UNPKG

@affinidi-tdk/iota-core

Version:

Affinidi Iota Framework core library primarily used in the backend

github.com/affinidi/affinidi-tdk

affinidi/affinidi-tdk

86 lines (75 loc) 2.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import { EnvironmentUtils } from '@affinidi-tdk/common' import { Configuration, IotaApi } from '@affinidi-tdk/iota-client' import { CognitoIdentityClient, GetCredentialsForIdentityCommand, } from '@aws-sdk/client-cognito-identity' export interface IAuthProviderParams { region: string apiGW: string } export interface IotaCredentials { readonly credentials: Credentials readonly connectionClientId: string } export interface Credentials { readonly accessKeyId?: string readonly secretKey?: string readonly sessionToken?: string readonly expiration?: Date } export interface IdentityCredentials { readonly identityId: string readonly token: string } export class IotaAuthProvider { region: string apiGW: string constructor(param?: { [key: string]: any }) { this.region = param?.region ?? EnvironmentUtils.fetchRegion() this.apiGW = param?.apiGW ?? EnvironmentUtils.fetchApiGwUrl() } async limitedTokenToIotaCredentials( limitedToken: string, ): Promise<IotaCredentials> { const iotaAPIClient = new IotaApi( new Configuration({ basePath: `${this.apiGW}/ais` }), ) const response = await iotaAPIClient.awsExchangeCredentials({ assertion: limitedToken, }) const { connectionClientId, credentials: identityCredentials } = response.data const credentials = await this.exchangeIdentityCredentials(identityCredentials) return { credentials, connectionClientId, } } async exchangeIdentityCredentials( identityCredentials: IdentityCredentials, ): Promise<Credentials> { const cognitoIdentityClient = new CognitoIdentityClient({ region: this.region, }) const responseCmd = await cognitoIdentityClient.send( new GetCredentialsForIdentityCommand({ IdentityId: identityCredentials.identityId, Logins: { 'cognito-identity.amazonaws.com': identityCredentials.token, }, }), ) const credentials = responseCmd.Credentials if (!credentials) { throw new Error('Error fetching credentials') } return { accessKeyId: credentials.AccessKeyId, secretKey: credentials.SecretKey, sessionToken: credentials.SessionToken, expiration: credentials.Expiration, } } }