@aws-amplify/auth/dist/esm/providers/cognito/credentialsProvider/credentialsProvider.mjs.map

Auth category of aws-amplify

{"version":3,"file":"credentialsProvider.mjs","sources":["../../../../../src/providers/cognito/credentialsProvider/credentialsProvider.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { ConsoleLogger, getCredentialsForIdentity, } from '@aws-amplify/core';\nimport { assertIdentityPoolIdConfig, } from '@aws-amplify/core/internals/utils';\nimport { AuthError } from '../../../errors/AuthError';\nimport { getRegionFromIdentityPoolId } from '../utils/clients/CognitoIdentityProvider/utils';\nimport { assertIdTokenInAuthTokens } from '../utils/types';\nimport { cognitoIdentityIdProvider } from './IdentityIdProvider';\nimport { formLoginsMap } from './utils';\nconst logger = new ConsoleLogger('CognitoCredentialsProvider');\nconst CREDENTIALS_TTL = 50 * 60 * 1000; // 50 min, can be modified on config if required in the future\nexport class CognitoAWSCredentialsAndIdentityIdProvider {\n    constructor(identityIdStore) {\n        this._nextCredentialsRefresh = 0;\n        this._identityIdStore = identityIdStore;\n    }\n    async clearCredentialsAndIdentityId() {\n        logger.debug('Clearing out credentials and identityId');\n        this._credentialsAndIdentityId = undefined;\n        await this._identityIdStore.clearIdentityId();\n    }\n    async clearCredentials() {\n        logger.debug('Clearing out in-memory credentials');\n        this._credentialsAndIdentityId = undefined;\n    }\n    async getCredentialsAndIdentityId(getCredentialsOptions) {\n        const isAuthenticated = getCredentialsOptions.authenticated;\n        const { tokens } = getCredentialsOptions;\n        const { authConfig } = getCredentialsOptions;\n        try {\n            assertIdentityPoolIdConfig(authConfig?.Cognito);\n        }\n        catch {\n            // No identity pool configured, skipping\n            return;\n        }\n        if (!isAuthenticated && !authConfig.Cognito.allowGuestAccess) {\n            // TODO(V6): return partial result like Native platforms\n            return;\n        }\n        const { forceRefresh } = getCredentialsOptions;\n        const tokenHasChanged = this.hasTokenChanged(tokens);\n        const identityId = await cognitoIdentityIdProvider({\n            tokens,\n            authConfig: authConfig.Cognito,\n            identityIdStore: this._identityIdStore,\n        });\n        // Clear cached credentials when forceRefresh is true OR the cache token has changed\n        if (forceRefresh || tokenHasChanged) {\n            this.clearCredentials();\n        }\n        if (!isAuthenticated) {\n            return this.getGuestCredentials(identityId, authConfig.Cognito);\n        }\n        else {\n            assertIdTokenInAuthTokens(tokens);\n            return this.credsForOIDCTokens(authConfig.Cognito, tokens, identityId);\n        }\n    }\n    async getGuestCredentials(identityId, authConfig) {\n        // Return existing in-memory cached credentials only if it exists, is not past it's lifetime and is unauthenticated credentials\n        if (this._credentialsAndIdentityId &&\n            !this.isPastTTL() &&\n            this._credentialsAndIdentityId.isAuthenticatedCreds === false) {\n            logger.info('returning stored credentials as they neither past TTL nor expired.');\n            return this._credentialsAndIdentityId;\n        }\n        // Clear to discard if any authenticated credentials are set and start with a clean slate\n        this.clearCredentials();\n        const region = getRegionFromIdentityPoolId(authConfig.identityPoolId);\n        // use identityId to obtain guest credentials\n        // save credentials in-memory\n        // No logins params should be passed for guest creds:\n        // https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html\n        const clientResult = await getCredentialsForIdentity({ region }, {\n            IdentityId: identityId,\n        });\n        if (clientResult.Credentials &&\n            clientResult.Credentials.AccessKeyId &&\n            clientResult.Credentials.SecretKey) {\n            this._nextCredentialsRefresh = new Date().getTime() + CREDENTIALS_TTL;\n            const res = {\n                credentials: {\n                    accessKeyId: clientResult.Credentials.AccessKeyId,\n                    secretAccessKey: clientResult.Credentials.SecretKey,\n                    sessionToken: clientResult.Credentials.SessionToken,\n                    expiration: clientResult.Credentials.Expiration,\n                },\n                identityId,\n            };\n            const identityIdRes = clientResult.IdentityId;\n            if (identityIdRes) {\n                res.identityId = identityIdRes;\n                this._identityIdStore.storeIdentityId({\n                    id: identityIdRes,\n                    type: 'guest',\n                });\n            }\n            this._credentialsAndIdentityId = {\n                ...res,\n                isAuthenticatedCreds: false,\n            };\n            return res;\n        }\n        else {\n            throw new AuthError({\n                name: 'CredentialsNotFoundException',\n                message: `Cognito did not respond with either Credentials, AccessKeyId or SecretKey.`,\n            });\n        }\n    }\n    async credsForOIDCTokens(authConfig, authTokens, identityId) {\n        if (this._credentialsAndIdentityId &&\n            !this.isPastTTL() &&\n            this._credentialsAndIdentityId.isAuthenticatedCreds === true) {\n            logger.debug('returning stored credentials as they neither past TTL nor expired.');\n            return this._credentialsAndIdentityId;\n        }\n        // Clear to discard if any unauthenticated credentials are set and start with a clean slate\n        this.clearCredentials();\n        const logins = authTokens.idToken\n            ? formLoginsMap(authTokens.idToken.toString())\n            : {};\n        const region = getRegionFromIdentityPoolId(authConfig.identityPoolId);\n        const clientResult = await getCredentialsForIdentity({ region }, {\n            IdentityId: identityId,\n            Logins: logins,\n        });\n        if (clientResult.Credentials &&\n            clientResult.Credentials.AccessKeyId &&\n            clientResult.Credentials.SecretKey) {\n            const res = {\n                credentials: {\n                    accessKeyId: clientResult.Credentials.AccessKeyId,\n                    secretAccessKey: clientResult.Credentials.SecretKey,\n                    sessionToken: clientResult.Credentials.SessionToken,\n                    expiration: clientResult.Credentials.Expiration,\n                },\n                identityId,\n            };\n            // Store the credentials in-memory along with the expiration\n            this._credentialsAndIdentityId = {\n                ...res,\n                isAuthenticatedCreds: true,\n                associatedIdToken: authTokens.idToken?.toString(),\n            };\n            this._nextCredentialsRefresh = new Date().getTime() + CREDENTIALS_TTL;\n            const identityIdRes = clientResult.IdentityId;\n            if (identityIdRes) {\n                res.identityId = identityIdRes;\n                this._identityIdStore.storeIdentityId({\n                    id: identityIdRes,\n                    type: 'primary',\n                });\n            }\n            return res;\n        }\n        else {\n            throw new AuthError({\n                name: 'CredentialsException',\n                message: `Cognito did not respond with either Credentials, AccessKeyId or SecretKey.`,\n            });\n        }\n    }\n    isPastTTL() {\n        return this._nextCredentialsRefresh === undefined\n            ? true\n            : this._nextCredentialsRefresh <= Date.now();\n    }\n    hasTokenChanged(tokens) {\n        return (!!tokens &&\n            !!this._credentialsAndIdentityId?.associatedIdToken &&\n            tokens.idToken?.toString() !==\n                this._credentialsAndIdentityId.associatedIdToken);\n    }\n}\n"],"names":[],"mappings":";;;;;;;;AAAA;AACA;AAQA,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,4BAA4B,CAAC,CAAC;AAC/D,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAChC,MAAM,0CAA0C,CAAC;AACxD,IAAI,WAAW,CAAC,eAAe,EAAE;AACjC,QAAQ,IAAI,CAAC,uBAAuB,GAAG,CAAC,CAAC;AACzC,QAAQ,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;AAChD,KAAK;AACL,IAAI,MAAM,6BAA6B,GAAG;AAC1C,QAAQ,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;AAChE,QAAQ,IAAI,CAAC,yBAAyB,GAAG,SAAS,CAAC;AACnD,QAAQ,MAAM,IAAI,CAAC,gBAAgB,CAAC,eAAe,EAAE,CAAC;AACtD,KAAK;AACL,IAAI,MAAM,gBAAgB,GAAG;AAC7B,QAAQ,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;AAC3D,QAAQ,IAAI,CAAC,yBAAyB,GAAG,SAAS,CAAC;AACnD,KAAK;AACL,IAAI,MAAM,2BAA2B,CAAC,qBAAqB,EAAE;AAC7D,QAAQ,MAAM,eAAe,GAAG,qBAAqB,CAAC,aAAa,CAAC;AACpE,QAAQ,MAAM,EAAE,MAAM,EAAE,GAAG,qBAAqB,CAAC;AACjD,QAAQ,MAAM,EAAE,UAAU,EAAE,GAAG,qBAAqB,CAAC;AACrD,QAAQ,IAAI;AACZ,YAAY,0BAA0B,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAC5D,SAAS;AACT,QAAQ,MAAM;AACd;AACA,YAAY,OAAO;AACnB,SAAS;AACT,QAAQ,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE;AACtE;AACA,YAAY,OAAO;AACnB,SAAS;AACT,QAAQ,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB,CAAC;AACvD,QAAQ,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;AAC7D,QAAQ,MAAM,UAAU,GAAG,MAAM,yBAAyB,CAAC;AAC3D,YAAY,MAAM;AAClB,YAAY,UAAU,EAAE,UAAU,CAAC,OAAO;AAC1C,YAAY,eAAe,EAAE,IAAI,CAAC,gBAAgB;AAClD,SAAS,CAAC,CAAC;AACX;AACA,QAAQ,IAAI,YAAY,IAAI,eAAe,EAAE;AAC7C,YAAY,IAAI,CAAC,gBAAgB,EAAE,CAAC;AACpC,SAAS;AACT,QAAQ,IAAI,CAAC,eAAe,EAAE;AAC9B,YAAY,OAAO,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;AAC5E,SAAS;AACT,aAAa;AACb,YAAY,yBAAyB,CAAC,MAAM,CAAC,CAAC;AAC9C,YAAY,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AACnF,SAAS;AACT,KAAK;AACL,IAAI,MAAM,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE;AACtD;AACA,QAAQ,IAAI,IAAI,CAAC,yBAAyB;AAC1C,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE;AAC7B,YAAY,IAAI,CAAC,yBAAyB,CAAC,oBAAoB,KAAK,KAAK,EAAE;AAC3E,YAAY,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;AAC9F,YAAY,OAAO,IAAI,CAAC,yBAAyB,CAAC;AAClD,SAAS;AACT;AACA,QAAQ,IAAI,CAAC,gBAAgB,EAAE,CAAC;AAChC,QAAQ,MAAM,MAAM,GAAG,2BAA2B,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AAC9E;AACA;AACA;AACA;AACA,QAAQ,MAAM,YAAY,GAAG,MAAM,yBAAyB,CAAC,EAAE,MAAM,EAAE,EAAE;AACzE,YAAY,UAAU,EAAE,UAAU;AAClC,SAAS,CAAC,CAAC;AACX,QAAQ,IAAI,YAAY,CAAC,WAAW;AACpC,YAAY,YAAY,CAAC,WAAW,CAAC,WAAW;AAChD,YAAY,YAAY,CAAC,WAAW,CAAC,SAAS,EAAE;AAChD,YAAY,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe,CAAC;AAClF,YAAY,MAAM,GAAG,GAAG;AACxB,gBAAgB,WAAW,EAAE;AAC7B,oBAAoB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,WAAW;AACrE,oBAAoB,eAAe,EAAE,YAAY,CAAC,WAAW,CAAC,SAAS;AACvE,oBAAoB,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC,YAAY;AACvE,oBAAoB,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU;AACnE,iBAAiB;AACjB,gBAAgB,UAAU;AAC1B,aAAa,CAAC;AACd,YAAY,MAAM,aAAa,GAAG,YAAY,CAAC,UAAU,CAAC;AAC1D,YAAY,IAAI,aAAa,EAAE;AAC/B,gBAAgB,GAAG,CAAC,UAAU,GAAG,aAAa,CAAC;AAC/C,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;AACtD,oBAAoB,EAAE,EAAE,aAAa;AACrC,oBAAoB,IAAI,EAAE,OAAO;AACjC,iBAAiB,CAAC,CAAC;AACnB,aAAa;AACb,YAAY,IAAI,CAAC,yBAAyB,GAAG;AAC7C,gBAAgB,GAAG,GAAG;AACtB,gBAAgB,oBAAoB,EAAE,KAAK;AAC3C,aAAa,CAAC;AACd,YAAY,OAAO,GAAG,CAAC;AACvB,SAAS;AACT,aAAa;AACb,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,8BAA8B;AACpD,gBAAgB,OAAO,EAAE,CAAC,0EAA0E,CAAC;AACrG,aAAa,CAAC,CAAC;AACf,SAAS;AACT,KAAK;AACL,IAAI,MAAM,kBAAkB,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE;AACjE,QAAQ,IAAI,IAAI,CAAC,yBAAyB;AAC1C,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE;AAC7B,YAAY,IAAI,CAAC,yBAAyB,CAAC,oBAAoB,KAAK,IAAI,EAAE;AAC1E,YAAY,MAAM,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;AAC/F,YAAY,OAAO,IAAI,CAAC,yBAAyB,CAAC;AAClD,SAAS;AACT;AACA,QAAQ,IAAI,CAAC,gBAAgB,EAAE,CAAC;AAChC,QAAQ,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO;AACzC,cAAc,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;AAC1D,cAAc,EAAE,CAAC;AACjB,QAAQ,MAAM,MAAM,GAAG,2BAA2B,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AAC9E,QAAQ,MAAM,YAAY,GAAG,MAAM,yBAAyB,CAAC,EAAE,MAAM,EAAE,EAAE;AACzE,YAAY,UAAU,EAAE,UAAU;AAClC,YAAY,MAAM,EAAE,MAAM;AAC1B,SAAS,CAAC,CAAC;AACX,QAAQ,IAAI,YAAY,CAAC,WAAW;AACpC,YAAY,YAAY,CAAC,WAAW,CAAC,WAAW;AAChD,YAAY,YAAY,CAAC,WAAW,CAAC,SAAS,EAAE;AAChD,YAAY,MAAM,GAAG,GAAG;AACxB,gBAAgB,WAAW,EAAE;AAC7B,oBAAoB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,WAAW;AACrE,oBAAoB,eAAe,EAAE,YAAY,CAAC,WAAW,CAAC,SAAS;AACvE,oBAAoB,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC,YAAY;AACvE,oBAAoB,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU;AACnE,iBAAiB;AACjB,gBAAgB,UAAU;AAC1B,aAAa,CAAC;AACd;AACA,YAAY,IAAI,CAAC,yBAAyB,GAAG;AAC7C,gBAAgB,GAAG,GAAG;AACtB,gBAAgB,oBAAoB,EAAE,IAAI;AAC1C,gBAAgB,iBAAiB,EAAE,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE;AACjE,aAAa,CAAC;AACd,YAAY,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe,CAAC;AAClF,YAAY,MAAM,aAAa,GAAG,YAAY,CAAC,UAAU,CAAC;AAC1D,YAAY,IAAI,aAAa,EAAE;AAC/B,gBAAgB,GAAG,CAAC,UAAU,GAAG,aAAa,CAAC;AAC/C,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;AACtD,oBAAoB,EAAE,EAAE,aAAa;AACrC,oBAAoB,IAAI,EAAE,SAAS;AACnC,iBAAiB,CAAC,CAAC;AACnB,aAAa;AACb,YAAY,OAAO,GAAG,CAAC;AACvB,SAAS;AACT,aAAa;AACb,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,sBAAsB;AAC5C,gBAAgB,OAAO,EAAE,CAAC,0EAA0E,CAAC;AACrG,aAAa,CAAC,CAAC;AACf,SAAS;AACT,KAAK;AACL,IAAI,SAAS,GAAG;AAChB,QAAQ,OAAO,IAAI,CAAC,uBAAuB,KAAK,SAAS;AACzD,cAAc,IAAI;AAClB,cAAc,IAAI,CAAC,uBAAuB,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;AACzD,KAAK;AACL,IAAI,eAAe,CAAC,MAAM,EAAE;AAC5B,QAAQ,QAAQ,CAAC,CAAC,MAAM;AACxB,YAAY,CAAC,CAAC,IAAI,CAAC,yBAAyB,EAAE,iBAAiB;AAC/D,YAAY,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE;AACtC,gBAAgB,IAAI,CAAC,yBAAyB,CAAC,iBAAiB,EAAE;AAClE,KAAK;AACL;;;;"}