UNPKG

@aws-amplify/core

Version:
102 lines (91 loc) 2.7 kB
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 import { base64Decoder } from '../../../utils/convert'; import { StrictUnion } from '../../../types'; import { AuthConfig, CognitoIdentityPoolConfig, CognitoUserPoolAndIdentityPoolConfig, CognitoUserPoolConfig, JWT, OAuthConfig, } from '../types'; import { AuthConfigurationErrorCode, assert } from './errorHelpers'; export function assertTokenProviderConfig( cognitoConfig?: StrictUnion< | CognitoUserPoolConfig | CognitoUserPoolAndIdentityPoolConfig | CognitoIdentityPoolConfig >, ): asserts cognitoConfig is | CognitoUserPoolAndIdentityPoolConfig | CognitoUserPoolConfig { let assertionValid = true; // assume valid until otherwise proveed if (!cognitoConfig) { assertionValid = false; } else { assertionValid = !!cognitoConfig.userPoolId && !!cognitoConfig.userPoolClientId; } assert(assertionValid, AuthConfigurationErrorCode.AuthUserPoolException); } export function assertOAuthConfig( cognitoConfig?: AuthConfig['Cognito'], ): asserts cognitoConfig is AuthConfig['Cognito'] & { loginWith: { oauth: OAuthConfig; }; } { const validOAuthConfig = !!cognitoConfig?.loginWith?.oauth?.domain && !!cognitoConfig?.loginWith?.oauth?.redirectSignOut && !!cognitoConfig?.loginWith?.oauth?.redirectSignIn && !!cognitoConfig?.loginWith?.oauth?.responseType; assert( validOAuthConfig, AuthConfigurationErrorCode.OAuthNotConfigureException, ); } export function assertIdentityPoolIdConfig( cognitoConfig?: StrictUnion< | CognitoUserPoolConfig | CognitoUserPoolAndIdentityPoolConfig | CognitoIdentityPoolConfig >, ): asserts cognitoConfig is CognitoIdentityPoolConfig { const validConfig = !!cognitoConfig?.identityPoolId; assert( validConfig, AuthConfigurationErrorCode.InvalidIdentityPoolIdException, ); } /** * Decodes payload of JWT token * * @param {String} token A string representing a token to be decoded * @throws {@link Error} - Throws error when token is invalid or payload malformed. */ export function decodeJWT(token: string): JWT { const tokenParts = token.split('.'); if (tokenParts.length !== 3) { throw new Error('Invalid token'); } try { const base64WithUrlSafe = tokenParts[1]; const base64 = base64WithUrlSafe.replace(/-/g, '+').replace(/_/g, '/'); const jsonStr = decodeURIComponent( base64Decoder .convert(base64) .split('') .map(char => `%${`00${char.charCodeAt(0).toString(16)}`.slice(-2)}`) .join(''), ); const payload = JSON.parse(jsonStr); return { toString: () => token, payload, }; } catch (err) { throw new Error('Invalid token payload'); } }