@vardario/cognito-client 5.3.1 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/browser.js CHANGED
@@ -897,17 +897,17 @@ async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
897
897
  }
898
898
  var CognitoClient = class {
899
899
  cognitoEndpoint;
900
+ cognitoDomain;
900
901
  cognitoPoolName;
901
902
  userPoolClientId;
902
- oAuth;
903
903
  clientSecret;
904
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }) {
904
+ constructor({ userPoolId, userPoolClientId, endpoint, clientSecret, cognitoDomain }) {
905
905
  const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split("_");
906
906
  this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, "");
907
907
  this.cognitoPoolName = cognitoPoolName;
908
908
  this.userPoolClientId = userPoolClientId;
909
- this.oAuth = oAuth;
910
909
  this.clientSecret = clientSecret;
910
+ this.cognitoDomain = cognitoDomain;
911
911
  }
912
912
  static getDecodedTokenFromSession(auth) {
913
913
  const { payload: idToken } = decodeJwt(auth.IdToken);
@@ -1380,24 +1380,25 @@ var CognitoClient = class {
1380
1380
  *
1381
1381
  * @throws {Error}
1382
1382
  */
1383
- async generateOAuthSignInUrl(identityProvider) {
1384
- if (this.oAuth === void 0) {
1385
- throw Error("You have to define oAuth options to use generateFederatedSignUrl");
1386
- }
1383
+ async generateOAuthSignInUrl({
1384
+ identityProvider,
1385
+ redirectUri,
1386
+ scope
1387
+ }) {
1387
1388
  const state = (await randomBytes(32)).toString("hex");
1388
1389
  const pkce = (await randomBytes(128)).toString("hex");
1389
1390
  const code_challenge = uint8ArrayToBase64String(await digest("SHA-256", uint8ArrayFromString(pkce))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
1390
1391
  const queryParams = new URLSearchParams();
1391
- queryParams.append("redirect_uri", this.oAuth.redirectUrl);
1392
- queryParams.append("response_type", this.oAuth.responseType);
1392
+ queryParams.append("redirect_uri", redirectUri);
1393
+ queryParams.append("response_type", "code");
1393
1394
  queryParams.append("client_id", this.userPoolClientId);
1394
1395
  identityProvider && queryParams.append("identity_provider", identityProvider);
1395
- queryParams.append("scope", this.oAuth.scopes.join(" "));
1396
+ queryParams.append("scope", scope.join(" "));
1396
1397
  queryParams.append("state", state);
1397
1398
  queryParams.append("code_challenge", code_challenge);
1398
1399
  queryParams.append("code_challenge_method", "S256");
1399
1400
  return {
1400
- url: `${this.oAuth.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
1401
+ url: `${this.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
1401
1402
  state,
1402
1403
  pkce
1403
1404
  };
@@ -1413,15 +1414,20 @@ var CognitoClient = class {
1413
1414
  *
1414
1415
  * @throws {Error}
1415
1416
  */
1416
- async handleCodeFlow(returnUrl, pkce, state) {
1417
- if (this.oAuth === void 0) {
1418
- throw Error("You have to define oAuth options to use handleCodeFlow");
1419
- }
1417
+ async handleCodeFlow({
1418
+ pkce,
1419
+ redirectUri,
1420
+ returnUrl,
1421
+ state
1422
+ }) {
1420
1423
  const url = new URL(returnUrl);
1421
1424
  const code = url.searchParams.get("code");
1422
1425
  if (code === null) {
1423
1426
  throw Error("code parameter is missing from return url.");
1424
1427
  }
1428
+ if (!this.cognitoDomain) {
1429
+ throw Error("Cognito domain is not set. Please set cognitoDomain in the CognitoClient constructor.");
1430
+ }
1425
1431
  if (url.searchParams.get("state") !== state) {
1426
1432
  throw Error("State parameter does not match.");
1427
1433
  }
@@ -1429,14 +1435,19 @@ var CognitoClient = class {
1429
1435
  urlParams.append("grant_type", "authorization_code");
1430
1436
  urlParams.append("code", code);
1431
1437
  urlParams.append("client_id", this.userPoolClientId);
1432
- urlParams.append("redirect_uri", this.oAuth.redirectUrl);
1438
+ urlParams.append("redirect_uri", redirectUri);
1433
1439
  urlParams.append("code_verifier", pkce);
1434
- const tokenEndpoint = `${this.oAuth.cognitoDomain}/oauth2/token`;
1440
+ const tokenEndpoint = `${this.cognitoDomain}/oauth2/token`;
1441
+ const headers = {
1442
+ "Content-Type": "application/x-www-form-urlencoded"
1443
+ };
1444
+ if (this.clientSecret) {
1445
+ const basicAuth = btoa(`${this.userPoolClientId}:${this.clientSecret}`);
1446
+ headers["Authorization"] = `Basic ${basicAuth}`;
1447
+ }
1435
1448
  const response = await fetch(tokenEndpoint, {
1436
1449
  method: "POST",
1437
- headers: {
1438
- "Content-Type": "application/x-www-form-urlencoded"
1439
- },
1450
+ headers,
1440
1451
  body: urlParams.toString()
1441
1452
  });
1442
1453
  const { access_token, refresh_token, id_token, expires_in, error } = await response.json();
@@ -181,28 +181,6 @@ export interface ResendConfirmationCodeRequest extends CognitoBaseRequest {
181
181
  Username: string;
182
182
  SecretHash?: string;
183
183
  }
184
- /**
185
- * Cognito related OAuth props.
186
- */
187
- export interface OAuth2Props {
188
- /**
189
- * Cognito domain for OAuth2 token endpoints.
190
- */
191
- cognitoDomain: string;
192
- /**
193
- * Requested OAuth scopes
194
- * @example ['email', 'openid']
195
- */
196
- scopes: string[];
197
- /**
198
- * Redirect URL after a successful OAuth2 authentication.
199
- */
200
- redirectUrl: string;
201
- /**
202
- * Response type.
203
- */
204
- responseType: 'code';
205
- }
206
184
  export interface CognitoClientProps {
207
185
  /**
208
186
  * Cognito User Pool ID
@@ -213,15 +191,15 @@ export interface CognitoClientProps {
213
191
  * Cognito User Pool Client ID
214
192
  */
215
193
  userPoolClientId: string;
194
+ /**
195
+ * Cognito Domain. Required for OAuth2 flows.
196
+ */
197
+ cognitoDomain?: string;
216
198
  /**
217
199
  * Optional Cognito endpoint. Useful for local testing.
218
200
  * If not defined the endpoint will be determined by @see userPoolId .
219
201
  */
220
202
  endpoint?: string;
221
- /**
222
- * Cognito OAuth related options. See @see OAuthProps .
223
- */
224
- oAuth2?: OAuth2Props;
225
203
  /**
226
204
  * Optional Cognito User Pool Client Secret.
227
205
  */
@@ -554,11 +532,11 @@ export declare function cognitoRequest<T extends ServiceTarget>(body: CognitoReq
554
532
  */
555
533
  export declare class CognitoClient {
556
534
  private readonly cognitoEndpoint;
535
+ private readonly cognitoDomain?;
557
536
  private readonly cognitoPoolName;
558
537
  private readonly userPoolClientId;
559
- private readonly oAuth?;
560
538
  private readonly clientSecret?;
561
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }: CognitoClientProps);
539
+ constructor({ userPoolId, userPoolClientId, endpoint, clientSecret, cognitoDomain }: CognitoClientProps);
562
540
  static getDecodedTokenFromSession(auth: AuthenticationResult): DecodedTokens;
563
541
  initiateAuth(request: InitiateAuthRequest): Promise<InitiateAuthResponse>;
564
542
  /**
@@ -778,7 +756,11 @@ export declare class CognitoClient {
778
756
  *
779
757
  * @throws {Error}
780
758
  */
781
- generateOAuthSignInUrl(identityProvider?: string): Promise<{
759
+ generateOAuthSignInUrl({ identityProvider, redirectUri, scope }: {
760
+ identityProvider?: string;
761
+ redirectUri: string;
762
+ scope: string[];
763
+ }): Promise<{
782
764
  url: string;
783
765
  state: string;
784
766
  pkce: string;
@@ -794,7 +776,12 @@ export declare class CognitoClient {
794
776
  *
795
777
  * @throws {Error}
796
778
  */
797
- handleCodeFlow(returnUrl: string, pkce: string, state: string): Promise<AuthenticationResult>;
779
+ handleCodeFlow({ pkce, redirectUri, returnUrl, state }: {
780
+ returnUrl: string;
781
+ redirectUri: string;
782
+ pkce: string;
783
+ state: string;
784
+ }): Promise<AuthenticationResult>;
798
785
  /**
799
786
  * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
800
787
  * @param accessToken Access token of the current user.
@@ -114,17 +114,17 @@ export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
114
114
  */
115
115
  export class CognitoClient {
116
116
  cognitoEndpoint;
117
+ cognitoDomain;
117
118
  cognitoPoolName;
118
119
  userPoolClientId;
119
- oAuth;
120
120
  clientSecret;
121
- constructor({ userPoolId, userPoolClientId, endpoint, oAuth2: oAuth, clientSecret }) {
121
+ constructor({ userPoolId, userPoolClientId, endpoint, clientSecret, cognitoDomain }) {
122
122
  const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split('_');
123
123
  this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, '');
124
124
  this.cognitoPoolName = cognitoPoolName;
125
125
  this.userPoolClientId = userPoolClientId;
126
- this.oAuth = oAuth;
127
126
  this.clientSecret = clientSecret;
127
+ this.cognitoDomain = cognitoDomain;
128
128
  }
129
129
  static getDecodedTokenFromSession(auth) {
130
130
  const { payload: idToken } = decodeJwt(auth.IdToken);
@@ -564,10 +564,7 @@ export class CognitoClient {
564
564
  *
565
565
  * @throws {Error}
566
566
  */
567
- async generateOAuthSignInUrl(identityProvider) {
568
- if (this.oAuth === undefined) {
569
- throw Error('You have to define oAuth options to use generateFederatedSignUrl');
570
- }
567
+ async generateOAuthSignInUrl({ identityProvider, redirectUri, scope }) {
571
568
  const state = (await randomBytes(32)).toString('hex');
572
569
  const pkce = (await randomBytes(128)).toString('hex');
573
570
  const code_challenge = uint8ArrayToBase64String(await digest('SHA-256', uint8ArrayFromString(pkce)))
@@ -575,16 +572,16 @@ export class CognitoClient {
575
572
  .replace(/\//g, '_')
576
573
  .replace(/=+$/, '');
577
574
  const queryParams = new URLSearchParams();
578
- queryParams.append('redirect_uri', this.oAuth.redirectUrl);
579
- queryParams.append('response_type', this.oAuth.responseType);
575
+ queryParams.append('redirect_uri', redirectUri);
576
+ queryParams.append('response_type', 'code');
580
577
  queryParams.append('client_id', this.userPoolClientId);
581
578
  identityProvider && queryParams.append('identity_provider', identityProvider);
582
- queryParams.append('scope', this.oAuth.scopes.join(' '));
579
+ queryParams.append('scope', scope.join(' '));
583
580
  queryParams.append('state', state);
584
581
  queryParams.append('code_challenge', code_challenge);
585
582
  queryParams.append('code_challenge_method', 'S256');
586
583
  return {
587
- url: `${this.oAuth.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
584
+ url: `${this.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
588
585
  state,
589
586
  pkce
590
587
  };
@@ -600,15 +597,15 @@ export class CognitoClient {
600
597
  *
601
598
  * @throws {Error}
602
599
  */
603
- async handleCodeFlow(returnUrl, pkce, state) {
604
- if (this.oAuth === undefined) {
605
- throw Error('You have to define oAuth options to use handleCodeFlow');
606
- }
600
+ async handleCodeFlow({ pkce, redirectUri, returnUrl, state }) {
607
601
  const url = new URL(returnUrl);
608
602
  const code = url.searchParams.get('code');
609
603
  if (code === null) {
610
604
  throw Error('code parameter is missing from return url.');
611
605
  }
606
+ if (!this.cognitoDomain) {
607
+ throw Error('Cognito domain is not set. Please set cognitoDomain in the CognitoClient constructor.');
608
+ }
612
609
  if (url.searchParams.get('state') !== state) {
613
610
  throw Error('State parameter does not match.');
614
611
  }
@@ -616,14 +613,19 @@ export class CognitoClient {
616
613
  urlParams.append('grant_type', 'authorization_code');
617
614
  urlParams.append('code', code);
618
615
  urlParams.append('client_id', this.userPoolClientId);
619
- urlParams.append('redirect_uri', this.oAuth.redirectUrl);
616
+ urlParams.append('redirect_uri', redirectUri);
620
617
  urlParams.append('code_verifier', pkce);
621
- const tokenEndpoint = `${this.oAuth.cognitoDomain}/oauth2/token`;
618
+ const tokenEndpoint = `${this.cognitoDomain}/oauth2/token`;
619
+ const headers = {
620
+ 'Content-Type': 'application/x-www-form-urlencoded'
621
+ };
622
+ if (this.clientSecret) {
623
+ const basicAuth = btoa(`${this.userPoolClientId}:${this.clientSecret}`);
624
+ headers['Authorization'] = `Basic ${basicAuth}`;
625
+ }
622
626
  const response = await fetch(tokenEndpoint, {
623
627
  method: 'POST',
624
- headers: {
625
- 'Content-Type': 'application/x-www-form-urlencoded'
626
- },
628
+ headers,
627
629
  body: urlParams.toString()
628
630
  });
629
631
  const { access_token, refresh_token, id_token, expires_in, error } = await response.json();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vardario/cognito-client",
3
- "version": "5.3.1",
3
+ "version": "6.0.0",
4
4
  "description": "",
5
5
  "license": "MIT",
6
6
  "author": "Sahin Vardar",