@aws-amplify/auth/dist/esm/providers/cognito/tokenProvider/TokenOrchestrator.mjs.map

Auth category of aws-amplify

{"version":3,"file":"TokenOrchestrator.mjs","sources":["../../../../../src/providers/cognito/tokenProvider/TokenOrchestrator.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { Hub, } from '@aws-amplify/core';\nimport { AMPLIFY_SYMBOL, assertTokenProviderConfig, isBrowser, isTokenExpired, } from '@aws-amplify/core/internals/utils';\nimport { assertServiceError } from '../../../errors/utils/assertServiceError';\nimport { AuthError } from '../../../errors/AuthError';\nimport { oAuthStore } from '../utils/oauth/oAuthStore';\nimport { addInflightPromise } from '../utils/oauth/inflightPromise';\nexport class TokenOrchestrator {\n    constructor() {\n        this.waitForInflightOAuth = isBrowser()\n            ? async () => {\n                if (!(await oAuthStore.loadOAuthInFlight())) {\n                    return;\n                }\n                if (this.inflightPromise) {\n                    return this.inflightPromise;\n                }\n                // when there is valid oauth config and there is an inflight oauth flow, try\n                // to block async calls that require fetching tokens before the oauth flow completes\n                // e.g. getCurrentUser, fetchAuthSession etc.\n                this.inflightPromise = new Promise((resolve, _reject) => {\n                    addInflightPromise(resolve);\n                });\n                return this.inflightPromise;\n            }\n            : async () => {\n                // no-op for non-browser environments\n            };\n    }\n    setAuthConfig(authConfig) {\n        oAuthStore.setAuthConfig(authConfig.Cognito);\n        this.authConfig = authConfig;\n    }\n    setTokenRefresher(tokenRefresher) {\n        this.tokenRefresher = tokenRefresher;\n    }\n    setAuthTokenStore(tokenStore) {\n        this.tokenStore = tokenStore;\n    }\n    getTokenStore() {\n        if (!this.tokenStore) {\n            throw new AuthError({\n                name: 'EmptyTokenStoreException',\n                message: 'TokenStore not set',\n            });\n        }\n        return this.tokenStore;\n    }\n    getTokenRefresher() {\n        if (!this.tokenRefresher) {\n            throw new AuthError({\n                name: 'EmptyTokenRefresherException',\n                message: 'TokenRefresher not set',\n            });\n        }\n        return this.tokenRefresher;\n    }\n    setClientMetadataProvider(clientMetadataProvider) {\n        this.clientMetadataProvider = clientMetadataProvider;\n    }\n    async getTokens(options) {\n        let tokens;\n        try {\n            assertTokenProviderConfig(this.authConfig?.Cognito);\n        }\n        catch (_err) {\n            // Token provider not configured\n            return null;\n        }\n        await this.waitForInflightOAuth();\n        this.inflightPromise = undefined;\n        tokens = await this.getTokenStore().loadTokens();\n        const username = await this.getTokenStore().getLastAuthUser();\n        if (tokens === null) {\n            return null;\n        }\n        const idTokenExpired = !!tokens?.idToken &&\n            isTokenExpired({\n                expiresAt: (tokens.idToken?.payload?.exp ?? 0) * 1000,\n                clockDrift: tokens.clockDrift ?? 0,\n            });\n        const accessTokenExpired = isTokenExpired({\n            expiresAt: (tokens.accessToken?.payload?.exp ?? 0) * 1000,\n            clockDrift: tokens.clockDrift ?? 0,\n        });\n        if (options?.forceRefresh || idTokenExpired || accessTokenExpired) {\n            tokens = await this.refreshTokens({\n                tokens,\n                username,\n                clientMetadata: options?.clientMetadata ?? (await this.clientMetadataProvider?.()),\n            });\n            if (tokens === null) {\n                return null;\n            }\n        }\n        return {\n            accessToken: tokens?.accessToken,\n            idToken: tokens?.idToken,\n            signInDetails: tokens?.signInDetails,\n        };\n    }\n    async refreshTokens({ tokens, username, clientMetadata, }) {\n        try {\n            const { signInDetails } = tokens;\n            const newTokens = await this.getTokenRefresher()({\n                tokens,\n                authConfig: this.authConfig,\n                username,\n                clientMetadata,\n            });\n            newTokens.signInDetails = signInDetails;\n            await this.setTokens({ tokens: newTokens });\n            Hub.dispatch('auth', { event: 'tokenRefresh' }, 'Auth', AMPLIFY_SYMBOL);\n            return newTokens;\n        }\n        catch (err) {\n            return this.handleErrors(err);\n        }\n    }\n    handleErrors(err) {\n        assertServiceError(err);\n        // Only clear tokens for definitive authentication failures\n        // Do NOT clear tokens for transient errors like service issues, rate limits, etc.\n        const shouldClearTokens = this.isAuthenticationError(err);\n        if (shouldClearTokens) {\n            this.clearTokens();\n        }\n        Hub.dispatch('auth', {\n            event: 'tokenRefresh_failure',\n            data: { error: err },\n        }, 'Auth', AMPLIFY_SYMBOL);\n        if (err.name.startsWith('NotAuthorizedException')) {\n            return null;\n        }\n        throw err;\n    }\n    isAuthenticationError(err) {\n        // Only clear tokens for errors that definitively indicate the tokens are invalid\n        // and re-authentication is required. All other errors (service errors, rate limits, etc.)\n        // should preserve the tokens to allow for retry.\n        // See: https://github.com/aws-amplify/amplify-js/issues/14534\n        const authErrorNames = [\n            'NotAuthorizedException', // Refresh token is expired or invalid\n            'TokenRevokedException', // Token was revoked by admin\n            'UserNotFoundException', // User no longer exists\n            'PasswordResetRequiredException', // User must reset password\n            'UserNotConfirmedException', // User account is not confirmed\n            'RefreshTokenReuseException', // Refresh token invalidated by rotation\n        ];\n        return authErrorNames.some(errorName => err?.name?.startsWith?.(errorName));\n    }\n    async setTokens({ tokens }) {\n        return this.getTokenStore().storeTokens(tokens);\n    }\n    async clearTokens() {\n        return this.getTokenStore().clearTokens();\n    }\n    getDeviceMetadata(username) {\n        return this.getTokenStore().getDeviceMetadata(username);\n    }\n    clearDeviceMetadata(username) {\n        return this.getTokenStore().clearDeviceMetadata(username);\n    }\n    setOAuthMetadata(metadata) {\n        return this.getTokenStore().setOAuthMetadata(metadata);\n    }\n    getOAuthMetadata() {\n        return this.getTokenStore().getOAuthMetadata();\n    }\n}\n"],"names":[],"mappings":";;;;;;;AAAA;AACA;AAOO,MAAM,iBAAiB,CAAC;AAC/B,IAAI,WAAW,GAAG;AAClB,QAAQ,IAAI,CAAC,oBAAoB,GAAG,SAAS;AAC7C,cAAc,YAAY;AAC1B,gBAAgB,IAAI,EAAE,MAAM,UAAU,CAAC,iBAAiB,EAAE,CAAC,EAAE;AAC7D,oBAAoB;AACpB,gBAAgB;AAChB,gBAAgB,IAAI,IAAI,CAAC,eAAe,EAAE;AAC1C,oBAAoB,OAAO,IAAI,CAAC,eAAe;AAC/C,gBAAgB;AAChB;AACA;AACA;AACA,gBAAgB,IAAI,CAAC,eAAe,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,KAAK;AACzE,oBAAoB,kBAAkB,CAAC,OAAO,CAAC;AAC/C,gBAAgB,CAAC,CAAC;AAClB,gBAAgB,OAAO,IAAI,CAAC,eAAe;AAC3C,YAAY;AACZ,cAAc,YAAY;AAC1B;AACA,YAAY,CAAC;AACb,IAAI;AACJ,IAAI,aAAa,CAAC,UAAU,EAAE;AAC9B,QAAQ,UAAU,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AACpD,QAAQ,IAAI,CAAC,UAAU,GAAG,UAAU;AACpC,IAAI;AACJ,IAAI,iBAAiB,CAAC,cAAc,EAAE;AACtC,QAAQ,IAAI,CAAC,cAAc,GAAG,cAAc;AAC5C,IAAI;AACJ,IAAI,iBAAiB,CAAC,UAAU,EAAE;AAClC,QAAQ,IAAI,CAAC,UAAU,GAAG,UAAU;AACpC,IAAI;AACJ,IAAI,aAAa,GAAG;AACpB,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;AAC9B,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,0BAA0B;AAChD,gBAAgB,OAAO,EAAE,oBAAoB;AAC7C,aAAa,CAAC;AACd,QAAQ;AACR,QAAQ,OAAO,IAAI,CAAC,UAAU;AAC9B,IAAI;AACJ,IAAI,iBAAiB,GAAG;AACxB,QAAQ,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;AAClC,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,8BAA8B;AACpD,gBAAgB,OAAO,EAAE,wBAAwB;AACjD,aAAa,CAAC;AACd,QAAQ;AACR,QAAQ,OAAO,IAAI,CAAC,cAAc;AAClC,IAAI;AACJ,IAAI,yBAAyB,CAAC,sBAAsB,EAAE;AACtD,QAAQ,IAAI,CAAC,sBAAsB,GAAG,sBAAsB;AAC5D,IAAI;AACJ,IAAI,MAAM,SAAS,CAAC,OAAO,EAAE;AAC7B,QAAQ,IAAI,MAAM;AAClB,QAAQ,IAAI;AACZ,YAAY,yBAAyB,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC;AAC/D,QAAQ;AACR,QAAQ,OAAO,IAAI,EAAE;AACrB;AACA,YAAY,OAAO,IAAI;AACvB,QAAQ;AACR,QAAQ,MAAM,IAAI,CAAC,oBAAoB,EAAE;AACzC,QAAQ,IAAI,CAAC,eAAe,GAAG,SAAS;AACxC,QAAQ,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;AACxD,QAAQ,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC,eAAe,EAAE;AACrE,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE;AAC7B,YAAY,OAAO,IAAI;AACvB,QAAQ;AACR,QAAQ,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO;AAChD,YAAY,cAAc,CAAC;AAC3B,gBAAgB,SAAS,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI;AACrE,gBAAgB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;AAClD,aAAa,CAAC;AACd,QAAQ,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAClD,YAAY,SAAS,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI;AACrE,YAAY,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;AAC9C,SAAS,CAAC;AACV,QAAQ,IAAI,OAAO,EAAE,YAAY,IAAI,cAAc,IAAI,kBAAkB,EAAE;AAC3E,YAAY,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;AAC9C,gBAAgB,MAAM;AACtB,gBAAgB,QAAQ;AACxB,gBAAgB,cAAc,EAAE,OAAO,EAAE,cAAc,KAAK,MAAM,IAAI,CAAC,sBAAsB,IAAI,CAAC;AAClG,aAAa,CAAC;AACd,YAAY,IAAI,MAAM,KAAK,IAAI,EAAE;AACjC,gBAAgB,OAAO,IAAI;AAC3B,YAAY;AACZ,QAAQ;AACR,QAAQ,OAAO;AACf,YAAY,WAAW,EAAE,MAAM,EAAE,WAAW;AAC5C,YAAY,OAAO,EAAE,MAAM,EAAE,OAAO;AACpC,YAAY,aAAa,EAAE,MAAM,EAAE,aAAa;AAChD,SAAS;AACT,IAAI;AACJ,IAAI,MAAM,aAAa,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE;AAC/D,QAAQ,IAAI;AACZ,YAAY,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM;AAC5C,YAAY,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;AAC7D,gBAAgB,MAAM;AACtB,gBAAgB,UAAU,EAAE,IAAI,CAAC,UAAU;AAC3C,gBAAgB,QAAQ;AACxB,gBAAgB,cAAc;AAC9B,aAAa,CAAC;AACd,YAAY,SAAS,CAAC,aAAa,GAAG,aAAa;AACnD,YAAY,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AACvD,YAAY,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,MAAM,EAAE,cAAc,CAAC;AACnF,YAAY,OAAO,SAAS;AAC5B,QAAQ;AACR,QAAQ,OAAO,GAAG,EAAE;AACpB,YAAY,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;AACzC,QAAQ;AACR,IAAI;AACJ,IAAI,YAAY,CAAC,GAAG,EAAE;AACtB,QAAQ,kBAAkB,CAAC,GAAG,CAAC;AAC/B;AACA;AACA,QAAQ,MAAM,iBAAiB,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC;AACjE,QAAQ,IAAI,iBAAiB,EAAE;AAC/B,YAAY,IAAI,CAAC,WAAW,EAAE;AAC9B,QAAQ;AACR,QAAQ,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE;AAC7B,YAAY,KAAK,EAAE,sBAAsB;AACzC,YAAY,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;AAChC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC;AAClC,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE;AAC3D,YAAY,OAAO,IAAI;AACvB,QAAQ;AACR,QAAQ,MAAM,GAAG;AACjB,IAAI;AACJ,IAAI,qBAAqB,CAAC,GAAG,EAAE;AAC/B;AACA;AACA;AACA;AACA,QAAQ,MAAM,cAAc,GAAG;AAC/B,YAAY,wBAAwB;AACpC,YAAY,uBAAuB;AACnC,YAAY,uBAAuB;AACnC,YAAY,gCAAgC;AAC5C,YAAY,2BAA2B;AACvC,YAAY,4BAA4B;AACxC,SAAS;AACT,QAAQ,OAAO,cAAc,CAAC,IAAI,CAAC,SAAS,IAAI,GAAG,EAAE,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC,CAAC;AACnF,IAAI;AACJ,IAAI,MAAM,SAAS,CAAC,EAAE,MAAM,EAAE,EAAE;AAChC,QAAQ,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;AACvD,IAAI;AACJ,IAAI,MAAM,WAAW,GAAG;AACxB,QAAQ,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,WAAW,EAAE;AACjD,IAAI;AACJ,IAAI,iBAAiB,CAAC,QAAQ,EAAE;AAChC,QAAQ,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC;AAC/D,IAAI;AACJ,IAAI,mBAAmB,CAAC,QAAQ,EAAE;AAClC,QAAQ,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,mBAAmB,CAAC,QAAQ,CAAC;AACjE,IAAI;AACJ,IAAI,gBAAgB,CAAC,QAAQ,EAAE;AAC/B,QAAQ,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC;AAC9D,IAAI;AACJ,IAAI,gBAAgB,GAAG;AACvB,QAAQ,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,gBAAgB,EAAE;AACtD,IAAI;AACJ;;;;"}