@vardario/cognito-client 5.3.1 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/browser.js +31 -20
- package/lib/cognito-client.d.ts +17 -30
- package/lib/cognito-client.js +22 -20
- package/package.json +1 -1
package/lib/browser.js
CHANGED
|
@@ -897,17 +897,17 @@ async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
|
897
897
|
}
|
|
898
898
|
var CognitoClient = class {
|
|
899
899
|
cognitoEndpoint;
|
|
900
|
+
cognitoDomain;
|
|
900
901
|
cognitoPoolName;
|
|
901
902
|
userPoolClientId;
|
|
902
|
-
oAuth;
|
|
903
903
|
clientSecret;
|
|
904
|
-
constructor({ userPoolId, userPoolClientId, endpoint,
|
|
904
|
+
constructor({ userPoolId, userPoolClientId, endpoint, clientSecret, cognitoDomain }) {
|
|
905
905
|
const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split("_");
|
|
906
906
|
this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, "");
|
|
907
907
|
this.cognitoPoolName = cognitoPoolName;
|
|
908
908
|
this.userPoolClientId = userPoolClientId;
|
|
909
|
-
this.oAuth = oAuth;
|
|
910
909
|
this.clientSecret = clientSecret;
|
|
910
|
+
this.cognitoDomain = cognitoDomain;
|
|
911
911
|
}
|
|
912
912
|
static getDecodedTokenFromSession(auth) {
|
|
913
913
|
const { payload: idToken } = decodeJwt(auth.IdToken);
|
|
@@ -1380,24 +1380,25 @@ var CognitoClient = class {
|
|
|
1380
1380
|
*
|
|
1381
1381
|
* @throws {Error}
|
|
1382
1382
|
*/
|
|
1383
|
-
async generateOAuthSignInUrl(
|
|
1384
|
-
|
|
1385
|
-
|
|
1386
|
-
|
|
1383
|
+
async generateOAuthSignInUrl({
|
|
1384
|
+
identityProvider,
|
|
1385
|
+
redirectUri,
|
|
1386
|
+
scope
|
|
1387
|
+
}) {
|
|
1387
1388
|
const state = (await randomBytes(32)).toString("hex");
|
|
1388
1389
|
const pkce = (await randomBytes(128)).toString("hex");
|
|
1389
1390
|
const code_challenge = uint8ArrayToBase64String(await digest("SHA-256", uint8ArrayFromString(pkce))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1390
1391
|
const queryParams = new URLSearchParams();
|
|
1391
|
-
queryParams.append("redirect_uri",
|
|
1392
|
-
queryParams.append("response_type",
|
|
1392
|
+
queryParams.append("redirect_uri", redirectUri);
|
|
1393
|
+
queryParams.append("response_type", "code");
|
|
1393
1394
|
queryParams.append("client_id", this.userPoolClientId);
|
|
1394
1395
|
identityProvider && queryParams.append("identity_provider", identityProvider);
|
|
1395
|
-
queryParams.append("scope",
|
|
1396
|
+
queryParams.append("scope", scope.join(" "));
|
|
1396
1397
|
queryParams.append("state", state);
|
|
1397
1398
|
queryParams.append("code_challenge", code_challenge);
|
|
1398
1399
|
queryParams.append("code_challenge_method", "S256");
|
|
1399
1400
|
return {
|
|
1400
|
-
url: `${this.
|
|
1401
|
+
url: `${this.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
|
|
1401
1402
|
state,
|
|
1402
1403
|
pkce
|
|
1403
1404
|
};
|
|
@@ -1413,15 +1414,20 @@ var CognitoClient = class {
|
|
|
1413
1414
|
*
|
|
1414
1415
|
* @throws {Error}
|
|
1415
1416
|
*/
|
|
1416
|
-
async handleCodeFlow(
|
|
1417
|
-
|
|
1418
|
-
|
|
1419
|
-
|
|
1417
|
+
async handleCodeFlow({
|
|
1418
|
+
pkce,
|
|
1419
|
+
redirectUri,
|
|
1420
|
+
returnUrl,
|
|
1421
|
+
state
|
|
1422
|
+
}) {
|
|
1420
1423
|
const url = new URL(returnUrl);
|
|
1421
1424
|
const code = url.searchParams.get("code");
|
|
1422
1425
|
if (code === null) {
|
|
1423
1426
|
throw Error("code parameter is missing from return url.");
|
|
1424
1427
|
}
|
|
1428
|
+
if (!this.cognitoDomain) {
|
|
1429
|
+
throw Error("Cognito domain is not set. Please set cognitoDomain in the CognitoClient constructor.");
|
|
1430
|
+
}
|
|
1425
1431
|
if (url.searchParams.get("state") !== state) {
|
|
1426
1432
|
throw Error("State parameter does not match.");
|
|
1427
1433
|
}
|
|
@@ -1429,14 +1435,19 @@ var CognitoClient = class {
|
|
|
1429
1435
|
urlParams.append("grant_type", "authorization_code");
|
|
1430
1436
|
urlParams.append("code", code);
|
|
1431
1437
|
urlParams.append("client_id", this.userPoolClientId);
|
|
1432
|
-
urlParams.append("redirect_uri",
|
|
1438
|
+
urlParams.append("redirect_uri", redirectUri);
|
|
1433
1439
|
urlParams.append("code_verifier", pkce);
|
|
1434
|
-
const tokenEndpoint = `${this.
|
|
1440
|
+
const tokenEndpoint = `${this.cognitoDomain}/oauth2/token`;
|
|
1441
|
+
const headers = {
|
|
1442
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
1443
|
+
};
|
|
1444
|
+
if (this.clientSecret) {
|
|
1445
|
+
const basicAuth = btoa(`${this.userPoolClientId}:${this.clientSecret}`);
|
|
1446
|
+
headers["Authorization"] = `Basic ${basicAuth}`;
|
|
1447
|
+
}
|
|
1435
1448
|
const response = await fetch(tokenEndpoint, {
|
|
1436
1449
|
method: "POST",
|
|
1437
|
-
headers
|
|
1438
|
-
"Content-Type": "application/x-www-form-urlencoded"
|
|
1439
|
-
},
|
|
1450
|
+
headers,
|
|
1440
1451
|
body: urlParams.toString()
|
|
1441
1452
|
});
|
|
1442
1453
|
const { access_token, refresh_token, id_token, expires_in, error } = await response.json();
|
package/lib/cognito-client.d.ts
CHANGED
|
@@ -181,28 +181,6 @@ export interface ResendConfirmationCodeRequest extends CognitoBaseRequest {
|
|
|
181
181
|
Username: string;
|
|
182
182
|
SecretHash?: string;
|
|
183
183
|
}
|
|
184
|
-
/**
|
|
185
|
-
* Cognito related OAuth props.
|
|
186
|
-
*/
|
|
187
|
-
export interface OAuth2Props {
|
|
188
|
-
/**
|
|
189
|
-
* Cognito domain for OAuth2 token endpoints.
|
|
190
|
-
*/
|
|
191
|
-
cognitoDomain: string;
|
|
192
|
-
/**
|
|
193
|
-
* Requested OAuth scopes
|
|
194
|
-
* @example ['email', 'openid']
|
|
195
|
-
*/
|
|
196
|
-
scopes: string[];
|
|
197
|
-
/**
|
|
198
|
-
* Redirect URL after a successful OAuth2 authentication.
|
|
199
|
-
*/
|
|
200
|
-
redirectUrl: string;
|
|
201
|
-
/**
|
|
202
|
-
* Response type.
|
|
203
|
-
*/
|
|
204
|
-
responseType: 'code';
|
|
205
|
-
}
|
|
206
184
|
export interface CognitoClientProps {
|
|
207
185
|
/**
|
|
208
186
|
* Cognito User Pool ID
|
|
@@ -213,15 +191,15 @@ export interface CognitoClientProps {
|
|
|
213
191
|
* Cognito User Pool Client ID
|
|
214
192
|
*/
|
|
215
193
|
userPoolClientId: string;
|
|
194
|
+
/**
|
|
195
|
+
* Cognito Domain. Required for OAuth2 flows.
|
|
196
|
+
*/
|
|
197
|
+
cognitoDomain?: string;
|
|
216
198
|
/**
|
|
217
199
|
* Optional Cognito endpoint. Useful for local testing.
|
|
218
200
|
* If not defined the endpoint will be determined by @see userPoolId .
|
|
219
201
|
*/
|
|
220
202
|
endpoint?: string;
|
|
221
|
-
/**
|
|
222
|
-
* Cognito OAuth related options. See @see OAuthProps .
|
|
223
|
-
*/
|
|
224
|
-
oAuth2?: OAuth2Props;
|
|
225
203
|
/**
|
|
226
204
|
* Optional Cognito User Pool Client Secret.
|
|
227
205
|
*/
|
|
@@ -554,11 +532,11 @@ export declare function cognitoRequest<T extends ServiceTarget>(body: CognitoReq
|
|
|
554
532
|
*/
|
|
555
533
|
export declare class CognitoClient {
|
|
556
534
|
private readonly cognitoEndpoint;
|
|
535
|
+
private readonly cognitoDomain?;
|
|
557
536
|
private readonly cognitoPoolName;
|
|
558
537
|
private readonly userPoolClientId;
|
|
559
|
-
private readonly oAuth?;
|
|
560
538
|
private readonly clientSecret?;
|
|
561
|
-
constructor({ userPoolId, userPoolClientId, endpoint,
|
|
539
|
+
constructor({ userPoolId, userPoolClientId, endpoint, clientSecret, cognitoDomain }: CognitoClientProps);
|
|
562
540
|
static getDecodedTokenFromSession(auth: AuthenticationResult): DecodedTokens;
|
|
563
541
|
initiateAuth(request: InitiateAuthRequest): Promise<InitiateAuthResponse>;
|
|
564
542
|
/**
|
|
@@ -778,7 +756,11 @@ export declare class CognitoClient {
|
|
|
778
756
|
*
|
|
779
757
|
* @throws {Error}
|
|
780
758
|
*/
|
|
781
|
-
generateOAuthSignInUrl(identityProvider
|
|
759
|
+
generateOAuthSignInUrl({ identityProvider, redirectUri, scope }: {
|
|
760
|
+
identityProvider?: string;
|
|
761
|
+
redirectUri: string;
|
|
762
|
+
scope: string[];
|
|
763
|
+
}): Promise<{
|
|
782
764
|
url: string;
|
|
783
765
|
state: string;
|
|
784
766
|
pkce: string;
|
|
@@ -794,7 +776,12 @@ export declare class CognitoClient {
|
|
|
794
776
|
*
|
|
795
777
|
* @throws {Error}
|
|
796
778
|
*/
|
|
797
|
-
handleCodeFlow(
|
|
779
|
+
handleCodeFlow({ pkce, redirectUri, returnUrl, state }: {
|
|
780
|
+
returnUrl: string;
|
|
781
|
+
redirectUri: string;
|
|
782
|
+
pkce: string;
|
|
783
|
+
state: string;
|
|
784
|
+
}): Promise<AuthenticationResult>;
|
|
798
785
|
/**
|
|
799
786
|
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
|
|
800
787
|
* @param accessToken Access token of the current user.
|
package/lib/cognito-client.js
CHANGED
|
@@ -114,17 +114,17 @@ export async function cognitoRequest(body, serviceTarget, cognitoEndpoint) {
|
|
|
114
114
|
*/
|
|
115
115
|
export class CognitoClient {
|
|
116
116
|
cognitoEndpoint;
|
|
117
|
+
cognitoDomain;
|
|
117
118
|
cognitoPoolName;
|
|
118
119
|
userPoolClientId;
|
|
119
|
-
oAuth;
|
|
120
120
|
clientSecret;
|
|
121
|
-
constructor({ userPoolId, userPoolClientId, endpoint,
|
|
121
|
+
constructor({ userPoolId, userPoolClientId, endpoint, clientSecret, cognitoDomain }) {
|
|
122
122
|
const [cognitoPoolRegion, cognitoPoolName] = userPoolId.split('_');
|
|
123
123
|
this.cognitoEndpoint = (endpoint || `https://cognito-idp.${cognitoPoolRegion}.amazonaws.com`).replace(/\/$/, '');
|
|
124
124
|
this.cognitoPoolName = cognitoPoolName;
|
|
125
125
|
this.userPoolClientId = userPoolClientId;
|
|
126
|
-
this.oAuth = oAuth;
|
|
127
126
|
this.clientSecret = clientSecret;
|
|
127
|
+
this.cognitoDomain = cognitoDomain;
|
|
128
128
|
}
|
|
129
129
|
static getDecodedTokenFromSession(auth) {
|
|
130
130
|
const { payload: idToken } = decodeJwt(auth.IdToken);
|
|
@@ -564,10 +564,7 @@ export class CognitoClient {
|
|
|
564
564
|
*
|
|
565
565
|
* @throws {Error}
|
|
566
566
|
*/
|
|
567
|
-
async generateOAuthSignInUrl(identityProvider) {
|
|
568
|
-
if (this.oAuth === undefined) {
|
|
569
|
-
throw Error('You have to define oAuth options to use generateFederatedSignUrl');
|
|
570
|
-
}
|
|
567
|
+
async generateOAuthSignInUrl({ identityProvider, redirectUri, scope }) {
|
|
571
568
|
const state = (await randomBytes(32)).toString('hex');
|
|
572
569
|
const pkce = (await randomBytes(128)).toString('hex');
|
|
573
570
|
const code_challenge = uint8ArrayToBase64String(await digest('SHA-256', uint8ArrayFromString(pkce)))
|
|
@@ -575,16 +572,16 @@ export class CognitoClient {
|
|
|
575
572
|
.replace(/\//g, '_')
|
|
576
573
|
.replace(/=+$/, '');
|
|
577
574
|
const queryParams = new URLSearchParams();
|
|
578
|
-
queryParams.append('redirect_uri',
|
|
579
|
-
queryParams.append('response_type',
|
|
575
|
+
queryParams.append('redirect_uri', redirectUri);
|
|
576
|
+
queryParams.append('response_type', 'code');
|
|
580
577
|
queryParams.append('client_id', this.userPoolClientId);
|
|
581
578
|
identityProvider && queryParams.append('identity_provider', identityProvider);
|
|
582
|
-
queryParams.append('scope',
|
|
579
|
+
queryParams.append('scope', scope.join(' '));
|
|
583
580
|
queryParams.append('state', state);
|
|
584
581
|
queryParams.append('code_challenge', code_challenge);
|
|
585
582
|
queryParams.append('code_challenge_method', 'S256');
|
|
586
583
|
return {
|
|
587
|
-
url: `${this.
|
|
584
|
+
url: `${this.cognitoDomain}/oauth2/authorize?${queryParams.toString()}`,
|
|
588
585
|
state,
|
|
589
586
|
pkce
|
|
590
587
|
};
|
|
@@ -600,15 +597,15 @@ export class CognitoClient {
|
|
|
600
597
|
*
|
|
601
598
|
* @throws {Error}
|
|
602
599
|
*/
|
|
603
|
-
async handleCodeFlow(
|
|
604
|
-
if (this.oAuth === undefined) {
|
|
605
|
-
throw Error('You have to define oAuth options to use handleCodeFlow');
|
|
606
|
-
}
|
|
600
|
+
async handleCodeFlow({ pkce, redirectUri, returnUrl, state }) {
|
|
607
601
|
const url = new URL(returnUrl);
|
|
608
602
|
const code = url.searchParams.get('code');
|
|
609
603
|
if (code === null) {
|
|
610
604
|
throw Error('code parameter is missing from return url.');
|
|
611
605
|
}
|
|
606
|
+
if (!this.cognitoDomain) {
|
|
607
|
+
throw Error('Cognito domain is not set. Please set cognitoDomain in the CognitoClient constructor.');
|
|
608
|
+
}
|
|
612
609
|
if (url.searchParams.get('state') !== state) {
|
|
613
610
|
throw Error('State parameter does not match.');
|
|
614
611
|
}
|
|
@@ -616,14 +613,19 @@ export class CognitoClient {
|
|
|
616
613
|
urlParams.append('grant_type', 'authorization_code');
|
|
617
614
|
urlParams.append('code', code);
|
|
618
615
|
urlParams.append('client_id', this.userPoolClientId);
|
|
619
|
-
urlParams.append('redirect_uri',
|
|
616
|
+
urlParams.append('redirect_uri', redirectUri);
|
|
620
617
|
urlParams.append('code_verifier', pkce);
|
|
621
|
-
const tokenEndpoint = `${this.
|
|
618
|
+
const tokenEndpoint = `${this.cognitoDomain}/oauth2/token`;
|
|
619
|
+
const headers = {
|
|
620
|
+
'Content-Type': 'application/x-www-form-urlencoded'
|
|
621
|
+
};
|
|
622
|
+
if (this.clientSecret) {
|
|
623
|
+
const basicAuth = btoa(`${this.userPoolClientId}:${this.clientSecret}`);
|
|
624
|
+
headers['Authorization'] = `Basic ${basicAuth}`;
|
|
625
|
+
}
|
|
622
626
|
const response = await fetch(tokenEndpoint, {
|
|
623
627
|
method: 'POST',
|
|
624
|
-
headers
|
|
625
|
-
'Content-Type': 'application/x-www-form-urlencoded'
|
|
626
|
-
},
|
|
628
|
+
headers,
|
|
627
629
|
body: urlParams.toString()
|
|
628
630
|
});
|
|
629
631
|
const { access_token, refresh_token, id_token, expires_in, error } = await response.json();
|