@aws-amplify/auth/dist/esm/providers/cognito/credentialsProvider/credentialsProvider.mjs.map

Auth category of aws-amplify

{"version":3,"file":"credentialsProvider.mjs","sources":["../../../../../src/providers/cognito/credentialsProvider/credentialsProvider.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { ConsoleLogger, createGetCredentialsForIdentityClient, } from '@aws-amplify/core';\nimport { assertIdentityPoolIdConfig, } from '@aws-amplify/core/internals/utils';\nimport { AuthError } from '../../../errors/AuthError';\nimport { assertServiceError } from '../../../errors/utils/assertServiceError';\nimport { getRegionFromIdentityPoolId } from '../../../foundation/parsers';\nimport { assertIdTokenInAuthTokens } from '../utils/types';\nimport { createCognitoIdentityPoolEndpointResolver } from '../factories';\nimport { cognitoIdentityIdProvider } from './IdentityIdProvider';\nimport { formLoginsMap } from './utils';\nconst logger = new ConsoleLogger('CognitoCredentialsProvider');\nconst CREDENTIALS_TTL = 50 * 60 * 1000; // 50 min, can be modified on config if required in the future\nexport class CognitoAWSCredentialsAndIdentityIdProvider {\n    constructor(identityIdStore) {\n        this._nextCredentialsRefresh = 0;\n        this._identityIdStore = identityIdStore;\n    }\n    async clearCredentialsAndIdentityId() {\n        logger.debug('Clearing out credentials and identityId');\n        this._credentialsAndIdentityId = undefined;\n        await this._identityIdStore.clearIdentityId();\n    }\n    async clearCredentials() {\n        logger.debug('Clearing out in-memory credentials');\n        this._credentialsAndIdentityId = undefined;\n    }\n    async getCredentialsAndIdentityId(getCredentialsOptions) {\n        const isAuthenticated = getCredentialsOptions.authenticated;\n        const { tokens } = getCredentialsOptions;\n        const { authConfig } = getCredentialsOptions;\n        try {\n            assertIdentityPoolIdConfig(authConfig?.Cognito);\n        }\n        catch {\n            // No identity pool configured, skipping\n            return;\n        }\n        if (!isAuthenticated && !authConfig.Cognito.allowGuestAccess) {\n            // TODO(V6): return partial result like Native platforms\n            return;\n        }\n        const { forceRefresh } = getCredentialsOptions;\n        const tokenHasChanged = this.hasTokenChanged(tokens);\n        const identityId = await cognitoIdentityIdProvider({\n            tokens,\n            authConfig: authConfig.Cognito,\n            identityIdStore: this._identityIdStore,\n        });\n        // Clear cached credentials when forceRefresh is true OR the cache token has changed\n        if (forceRefresh || tokenHasChanged) {\n            this.clearCredentials();\n        }\n        if (!isAuthenticated) {\n            return this.getGuestCredentials(identityId, authConfig.Cognito);\n        }\n        else {\n            assertIdTokenInAuthTokens(tokens);\n            return this.credsForOIDCTokens(authConfig.Cognito, tokens, identityId);\n        }\n    }\n    async getGuestCredentials(identityId, authConfig) {\n        // Return existing in-memory cached credentials only if it exists, is not past it's lifetime and is unauthenticated credentials\n        if (this._credentialsAndIdentityId &&\n            !this.isPastTTL() &&\n            this._credentialsAndIdentityId.isAuthenticatedCreds === false) {\n            logger.info('returning stored credentials as they neither past TTL nor expired.');\n            return this._credentialsAndIdentityId;\n        }\n        // Clear to discard if any authenticated credentials are set and start with a clean slate\n        this.clearCredentials();\n        const region = getRegionFromIdentityPoolId(authConfig.identityPoolId);\n        const getCredentialsForIdentity = createGetCredentialsForIdentityClient({\n            endpointResolver: createCognitoIdentityPoolEndpointResolver({\n                endpointOverride: authConfig.identityPoolEndpoint,\n            }),\n        });\n        // use identityId to obtain guest credentials\n        // save credentials in-memory\n        // No logins params should be passed for guest creds:\n        // https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html\n        let clientResult;\n        try {\n            clientResult = await getCredentialsForIdentity({ region }, {\n                IdentityId: identityId,\n            });\n        }\n        catch (e) {\n            assertServiceError(e);\n            throw new AuthError(e);\n        }\n        if (clientResult?.Credentials?.AccessKeyId &&\n            clientResult?.Credentials?.SecretKey) {\n            this._nextCredentialsRefresh = new Date().getTime() + CREDENTIALS_TTL;\n            const res = {\n                credentials: {\n                    accessKeyId: clientResult.Credentials.AccessKeyId,\n                    secretAccessKey: clientResult.Credentials.SecretKey,\n                    sessionToken: clientResult.Credentials.SessionToken,\n                    expiration: clientResult.Credentials.Expiration,\n                },\n                identityId,\n            };\n            if (clientResult.IdentityId) {\n                res.identityId = clientResult.IdentityId;\n                this._identityIdStore.storeIdentityId({\n                    id: clientResult.IdentityId,\n                    type: 'guest',\n                });\n            }\n            this._credentialsAndIdentityId = {\n                ...res,\n                isAuthenticatedCreds: false,\n            };\n            return res;\n        }\n        else {\n            throw new AuthError({\n                name: 'CredentialsNotFoundException',\n                message: `Cognito did not respond with either Credentials, AccessKeyId or SecretKey.`,\n            });\n        }\n    }\n    async credsForOIDCTokens(authConfig, authTokens, identityId) {\n        if (this._credentialsAndIdentityId &&\n            !this.isPastTTL() &&\n            this._credentialsAndIdentityId.isAuthenticatedCreds === true) {\n            logger.debug('returning stored credentials as they neither past TTL nor expired.');\n            return this._credentialsAndIdentityId;\n        }\n        // Clear to discard if any unauthenticated credentials are set and start with a clean slate\n        this.clearCredentials();\n        const logins = authTokens.idToken\n            ? formLoginsMap(authTokens.idToken.toString())\n            : {};\n        const region = getRegionFromIdentityPoolId(authConfig.identityPoolId);\n        const getCredentialsForIdentity = createGetCredentialsForIdentityClient({\n            endpointResolver: createCognitoIdentityPoolEndpointResolver({\n                endpointOverride: authConfig.identityPoolEndpoint,\n            }),\n        });\n        let clientResult;\n        try {\n            clientResult = await getCredentialsForIdentity({ region }, {\n                IdentityId: identityId,\n                Logins: logins,\n            });\n        }\n        catch (e) {\n            assertServiceError(e);\n            throw new AuthError(e);\n        }\n        if (clientResult?.Credentials?.AccessKeyId &&\n            clientResult?.Credentials?.SecretKey) {\n            this._nextCredentialsRefresh = new Date().getTime() + CREDENTIALS_TTL;\n            const res = {\n                credentials: {\n                    accessKeyId: clientResult.Credentials.AccessKeyId,\n                    secretAccessKey: clientResult.Credentials.SecretKey,\n                    sessionToken: clientResult.Credentials.SessionToken,\n                    expiration: clientResult.Credentials.Expiration,\n                },\n                identityId,\n            };\n            if (clientResult.IdentityId) {\n                res.identityId = clientResult.IdentityId;\n                // note: the following call removes guest identityId from the persistent store (localStorage)\n                this._identityIdStore.storeIdentityId({\n                    id: clientResult.IdentityId,\n                    type: 'primary',\n                });\n            }\n            // Store the credentials in-memory along with the expiration\n            this._credentialsAndIdentityId = {\n                ...res,\n                isAuthenticatedCreds: true,\n                associatedIdToken: authTokens.idToken?.toString(),\n            };\n            return res;\n        }\n        else {\n            throw new AuthError({\n                name: 'CredentialsException',\n                message: `Cognito did not respond with either Credentials, AccessKeyId or SecretKey.`,\n            });\n        }\n    }\n    isPastTTL() {\n        return this._nextCredentialsRefresh === undefined\n            ? true\n            : this._nextCredentialsRefresh <= Date.now();\n    }\n    hasTokenChanged(tokens) {\n        return (!!tokens &&\n            !!this._credentialsAndIdentityId?.associatedIdToken &&\n            tokens.idToken?.toString() !==\n                this._credentialsAndIdentityId.associatedIdToken);\n    }\n}\n"],"names":[],"mappings":";;;;;;;;;;;AAAA;AACA;AAUA,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,4BAA4B,CAAC;AAC9D,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAChC,MAAM,0CAA0C,CAAC;AACxD,IAAI,WAAW,CAAC,eAAe,EAAE;AACjC,QAAQ,IAAI,CAAC,uBAAuB,GAAG,CAAC;AACxC,QAAQ,IAAI,CAAC,gBAAgB,GAAG,eAAe;AAC/C;AACA,IAAI,MAAM,6BAA6B,GAAG;AAC1C,QAAQ,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC;AAC/D,QAAQ,IAAI,CAAC,yBAAyB,GAAG,SAAS;AAClD,QAAQ,MAAM,IAAI,CAAC,gBAAgB,CAAC,eAAe,EAAE;AACrD;AACA,IAAI,MAAM,gBAAgB,GAAG;AAC7B,QAAQ,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC;AAC1D,QAAQ,IAAI,CAAC,yBAAyB,GAAG,SAAS;AAClD;AACA,IAAI,MAAM,2BAA2B,CAAC,qBAAqB,EAAE;AAC7D,QAAQ,MAAM,eAAe,GAAG,qBAAqB,CAAC,aAAa;AACnE,QAAQ,MAAM,EAAE,MAAM,EAAE,GAAG,qBAAqB;AAChD,QAAQ,MAAM,EAAE,UAAU,EAAE,GAAG,qBAAqB;AACpD,QAAQ,IAAI;AACZ,YAAY,0BAA0B,CAAC,UAAU,EAAE,OAAO,CAAC;AAC3D;AACA,QAAQ,MAAM;AACd;AACA,YAAY;AACZ;AACA,QAAQ,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE;AACtE;AACA,YAAY;AACZ;AACA,QAAQ,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB;AACtD,QAAQ,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;AAC5D,QAAQ,MAAM,UAAU,GAAG,MAAM,yBAAyB,CAAC;AAC3D,YAAY,MAAM;AAClB,YAAY,UAAU,EAAE,UAAU,CAAC,OAAO;AAC1C,YAAY,eAAe,EAAE,IAAI,CAAC,gBAAgB;AAClD,SAAS,CAAC;AACV;AACA,QAAQ,IAAI,YAAY,IAAI,eAAe,EAAE;AAC7C,YAAY,IAAI,CAAC,gBAAgB,EAAE;AACnC;AACA,QAAQ,IAAI,CAAC,eAAe,EAAE;AAC9B,YAAY,OAAO,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,UAAU,CAAC,OAAO,CAAC;AAC3E;AACA,aAAa;AACb,YAAY,yBAAyB,CAAC,MAAM,CAAC;AAC7C,YAAY,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC;AAClF;AACA;AACA,IAAI,MAAM,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE;AACtD;AACA,QAAQ,IAAI,IAAI,CAAC,yBAAyB;AAC1C,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE;AAC7B,YAAY,IAAI,CAAC,yBAAyB,CAAC,oBAAoB,KAAK,KAAK,EAAE;AAC3E,YAAY,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC;AAC7F,YAAY,OAAO,IAAI,CAAC,yBAAyB;AACjD;AACA;AACA,QAAQ,IAAI,CAAC,gBAAgB,EAAE;AAC/B,QAAQ,MAAM,MAAM,GAAG,2BAA2B,CAAC,UAAU,CAAC,cAAc,CAAC;AAC7E,QAAQ,MAAM,yBAAyB,GAAG,qCAAqC,CAAC;AAChF,YAAY,gBAAgB,EAAE,yCAAyC,CAAC;AACxE,gBAAgB,gBAAgB,EAAE,UAAU,CAAC,oBAAoB;AACjE,aAAa,CAAC;AACd,SAAS,CAAC;AACV;AACA;AACA;AACA;AACA,QAAQ,IAAI,YAAY;AACxB,QAAQ,IAAI;AACZ,YAAY,YAAY,GAAG,MAAM,yBAAyB,CAAC,EAAE,MAAM,EAAE,EAAE;AACvE,gBAAgB,UAAU,EAAE,UAAU;AACtC,aAAa,CAAC;AACd;AACA,QAAQ,OAAO,CAAC,EAAE;AAClB,YAAY,kBAAkB,CAAC,CAAC,CAAC;AACjC,YAAY,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC;AAClC;AACA,QAAQ,IAAI,YAAY,EAAE,WAAW,EAAE,WAAW;AAClD,YAAY,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE;AAClD,YAAY,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe;AACjF,YAAY,MAAM,GAAG,GAAG;AACxB,gBAAgB,WAAW,EAAE;AAC7B,oBAAoB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,WAAW;AACrE,oBAAoB,eAAe,EAAE,YAAY,CAAC,WAAW,CAAC,SAAS;AACvE,oBAAoB,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC,YAAY;AACvE,oBAAoB,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU;AACnE,iBAAiB;AACjB,gBAAgB,UAAU;AAC1B,aAAa;AACb,YAAY,IAAI,YAAY,CAAC,UAAU,EAAE;AACzC,gBAAgB,GAAG,CAAC,UAAU,GAAG,YAAY,CAAC,UAAU;AACxD,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;AACtD,oBAAoB,EAAE,EAAE,YAAY,CAAC,UAAU;AAC/C,oBAAoB,IAAI,EAAE,OAAO;AACjC,iBAAiB,CAAC;AAClB;AACA,YAAY,IAAI,CAAC,yBAAyB,GAAG;AAC7C,gBAAgB,GAAG,GAAG;AACtB,gBAAgB,oBAAoB,EAAE,KAAK;AAC3C,aAAa;AACb,YAAY,OAAO,GAAG;AACtB;AACA,aAAa;AACb,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,8BAA8B;AACpD,gBAAgB,OAAO,EAAE,CAAC,0EAA0E,CAAC;AACrG,aAAa,CAAC;AACd;AACA;AACA,IAAI,MAAM,kBAAkB,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE;AACjE,QAAQ,IAAI,IAAI,CAAC,yBAAyB;AAC1C,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE;AAC7B,YAAY,IAAI,CAAC,yBAAyB,CAAC,oBAAoB,KAAK,IAAI,EAAE;AAC1E,YAAY,MAAM,CAAC,KAAK,CAAC,oEAAoE,CAAC;AAC9F,YAAY,OAAO,IAAI,CAAC,yBAAyB;AACjD;AACA;AACA,QAAQ,IAAI,CAAC,gBAAgB,EAAE;AAC/B,QAAQ,MAAM,MAAM,GAAG,UAAU,CAAC;AAClC,cAAc,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE;AACzD,cAAc,EAAE;AAChB,QAAQ,MAAM,MAAM,GAAG,2BAA2B,CAAC,UAAU,CAAC,cAAc,CAAC;AAC7E,QAAQ,MAAM,yBAAyB,GAAG,qCAAqC,CAAC;AAChF,YAAY,gBAAgB,EAAE,yCAAyC,CAAC;AACxE,gBAAgB,gBAAgB,EAAE,UAAU,CAAC,oBAAoB;AACjE,aAAa,CAAC;AACd,SAAS,CAAC;AACV,QAAQ,IAAI,YAAY;AACxB,QAAQ,IAAI;AACZ,YAAY,YAAY,GAAG,MAAM,yBAAyB,CAAC,EAAE,MAAM,EAAE,EAAE;AACvE,gBAAgB,UAAU,EAAE,UAAU;AACtC,gBAAgB,MAAM,EAAE,MAAM;AAC9B,aAAa,CAAC;AACd;AACA,QAAQ,OAAO,CAAC,EAAE;AAClB,YAAY,kBAAkB,CAAC,CAAC,CAAC;AACjC,YAAY,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC;AAClC;AACA,QAAQ,IAAI,YAAY,EAAE,WAAW,EAAE,WAAW;AAClD,YAAY,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE;AAClD,YAAY,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe;AACjF,YAAY,MAAM,GAAG,GAAG;AACxB,gBAAgB,WAAW,EAAE;AAC7B,oBAAoB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,WAAW;AACrE,oBAAoB,eAAe,EAAE,YAAY,CAAC,WAAW,CAAC,SAAS;AACvE,oBAAoB,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC,YAAY;AACvE,oBAAoB,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU;AACnE,iBAAiB;AACjB,gBAAgB,UAAU;AAC1B,aAAa;AACb,YAAY,IAAI,YAAY,CAAC,UAAU,EAAE;AACzC,gBAAgB,GAAG,CAAC,UAAU,GAAG,YAAY,CAAC,UAAU;AACxD;AACA,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;AACtD,oBAAoB,EAAE,EAAE,YAAY,CAAC,UAAU;AAC/C,oBAAoB,IAAI,EAAE,SAAS;AACnC,iBAAiB,CAAC;AAClB;AACA;AACA,YAAY,IAAI,CAAC,yBAAyB,GAAG;AAC7C,gBAAgB,GAAG,GAAG;AACtB,gBAAgB,oBAAoB,EAAE,IAAI;AAC1C,gBAAgB,iBAAiB,EAAE,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE;AACjE,aAAa;AACb,YAAY,OAAO,GAAG;AACtB;AACA,aAAa;AACb,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,sBAAsB;AAC5C,gBAAgB,OAAO,EAAE,CAAC,0EAA0E,CAAC;AACrG,aAAa,CAAC;AACd;AACA;AACA,IAAI,SAAS,GAAG;AAChB,QAAQ,OAAO,IAAI,CAAC,uBAAuB,KAAK;AAChD,cAAc;AACd,cAAc,IAAI,CAAC,uBAAuB,IAAI,IAAI,CAAC,GAAG,EAAE;AACxD;AACA,IAAI,eAAe,CAAC,MAAM,EAAE;AAC5B,QAAQ,QAAQ,CAAC,CAAC,MAAM;AACxB,YAAY,CAAC,CAAC,IAAI,CAAC,yBAAyB,EAAE,iBAAiB;AAC/D,YAAY,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE;AACtC,gBAAgB,IAAI,CAAC,yBAAyB,CAAC,iBAAiB;AAChE;AACA;;;;"}