@vardario/cognito-client 5.0.0 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/browser.js +332 -72
- package/lib/cognito-client.d.ts +176 -17
- package/lib/cognito-client.js +165 -11
- package/lib/error.d.ts +15 -3
- package/lib/error.js +38 -0
- package/lib/index.d.ts +1 -0
- package/lib/index.js +1 -0
- package/lib/utils.d.ts +6 -1
- package/lib/utils.js +56 -0
- package/package.json +7 -7
package/lib/browser.js
CHANGED
|
@@ -26,15 +26,15 @@ var COMMON_EXCEPTIONS = [
|
|
|
26
26
|
"ThrottlingException" /* ThrottlingException */,
|
|
27
27
|
"ValidationError" /* ValidationError */
|
|
28
28
|
];
|
|
29
|
-
var AssociateSoftwareTokenException = /* @__PURE__ */ ((
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
return
|
|
29
|
+
var AssociateSoftwareTokenException = /* @__PURE__ */ ((AssociateSoftwareTokenException3) => {
|
|
30
|
+
AssociateSoftwareTokenException3["ConcurrentModificationException"] = "ConcurrentModificationException";
|
|
31
|
+
AssociateSoftwareTokenException3["ForbiddenException"] = "ForbiddenException";
|
|
32
|
+
AssociateSoftwareTokenException3["InternalErrorException"] = "InternalErrorException";
|
|
33
|
+
AssociateSoftwareTokenException3["InvalidParameterException"] = "InvalidParameterException";
|
|
34
|
+
AssociateSoftwareTokenException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
35
|
+
AssociateSoftwareTokenException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
36
|
+
AssociateSoftwareTokenException3["SoftwareTokenMFANotFoundException"] = "SoftwareTokenMFANotFoundException";
|
|
37
|
+
return AssociateSoftwareTokenException3;
|
|
38
38
|
})(AssociateSoftwareTokenException || {});
|
|
39
39
|
var ChangePasswordException = /* @__PURE__ */ ((ChangePasswordException3) => {
|
|
40
40
|
ChangePasswordException3["ForbiddenException"] = "ForbiddenException";
|
|
@@ -158,17 +158,17 @@ var ForgotPasswordException = /* @__PURE__ */ ((ForgotPasswordException3) => {
|
|
|
158
158
|
ForgotPasswordException3["UserNotFoundException"] = "UserNotFoundException";
|
|
159
159
|
return ForgotPasswordException3;
|
|
160
160
|
})(ForgotPasswordException || {});
|
|
161
|
-
var GetUserException = /* @__PURE__ */ ((
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
return
|
|
161
|
+
var GetUserException = /* @__PURE__ */ ((GetUserException3) => {
|
|
162
|
+
GetUserException3["ForbiddenException"] = "ForbiddenException";
|
|
163
|
+
GetUserException3["InternalErrorException"] = "InternalErrorException";
|
|
164
|
+
GetUserException3["InvalidParameterException"] = "InvalidParameterException";
|
|
165
|
+
GetUserException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
166
|
+
GetUserException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
167
|
+
GetUserException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
168
|
+
GetUserException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
169
|
+
GetUserException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
170
|
+
GetUserException3["UserNotFoundException"] = "UserNotFoundException";
|
|
171
|
+
return GetUserException3;
|
|
172
172
|
})(GetUserException || {});
|
|
173
173
|
var GetIdException = /* @__PURE__ */ ((GetIdException2) => {
|
|
174
174
|
GetIdException2["ExternalServiceException"] = "ExternalServiceException";
|
|
@@ -283,16 +283,16 @@ var RespondToAuthChallengeException = /* @__PURE__ */ ((RespondToAuthChallengeEx
|
|
|
283
283
|
RespondToAuthChallengeException3["UserNotFoundException"] = "UserNotFoundException";
|
|
284
284
|
return RespondToAuthChallengeException3;
|
|
285
285
|
})(RespondToAuthChallengeException || {});
|
|
286
|
-
var SetUserMFAPreferenceException = /* @__PURE__ */ ((
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
return
|
|
286
|
+
var SetUserMFAPreferenceException = /* @__PURE__ */ ((SetUserMFAPreferenceException3) => {
|
|
287
|
+
SetUserMFAPreferenceException3["ForbiddenException"] = "ForbiddenException";
|
|
288
|
+
SetUserMFAPreferenceException3["InternalErrorException"] = "InternalErrorException";
|
|
289
|
+
SetUserMFAPreferenceException3["InvalidParameterException"] = "InvalidParameterException";
|
|
290
|
+
SetUserMFAPreferenceException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
291
|
+
SetUserMFAPreferenceException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
292
|
+
SetUserMFAPreferenceException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
293
|
+
SetUserMFAPreferenceException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
294
|
+
SetUserMFAPreferenceException3["UserNotFoundException"] = "UserNotFoundException";
|
|
295
|
+
return SetUserMFAPreferenceException3;
|
|
296
296
|
})(SetUserMFAPreferenceException || {});
|
|
297
297
|
var SignUpException = /* @__PURE__ */ ((SignUpException3) => {
|
|
298
298
|
SignUpException3["CodeDeliveryFailureException"] = "CodeDeliveryFailureException";
|
|
@@ -378,18 +378,18 @@ var UpdateDeviceStatusException = /* @__PURE__ */ ((UpdateDeviceStatusException2
|
|
|
378
378
|
UpdateDeviceStatusException2["UserNotFoundException"] = "UserNotFoundException";
|
|
379
379
|
return UpdateDeviceStatusException2;
|
|
380
380
|
})(UpdateDeviceStatusException || {});
|
|
381
|
-
var ListDevicesException = /* @__PURE__ */ ((
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
return
|
|
381
|
+
var ListDevicesException = /* @__PURE__ */ ((ListDevicesException3) => {
|
|
382
|
+
ListDevicesException3["ForbiddenException"] = "ForbiddenException";
|
|
383
|
+
ListDevicesException3["InternalErrorException"] = "InternalErrorException";
|
|
384
|
+
ListDevicesException3["InvalidParameterException"] = "InvalidParameterException";
|
|
385
|
+
ListDevicesException3["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
386
|
+
ListDevicesException3["NotAuthorizedException"] = "NotAuthorizedException";
|
|
387
|
+
ListDevicesException3["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
388
|
+
ListDevicesException3["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
389
|
+
ListDevicesException3["TooManyRequestsException"] = "TooManyRequestsException";
|
|
390
|
+
ListDevicesException3["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
391
|
+
ListDevicesException3["UserNotFoundException"] = "UserNotFoundException";
|
|
392
|
+
return ListDevicesException3;
|
|
393
393
|
})(ListDevicesException || {});
|
|
394
394
|
var RevokeTokenException = /* @__PURE__ */ ((RevokeTokenException3) => {
|
|
395
395
|
RevokeTokenException3["ForbiddenException"] = "ForbiddenException";
|
|
@@ -498,6 +498,24 @@ var AssociateSoftwareTokenError = class extends CognitoError {
|
|
|
498
498
|
this.cognitoException = cognitoException;
|
|
499
499
|
}
|
|
500
500
|
};
|
|
501
|
+
var SetUserMFAPreferenceError = class extends CognitoError {
|
|
502
|
+
constructor(message, cognitoException) {
|
|
503
|
+
super(message, "SetUserMFAPreferenceError", cognitoException);
|
|
504
|
+
this.cognitoException = cognitoException;
|
|
505
|
+
}
|
|
506
|
+
};
|
|
507
|
+
var ListDevicesError = class extends CognitoError {
|
|
508
|
+
constructor(message, cognitoException) {
|
|
509
|
+
super(message, "ListDevicesError", cognitoException);
|
|
510
|
+
this.cognitoException = cognitoException;
|
|
511
|
+
}
|
|
512
|
+
};
|
|
513
|
+
var GetUserError = class extends CognitoError {
|
|
514
|
+
constructor(message, cognitoException) {
|
|
515
|
+
super(message, "GetUserError", cognitoException);
|
|
516
|
+
this.cognitoException = cognitoException;
|
|
517
|
+
}
|
|
518
|
+
};
|
|
501
519
|
|
|
502
520
|
// src/bigint-math.ts
|
|
503
521
|
var abs = (n) => n < 0n ? -n : n;
|
|
@@ -585,8 +603,47 @@ function uint8ArrayToHexString(bytes) {
|
|
|
585
603
|
return bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, "0"), "");
|
|
586
604
|
}
|
|
587
605
|
function uint8ArrayToBase64String(bytes) {
|
|
606
|
+
if (bytes instanceof ArrayBuffer) {
|
|
607
|
+
const byteArray = new Uint8Array(bytes);
|
|
608
|
+
return btoa(String.fromCharCode(...byteArray));
|
|
609
|
+
}
|
|
588
610
|
return btoa(String.fromCharCode(...bytes));
|
|
589
611
|
}
|
|
612
|
+
function uint8ArrayToBase64UrlString(bytes) {
|
|
613
|
+
if (bytes === void 0) {
|
|
614
|
+
return void 0;
|
|
615
|
+
}
|
|
616
|
+
const base64String = uint8ArrayToBase64String(bytes);
|
|
617
|
+
return base64String.replaceAll("+", "-").replaceAll("/", "_").replace(/=+$/, "");
|
|
618
|
+
}
|
|
619
|
+
function base64UrlToUint8Array(base64) {
|
|
620
|
+
const binary = atob(base64.replace(/-/g, "+").replace(/_/g, "/"));
|
|
621
|
+
const len = binary.length;
|
|
622
|
+
const bytes = new Uint8Array(len);
|
|
623
|
+
for (let i = 0; i < len; i++) {
|
|
624
|
+
bytes[i] = binary.charCodeAt(i);
|
|
625
|
+
}
|
|
626
|
+
return bytes;
|
|
627
|
+
}
|
|
628
|
+
function publicKeyCredentialToJSON(cred) {
|
|
629
|
+
return removeUndefined({
|
|
630
|
+
authenticatorAttachment: cred.authenticatorAttachment,
|
|
631
|
+
clientExtensionResults: cred.getClientExtensionResults(),
|
|
632
|
+
id: cred.id,
|
|
633
|
+
rawId: uint8ArrayToBase64UrlString(cred.rawId),
|
|
634
|
+
response: {
|
|
635
|
+
attestationObject: uint8ArrayToBase64UrlString(cred.response.attestationObject),
|
|
636
|
+
authenticatorData: cred.response.authenticatorData ? uint8ArrayToBase64UrlString(cred.response.authenticatorData) : void 0,
|
|
637
|
+
clientDataJSON: uint8ArrayToBase64UrlString(cred.response.clientDataJSON),
|
|
638
|
+
publicKey: cred.response.getPublicKey ? uint8ArrayToBase64UrlString(cred.response.getPublicKey()) : void 0,
|
|
639
|
+
publicKeyAlgorithm: cred.response.getPublicKeyAlgorithm ? cred.response.getPublicKeyAlgorithm() : void 0,
|
|
640
|
+
transports: cred.response.getTransports ? cred.response.getTransports() : void 0,
|
|
641
|
+
signature: cred.response.signature ? uint8ArrayToBase64UrlString(cred.response.signature) : void 0,
|
|
642
|
+
userHandle: cred.response.userHandle ? uint8ArrayToBase64UrlString(cred.response.userHandle) : void 0
|
|
643
|
+
},
|
|
644
|
+
type: cred.type
|
|
645
|
+
});
|
|
646
|
+
}
|
|
590
647
|
var N = BigInt(
|
|
591
648
|
"0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
|
|
592
649
|
);
|
|
@@ -702,6 +759,24 @@ async function hmac(algorithm, key, data) {
|
|
|
702
759
|
const signature = await crypto.subtle.sign("HMAC", cryptoKey, data);
|
|
703
760
|
return new Uint8Array(signature);
|
|
704
761
|
}
|
|
762
|
+
function removeUndefined(obj) {
|
|
763
|
+
if (Array.isArray(obj)) {
|
|
764
|
+
return obj.map((item) => removeUndefined(item)).filter((item) => item !== void 0);
|
|
765
|
+
}
|
|
766
|
+
if (obj !== null && typeof obj === "object") {
|
|
767
|
+
return Object.entries(obj).reduce(
|
|
768
|
+
(acc, [key, value]) => {
|
|
769
|
+
const cleaned = removeUndefined(value);
|
|
770
|
+
if (cleaned !== void 0) {
|
|
771
|
+
acc[key] = cleaned;
|
|
772
|
+
}
|
|
773
|
+
return acc;
|
|
774
|
+
},
|
|
775
|
+
{}
|
|
776
|
+
);
|
|
777
|
+
}
|
|
778
|
+
return obj !== void 0 ? obj : void 0;
|
|
779
|
+
}
|
|
705
780
|
|
|
706
781
|
// src/cognito-client.ts
|
|
707
782
|
var ServiceTarget = /* @__PURE__ */ ((ServiceTarget2) => {
|
|
@@ -722,6 +797,10 @@ var ServiceTarget = /* @__PURE__ */ ((ServiceTarget2) => {
|
|
|
722
797
|
ServiceTarget2["VerifySoftwareToken"] = "VerifySoftwareToken";
|
|
723
798
|
ServiceTarget2["ListDevices"] = "ListDevices";
|
|
724
799
|
ServiceTarget2["SetUserMFAPreference"] = "SetUserMFAPreference";
|
|
800
|
+
ServiceTarget2["StartWebAuthnRegistration"] = "StartWebAuthnRegistration";
|
|
801
|
+
ServiceTarget2["CompleteWebAuthnRegistration"] = "CompleteWebAuthnRegistration";
|
|
802
|
+
ServiceTarget2["DeleteWebAuthnCredential"] = "DeleteWebAuthnCredential";
|
|
803
|
+
ServiceTarget2["ListWebAuthnCredentials"] = "ListWebAuthnCredentials";
|
|
725
804
|
return ServiceTarget2;
|
|
726
805
|
})(ServiceTarget || {});
|
|
727
806
|
var IdentityProvider = /* @__PURE__ */ ((IdentityProvider2) => {
|
|
@@ -790,11 +869,24 @@ async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
|
790
869
|
throw new VerifyUserAttributeError(errorMessage, cognitoException);
|
|
791
870
|
case "GlobalSignOut" /* GlobalSignOut */:
|
|
792
871
|
throw new GlobalSignOutError(errorMessage, cognitoException);
|
|
872
|
+
case "AssociateSoftwareToken" /* AssociateSoftwareToken */:
|
|
873
|
+
throw new AssociateSoftwareTokenError(errorMessage, cognitoException);
|
|
793
874
|
case "VerifySoftwareToken" /* VerifySoftwareToken */:
|
|
794
875
|
throw new VerifySoftwareTokenError(errorMessage, cognitoException);
|
|
876
|
+
case "SetUserMFAPreference" /* SetUserMFAPreference */:
|
|
877
|
+
throw new SetUserMFAPreferenceError(errorMessage, cognitoException);
|
|
878
|
+
case "ListDevices" /* ListDevices */:
|
|
879
|
+
throw new ListDevicesError(errorMessage, cognitoException);
|
|
880
|
+
case "GetUser" /* GetUser */:
|
|
881
|
+
throw new GetUserError(errorMessage, cognitoException);
|
|
795
882
|
}
|
|
796
883
|
}
|
|
797
884
|
var CognitoClient = class {
|
|
885
|
+
cognitoEndpoint;
|
|
886
|
+
cognitoPoolName;
|
|
887
|
+
userPoolClientId;
|
|
888
|
+
oAuth;
|
|
889
|
+
clientSecret;
|
|
798
890
|
constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }) {
|
|
799
891
|
const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split("_");
|
|
800
892
|
this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, "");
|
|
@@ -811,6 +903,20 @@ var CognitoClient = class {
|
|
|
811
903
|
accessToken
|
|
812
904
|
};
|
|
813
905
|
}
|
|
906
|
+
async initiateAuth(request) {
|
|
907
|
+
const cognitoResponse = await cognitoRequest(
|
|
908
|
+
{
|
|
909
|
+
...request,
|
|
910
|
+
ClientId: this.userPoolClientId
|
|
911
|
+
},
|
|
912
|
+
"InitiateAuth" /* InitiateAuth */,
|
|
913
|
+
this.cognitoEndpoint
|
|
914
|
+
);
|
|
915
|
+
if (cognitoResponse.AuthenticationResult) {
|
|
916
|
+
cognitoResponse.AuthenticationResult = adaptExpiresIn(cognitoResponse.AuthenticationResult);
|
|
917
|
+
}
|
|
918
|
+
return cognitoResponse;
|
|
919
|
+
}
|
|
814
920
|
/**
|
|
815
921
|
*
|
|
816
922
|
* Performs user authentication with username and password through ALLOW_USER_SRP_AUTH .
|
|
@@ -824,20 +930,15 @@ var CognitoClient = class {
|
|
|
824
930
|
async authenticateUserSrp(username, password) {
|
|
825
931
|
const smallA = await generateSmallA();
|
|
826
932
|
const A = generateA(smallA);
|
|
827
|
-
const initUserSrpAuthResponse = await
|
|
828
|
-
|
|
829
|
-
|
|
830
|
-
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
SRP_A: A.toString(16),
|
|
834
|
-
SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
835
|
-
},
|
|
836
|
-
ClientMetadata: {}
|
|
933
|
+
const initUserSrpAuthResponse = await this.initiateAuth({
|
|
934
|
+
AuthFlow: "USER_SRP_AUTH",
|
|
935
|
+
AuthParameters: {
|
|
936
|
+
USERNAME: username,
|
|
937
|
+
SRP_A: A.toString(16),
|
|
938
|
+
SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
837
939
|
},
|
|
838
|
-
|
|
839
|
-
|
|
840
|
-
);
|
|
940
|
+
ClientMetadata: {}
|
|
941
|
+
});
|
|
841
942
|
if (initUserSrpAuthResponse.ChallengeName !== "PASSWORD_VERIFIER") {
|
|
842
943
|
return initUserSrpAuthResponse;
|
|
843
944
|
}
|
|
@@ -893,7 +994,6 @@ var CognitoClient = class {
|
|
|
893
994
|
async authenticateUser(username, password) {
|
|
894
995
|
const initiateAuthPayload = {
|
|
895
996
|
AuthFlow: "USER_PASSWORD_AUTH",
|
|
896
|
-
ClientId: this.userPoolClientId,
|
|
897
997
|
AuthParameters: {
|
|
898
998
|
USERNAME: username,
|
|
899
999
|
PASSWORD: password,
|
|
@@ -901,19 +1001,78 @@ var CognitoClient = class {
|
|
|
901
1001
|
},
|
|
902
1002
|
ClientMetadata: {}
|
|
903
1003
|
};
|
|
904
|
-
const initUserPasswordAuthResponse = await
|
|
905
|
-
initiateAuthPayload,
|
|
906
|
-
"InitiateAuth" /* InitiateAuth */,
|
|
907
|
-
this.cognitoEndpoint
|
|
908
|
-
);
|
|
1004
|
+
const initUserPasswordAuthResponse = await this.initiateAuth(initiateAuthPayload);
|
|
909
1005
|
if (!initUserPasswordAuthResponse.AuthenticationResult) {
|
|
910
1006
|
return initUserPasswordAuthResponse;
|
|
911
1007
|
}
|
|
912
|
-
initUserPasswordAuthResponse.AuthenticationResult = adaptExpiresIn(
|
|
913
|
-
initUserPasswordAuthResponse.AuthenticationResult
|
|
914
|
-
);
|
|
915
1008
|
return initUserPasswordAuthResponse;
|
|
916
1009
|
}
|
|
1010
|
+
/**
|
|
1011
|
+
* Initiates the authentication process for a user using a preferred challenge, such as WEB_AUTHN.
|
|
1012
|
+
*/
|
|
1013
|
+
async authenticateWebAuthn(username) {
|
|
1014
|
+
const webAuthnPayload = {
|
|
1015
|
+
AuthFlow: "USER_AUTH",
|
|
1016
|
+
AuthParameters: {
|
|
1017
|
+
USERNAME: username,
|
|
1018
|
+
PREFERRED_CHALLENGE: "WEB_AUTHN"
|
|
1019
|
+
}
|
|
1020
|
+
};
|
|
1021
|
+
const authResponse = await this.initiateAuth(webAuthnPayload);
|
|
1022
|
+
if (authResponse.ChallengeName !== "WEB_AUTHN") {
|
|
1023
|
+
throw new InitAuthError(
|
|
1024
|
+
"Authentication failed, expected WEB_AUTHN challenge but received: " + authResponse.ChallengeName,
|
|
1025
|
+
"InternalErrorException" /* InternalErrorException */
|
|
1026
|
+
);
|
|
1027
|
+
}
|
|
1028
|
+
const credentialRequestOptions = JSON.parse(authResponse.ChallengeParameters.CREDENTIAL_REQUEST_OPTIONS);
|
|
1029
|
+
credentialRequestOptions.challenge = base64UrlToUint8Array(credentialRequestOptions.challenge);
|
|
1030
|
+
credentialRequestOptions.allowCredentials = (credentialRequestOptions.allowCredentials || []).map(
|
|
1031
|
+
(allowCred) => ({
|
|
1032
|
+
...allowCred,
|
|
1033
|
+
id: base64UrlToUint8Array(allowCred.id)
|
|
1034
|
+
})
|
|
1035
|
+
);
|
|
1036
|
+
const credentials = await navigator.credentials.get({
|
|
1037
|
+
publicKey: credentialRequestOptions
|
|
1038
|
+
});
|
|
1039
|
+
const challengeResponse = await this.respondToAuthChallenge({
|
|
1040
|
+
ChallengeName: "WEB_AUTHN",
|
|
1041
|
+
ChallengeResponses: {
|
|
1042
|
+
USERNAME: username,
|
|
1043
|
+
CREDENTIAL: JSON.stringify(publicKeyCredentialToJSON(credentials)),
|
|
1044
|
+
SECRET_HASH: this.clientSecret && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
1045
|
+
},
|
|
1046
|
+
Session: authResponse.Session
|
|
1047
|
+
});
|
|
1048
|
+
if (challengeResponse.AuthenticationResult) {
|
|
1049
|
+
challengeResponse.AuthenticationResult = adaptExpiresIn(challengeResponse.AuthenticationResult);
|
|
1050
|
+
}
|
|
1051
|
+
return challengeResponse;
|
|
1052
|
+
}
|
|
1053
|
+
/**
|
|
1054
|
+
* Registers a new WebAuthn device for the current user.
|
|
1055
|
+
* This method initiates the WebAuthn registration process by requesting the necessary options from Cognito,
|
|
1056
|
+
* then creates a new public key credential using the WebAuthn API, and finally
|
|
1057
|
+
* completes the registration by sending the credential back to Cognito.
|
|
1058
|
+
*
|
|
1059
|
+
* @param accessToken Access token of the current user.
|
|
1060
|
+
*/
|
|
1061
|
+
async registerWebAuthnDevice(accessToken) {
|
|
1062
|
+
const { CredentialCreationOptions } = await this.startWebAuthnRegistration({
|
|
1063
|
+
AccessToken: accessToken
|
|
1064
|
+
});
|
|
1065
|
+
const credentials = await navigator.credentials.create({
|
|
1066
|
+
publicKey: CredentialCreationOptions
|
|
1067
|
+
});
|
|
1068
|
+
if (!(credentials instanceof PublicKeyCredential)) {
|
|
1069
|
+
throw new Error("Invalid credentials returned from WebAuthn API");
|
|
1070
|
+
}
|
|
1071
|
+
await this.completeWebAuthnRegistration({
|
|
1072
|
+
AccessToken: accessToken,
|
|
1073
|
+
Credential: credentials
|
|
1074
|
+
});
|
|
1075
|
+
}
|
|
917
1076
|
/**
|
|
918
1077
|
* Returns a new session based on the given refresh token.
|
|
919
1078
|
*
|
|
@@ -925,18 +1084,13 @@ var CognitoClient = class {
|
|
|
925
1084
|
async refreshSession(refreshToken, username) {
|
|
926
1085
|
const refreshTokenPayload = {
|
|
927
1086
|
AuthFlow: "REFRESH_TOKEN_AUTH",
|
|
928
|
-
ClientId: this.userPoolClientId,
|
|
929
1087
|
AuthParameters: {
|
|
930
1088
|
REFRESH_TOKEN: refreshToken,
|
|
931
1089
|
SECRET_HASH: this.clientSecret && username && await calculateSecretHash(this.clientSecret, this.userPoolClientId, username)
|
|
932
1090
|
},
|
|
933
1091
|
ClientMetadata: {}
|
|
934
1092
|
};
|
|
935
|
-
const { AuthenticationResult } = await
|
|
936
|
-
refreshTokenPayload,
|
|
937
|
-
"InitiateAuth" /* InitiateAuth */,
|
|
938
|
-
this.cognitoEndpoint
|
|
939
|
-
);
|
|
1093
|
+
const { AuthenticationResult } = await this.initiateAuth(refreshTokenPayload);
|
|
940
1094
|
if (!AuthenticationResult) {
|
|
941
1095
|
throw new InitAuthError(
|
|
942
1096
|
"Authentication failed, no authentication result returned",
|
|
@@ -946,7 +1100,7 @@ var CognitoClient = class {
|
|
|
946
1100
|
if (!AuthenticationResult.RefreshToken) {
|
|
947
1101
|
AuthenticationResult.RefreshToken = refreshToken;
|
|
948
1102
|
}
|
|
949
|
-
return
|
|
1103
|
+
return AuthenticationResult;
|
|
950
1104
|
}
|
|
951
1105
|
/**
|
|
952
1106
|
*
|
|
@@ -1001,15 +1155,40 @@ var CognitoClient = class {
|
|
|
1001
1155
|
};
|
|
1002
1156
|
await cognitoRequest(changePasswordPayload, "ChangePassword" /* ChangePassword */, this.cognitoEndpoint);
|
|
1003
1157
|
}
|
|
1158
|
+
/**
|
|
1159
|
+
* Gets the user information.
|
|
1160
|
+
* @param accessToken Access token of the current user.
|
|
1161
|
+
* @returns User information.
|
|
1162
|
+
*/
|
|
1004
1163
|
async getUser(accessToken) {
|
|
1005
1164
|
const getUserPayload = {
|
|
1006
1165
|
AccessToken: accessToken
|
|
1007
1166
|
};
|
|
1008
1167
|
return cognitoRequest(getUserPayload, "GetUser" /* GetUser */, this.cognitoEndpoint);
|
|
1009
1168
|
}
|
|
1169
|
+
/**
|
|
1170
|
+
* Associates a software token with the user.
|
|
1171
|
+
* @param params Request to associate a software token with the user.
|
|
1172
|
+
* @param params.AccessToken Access token of the current user.
|
|
1173
|
+
* @param params.Session Optional session identifier for the authentication process.
|
|
1174
|
+
* @param params.ClientMetadata Optional metadata to pass to the service.
|
|
1175
|
+
* @param params.UserContextData Optional user context data.
|
|
1176
|
+
* @param params.AnalyticsMetadata Optional analytics metadata.
|
|
1177
|
+
* @param params.FriendlyDeviceName Optional friendly name for the device.
|
|
1178
|
+
* @returns
|
|
1179
|
+
*/
|
|
1010
1180
|
async associateSoftwareToken(params) {
|
|
1011
1181
|
return cognitoRequest(params, "AssociateSoftwareToken" /* AssociateSoftwareToken */, this.cognitoEndpoint);
|
|
1012
1182
|
}
|
|
1183
|
+
/**
|
|
1184
|
+
* Verifies a software token.
|
|
1185
|
+
* @param params Request to verify a software token.
|
|
1186
|
+
* @param params.AccessToken Access token of the current user.
|
|
1187
|
+
* @param params.FriendlyDeviceName Optional friendly name for the device.
|
|
1188
|
+
* @param params.Session Optional session identifier for the authentication process.
|
|
1189
|
+
* @param params.UserCode The user code to verify.
|
|
1190
|
+
* @returns
|
|
1191
|
+
*/
|
|
1013
1192
|
async verifySoftwareToken(params) {
|
|
1014
1193
|
return cognitoRequest(params, "VerifySoftwareToken" /* VerifySoftwareToken */, this.cognitoEndpoint);
|
|
1015
1194
|
}
|
|
@@ -1152,6 +1331,59 @@ var CognitoClient = class {
|
|
|
1152
1331
|
};
|
|
1153
1332
|
await cognitoRequest(resendConfirmationCodeRequest, "ResendConfirmationCode" /* ResendConfirmationCode */, this.cognitoEndpoint);
|
|
1154
1333
|
}
|
|
1334
|
+
async startWebAuthnRegistration(request) {
|
|
1335
|
+
const response = await cognitoRequest(request, "StartWebAuthnRegistration" /* StartWebAuthnRegistration */, this.cognitoEndpoint);
|
|
1336
|
+
response.CredentialCreationOptions.challenge = base64UrlToUint8Array(
|
|
1337
|
+
response.CredentialCreationOptions.challenge
|
|
1338
|
+
);
|
|
1339
|
+
response.CredentialCreationOptions.user.id = base64UrlToUint8Array(
|
|
1340
|
+
response.CredentialCreationOptions.user.id
|
|
1341
|
+
);
|
|
1342
|
+
response.CredentialCreationOptions.excludeCredentials = (response.CredentialCreationOptions.excludeCredentials || []).map((excludeCred) => ({
|
|
1343
|
+
...excludeCred,
|
|
1344
|
+
id: base64UrlToUint8Array(excludeCred.id)
|
|
1345
|
+
}));
|
|
1346
|
+
return response;
|
|
1347
|
+
}
|
|
1348
|
+
/**
|
|
1349
|
+
* Completes registration of a passkey authenticator for the currently signed-in user.
|
|
1350
|
+
* @param request Request to complete WebAuthn registration.
|
|
1351
|
+
* @param request.AccessToken Access token of the current user.
|
|
1352
|
+
* @param request.Credential The credential object returned by the WebAuthn API.
|
|
1353
|
+
*/
|
|
1354
|
+
async completeWebAuthnRegistration(request) {
|
|
1355
|
+
await cognitoRequest(
|
|
1356
|
+
{
|
|
1357
|
+
AccessToken: request.AccessToken,
|
|
1358
|
+
Credential: publicKeyCredentialToJSON(request.Credential)
|
|
1359
|
+
},
|
|
1360
|
+
"CompleteWebAuthnRegistration" /* CompleteWebAuthnRegistration */,
|
|
1361
|
+
this.cognitoEndpoint
|
|
1362
|
+
);
|
|
1363
|
+
}
|
|
1364
|
+
/**
|
|
1365
|
+
* Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
|
|
1366
|
+
*
|
|
1367
|
+
* @param request Request to delete a WebAuthn credential.
|
|
1368
|
+
* @param request.AccessToken Access token of the current user.
|
|
1369
|
+
* @param request.CredentialId The ID of the credential to delete.
|
|
1370
|
+
*/
|
|
1371
|
+
async deleteWebAuthnCredential(request) {
|
|
1372
|
+
await cognitoRequest(request, "DeleteWebAuthnCredential" /* DeleteWebAuthnCredential */, this.cognitoEndpoint);
|
|
1373
|
+
}
|
|
1374
|
+
/**
|
|
1375
|
+
* Lists all registered WebAuthn credentials for the currently signed-in user.
|
|
1376
|
+
*
|
|
1377
|
+
* @param request Request to list WebAuthn credentials.
|
|
1378
|
+
* @param request.AccessToken Access token of the current user.
|
|
1379
|
+
* @param request.MaxResults Maximum number of credentials to return.
|
|
1380
|
+
* @param request.NextToken Pagination token to continue listing credentials.
|
|
1381
|
+
* @returns
|
|
1382
|
+
*/
|
|
1383
|
+
async listWebAuthnCredentials(request) {
|
|
1384
|
+
const response = await cognitoRequest(request, "ListWebAuthnCredentials" /* ListWebAuthnCredentials */, this.cognitoEndpoint);
|
|
1385
|
+
return response;
|
|
1386
|
+
}
|
|
1155
1387
|
/**
|
|
1156
1388
|
* Returns a link to Cognito`s Hosted UI for OAuth2 authentication.
|
|
1157
1389
|
* This method works in conjunction with @see handleCodeFlow .
|
|
@@ -1265,12 +1497,14 @@ export {
|
|
|
1265
1497
|
GetCredentialsForIdentityException,
|
|
1266
1498
|
GetIdException,
|
|
1267
1499
|
GetUserAttributeVerificationException,
|
|
1500
|
+
GetUserError,
|
|
1268
1501
|
GetUserException,
|
|
1269
1502
|
GlobalSignOutError,
|
|
1270
1503
|
GlobalSignOutException,
|
|
1271
1504
|
IdentityProvider,
|
|
1272
1505
|
InitAuthError,
|
|
1273
1506
|
InitiateAuthException,
|
|
1507
|
+
ListDevicesError,
|
|
1274
1508
|
ListDevicesException,
|
|
1275
1509
|
ResendConfirmationCodeError,
|
|
1276
1510
|
ResendConfirmationException,
|
|
@@ -1279,6 +1513,7 @@ export {
|
|
|
1279
1513
|
RevokeTokenError,
|
|
1280
1514
|
RevokeTokenException,
|
|
1281
1515
|
ServiceTarget,
|
|
1516
|
+
SetUserMFAPreferenceError,
|
|
1282
1517
|
SetUserMFAPreferenceException,
|
|
1283
1518
|
SignUpError,
|
|
1284
1519
|
SignUpException,
|
|
@@ -1290,5 +1525,30 @@ export {
|
|
|
1290
1525
|
VerifyUserAttributeError,
|
|
1291
1526
|
VerifyUserAttributeException,
|
|
1292
1527
|
adaptExpiresIn,
|
|
1293
|
-
|
|
1528
|
+
base64UrlToUint8Array,
|
|
1529
|
+
calculateHKDF,
|
|
1530
|
+
calculateS,
|
|
1531
|
+
calculateSecretHash,
|
|
1532
|
+
calculateSignature,
|
|
1533
|
+
calculateU,
|
|
1534
|
+
cognitoRequest,
|
|
1535
|
+
decodeJwt,
|
|
1536
|
+
digest,
|
|
1537
|
+
formatTimestamp,
|
|
1538
|
+
generateA,
|
|
1539
|
+
generateSmallA,
|
|
1540
|
+
getPasswordAuthenticationKey,
|
|
1541
|
+
hashBuffer,
|
|
1542
|
+
hashHexString,
|
|
1543
|
+
hmac,
|
|
1544
|
+
padHex,
|
|
1545
|
+
publicKeyCredentialToJSON,
|
|
1546
|
+
randomBytes,
|
|
1547
|
+
removeUndefined,
|
|
1548
|
+
uint8ArrayFromBase64String,
|
|
1549
|
+
uint8ArrayFromHexString,
|
|
1550
|
+
uint8ArrayFromString,
|
|
1551
|
+
uint8ArrayToBase64String,
|
|
1552
|
+
uint8ArrayToBase64UrlString,
|
|
1553
|
+
uint8ArrayToHexString
|
|
1294
1554
|
};
|