UNPKG

@aws-amplify/amplify-category-auth

Version:

amplify-cli authentication plugin

aws-amplify/amplify-cli

70 lines (66 loc) 2.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
const response = require('cfn-response'); const { IAMClient, AddClientIDToOpenIDConnectProviderCommand, CreateOpenIDConnectProviderCommand, GetOpenIDConnectProviderCommand, ListOpenIDConnectProvidersCommand, } = require('@aws-sdk/client-iam'); const iam = new IAMClient({}); exports.handler = (event, context) => { // Don't return promise, response.send() marks context as done internally void tryHandleEvent(event, context); }; async function tryHandleEvent(event, context) { try { const res = await handleEvent(event); response.send(event, context, response.SUCCESS, res); } catch (e) { response.send(event, context, response.FAILED, { e }); } } async function handleEvent(event) { if (event.RequestType === 'Update' || event.RequestType === 'Create') { const params = { ClientIDList: event.ResourceProperties.clientIdList.split(','), ThumbprintList: ['0000000000000000000000000000000000000000'], Url: event.ResourceProperties.url, }; let existingValue; const listOpenIDConnectProvidersResponse = await iam.send(new ListOpenIDConnectProvidersCommand({})); if ( listOpenIDConnectProvidersResponse.OpenIDConnectProviderList && listOpenIDConnectProvidersResponse.OpenIDConnectProviderList.length > 0 ) { const vals = listOpenIDConnectProvidersResponse.OpenIDConnectProviderList.map((x) => x.Arn); existingValue = vals.find((i) => i.split('/')[1] === params.Url.split('//')[1]); } if (!existingValue) { const createOpenIDConnectProviderResponse = await iam.send(new CreateOpenIDConnectProviderCommand(params)); return { providerArn: createOpenIDConnectProviderResponse.OpenIDConnectProviderArn, providerIds: params.ClientIDList, }; } else { const findParams = { OpenIDConnectProviderArn: existingValue, }; const getOpenIDConnectProviderResponse = await iam.send(new GetOpenIDConnectProviderCommand(findParams)); const audiences = getOpenIDConnectProviderResponse.ClientIDList; for (const clientID of params.ClientIDList) { if (!audiences.includes(clientID)) { const updateParams = { ClientID: clientID, OpenIDConnectProviderArn: existingValue, }; await iam.send(new AddClientIDToOpenIDConnectProviderCommand(updateParams)); } } return { providerArn: existingValue, providerIds: params.ClientIDList, }; } } return {}; }