aws-cdk-lib/aws-cognito-identitypool/lib/identitypool.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __decorate=exports&&exports.__decorate||function(decorators,target,key,desc){var c=arguments.length,r=c<3?target:desc===null?desc=Object.getOwnPropertyDescriptor(target,key):desc,d;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")r=Reflect.decorate(decorators,target,key,desc);else for(var i=decorators.length-1;i>=0;i--)(d=decorators[i])&&(r=(c<3?d(r):c>3?d(target,key,r):d(target,key))||r);return c>3&&r&&Object.defineProperty(target,key,r),r},_a,_b,IdentityPool_1;Object.defineProperty(exports,"__esModule",{value:!0}),exports.IdentityPool=exports.RoleMappingMatchType=exports.IdentityPoolProviderUrl=exports.IdentityPoolProviderType=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var aws_cognito_1=()=>{var tmp=require("../../aws-cognito");return aws_cognito_1=()=>tmp,tmp},aws_iam_1=()=>{var tmp=require("../../aws-iam");return aws_iam_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},IdentityPoolProviderType;(function(IdentityPoolProviderType2){IdentityPoolProviderType2.FACEBOOK="Facebook",IdentityPoolProviderType2.GOOGLE="Google",IdentityPoolProviderType2.AMAZON="Amazon",IdentityPoolProviderType2.APPLE="Apple",IdentityPoolProviderType2.TWITTER="Twitter",IdentityPoolProviderType2.OPEN_ID="OpenId",IdentityPoolProviderType2.SAML="Saml",IdentityPoolProviderType2.USER_POOL="UserPool",IdentityPoolProviderType2.CUSTOM="Custom"})(IdentityPoolProviderType||(exports.IdentityPoolProviderType=IdentityPoolProviderType={}));class IdentityPoolProviderUrl{static openId(url){return new IdentityPoolProviderUrl(IdentityPoolProviderType.OPEN_ID,url)}static saml(url){return new IdentityPoolProviderUrl(IdentityPoolProviderType.SAML,url)}static userPool(userPool,userPoolClient){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_IUserPool(userPool),jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_IUserPoolClient(userPoolClient)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.userPool),error}const url=`${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}`;return new IdentityPoolProviderUrl(IdentityPoolProviderType.USER_POOL,url)}static custom(url){return new IdentityPoolProviderUrl(IdentityPoolProviderType.CUSTOM,url)}constructor(type,value){this.type=type,this.value=value;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_identitypool_IdentityPoolProviderType(type)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,IdentityPoolProviderUrl),error}}}exports.IdentityPoolProviderUrl=IdentityPoolProviderUrl,_a=JSII_RTTI_SYMBOL_1,IdentityPoolProviderUrl[_a]={fqn:"aws-cdk-lib.aws_cognito_identitypool.IdentityPoolProviderUrl",version:"2.202.0"},IdentityPoolProviderUrl.FACEBOOK=new IdentityPoolProviderUrl(IdentityPoolProviderType.FACEBOOK,"graph.facebook.com"),IdentityPoolProviderUrl.GOOGLE=new IdentityPoolProviderUrl(IdentityPoolProviderType.GOOGLE,"accounts.google.com"),IdentityPoolProviderUrl.AMAZON=new IdentityPoolProviderUrl(IdentityPoolProviderType.AMAZON,"www.amazon.com"),IdentityPoolProviderUrl.APPLE=new IdentityPoolProviderUrl(IdentityPoolProviderType.APPLE,"appleid.apple.com"),IdentityPoolProviderUrl.TWITTER=new IdentityPoolProviderUrl(IdentityPoolProviderType.TWITTER,"api.twitter.com");var RoleMappingMatchType;(function(RoleMappingMatchType2){RoleMappingMatchType2.EQUALS="Equals",RoleMappingMatchType2.CONTAINS="Contains",RoleMappingMatchType2.STARTS_WITH="StartsWith",RoleMappingMatchType2.NOTEQUAL="NotEqual"})(RoleMappingMatchType||(exports.RoleMappingMatchType=RoleMappingMatchType={}));let IdentityPool=IdentityPool_1=class IdentityPool2 extends core_1().Resource{static fromIdentityPoolId(scope,id,identityPoolId){const identityPoolArn=core_1().Stack.of(scope).formatArn({service:"cognito-identity",resource:"identitypool",resourceName:identityPoolId,arnFormat:core_1().ArnFormat.SLASH_RESOURCE_NAME});return IdentityPool_1.fromIdentityPoolArn(scope,id,identityPoolArn)}static fromIdentityPoolArn(scope,id,identityPoolArn){const pool=core_1().Stack.of(scope).splitArn(identityPoolArn,core_1().ArnFormat.SLASH_RESOURCE_NAME),res=pool.resourceName||"";if(!res)throw new(core_1()).ValidationError("Invalid Identity Pool ARN",scope);if(!core_1().Token.isUnresolved(res)){const idParts=res.split(":");if(idParts.length!==2)throw new(core_1()).ValidationError("Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>",scope);if(!core_1().Token.isUnresolved(pool.region)&&idParts[0]!==pool.region)throw new(core_1()).ValidationError("Invalid Identity Pool Id: Region in Identity Pool Id must match stack region",scope)}class ImportedIdentityPool extends core_1().Resource{constructor(){super(scope,id,{account:pool.account,region:pool.region}),this.identityPoolId=res,this.identityPoolArn=identityPoolArn,this.identityPoolName=this.physicalName}}return new ImportedIdentityPool}constructor(scope,id,props={}){super(scope,id,{physicalName:props.identityPoolName}),this.cognitoIdentityProviders=[];try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_identitypool_IdentityPoolProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,IdentityPool2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const authProviders=props.authenticationProviders||{},providers=authProviders.userPools?authProviders.userPools.map(userPool=>userPool.bind(this,this)):void 0;providers&&providers.length&&(this.cognitoIdentityProviders=providers);const openIdConnectProviderArns=authProviders.openIdConnectProviders?authProviders.openIdConnectProviders.map(openIdProvider=>openIdProvider.openIdConnectProviderArn):void 0,samlProviderArns=authProviders.samlProviders?authProviders.samlProviders.map(samlProvider=>samlProvider.samlProviderArn):void 0;let supportedLoginProviders={};authProviders.amazon&&(supportedLoginProviders[IdentityPoolProviderUrl.AMAZON.value]=authProviders.amazon.appId),authProviders.facebook&&(supportedLoginProviders[IdentityPoolProviderUrl.FACEBOOK.value]=authProviders.facebook.appId),authProviders.google&&(supportedLoginProviders[IdentityPoolProviderUrl.GOOGLE.value]=authProviders.google.clientId),authProviders.apple&&(supportedLoginProviders[IdentityPoolProviderUrl.APPLE.value]=authProviders.apple.servicesId),authProviders.twitter&&(supportedLoginProviders[IdentityPoolProviderUrl.TWITTER.value]=`${authProviders.twitter.consumerKey};${authProviders.twitter.consumerSecret}`),Object.keys(supportedLoginProviders).length||(supportedLoginProviders=void 0);const cfnIdentityPool=new(aws_cognito_1()).CfnIdentityPool(this,"Resource",{allowUnauthenticatedIdentities:!!props.allowUnauthenticatedIdentities,allowClassicFlow:props.allowClassicFlow,identityPoolName:this.physicalName,developerProviderName:authProviders.customProvider,openIdConnectProviderArns,samlProviderArns,supportedLoginProviders,cognitoIdentityProviders:core_1().Lazy.any({produce:()=>this.cognitoIdentityProviders})});this.identityPoolName=cfnIdentityPool.attrName,this.identityPoolId=cfnIdentityPool.ref,this.identityPoolArn=core_1().Stack.of(scope).formatArn({service:"cognito-identity",resource:"identitypool",resourceName:this.identityPoolId,arnFormat:core_1().ArnFormat.SLASH_RESOURCE_NAME}),this.authenticatedRole=props.authenticatedRole?props.authenticatedRole:this.configureDefaultRole("Authenticated"),this.unauthenticatedRole=props.unauthenticatedRole?props.unauthenticatedRole:this.configureDefaultRole("Unauthenticated"),this.roleAttachment=new IdentityPoolRoleAttachment(this,"DefaultRoleAttachment",{identityPool:this,authenticatedRole:this.authenticatedRole,unauthenticatedRole:this.unauthenticatedRole,roleMappings:props.roleMappings}).resource,Array.isArray(this.roleAttachment)}addUserPoolAuthentication(userPool){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_identitypool_IUserPoolAuthenticationProvider(userPool)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addUserPoolAuthentication),error}const providers=userPool.bind(this,this);this.cognitoIdentityProviders=this.cognitoIdentityProviders.concat(providers)}configureDefaultRole(type){const assumedBy=this.configureDefaultGrantPrincipal(type.toLowerCase());return new(aws_iam_1()).Role(this,`${type}Role`,{description:`Default ${type} Role for Identity Pool ${this.identityPoolName}`,assumedBy})}configureDefaultGrantPrincipal(type){return new(aws_iam_1()).FederatedPrincipal("cognito-identity.amazonaws.com",{StringEquals:{"cognito-identity.amazonaws.com:aud":this.identityPoolId},"ForAnyValue:StringLike":{"cognito-identity.amazonaws.com:amr":type}},"sts:AssumeRoleWithWebIdentity")}};exports.IdentityPool=IdentityPool,_b=JSII_RTTI_SYMBOL_1,IdentityPool[_b]={fqn:"aws-cdk-lib.aws_cognito_identitypool.IdentityPool",version:"2.202.0"},IdentityPool.PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito-identitypool.IdentityPool",__decorate([(0,metadata_resource_1().MethodMetadata)()],IdentityPool.prototype,"addUserPoolAuthentication",null),exports.IdentityPool=IdentityPool=IdentityPool_1=__decorate([prop_injectable_1().propertyInjectable],IdentityPool);let IdentityPoolRoleAttachment=class extends core_1().Resource{constructor(scope,id,props){super(scope,id),(0,metadata_resource_1().addConstructMetadata)(this,props),this.identityPoolId=props.identityPool.identityPoolId;const mappings=props.roleMappings||[];let roles,roleMappings;(props.authenticatedRole||props.unauthenticatedRole)&&(roles={},props.authenticatedRole&&(roles.authenticated=props.authenticatedRole.roleArn),props.unauthenticatedRole&&(roles.unauthenticated=props.unauthenticatedRole.roleArn)),mappings&&(roleMappings=this.configureRoleMappings(...mappings)),this.resource=new(aws_cognito_1()).CfnIdentityPoolRoleAttachment(this,"Resource",{identityPoolId:this.identityPoolId,roles,roleMappings})}configureRoleMappings(...props){if(!(!props||!props.length))return props.reduce((acc,prop)=>{let mappingKey;if(prop.mappingKey)mappingKey=prop.mappingKey;else{const providerUrl=prop.providerUrl.value;if(core_1().Token.isUnresolved(providerUrl))throw new(core_1()).UnscopedValidationError("mappingKey must be provided when providerUrl.value is a token");mappingKey=providerUrl}let roleMapping={ambiguousRoleResolution:prop.resolveAmbiguousRoles?"AuthenticatedRole":"Deny",type:prop.useToken?"Token":"Rules",identityProvider:prop.providerUrl.value};if(roleMapping.type==="Rules"){if(!prop.rules)throw new(core_1()).UnscopedValidationError("IdentityPoolRoleMapping.rules is required when useToken is false");roleMapping.rulesConfiguration={rules:prop.rules.map(rule=>({claim:rule.claim,value:rule.claimValue,matchType:rule.matchType||RoleMappingMatchType.EQUALS,roleArn:rule.mappedRole.roleArn}))}}return acc[mappingKey]=roleMapping,acc},{})}};IdentityPoolRoleAttachment.PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito-identitypool.IdentityPoolRoleAttachment",IdentityPoolRoleAttachment=__decorate([prop_injectable_1().propertyInjectable],IdentityPoolRoleAttachment);