@aws-amplify/auth
Version:
Auth category of aws-amplify
79 lines (77 loc) • 3.37 kB
JavaScript
'use strict';
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
Object.defineProperty(exports, "__esModule", { value: true });
exports.handlePasswordVerifierChallenge = handlePasswordVerifierChallenge;
const AuthError_1 = require("../../../errors/AuthError");
const cognitoIdentityProvider_1 = require("../../../foundation/factories/serviceClients/cognitoIdentityProvider");
const factories_1 = require("../factories");
const parsers_1 = require("../../../foundation/parsers");
const srp_1 = require("./srp");
const BigInteger_1 = require("./srp/BigInteger");
const userContextData_1 = require("./userContextData");
const handleDeviceSRPAuth_1 = require("./handleDeviceSRPAuth");
async function handlePasswordVerifierChallenge(password, challengeParameters, clientMetadata, session, authenticationHelper, config, tokenOrchestrator) {
const { userPoolId, userPoolClientId, userPoolEndpoint } = config;
const userPoolName = userPoolId?.split('_')[1] || '';
const serverBValue = new BigInteger_1.BigInteger(challengeParameters?.SRP_B, 16);
const salt = new BigInteger_1.BigInteger(challengeParameters?.SALT, 16);
const username = challengeParameters?.USER_ID_FOR_SRP;
if (!username)
throw new AuthError_1.AuthError({
name: 'EmptyUserIdForSRPException',
message: 'USER_ID_FOR_SRP was not found in challengeParameters',
});
const hkdf = await authenticationHelper.getPasswordAuthenticationKey({
username,
password,
serverBValue,
salt,
});
const dateNow = (0, srp_1.getNowString)();
const challengeResponses = {
USERNAME: username,
PASSWORD_CLAIM_SECRET_BLOCK: challengeParameters?.SECRET_BLOCK,
TIMESTAMP: dateNow,
PASSWORD_CLAIM_SIGNATURE: (0, srp_1.getSignatureString)({
username,
userPoolName,
challengeParameters,
dateNow,
hkdf,
}),
};
const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username);
if (deviceMetadata && deviceMetadata.deviceKey) {
challengeResponses.DEVICE_KEY = deviceMetadata.deviceKey;
}
const UserContextData = (0, userContextData_1.getUserContextData)({
username,
userPoolId,
userPoolClientId,
});
const jsonReqResponseChallenge = {
ChallengeName: 'PASSWORD_VERIFIER',
ChallengeResponses: challengeResponses,
ClientMetadata: clientMetadata,
Session: session,
ClientId: userPoolClientId,
UserContextData,
};
const respondToAuthChallenge = (0, cognitoIdentityProvider_1.createRespondToAuthChallengeClient)({
endpointResolver: (0, factories_1.createCognitoUserPoolEndpointResolver)({
endpointOverride: userPoolEndpoint,
}),
});
const response = await respondToAuthChallenge({ region: (0, parsers_1.getRegionFromUserPoolId)(userPoolId) }, jsonReqResponseChallenge);
if (response.ChallengeName === 'DEVICE_SRP_AUTH')
return (0, handleDeviceSRPAuth_1.handleDeviceSRPAuth)({
username,
config,
clientMetadata,
session: response.Session,
tokenOrchestrator,
});
return response;
}
//# sourceMappingURL=handlePasswordVerifierChallenge.js.map