UNPKG

@joinmeow/cognito-passwordless-auth

Version:

Passwordless authentication with Amazon Cognito: FIDO2 (WebAuthn, support for Passkeys)

github.com/joinmeow/amazon-cognito-passwordless-auth

joinmeow/amazon-cognito-passwordless-auth

78 lines (77 loc) 3.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
export interface TokensToStore { accessToken: string; /** * ID token returned by Cognito. Optional because certain OAuth flows * (e.g. custom authorization servers) may omit it. All logic that depends * on the ID token must therefore handle the undefined case. */ idToken?: string; refreshToken?: string; expireAt: Date; deviceKey?: string; /** * Optional pre-resolved username. If not provided we will attempt to * derive it from either the ID-token (preferred) or from the access token. */ username?: string; /** * The authentication method used to obtain these tokens * Helps the refresh mechanism determine how to refresh tokens */ authMethod?: "SRP" | "FIDO2" | "PLAINTEXT" | "REDIRECT"; } export interface TokensFromStorage { accessToken?: string; idToken?: string; refreshToken?: string; expireAt?: Date; username: string; deviceKey?: string; /** The authentication method used with these tokens */ authMethod?: "SRP" | "FIDO2" | "PLAINTEXT" | "REDIRECT"; } /** * Store the authentication method used for the current user * This helps refresh token logic determine how to refresh tokens */ export declare function storeAuthMethod(username: string, authMethod: "SRP" | "FIDO2" | "PLAINTEXT" | "REDIRECT"): Promise<void>; /** * Retrieve the authentication method used for the current user * Used by refresh token logic to determine how to refresh tokens */ export declare function retrieveAuthMethod(username: string): Promise<"SRP" | "FIDO2" | "PLAINTEXT" | "REDIRECT" | undefined>; export declare function storeTokens(tokens: TokensToStore): Promise<void>; export declare function retrieveTokens(): Promise<TokensFromStorage | undefined>; /** * Retrieve tokens for refresh purposes, including expired tokens. * This is needed because the refresh system needs to see expired tokens * to trigger immediate refresh. */ export declare function retrieveTokensForRefresh(): Promise<TokensFromStorage | undefined>; export interface RememberedDeviceRecord { deviceKey: string; groupKey: string; password: string; remembered: boolean; } /** * Persist (or overwrite) a device record for a given username. */ export declare function setRememberedDevice(username: string, record: RememberedDeviceRecord): Promise<void>; /** * Retrieve the device record for a user, migrating legacy per-device keys if necessary. */ export declare function getRememberedDevice(username: string): Promise<RememberedDeviceRecord | undefined>; /** * Remove the remembered device for a user (e.g. after ForgetDevice). */ export declare function clearRememberedDevice(username: string): Promise<void>; /** * Store the device key by creating/updating the device record for a user. * Sets a basic RememberedDeviceRecord with empty placeholders for non-key values. */ export declare function storeDeviceKey(username: string, deviceKey: string): Promise<void>; /** * Retrieve just the device key from the user's RememberedDeviceRecord. */ export declare function retrieveDeviceKey(username: string): Promise<string | undefined>;