UNPKG

@aws-amplify/auth

Version:

Auth category of aws-amplify

aws-amplify.github.io

aws-amplify/amplify-js

76 lines (67 loc) 2.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 import { AuthConfig } from '@aws-amplify/core'; import { assertTokenProviderConfig, deDupeAsyncFunction, decodeJWT, } from '@aws-amplify/core/internals/utils'; import { CognitoAuthTokens, TokenRefresher } from '../tokenProvider/types'; import { getRegionFromUserPoolId } from '../../../foundation/parsers'; import { assertAuthTokensWithRefreshToken } from '../utils/types'; import { AuthError } from '../../../errors/AuthError'; import { createCognitoUserPoolEndpointResolver } from '../factories'; import { createGetTokensFromRefreshTokenClient } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider'; import { ClientMetadata } from '../types'; const refreshAuthTokensFunction: TokenRefresher = async ({ tokens, authConfig, username, clientMetadata, }: { tokens: CognitoAuthTokens; authConfig?: AuthConfig; username: string; clientMetadata?: ClientMetadata; }): Promise<CognitoAuthTokens> => { assertTokenProviderConfig(authConfig?.Cognito); const { userPoolId, userPoolClientId, userPoolEndpoint } = authConfig.Cognito; const region = getRegionFromUserPoolId(userPoolId); assertAuthTokensWithRefreshToken(tokens); const getTokensFromRefreshToken = createGetTokensFromRefreshTokenClient({ endpointResolver: createCognitoUserPoolEndpointResolver({ endpointOverride: userPoolEndpoint, }), }); const { AuthenticationResult } = await getTokensFromRefreshToken( { region }, { ClientId: userPoolClientId, RefreshToken: tokens.refreshToken, DeviceKey: tokens.deviceMetadata?.deviceKey, ClientMetadata: clientMetadata, }, ); const accessToken = decodeJWT(AuthenticationResult?.AccessToken ?? ''); const idToken = AuthenticationResult?.IdToken ? decodeJWT(AuthenticationResult.IdToken) : undefined; const { iat } = accessToken.payload; // This should never happen. If it does, it's a bug from the service. if (!iat) { throw new AuthError({ name: 'iatNotFoundException', message: 'iat not found in access token', }); } const clockDrift = iat * 1000 - new Date().getTime(); return { accessToken, idToken, clockDrift, refreshToken: AuthenticationResult?.RefreshToken ?? tokens.refreshToken, username, }; }; export const refreshAuthTokens = deDupeAsyncFunction(refreshAuthTokensFunction); export const refreshAuthTokensWithoutDedupe = refreshAuthTokensFunction;