
938
+ initUserPasswordAuthResponse.AuthenticationResult = adaptExpiresIn(
939
+ initUserPasswordAuthResponse.AuthenticationResult
940
+ );
941
+ return initUserPasswordAuthResponse;
896
942
  }
897
943
  /**
898
944
  * Returns a new session based on the given refresh token.
@@ -917,10 +963,16 @@ var CognitoClient = class {
917
963
  "InitiateAuth" /* InitiateAuth */,
918
964
  this.cognitoEndpoint
919
965
  );
966
+ if (!AuthenticationResult) {
967
+ throw new InitAuthError(
968
+ "Authentication failed, no authentication result returned",
969
+ "InternalErrorException" /* InternalErrorException */
970
+ );
971
+ }
920
972
  if (!AuthenticationResult.RefreshToken) {
921
973
  AuthenticationResult.RefreshToken = refreshToken;
922
974
  }
923
- return authResultToSession(AuthenticationResult);
975
+ return adaptExpiresIn(AuthenticationResult);
924
976
  }
925
977
  /**
926
978
  *
@@ -975,6 +1027,63 @@ var CognitoClient = class {
975
1027
  };
976
1028
  await cognitoRequest(changePasswordPayload, "ChangePassword" /* ChangePassword */, this.cognitoEndpoint);
977
1029
  }
1030
+ async getUser(accessToken) {
1031
+ const getUserPayload = {
1032
+ AccessToken: accessToken
1033
+ };
1034
+ return cognitoRequest(getUserPayload, "GetUser" /* GetUser */, this.cognitoEndpoint);
1035
+ }
1036
+ async associateSoftwareToken(params) {
1037
+ return cognitoRequest(params, "AssociateSoftwareToken" /* AssociateSoftwareToken */, this.cognitoEndpoint);
1038
+ }
1039
+ async verifySoftwareToken(params) {
1040
+ return cognitoRequest(params, "VerifySoftwareToken" /* VerifySoftwareToken */, this.cognitoEndpoint);
1041
+ }
1042
+ /**
1043
+ * Responds to an authentication challenge.
1044
+ * @param params Request to respond to an authentication challenge.
1045
+ * @param params.ChallengeName Name of the challenge to respond to.
1046
+ * @param params.ChallengeResponses Responses to the challenge.
1047
+ * @param params.Session Session identifier for the authentication process.
1048
+ * @param params.ClientMetadata Optional metadata to pass to the service.
1049
+ * @param params.AccessToken Access token of the current user.
1050
+ * @param params.SecretHash Optional secret hash for the user pool client.
1051
+ * @returns
1052
+ */
1053
+ async respondToAuthChallenge(params) {
1054
+ return cognitoRequest(
1055
+ {
1056
+ ...params,
1057
+ ClientId: this.userPoolClientId
1058
+ },
1059
+ "RespondToAuthChallenge" /* RespondToAuthChallenge */,
1060
+ this.cognitoEndpoint
1061
+ );
1062
+ }
1063
+ /**
1064
+ * Lists the devices associated with the user.
1065
+ * @param request Request to list devices.
1066
+ * @param request.AccessToken Access token of the current user.
1067
+ * @param request.Limit Maximum number of devices to return.
1068
+ * @param request.PaginationToken Pagination token to continue listing devices.
1069
+ * @returns
1070
+ */
1071
+ async listDevices(request) {
1072
+ return cognitoRequest(request, "ListDevices" /* ListDevices */, this.cognitoEndpoint);
1073
+ }
1074
+ /**
1075
+ *
1076
+ * @param request Request to set user MFA preferences.
1077
+ * @param request.AccessToken Access token of the current user.
1078
+ * @param request.EmailMfaSettings Optional settings for email MFA.
1079
+ * @param request.SMSMfaSettings Optional settings for SMS MFA.
1080
+ * @param request.SoftwareTokenMfaSettings Optional settings for software token MFA.
1081
+
1082
+ * @returns
1083
+ */
1084
+ async setUserMFAPreference(request) {
1085
+ return cognitoRequest(request, "SetUserMFAPreference" /* SetUserMFAPreference */, this.cognitoEndpoint);
1086
+ }
978
1087
  /**
979
1088
  * Updates the user attributes.
980
1089
  *
@@ -1141,13 +1250,12 @@ var CognitoClient = class {
1141
1250
  if (error) {
1142
1251
  throw new Error(error);
1143
1252
  }
1144
- const session = authResultToSession({
1253
+ return adaptExpiresIn({
1145
1254
  AccessToken: access_token,
1146
1255
  RefreshToken: refresh_token,
1147
1256
  IdToken: id_token,
1148
1257
  ExpiresIn: expires_in
1149
1258
  });
1150
- return session;
1151
1259
  }
1152
1260
  /**
1153
1261
  * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
@@ -1161,6 +1269,7 @@ var CognitoClient = class {
1161
1269
  }
1162
1270
  };
1163
1271
  export {
1272
+ AssociateSoftwareTokenError,
1164
1273
  AssociateSoftwareTokenException,
1165
1274
  COMMON_EXCEPTIONS,
1166
1275
  ChangePasswordError,
@@ -1182,12 +1291,14 @@ export {
1182
1291
  GetCredentialsForIdentityException,
1183
1292
  GetIdException,
1184
1293
  GetUserAttributeVerificationException,
1294
+ GetUserError,
1185
1295
  GetUserException,
1186
1296
  GlobalSignOutError,
1187
1297
  GlobalSignOutException,
1188
1298
  IdentityProvider,
1189
1299
  InitAuthError,
1190
1300
  InitiateAuthException,
1301
+ ListDevicesError,
1191
1302
  ListDevicesException,
1192
1303
  ResendConfirmationCodeError,
1193
1304
  ResendConfirmationException,
@@ -1196,15 +1307,17 @@ export {
1196
1307
  RevokeTokenError,
1197
1308
  RevokeTokenException,
1198
1309
  ServiceTarget,
1310
+ SetUserMFAPreferenceError,
1199
1311
  SetUserMFAPreferenceException,
1200
1312
  SignUpError,
1201
1313
  SignUpException,
1202
1314
  UpdateDeviceStatusException,
1203
1315
  UpdateUserAttributesError,
1204
1316
  UpdateUserAttributesException,
1317
+ VerifySoftwareTokenError,
1205
1318
  VerifySoftwareTokenException,
1206
1319
  VerifyUserAttributeError,
1207
1320
  VerifyUserAttributeException,
1208
- authResultToSession,
1321
+ adaptExpiresIn,
1209
1322
  cognitoRequest
1210
1323
  };
@@ -9,7 +9,7 @@ export interface CognitoBaseRequest {
9
9
  IpAddress?: string;
10
10
  };
11
11
  }
12
- export interface AuthIntiUserSrpRequest extends CognitoBaseRequest {
12
+ export interface InitiateAuthUserSrpAuthRequest extends CognitoBaseRequest {
13
13
  AuthFlow: 'USER_SRP_AUTH';
14
14
  AuthParameters: {
15
15
  USERNAME: string;
@@ -17,7 +17,7 @@ export interface AuthIntiUserSrpRequest extends CognitoBaseRequest {
17
17
  SECRET_HASH?: string;
18
18
  };
19
19
  }
20
- export interface AuthIntiUserPasswordRequest extends CognitoBaseRequest {
20
+ export interface InitiateAuthUserPasswordAuthRequest extends CognitoBaseRequest {
21
21
  AuthFlow: 'USER_PASSWORD_AUTH';
22
22
  AuthParameters: {
23
23
  USERNAME: string;
@@ -25,25 +25,25 @@ export interface AuthIntiUserPasswordRequest extends CognitoBaseRequest {
25
25
  SECRET_HASH?: string;
26
26
  };
27
27
  }
28
- export interface AuthIntiRefreshTokenRequest extends CognitoBaseRequest {
28
+ export interface InitiateAuthRefreshTokenAuthRequest extends CognitoBaseRequest {
29
29
  AuthFlow: 'REFRESH_TOKEN_AUTH';
30
30
  AuthParameters: {
31
31
  REFRESH_TOKEN: string;
32
32
  SECRET_HASH?: string;
33
33
  };
34
34
  }
35
- export interface AuthIntiCustomAuthRequest extends CognitoBaseRequest {
35
+ export interface InitiateAuthCustomAuthRequest extends CognitoBaseRequest {
36
36
  AuthFlow: 'CUSTOM_AUTH';
37
37
  AuthParameters: {
38
38
  USERNAME: string;
39
39
  SECRET_HASH?: string;
40
40
  };
41
41
  }
42
- export type AuthIntiRequest = AuthIntiUserSrpRequest | AuthIntiRefreshTokenRequest | AuthIntiCustomAuthRequest | AuthIntiUserPasswordRequest;
42
+ export type InitiateAuthRequest = InitiateAuthUserSrpAuthRequest | InitiateAuthRefreshTokenAuthRequest | InitiateAuthCustomAuthRequest | InitiateAuthUserPasswordAuthRequest;
43
43
  export interface RespondToAuthChallengeBaseRequest extends CognitoBaseRequest {
44
44
  Session?: string;
45
45
  }
46
- export interface RespondToAuthChallengePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
46
+ export interface _RespondToAuthChallengePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
47
47
  ChallengeName: 'PASSWORD_VERIFIER';
48
48
  ChallengeResponses: {
49
49
  USERNAME: string;
@@ -53,7 +53,7 @@ export interface RespondToAuthChallengePasswordVerifierRequest extends RespondTo
53
53
  SECRET_HASH?: string;
54
54
  };
55
55
  }
56
- export interface RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChallengeBaseRequest {
56
+ export interface _RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChallengeBaseRequest {
57
57
  ChallengeName: 'SMS_MFA';
58
58
  ChallengeResponses: {
59
59
  USERNAME: string;
@@ -61,7 +61,7 @@ export interface RespondToAuthChallengeSmsMfaRequest extends RespondToAuthChalle
61
61
  SECRET_HASH?: string;
62
62
  };
63
63
  }
64
- export interface RespondToAuthChallengeCustomChallengeNameRequest extends RespondToAuthChallengeBaseRequest {
64
+ export interface _RespondToAuthChallengeCustomChallengeNameRequest extends RespondToAuthChallengeBaseRequest {
65
65
  ChallengeName: 'CUSTOM_CHALLENGE';
66
66
  ChallengeResponses: {
67
67
  USERNAME: string;
@@ -69,7 +69,7 @@ export interface RespondToAuthChallengeCustomChallengeNameRequest extends Respon
69
69
  SECRET_HASH?: string;
70
70
  };
71
71
  }
72
- export interface RespondToAuthChallengeNewPasswordRequiredRequest extends RespondToAuthChallengeBaseRequest {
72
+ export interface _RespondToAuthChallengeNewPasswordRequiredRequest extends RespondToAuthChallengeBaseRequest {
73
73
  ChallengeName: 'NEW_PASSWORD_REQUIRED';
74
74
  ChallengeResponses: {
75
75
  USERNAME: string;
@@ -77,7 +77,7 @@ export interface RespondToAuthChallengeNewPasswordRequiredRequest extends Respon
77
77
  SECRET_HASH?: string;
78
78
  };
79
79
  }
80
- export interface RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondToAuthChallengeBaseRequest {
80
+ export interface _RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondToAuthChallengeBaseRequest {
81
81
  ChallengeName: 'SOFTWARE_TOKEN_MFA';
82
82
  ChallengeResponses: {
83
83
  USERNAME: string;
@@ -85,7 +85,7 @@ export interface RespondToAuthChallengeSoftwareTokenMfaRequest extends RespondTo
85
85
  SECRET_HASH?: string;
86
86
  };
87
87
  }
88
- export interface RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAuthChallengeBaseRequest {
88
+ export interface _RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAuthChallengeBaseRequest {
89
89
  ChallengeName: 'DEVICE_SRP_AUTH';
90
90
  ChallengeResponses: {
91
91
  USERNAME: string;
@@ -93,7 +93,7 @@ export interface RespondToAuthChallengeDeviceSrpAuthRequest extends RespondToAut
93
93
  SECRET_HASH?: string;
94
94
  };
95
95
  }
96
- export interface RespondToAuthChallengeDevicePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
96
+ export interface _RespondToAuthChallengeDevicePasswordVerifierRequest extends RespondToAuthChallengeBaseRequest {
97
97
  ChallengeName: 'DEVICE_PASSWORD_VERIFIER';
98
98
  ChallengeResponses: {
99
99
  USERNAME: string;
@@ -104,7 +104,7 @@ export interface RespondToAuthChallengeDevicePasswordVerifierRequest extends Res
104
104
  SECRET_HASH?: string;
105
105
  };
106
106
  }
107
- export interface RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChallengeBaseRequest {
107
+ export interface _RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChallengeBaseRequest {
108
108
  ChallengeName: 'MFA_SETUP';
109
109
  ChallengeResponses: {
110
110
  USERNAME: string;
@@ -113,7 +113,7 @@ export interface RespondToAuthChallengeMfaSetupRequest extends RespondToAuthChal
113
113
  SECRET_HASH?: string;
114
114
  };
115
115
  }
116
- export interface RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAuthChallengeBaseRequest {
116
+ export interface _RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAuthChallengeBaseRequest {
117
117
  ChallengeName: 'SELECT_MFA_TYPE';
118
118
  ChallengeResponses: {
119
119
  USERNAME: string;
@@ -121,7 +121,8 @@ export interface RespondToAuthChallengeSelectMfaTypeRequest extends RespondToAut
121
121
  SECRET_HASH?: string;
122
122
  };
123
123
  }
124
- export type RespondToAuthChallengeRequest = RespondToAuthChallengePasswordVerifierRequest | RespondToAuthChallengeSmsMfaRequest | RespondToAuthChallengeCustomChallengeNameRequest | RespondToAuthChallengeNewPasswordRequiredRequest | RespondToAuthChallengeSoftwareTokenMfaRequest | RespondToAuthChallengeDeviceSrpAuthRequest | RespondToAuthChallengeDevicePasswordVerifierRequest | RespondToAuthChallengeMfaSetupRequest | RespondToAuthChallengeSelectMfaTypeRequest;
124
+ type _RespondToAuthChallengeRequest = _RespondToAuthChallengePasswordVerifierRequest | _RespondToAuthChallengeSmsMfaRequest | _RespondToAuthChallengeCustomChallengeNameRequest | _RespondToAuthChallengeNewPasswordRequiredRequest | _RespondToAuthChallengeSoftwareTokenMfaRequest | _RespondToAuthChallengeDeviceSrpAuthRequest | _RespondToAuthChallengeDevicePasswordVerifierRequest | _RespondToAuthChallengeMfaSetupRequest | _RespondToAuthChallengeSelectMfaTypeRequest;
125
+ export type RespondToAuthChallengeRequest = Omit<_RespondToAuthChallengePasswordVerifierRequest, 'ClientId'> | Omit<_RespondToAuthChallengeSmsMfaRequest, 'ClientId'> | Omit<_RespondToAuthChallengeCustomChallengeNameRequest, 'ClientId'> | Omit<_RespondToAuthChallengeNewPasswordRequiredRequest, 'ClientId'> | Omit<_RespondToAuthChallengeSoftwareTokenMfaRequest, 'ClientId'> | Omit<_RespondToAuthChallengeDeviceSrpAuthRequest, 'ClientId'> | Omit<_RespondToAuthChallengeDevicePasswordVerifierRequest, 'ClientId'> | Omit<_RespondToAuthChallengeMfaSetupRequest, 'ClientId'> | Omit<_RespondToAuthChallengeSelectMfaTypeRequest, 'ClientId'>;
125
126
  export interface UserAttribute {
126
127
  Name: string;
127
128
  Value: string;
@@ -199,27 +200,6 @@ export interface CognitoClientProps {
199
200
  */
200
201
  clientSecret?: string;
201
202
  }
202
- /**
203
- * Cognito User Session
204
- */
205
- export interface Session {
206
- /**
207
- * JWT Access Token
208
- */
209
- accessToken: string;
210
- /**
211
- * JWT ID Token
212
- */
213
- idToken: string;
214
- /**
215
- * JWT refresh token
216
- */
217
- refreshToken: string;
218
- /**
219
- * Validity of the session in time stamp as milliseconds.
220
- */
221
- expiresIn: number;
222
- }
223
203
  /**
224
204
  * Represents the decoded values from a JWT ID token.
225
205
  */
@@ -273,7 +253,51 @@ export declare enum ServiceTarget {
273
253
  ResendConfirmationCode = "ResendConfirmationCode",
274
254
  UpdateUserAttributes = "UpdateUserAttributes",
275
255
  VerifyUserAttribute = "VerifyUserAttribute",
276
- GlobalSignOut = "GlobalSignOut"
256
+ GlobalSignOut = "GlobalSignOut",
257
+ GetUser = "GetUser",
258
+ AssociateSoftwareToken = "AssociateSoftwareToken",
259
+ VerifySoftwareToken = "VerifySoftwareToken",
260
+ ListDevices = "ListDevices",
261
+ SetUserMFAPreference = "SetUserMFAPreference"
262
+ }
263
+ export interface AssociateSoftwareTokenRequest {
264
+ AccessToken?: string;
265
+ Session?: string;
266
+ }
267
+ export interface AssociateSoftwareResponse {
268
+ SecretCode: string;
269
+ Session: string;
270
+ }
271
+ export interface VerifySoftwareTokenRequest {
272
+ AccessToken?: string;
273
+ FriendlyDeviceName?: string;
274
+ Session?: string;
275
+ UserCode: string;
276
+ }
277
+ export interface VerifySoftwareTokenResponse {
278
+ Session: string;
279
+ Status: 'SUCCESS' | 'ERROR';
280
+ }
281
+ export interface ListDevicesRequest {
282
+ AccessToken: string;
283
+ Limit: number;
284
+ PaginationToken?: 'string';
285
+ }
286
+ export interface Device {
287
+ DeviceAttributes: [
288
+ {
289
+ Name: string;
290
+ Value: string;
291
+ }
292
+ ];
293
+ DeviceCreateDate: number;
294
+ DeviceKey: string;
295
+ DeviceLastAuthenticatedDate: number;
296
+ DeviceLastModifiedDate: number;
297
+ }
298
+ export interface ListDevicesResponse {
299
+ Devices: Device[];
300
+ PaginationToken?: string;
277
301
  }
278
302
  /**
279
303
  * Cognito supported federated identities public providers.
@@ -291,11 +315,19 @@ export interface AuthenticationResult {
291
315
  ExpiresIn: number;
292
316
  IdToken: string;
293
317
  RefreshToken: string;
318
+ NewDeviceMetadata?: NewDeviceMetadata;
319
+ }
320
+ export interface NewDeviceMetadata {
321
+ DeviceKey?: string;
322
+ DeviceGroupKey?: string;
294
323
  }
295
- export interface AuthenticationResponse {
324
+ export interface InitiateAuthAuthenticationResponse {
296
325
  AuthenticationResult: AuthenticationResult;
326
+ ChallengeName?: never;
327
+ session?: never;
297
328
  }
298
- export interface ChallengeResponse {
329
+ export interface InitiateAuthPasswordVerifierChallengeResponse {
330
+ AuthenticationResult?: never;
299
331
  ChallengeName: 'PASSWORD_VERIFIER';
300
332
  ChallengeParameters: {
301
333
  SALT: string;
@@ -304,9 +336,117 @@ export interface ChallengeResponse {
304
336
  USERNAME: string;
305
337
  USER_ID_FOR_SRP: string;
306
338
  };
339
+ session?: never;
340
+ }
341
+ export interface InitiateAuthSoftwareTokenMfaChallengeResponse {
342
+ AuthenticationResult?: never;
343
+ ChallengeName: 'SOFTWARE_TOKEN_MFA';
344
+ Session: string;
345
+ }
346
+ export interface InitiateEmailOtpChallengeResponse {
347
+ ChallengeName: 'EMAIL_OTP';
348
+ ChallengeParameters: {
349
+ CODE_DELIVERY_DELIVERY_MEDIUM: string;
350
+ CODE_DELIVERY_DESTINATION: string;
351
+ };
352
+ session: string;
353
+ }
354
+ export interface MfaOption {
355
+ DeliveryMedium: 'SMS' | 'EMAIL';
356
+ AttributeName: string;
357
+ }
358
+ export interface GetUserResponse {
359
+ UserAttributes: UserAttribute[];
360
+ Username: string;
361
+ UserMFASettingList?: string[];
362
+ MFAOptions?: MfaOption[];
363
+ PreferredMfaSetting: string;
364
+ }
365
+ export interface SetUserMFAPreferenceRequest {
366
+ AccessToken: string;
367
+ EmailMfaSettings?: {
368
+ Enabled?: boolean;
369
+ PreferredMfa?: boolean;
370
+ };
371
+ SMSMfaSettings?: {
372
+ Enabled?: boolean;
373
+ PreferredMfa?: boolean;
374
+ };
375
+ SoftwareTokenMfaSettings?: {
376
+ Enabled?: boolean;
377
+ PreferredMfa?: boolean;
378
+ };
307
379
  }
308
- export declare function authResultToSession(authenticationResult: AuthenticationResult): Session;
309
- export declare function cognitoRequest(body: object, serviceTarget: ServiceTarget, cognitoEndpoint: string): Promise<any>;
380
+ export type InitiateAuthChallengeResponse = InitiateAuthPasswordVerifierChallengeResponse | InitiateAuthSoftwareTokenMfaChallengeResponse;
381
+ export type InitiateAuthResponse = InitiateAuthAuthenticationResponse | InitiateAuthPasswordVerifierChallengeResponse | InitiateAuthChallengeResponse;
382
+ type CognitoResponseMap = {
383
+ [ServiceTarget.InitiateAuth]: InitiateAuthResponse;
384
+ [ServiceTarget.RespondToAuthChallenge]: InitiateAuthResponse;
385
+ [ServiceTarget.SignUp]: {
386
+ UserConfirmed: boolean;
387
+ UserSub: string;
388
+ };
389
+ [ServiceTarget.ConfirmSignUp]: void;
390
+ [ServiceTarget.ChangePassword]: void;
391
+ [ServiceTarget.RevokeToken]: void;
392
+ [ServiceTarget.ForgotPassword]: void;
393
+ [ServiceTarget.ConfirmForgotPassword]: void;
394
+ [ServiceTarget.ResendConfirmationCode]: void;
395
+ [ServiceTarget.UpdateUserAttributes]: void;
396
+ [ServiceTarget.VerifyUserAttribute]: void;
397
+ [ServiceTarget.GlobalSignOut]: void;
398
+ [ServiceTarget.GetUser]: GetUserResponse;
399
+ [ServiceTarget.AssociateSoftwareToken]: AssociateSoftwareResponse;
400
+ [ServiceTarget.VerifySoftwareToken]: VerifySoftwareTokenResponse;
401
+ [ServiceTarget.ListDevices]: ListDevicesResponse;
402
+ [ServiceTarget.SetUserMFAPreference]: void;
403
+ };
404
+ type CognitoRequestMap = {
405
+ [ServiceTarget.InitiateAuth]: InitiateAuthRequest;
406
+ [ServiceTarget.RespondToAuthChallenge]: _RespondToAuthChallengeRequest;
407
+ [ServiceTarget.SignUp]: SignUpRequest;
408
+ [ServiceTarget.ConfirmSignUp]: ConfirmSignUpRequest;
409
+ [ServiceTarget.ChangePassword]: {
410
+ PreviousPassword: string;
411
+ ProposedPassword: string;
412
+ AccessToken: string;
413
+ };
414
+ [ServiceTarget.RevokeToken]: {
415
+ Token: string;
416
+ ClientId: string;
417
+ ClientSecret?: string;
418
+ };
419
+ [ServiceTarget.ForgotPassword]: ForgotPasswordRequest;
420
+ [ServiceTarget.ConfirmForgotPassword]: ConfirmForgotPasswordRequest;
421
+ [ServiceTarget.ResendConfirmationCode]: ResendConfirmationCodeRequest;
422
+ [ServiceTarget.UpdateUserAttributes]: {
423
+ UserAttributes: UserAttribute[];
424
+ AccessToken: string;
425
+ };
426
+ [ServiceTarget.VerifyUserAttribute]: {
427
+ AttributeName: string;
428
+ Code: string;
429
+ AccessToken: string;
430
+ };
431
+ [ServiceTarget.GlobalSignOut]: {
432
+ AccessToken: string;
433
+ };
434
+ [ServiceTarget.GetUser]: {
435
+ AccessToken: string;
436
+ };
437
+ [ServiceTarget.AssociateSoftwareToken]: AssociateSoftwareTokenRequest;
438
+ [ServiceTarget.VerifySoftwareToken]: VerifySoftwareTokenRequest;
439
+ [ServiceTarget.ListDevices]: ListDevicesRequest;
440
+ [ServiceTarget.SetUserMFAPreference]: SetUserMFAPreferenceRequest;
441
+ };
442
+ export declare function adaptExpiresIn(auth: AuthenticationResult): {
443
+ ExpiresIn: number;
444
+ AccessToken: string;
445
+ IdToken: string;
446
+ RefreshToken: string;
447
+ NewDeviceMetadata?: NewDeviceMetadata | undefined;
448
+ };
449
+ export declare function cognitoRequest<T extends ServiceTarget>(body: CognitoRequestMap[T], serviceTarget: T, cognitoEndpoint: string): Promise<CognitoResponseMap[T]>;
310
450
  /**
311
451
  * Lightweight AWS Cogito client without any AWS SDK dependencies.
312
452
  */
@@ -317,7 +457,7 @@ export declare class CognitoClient {
317
457
  private readonly oAuth?;
318
458
  private readonly clientSecret?;
319
459
  constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }: CognitoClientProps);
320
- static getDecodedTokenFromSession(session: Session): DecodedTokens;
460
+ static getDecodedTokenFromSession(auth: AuthenticationResult): DecodedTokens;
321
461
  /**
322
462
  *
323
463
  * Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
@@ -328,7 +468,7 @@ export declare class CognitoClient {
328
468
  *
329
469
  * @throws {InitAuthError, CognitoRespondToAuthChallengeError}
330
470
  */
331
- authenticateUserSrp(username: string, password: string): Promise<Session>;
471
+ authenticateUserSrp(username: string, password: string): Promise<InitiateAuthResponse>;
332
472
  /**
333
473
  *
334
474
  * Performs user authentication with username and password through USER_PASSWORD_AUTH .
@@ -338,7 +478,7 @@ export declare class CognitoClient {
338
478
  * @param password Password
339
479
  * @throws {InitAuthError}
340
480
  */
341
- authenticateUser(username: string, password: string): Promise<Session>;
481
+ authenticateUser(username: string, password: string): Promise<InitiateAuthResponse>;
342
482
  /**
343
483
  * Returns a new session based on the given refresh token.
344
484
  *
@@ -347,7 +487,7 @@ export declare class CognitoClient {
347
487
  * @returns @see Session
348
488
  * @throws {InitAuthError}
349
489
  */
350
- refreshSession(refreshToken: string, username?: string): Promise<Session>;
490
+ refreshSession(refreshToken: string, username?: string): Promise<AuthenticationResult>;
351
491
  /**
352
492
  *
353
493
  * @param username Username
@@ -376,6 +516,41 @@ export declare class CognitoClient {
376
516
  * @throws {ChangePasswordError}
377
517
  */
378
518
  changePassword(currentPassword: string, newPassword: string, accessToken: string): Promise<void>;
519
+ getUser(accessToken: string): Promise<GetUserResponse>;
520
+ associateSoftwareToken(params: AssociateSoftwareTokenRequest): Promise<AssociateSoftwareResponse>;
521
+ verifySoftwareToken(params: VerifySoftwareTokenRequest): Promise<VerifySoftwareTokenResponse>;
522
+ /**
523
+ * Responds to an authentication challenge.
524
+ * @param params Request to respond to an authentication challenge.
525
+ * @param params.ChallengeName Name of the challenge to respond to.
526
+ * @param params.ChallengeResponses Responses to the challenge.
527
+ * @param params.Session Session identifier for the authentication process.
528
+ * @param params.ClientMetadata Optional metadata to pass to the service.
529
+ * @param params.AccessToken Access token of the current user.
530
+ * @param params.SecretHash Optional secret hash for the user pool client.
531
+ * @returns
532
+ */
533
+ respondToAuthChallenge(params: RespondToAuthChallengeRequest): Promise<InitiateAuthResponse>;
534
+ /**
535
+ * Lists the devices associated with the user.
536
+ * @param request Request to list devices.
537
+ * @param request.AccessToken Access token of the current user.
538
+ * @param request.Limit Maximum number of devices to return.
539
+ * @param request.PaginationToken Pagination token to continue listing devices.
540
+ * @returns
541
+ */
542
+ listDevices(request: ListDevicesRequest): Promise<ListDevicesResponse>;
543
+ /**
544
+ *
545
+ * @param request Request to set user MFA preferences.
546
+ * @param request.AccessToken Access token of the current user.
547
+ * @param request.EmailMfaSettings Optional settings for email MFA.
548
+ * @param request.SMSMfaSettings Optional settings for SMS MFA.
549
+ * @param request.SoftwareTokenMfaSettings Optional settings for software token MFA.
550
+
551
+ * @returns
552
+ */
553
+ setUserMFAPreference(request: SetUserMFAPreferenceRequest): Promise<void>;
379
554
  /**
380
555
  * Updates the user attributes.
381
556
  *
@@ -452,10 +627,11 @@ export declare class CognitoClient {
452
627
  *
453
628
  * @throws {Error}
454
629
  */
455
- handleCodeFlow(returnUrl: string, pkce: string, state: string): Promise<Session>;
630
+ handleCodeFlow(returnUrl: string, pkce: string, state: string): Promise<AuthenticationResult>;
456
631
  /**
457
632
  * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
458
633
  * @param accessToken Access token of the current user.
459
634
  */
460
635
  globalSignOut(accessToken: string): Promise<void>;
461
636
  }
637
+ export {};
@@ -1,4 +1,4 @@
1
- import { ChangePasswordError, ConfirmForgotPasswordError, ConfirmSignUpError, ForgotPasswordError, GlobalSignOutError, InitAuthError, ResendConfirmationCodeError, RespondToAuthChallengeError, RevokeTokenError, SignUpError, UpdateUserAttributesError, VerifyUserAttributeError, COMMON_EXCEPTIONS, CommonError } from './error.js';
1
+ import { ChangePasswordError, ConfirmForgotPasswordError, ConfirmSignUpError, ForgotPasswordError, GlobalSignOutError, InitAuthError, ResendConfirmationCodeError, RespondToAuthChallengeError, RevokeTokenError, SignUpError, UpdateUserAttributesError, VerifyUserAttributeError, InitiateAuthException, COMMON_EXCEPTIONS, CommonError, VerifySoftwareTokenError, AssociateSoftwareTokenError, SetUserMFAPreferenceError, ListDevicesError, GetUserError } from './error.js';
2
2
  import { calculateSecretHash, calculateSignature, calculateU, decodeJwt, digest, generateA, generateSmallA, getPasswordAuthenticationKey, randomBytes, uint8ArrayFromString, uint8ArrayToBase64String } from './utils.js';
3
3
  /**
4
4
  * List of used and supported Cognito API calls.
@@ -18,6 +18,11 @@ export var ServiceTarget;
18
18
  ServiceTarget["UpdateUserAttributes"] = "UpdateUserAttributes";
19
19
  ServiceTarget["VerifyUserAttribute"] = "VerifyUserAttribute";
20
20
  ServiceTarget["GlobalSignOut"] = "GlobalSignOut";
21
+ ServiceTarget["GetUser"] = "GetUser";
22
+ ServiceTarget["AssociateSoftwareToken"] = "AssociateSoftwareToken";
23
+ ServiceTarget["VerifySoftwareToken"] = "VerifySoftwareToken";
24
+ ServiceTarget["ListDevices"] = "ListDevices";
25
+ ServiceTarget["SetUserMFAPreference"] = "SetUserMFAPreference";
21
26
  })(ServiceTarget || (ServiceTarget = {}));
22
27
  /**
23
28
  * Cognito supported federated identities public providers.
@@ -31,12 +36,11 @@ export var IdentityProvider;
31
36
  IdentityProvider["Amazon"] = "LoginWithAmazon";
32
37
  IdentityProvider["Apple"] = "SignInWithApple";
33
38
  })(IdentityProvider || (IdentityProvider = {}));
34
- export function authResultToSession(authenticationResult) {
39
+ export function adaptExpiresIn(auth) {
40
+ // Cognito returns expiresIn in seconds, but we want it in milliseconds from now
35
41
  return {
36
- accessToken: authenticationResult.AccessToken,
37
- idToken: authenticationResult.IdToken,
38
- expiresIn: new Date().getTime() + authenticationResult.ExpiresIn * 1000,
39
- refreshToken: authenticationResult.RefreshToken
42
+ ...auth,
43
+ ExpiresIn: new Date().getTime() + auth.ExpiresIn * 1000
40
44
  };
41
45
  }
42
46
  export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
@@ -99,6 +103,16 @@ export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
99
103
  throw new VerifyUserAttributeError(errorMessage, cognitoException);
100
104
  case ServiceTarget.GlobalSignOut:
101
105
  throw new GlobalSignOutError(errorMessage, cognitoException);
106
+ case ServiceTarget.AssociateSoftwareToken:
107
+ throw new AssociateSoftwareTokenError(errorMessage, cognitoException);
108
+ case ServiceTarget.VerifySoftwareToken:
109
+ throw new VerifySoftwareTokenError(errorMessage, cognitoException);
110
+ case ServiceTarget.SetUserMFAPreference:
111
+ throw new SetUserMFAPreferenceError(errorMessage, cognitoException);
112
+ case ServiceTarget.ListDevices:
113
+ throw new ListDevicesError(errorMessage, cognitoException);
114
+ case ServiceTarget.GetUser:
115
+ throw new GetUserError(errorMessage, cognitoException);
102
116
  }
103
117
  }
104
118
  /**
@@ -113,9 +127,9 @@ export class CognitoClient {
113
127
  this.oAuth = oAuth;
114
128
  this.clientSecret = clientSecret;
115
129
  }
116
- static getDecodedTokenFromSession(session) {
117
- const { payload: idToken } = decodeJwt(session.idToken);
118
- const { payload: accessToken } = decodeJwt(session.accessToken);
130
+ static getDecodedTokenFromSession(auth) {
131
+ const { payload: idToken } = decodeJwt(auth.IdToken);
132
+ const { payload: accessToken } = decodeJwt(auth.AccessToken);
119
133
  return {
120
134
  idToken,
121
135
  accessToken
@@ -134,7 +148,7 @@ export class CognitoClient {
134
148
  async authenticateUserSrp(username, password) {
135
149
  const smallA = await generateSmallA();
136
150
  const A = generateA(smallA);
137
- const initiateAuthPayload = {
151
+ const initUserSrpAuthResponse = await cognitoRequest({
138
152
  AuthFlow: 'USER_SRP_AUTH',
139
153
  ClientId: this.userPoolClientId,
140
154
  AuthParameters: {
@@ -143,28 +157,31 @@ export class CognitoClient {
143
157
  SECRET_HASH: this.clientSecret && (await calculateSecretHash(this.clientSecret, this.userPoolClientId, username))
144
158
  },
145
159
  ClientMetadata: {}
146
- };
147
- const challenge = (await cognitoRequest(initiateAuthPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint));
148
- const B = BigInt('0x' + challenge.ChallengeParameters.SRP_B);
149
- const salt = BigInt('0x' + challenge.ChallengeParameters.SALT);
160
+ }, ServiceTarget.InitiateAuth, this.cognitoEndpoint);
161
+ if (initUserSrpAuthResponse.ChallengeName !== 'PASSWORD_VERIFIER') {
162
+ return initUserSrpAuthResponse;
163
+ }
164
+ const B = BigInt('0x' + initUserSrpAuthResponse.ChallengeParameters.SRP_B);
165
+ const salt = BigInt('0x' + initUserSrpAuthResponse.ChallengeParameters.SALT);
150
166
  const U = await calculateU(A, B);
151
- const hkdf = await getPasswordAuthenticationKey(this.cognitoPoolName, challenge.ChallengeParameters.USER_ID_FOR_SRP, password, B, U, smallA, salt);
152
- const { signature, timeStamp } = await calculateSignature(this.cognitoPoolName, challenge.ChallengeParameters.USER_ID_FOR_SRP, challenge.ChallengeParameters.SECRET_BLOCK, hkdf);
153
- const respondToAuthChallengeRequest = {
167
+ const hkdf = await getPasswordAuthenticationKey(this.cognitoPoolName, initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP, password, B, U, smallA, salt);
168
+ const { signature, timeStamp } = await calculateSignature(this.cognitoPoolName, initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP, initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK, hkdf);
169
+ const passwordAuthChallengeResponse = await this.respondToAuthChallenge({
154
170
  ChallengeName: 'PASSWORD_VERIFIER',
155
- ClientId: this.userPoolClientId,
156
171
  ChallengeResponses: {
157
- PASSWORD_CLAIM_SECRET_BLOCK: challenge.ChallengeParameters.SECRET_BLOCK,
172
+ PASSWORD_CLAIM_SECRET_BLOCK: initUserSrpAuthResponse.ChallengeParameters.SECRET_BLOCK,
158
173
  PASSWORD_CLAIM_SIGNATURE: signature,
159
- USERNAME: challenge.ChallengeParameters.USER_ID_FOR_SRP,
174
+ USERNAME: initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP,
160
175
  TIMESTAMP: timeStamp,
161
176
  SECRET_HASH: this.clientSecret &&
162
- (await calculateSecretHash(this.clientSecret, this.userPoolClientId, challenge.ChallengeParameters.USER_ID_FOR_SRP))
177
+ (await calculateSecretHash(this.clientSecret, this.userPoolClientId, initUserSrpAuthResponse.ChallengeParameters.USER_ID_FOR_SRP))
163
178
  },
164
179
  ClientMetadata: {}
165
- };
166
- const { AuthenticationResult } = await cognitoRequest(respondToAuthChallengeRequest, ServiceTarget.RespondToAuthChallenge, this.cognitoEndpoint);
167
- return authResultToSession(AuthenticationResult);
180
+ });
181
+ if (passwordAuthChallengeResponse.AuthenticationResult) {
182
+ passwordAuthChallengeResponse.AuthenticationResult = adaptExpiresIn(passwordAuthChallengeResponse.AuthenticationResult);
183
+ }
184
+ return passwordAuthChallengeResponse;
168
185
  }
169
186
  /**
170
187
  *
@@ -186,9 +203,12 @@ export class CognitoClient {
186
203
  },
187
204
  ClientMetadata: {}
188
205
  };
189
- const { AuthenticationResult } = (await cognitoRequest(initiateAuthPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint));
190
- const session = authResultToSession(AuthenticationResult);
191
- return session;
206
+ const initUserPasswordAuthResponse = await cognitoRequest(initiateAuthPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint);
207
+ if (!initUserPasswordAuthResponse.AuthenticationResult) {
208
+ return initUserPasswordAuthResponse;
209
+ }
210
+ initUserPasswordAuthResponse.AuthenticationResult = adaptExpiresIn(initUserPasswordAuthResponse.AuthenticationResult);
211
+ return initUserPasswordAuthResponse;
192
212
  }
193
213
  /**
194
214
  * Returns a new session based on the given refresh token.
@@ -210,11 +230,14 @@ export class CognitoClient {
210
230
  },
211
231
  ClientMetadata: {}
212
232
  };
213
- const { AuthenticationResult } = (await cognitoRequest(refreshTokenPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint));
233
+ const { AuthenticationResult } = await cognitoRequest(refreshTokenPayload, ServiceTarget.InitiateAuth, this.cognitoEndpoint);
234
+ if (!AuthenticationResult) {
235
+ throw new InitAuthError('Authentication failed, no authentication result returned', InitiateAuthException.InternalErrorException);
236
+ }
214
237
  if (!AuthenticationResult.RefreshToken) {
215
238
  AuthenticationResult.RefreshToken = refreshToken;
216
239
  }
217
- return authResultToSession(AuthenticationResult);
240
+ return adaptExpiresIn(AuthenticationResult);
218
241
  }
219
242
  /**
220
243
  *
@@ -269,6 +292,59 @@ export class CognitoClient {
269
292
  };
270
293
  await cognitoRequest(changePasswordPayload, ServiceTarget.ChangePassword, this.cognitoEndpoint);
271
294
  }
295
+ async getUser(accessToken) {
296
+ const getUserPayload = {
297
+ AccessToken: accessToken
298
+ };
299
+ return cognitoRequest(getUserPayload, ServiceTarget.GetUser, this.cognitoEndpoint);
300
+ }
301
+ async associateSoftwareToken(params) {
302
+ return cognitoRequest(params, ServiceTarget.AssociateSoftwareToken, this.cognitoEndpoint);
303
+ }
304
+ async verifySoftwareToken(params) {
305
+ return cognitoRequest(params, ServiceTarget.VerifySoftwareToken, this.cognitoEndpoint);
306
+ }
307
+ /**
308
+ * Responds to an authentication challenge.
309
+ * @param params Request to respond to an authentication challenge.
310
+ * @param params.ChallengeName Name of the challenge to respond to.
311
+ * @param params.ChallengeResponses Responses to the challenge.
312
+ * @param params.Session Session identifier for the authentication process.
313
+ * @param params.ClientMetadata Optional metadata to pass to the service.
314
+ * @param params.AccessToken Access token of the current user.
315
+ * @param params.SecretHash Optional secret hash for the user pool client.
316
+ * @returns
317
+ */
318
+ async respondToAuthChallenge(params) {
319
+ return cognitoRequest({
320
+ ...params,
321
+ ClientId: this.userPoolClientId
322
+ }, ServiceTarget.RespondToAuthChallenge, this.cognitoEndpoint);
323
+ }
324
+ /**
325
+ * Lists the devices associated with the user.
326
+ * @param request Request to list devices.
327
+ * @param request.AccessToken Access token of the current user.
328
+ * @param request.Limit Maximum number of devices to return.
329
+ * @param request.PaginationToken Pagination token to continue listing devices.
330
+ * @returns
331
+ */
332
+ async listDevices(request) {
333
+ return cognitoRequest(request, ServiceTarget.ListDevices, this.cognitoEndpoint);
334
+ }
335
+ /**
336
+ *
337
+ * @param request Request to set user MFA preferences.
338
+ * @param request.AccessToken Access token of the current user.
339
+ * @param request.EmailMfaSettings Optional settings for email MFA.
340
+ * @param request.SMSMfaSettings Optional settings for SMS MFA.
341
+ * @param request.SoftwareTokenMfaSettings Optional settings for software token MFA.
342
+
343
+ * @returns
344
+ */
345
+ async setUserMFAPreference(request) {
346
+ return cognitoRequest(request, ServiceTarget.SetUserMFAPreference, this.cognitoEndpoint);
347
+ }
272
348
  /**
273
349
  * Updates the user attributes.
274
350
  *
@@ -438,13 +514,12 @@ export class CognitoClient {
438
514
  if (error) {
439
515
  throw new Error(error);
440
516
  }
441
- const session = authResultToSession({
517
+ return adaptExpiresIn({
442
518
  AccessToken: access_token,
443
519
  RefreshToken: refresh_token,
444
520
  IdToken: id_token,
445
521
  ExpiresIn: expires_in
446
522
  });
447
- return session;
448
523
  }
449
524
  /**
450
525
  * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
package/lib/error.d.ts CHANGED
@@ -362,11 +362,11 @@ export declare enum RevokeTokenException {
362
362
  UnsupportedOperationException = "UnsupportedOperationException",
363
363
  UnsupportedTokenTypeException = "UnsupportedTokenTypeException"
364
364
  }
365
- export type CognitoErrorType = 'CommonError' | 'InitAuthError' | 'RespondToAuthChallengeError' | 'SignUpError' | 'ConfirmSignUpError' | 'ChangePasswordError' | 'RevokeTokenError' | 'ForgotPasswordError' | 'ConfirmForgotPasswordError' | 'ResendConfirmationCodeError' | 'UpdateUserAttributesError' | 'VerifyUserAttributeError' | 'GlobalSignOutError';
365
+ export type CognitoErrorType = 'CommonError' | 'InitAuthError' | 'RespondToAuthChallengeError' | 'SignUpError' | 'ConfirmSignUpError' | 'VerifySoftwareTokenError' | 'ChangePasswordError' | 'RevokeTokenError' | 'ForgotPasswordError' | 'ConfirmForgotPasswordError' | 'ResendConfirmationCodeError' | 'UpdateUserAttributesError' | 'VerifyUserAttributeError' | 'AssociateSoftwareTokenError' | 'GlobalSignOutError' | 'SetUserMFAPreferenceError' | 'GetUserError' | 'ListDevicesError';
366
366
  export declare class CognitoError extends Error {
367
367
  readonly errorType: CognitoErrorType;
368
- readonly cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException;
369
- constructor(message: string, errorType: CognitoErrorType, cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException);
368
+ readonly cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException | VerifySoftwareTokenException | AssociateSoftwareTokenException | SetUserMFAPreferenceException | ListDevicesException | GetUserException;
369
+ constructor(message: string, errorType: CognitoErrorType, cognitoException: CommonException | InitiateAuthException | RespondToAuthChallengeException | SignUpException | ConfirmSignUpException | ChangePasswordException | RevokeTokenException | ForgotPasswordException | ConfirmForgotPasswordException | ResendConfirmationException | UpdateUserAttributesException | VerifyUserAttributeException | GlobalSignOutException | VerifySoftwareTokenException | AssociateSoftwareTokenException | SetUserMFAPreferenceException | ListDevicesException | GetUserException);
370
370
  }
371
371
  export declare class CommonError extends CognitoError {
372
372
  readonly cognitoException: CommonException;
@@ -420,3 +420,23 @@ export declare class GlobalSignOutError extends CognitoError {
420
420
  readonly cognitoException: GlobalSignOutException;
421
421
  constructor(message: string, cognitoException: GlobalSignOutException);
422
422
  }
423
+ export declare class VerifySoftwareTokenError extends CognitoError {
424
+ readonly cognitoException: VerifySoftwareTokenException;
425
+ constructor(message: string, cognitoException: VerifySoftwareTokenException);
426
+ }
427
+ export declare class AssociateSoftwareTokenError extends CognitoError {
428
+ readonly cognitoException: AssociateSoftwareTokenException;
429
+ constructor(message: string, cognitoException: AssociateSoftwareTokenException);
430
+ }
431
+ export declare class SetUserMFAPreferenceError extends CognitoError {
432
+ readonly cognitoException: SetUserMFAPreferenceException;
433
+ constructor(message: string, cognitoException: SetUserMFAPreferenceException);
434
+ }
435
+ export declare class ListDevicesError extends CognitoError {
436
+ readonly cognitoException: ListDevicesException;
437
+ constructor(message: string, cognitoException: ListDevicesException);
438
+ }
439
+ export declare class GetUserError extends CognitoError {
440
+ readonly cognitoException: GetUserException;
441
+ constructor(message: string, cognitoException: GetUserException);
442
+ }
package/lib/error.js CHANGED
@@ -485,3 +485,33 @@ export class GlobalSignOutError extends CognitoError {
485
485
  this.cognitoException = cognitoException;
486
486
  }
487
487
  }
488
+ export class VerifySoftwareTokenError extends CognitoError {
489
+ constructor(message, cognitoException) {
490
+ super(message, 'VerifySoftwareTokenError', cognitoException);
491
+ this.cognitoException = cognitoException;
492
+ }
493
+ }
494
+ export class AssociateSoftwareTokenError extends CognitoError {
495
+ constructor(message, cognitoException) {
496
+ super(message, 'AssociateSoftwareTokenError', cognitoException);
497
+ this.cognitoException = cognitoException;
498
+ }
499
+ }
500
+ export class SetUserMFAPreferenceError extends CognitoError {
501
+ constructor(message, cognitoException) {
502
+ super(message, 'SetUserMFAPreferenceError', cognitoException);
503
+ this.cognitoException = cognitoException;
504
+ }
505
+ }
506
+ export class ListDevicesError extends CognitoError {
507
+ constructor(message, cognitoException) {
508
+ super(message, 'ListDevicesError', cognitoException);
509
+ this.cognitoException = cognitoException;
510
+ }
511
+ }
512
+ export class GetUserError extends CognitoError {
513
+ constructor(message, cognitoException) {
514
+ super(message, 'GetUserError', cognitoException);
515
+ this.cognitoException = cognitoException;
516
+ }
517
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vardario/cognito-client",
3
- "version": "4.0.7",
3
+ "version": "5.1.0",
4
4
  "description": "",
5
5
  "license": "MIT",
6
6
  "author": "Sahin Vardar",
@@ -16,7 +16,7 @@
16
16
  ],
17
17
  "scripts": {
18
18
  "build": "pnpm build:lib && pnpm build:browser",
19
- "build:browser": "esbuild src/index.ts --bundle --outfile=lib/browser.js --platform=neutral --external:zod",
19
+ "build:browser": "esbuild src/index.ts --bundle --outfile=lib/browser.js --platform=neutral",
20
20
  "build:lib": "tsc --build",
21
21
  "format": "prettier --plugin-search-dir . --write . && prettier-package-json --write && eslint --fix .",
22
22
  "integration-test": "vitest run integration",
@@ -30,10 +30,10 @@
30
30
  "@types/node": "^20",
31
31
  "@typescript-eslint/eslint-plugin": "^6.11.0",
32
32
  "@typescript-eslint/parser": "^6.11.0",
33
- "esbuild": "^0.20.2",
33
+ "esbuild": "^0.25.8",
34
34
  "eslint": "^8.54.0",
35
- "eslint-config-prettier": "^9.0.0",
36
- "eslint-plugin-unused-imports": "^3.0.0",
35
+ "eslint-config-prettier": "^10.1.8",
36
+ "eslint-plugin-unused-imports": "^4.1.4",
37
37
  "husky": "^8.0.3",
38
38
  "isomorphic-fetch": "^3.0.0",
39
39
  "jsdom": "^22.1.0",