UNPKG

amazon-cognito-passwordless-auth

Version:

Passwordless authentication with Amazon Cognito: FIDO2 (WebAuthn, support for Passkeys), Magic Link, SMS OTP Step Up

github.com/aws-samples/amazon-cognito-passwordless-auth

aws-samples/amazon-cognito-passwordless-auth

135 lines (134 loc) 4.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/** * Copyright Amazon.com, Inc. and its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You * may not use this file except in compliance with the License. A copy of * the License is located at * * http://aws.amazon.com/apache2.0/ * * or in the "license" file accompanying this file. This file is * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF * ANY KIND, either express or implied. See the License for the specific * language governing permissions and limitations under the License. */ interface Headers { [key: string]: string; } export interface Config { /** * The Amazon Cognito IDP endpoint. * Either provide just the region, e.g. "eu-west-1", * or provide a full URL (e.g. if you are using a proxy API) */ cognitoIdpEndpoint: string; /** The Amazon Cognito Client ID */ clientId: string; /** The Amazon Cognito Client Secret (optional: don't use this in Web clients, use when running server side) */ clientSecret?: string; /** The Amazon Cognito User Pool ID */ userPoolId?: string; /** FIDO2 (WebAuthn) configuration */ fido2?: { /** The base URL (i.e. the URL with path "/") of your FIDO2 API */ baseUrl: string; /** * FIDO2 authenticator selection criteria: * * - authenticatorAttachment: platform, or cross-platform * - residentKey (aka Passkey, discoverable credential): discouraged, preferred, or required * - userVerification: discouraged, preferred, or required */ authenticatorSelection?: AuthenticatorSelectionCriteria; /** Configuration of the Relying Party */ rp?: { name?: string; id?: string; }; /** FIDO2 Attestation Conveyance Preference you want to use */ attestation?: AttestationConveyancePreference; /** FIDO2 extensions you want to use */ extensions?: AuthenticationExtensionsClientInputs; /** * FIDO2 timeout. This sets the timeout for native FIDO dialogs, * i.e. when creating a new credential and when signing in */ timeout?: number; }; /** * Function that will be called with debug information, * e.g. you can use `console.debug` here. */ debug?: (...args: unknown[]) => unknown; /** The storage object to use. E.g. `localStorage` */ storage?: CustomStorage; /** * If you use a custom proxy in front of Amazon Cognito, * you may want to pass additional HTTP headers. */ proxyApiHeaders?: Headers; /** * Overriding fetch implementation. Default: globalThis.fetch */ fetch?: MinimalFetch; /** * Overriding crypto implementation. Default: globalThis.crypto */ crypto?: MinimalCrypto; /** * Overriding location implementation. Default: globalThis.location */ location?: MinimalLocation; /** * Overriding history implementation. Default: globalThis.history */ history?: MinimalHistory; } export type ConfigWithDefaults = Config & Required<Pick<Config, "storage" | "crypto" | "fetch" | "location" | "history">>; type ConfigInput = Omit<Config, "cognitoIdpEndpoint"> & Partial<Pick<Config, "cognitoIdpEndpoint">>; export declare function configure(config?: ConfigInput): ConfigWithDefaults; type Maybe<T> = T | undefined | null; export interface CustomStorage { getItem: (key: string) => Maybe<string> | Promise<Maybe<string>>; setItem: (key: string, value: string) => void | Promise<void>; removeItem: (key: string) => void | Promise<void>; } export declare function configureFromAmplify(amplifyConfig: AmplifyAuthConfig | AmplifyConfig): { with: (config: Omit<Config, "cognitoIdpEndpoint" | "userPoolId" | "clientId">) => ConfigWithDefaults; }; interface AmplifyAuthConfig { region?: unknown; userPoolId?: unknown; userPoolWebClientId?: unknown; } interface AmplifyConfig { Auth: AmplifyAuthConfig; } export declare class UndefinedGlobalVariableError extends Error { } export interface MinimalResponse { ok: boolean; json: () => Promise<unknown>; } export interface MinimalLocation { href: string; hostname: string; } export type MinimalFetch = (input: string | URL, init?: { signal?: AbortSignal; headers?: Record<string, string>; method?: string; body?: string; } | undefined) => Promise<MinimalResponse>; export interface MinimalHistory { pushState(data: unknown, unused: string, url?: string | URL | null): void; } export interface MinimalCrypto { getRandomValues: Crypto["getRandomValues"]; subtle: { digest: Crypto["subtle"]["digest"]; importKey: Crypto["subtle"]["importKey"]; sign: Crypto["subtle"]["sign"]; }; } export {};