UNPKG

@aws-amplify/auth

Version:

Auth category of aws-amplify

aws-amplify.github.io

aws-amplify/amplify-js

95 lines (81 loc) 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 import { Amplify, fetchAuthSession } from '@aws-amplify/core'; import { AuthAction, assertTokenProviderConfig, } from '@aws-amplify/core/internals/utils'; import { CompleteWebAuthnRegistrationException, StartWebAuthnRegistrationException, } from '../../foundation/factories/serviceClients/cognitoIdentityProvider/types'; import { assertAuthTokens } from '../../providers/cognito/utils/types'; import { createCognitoUserPoolEndpointResolver } from '../../providers/cognito/factories'; import { getRegionFromUserPoolId } from '../../foundation/parsers'; import { getAuthUserAgentValue } from '../../utils'; import { registerPasskey } from '../utils'; import { createCompleteWebAuthnRegistrationClient, createStartWebAuthnRegistrationClient, } from '../../foundation/factories/serviceClients/cognitoIdentityProvider'; import { PasskeyError } from '../utils/passkey/errors'; import { AuthError } from '../../errors/AuthError'; import { assertValidCredentialCreationOptions } from '../utils/passkey/types'; /** * Registers a new passkey for an authenticated user * * @returns Promise<void> * @throws - {@link PasskeyError}: * - Thrown when intermediate state is invalid * @throws - {@link AuthError}: * - Thrown when user is unauthenticated * @throws - {@link StartWebAuthnRegistrationException} * - Thrown due to a service error retrieving WebAuthn registration options * @throws - {@link CompleteWebAuthnRegistrationException} * - Thrown due to a service error when verifying WebAuthn registration result */ export async function associateWebAuthnCredential(): Promise<void> { const authConfig = Amplify.getConfig().Auth?.Cognito; assertTokenProviderConfig(authConfig); const { userPoolEndpoint, userPoolId } = authConfig; const { tokens } = await fetchAuthSession(); assertAuthTokens(tokens); const startWebAuthnRegistration = createStartWebAuthnRegistrationClient({ endpointResolver: createCognitoUserPoolEndpointResolver({ endpointOverride: userPoolEndpoint, }), }); const { CredentialCreationOptions: credentialCreationOptions } = await startWebAuthnRegistration( { region: getRegionFromUserPoolId(userPoolId), userAgentValue: getAuthUserAgentValue( AuthAction.StartWebAuthnRegistration, ), }, { AccessToken: tokens.accessToken.toString(), }, ); assertValidCredentialCreationOptions(credentialCreationOptions); const cred = await registerPasskey(credentialCreationOptions); const completeWebAuthnRegistration = createCompleteWebAuthnRegistrationClient( { endpointResolver: createCognitoUserPoolEndpointResolver({ endpointOverride: userPoolEndpoint, }), }, ); await completeWebAuthnRegistration( { region: getRegionFromUserPoolId(userPoolId), userAgentValue: getAuthUserAgentValue( AuthAction.CompleteWebAuthnRegistration, ), }, { AccessToken: tokens.accessToken.toString(), Credential: cred, }, ); }