UNPKG

@aws-amplify/auth

Version:

Auth category of aws-amplify

aws-amplify.github.io

aws-amplify/amplify-js

126 lines (111 loc) 4.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 import { CognitoUserPoolConfig } from '@aws-amplify/core'; import { AuthAction } from '@aws-amplify/core/internals/utils'; import { getUserContextData } from '../../../providers/cognito/utils/userContextData'; import { AuthTokenOrchestrator } from '../../../providers/cognito/tokenProvider/types'; import { AuthFactorType } from '../../../providers/cognito/types/models'; import { InitiateAuthCommandInput, InitiateAuthCommandOutput, } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider/types'; import { createInitiateAuthClient } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider'; import { createCognitoUserPoolEndpointResolver } from '../../../providers/cognito/factories'; import { getRegionFromUserPoolId } from '../../../foundation/parsers'; import { getAuthUserAgentValue } from '../../../utils'; import { handlePasswordSRP } from '../shared/handlePasswordSRP'; import { assertValidationError } from '../../../errors/utils/assertValidationError'; import { AuthValidationErrorCode } from '../../../errors/types/validation'; import { setActiveSignInUsername } from '../../../providers/cognito/utils/setActiveSignInUsername'; export interface HandleUserAuthFlowInput { username: string; config: CognitoUserPoolConfig; tokenOrchestrator: AuthTokenOrchestrator; clientMetadata?: Record<string, string>; preferredChallenge?: AuthFactorType; password?: string; session?: string; } /** * Handles user authentication flow with configurable challenge preferences. * Supports AuthFactorType challenges through the USER_AUTH flow. * * @param {HandleUserAuthFlowInput} params - Authentication flow parameters * @param {string} params.username - The username for authentication * @param {Record<string, string>} [params.clientMetadata] - Optional metadata to pass to authentication service * @param {CognitoUserPoolConfig} params.config - Cognito User Pool configuration * @param {AuthTokenOrchestrator} params.tokenOrchestrator - Manages authentication tokens and device tracking * @param {AuthFactorType} [params.preferredChallenge] - Optional preferred authentication method * @param {string} [params.password] - Required when preferredChallenge is 'PASSWORD' or 'PASSWORD_SRP' * * @returns {Promise<InitiateAuthCommandOutput>} The authentication response from Cognito */ export async function handleUserAuthFlow({ username, clientMetadata, config, tokenOrchestrator, preferredChallenge, password, session, }: HandleUserAuthFlowInput) { const { userPoolId, userPoolClientId, userPoolEndpoint } = config; const UserContextData = getUserContextData({ username, userPoolId, userPoolClientId, }); const authParameters: Record<string, string> = { USERNAME: username }; if (preferredChallenge) { if (preferredChallenge === 'PASSWORD_SRP') { assertValidationError( !!password, AuthValidationErrorCode.EmptySignInPassword, ); return handlePasswordSRP({ username, password, clientMetadata, config, tokenOrchestrator, authFlow: 'USER_AUTH', preferredChallenge, }); } if (preferredChallenge === 'PASSWORD') { assertValidationError( !!password, AuthValidationErrorCode.EmptySignInPassword, ); authParameters.PASSWORD = password; } authParameters.PREFERRED_CHALLENGE = preferredChallenge; } const jsonReq: InitiateAuthCommandInput = { AuthFlow: 'USER_AUTH', AuthParameters: authParameters, ClientMetadata: clientMetadata, ClientId: userPoolClientId, UserContextData, }; if (session) { jsonReq.Session = session; } const initiateAuth = createInitiateAuthClient({ endpointResolver: createCognitoUserPoolEndpointResolver({ endpointOverride: userPoolEndpoint, }), }); const response = await initiateAuth( { region: getRegionFromUserPoolId(userPoolId), userAgentValue: getAuthUserAgentValue(AuthAction.SignIn), }, jsonReq, ); // Set the active username immediately after successful authentication attempt // If a user starts a new sign-in while another sign-in is incomplete, // this ensures we're tracking the correct user for subsequent auth challenges. setActiveSignInUsername(username); return response; }