UNPKG

@aws-amplify/auth

Version:

Auth category of aws-amplify

aws-amplify.github.io

aws-amplify/amplify-js

94 lines (91 loc) 4.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import { Amplify } from '@aws-amplify/core'; import { assertTokenProviderConfig, AuthAction } from '@aws-amplify/core/internals/utils'; import { AuthErrorCodes } from '../../../common/AuthErrorStrings.mjs'; import '@aws-amplify/core/internals/aws-client-utils/composers'; import '@aws-amplify/core/internals/aws-client-utils'; import { AuthError } from '../../../errors/AuthError.mjs'; import '../../../foundation/factories/serviceClients/cognitoIdentityProvider/shared/handler/cognitoUserPoolTransferHandler.mjs'; import '../../../foundation/factories/serviceClients/cognitoIdentityProvider/constants.mjs'; import '../../../errors/types/validation.mjs'; import '../../../providers/cognito/types/errors.mjs'; import { createRespondToAuthChallengeClient } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider/createRespondToAuthChallengeClient.mjs'; import { getRegionFromUserPoolId } from '../../../foundation/parsers/regionParsers.mjs'; import { createCognitoUserPoolEndpointResolver } from '../../../providers/cognito/factories/createCognitoUserPoolEndpointResolver.mjs'; import { cacheCognitoTokens } from '../../../providers/cognito/tokenProvider/cacheTokens.mjs'; import { dispatchSignedInHubEvent } from '../../../providers/cognito/utils/dispatchSignedInHubEvent.mjs'; import '../../utils/store/autoSignInStore.mjs'; import { signInStore, setActiveSignInState } from '../../utils/store/signInStore.mjs'; import { getAuthUserAgentValue } from '../../../utils/getAuthUserAgentValue.mjs'; import { assertPasskeyError, PasskeyErrorCode } from '../../utils/passkey/errors.mjs'; import { getPasskey } from '../../utils/passkey/getPasskey.mjs'; import { getNewDeviceMetadata } from '../../../providers/cognito/utils/getNewDeviceMetadata.mjs'; // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 async function handleWebAuthnSignInResult(challengeParameters) { const authConfig = Amplify.getConfig().Auth?.Cognito; assertTokenProviderConfig(authConfig); const { username, signInSession, signInDetails, challengeName } = signInStore.getState(); if (challengeName !== 'WEB_AUTHN' || !username) { throw new AuthError({ name: AuthErrorCodes.SignInException, message: 'Unable to proceed due to invalid sign in state.', }); } const { CREDENTIAL_REQUEST_OPTIONS: credentialRequestOptions } = challengeParameters; assertPasskeyError(!!credentialRequestOptions, PasskeyErrorCode.InvalidPasskeyAuthenticationOptions); const cred = await getPasskey(JSON.parse(credentialRequestOptions)); const respondToAuthChallenge = createRespondToAuthChallengeClient({ endpointResolver: createCognitoUserPoolEndpointResolver({ endpointOverride: authConfig.userPoolEndpoint, }), }); const { ChallengeName: nextChallengeName, ChallengeParameters: nextChallengeParameters, AuthenticationResult: authenticationResult, Session: nextSession, } = await respondToAuthChallenge({ region: getRegionFromUserPoolId(authConfig.userPoolId), userAgentValue: getAuthUserAgentValue(AuthAction.ConfirmSignIn), }, { ChallengeName: 'WEB_AUTHN', ChallengeResponses: { USERNAME: username, CREDENTIAL: JSON.stringify(cred), }, ClientId: authConfig.userPoolClientId, Session: signInSession, }); setActiveSignInState({ signInSession: nextSession, username, challengeName: nextChallengeName, signInDetails, }); if (authenticationResult) { await cacheCognitoTokens({ ...authenticationResult, username, NewDeviceMetadata: await getNewDeviceMetadata({ userPoolId: authConfig.userPoolId, userPoolEndpoint: authConfig.userPoolEndpoint, newDeviceMetadata: authenticationResult.NewDeviceMetadata, accessToken: authenticationResult.AccessToken, }), signInDetails, }); signInStore.dispatch({ type: 'RESET_STATE' }); await dispatchSignedInHubEvent(); return { isSignedIn: true, nextStep: { signInStep: 'DONE' }, }; } if (nextChallengeName === 'WEB_AUTHN') { throw new AuthError({ name: AuthErrorCodes.SignInException, message: 'Sequential WEB_AUTHN challenges returned from underlying service cannot be handled.', }); } return { challengeName: nextChallengeName, challengeParameters: nextChallengeParameters, }; } export { handleWebAuthnSignInResult }; //# sourceMappingURL=handleWebAuthnSignInResult.mjs.map