aws-cdk-lib/aws-cognito-identitypool/lib/identitypool.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.IdentityPool=exports.RoleMappingMatchType=exports.IdentityPoolProviderUrl=exports.IdentityPoolProviderType=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var aws_cognito_1=()=>{var tmp=require("../../aws-cognito");return aws_cognito_1=()=>tmp,tmp},aws_iam_1=()=>{var tmp=require("../../aws-iam");return aws_iam_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},IdentityPoolProviderType;(function(IdentityPoolProviderType2){IdentityPoolProviderType2.FACEBOOK="Facebook",IdentityPoolProviderType2.GOOGLE="Google",IdentityPoolProviderType2.AMAZON="Amazon",IdentityPoolProviderType2.APPLE="Apple",IdentityPoolProviderType2.TWITTER="Twitter",IdentityPoolProviderType2.OPEN_ID="OpenId",IdentityPoolProviderType2.SAML="Saml",IdentityPoolProviderType2.USER_POOL="UserPool",IdentityPoolProviderType2.CUSTOM="Custom"})(IdentityPoolProviderType||(exports.IdentityPoolProviderType=IdentityPoolProviderType={}));class IdentityPoolProviderUrl{type;value;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito_identitypool.IdentityPoolProviderUrl",version:"2.251.0"};static FACEBOOK=new IdentityPoolProviderUrl(IdentityPoolProviderType.FACEBOOK,"graph.facebook.com");static GOOGLE=new IdentityPoolProviderUrl(IdentityPoolProviderType.GOOGLE,"accounts.google.com");static AMAZON=new IdentityPoolProviderUrl(IdentityPoolProviderType.AMAZON,"www.amazon.com");static APPLE=new IdentityPoolProviderUrl(IdentityPoolProviderType.APPLE,"appleid.apple.com");static TWITTER=new IdentityPoolProviderUrl(IdentityPoolProviderType.TWITTER,"api.twitter.com");static openId(url){return new IdentityPoolProviderUrl(IdentityPoolProviderType.OPEN_ID,url)}static saml(url){return new IdentityPoolProviderUrl(IdentityPoolProviderType.SAML,url)}static userPool(userPool,userPoolClient){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_IUserPool(userPool),jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_IUserPoolClient(userPoolClient)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.userPool),error}const url=`${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}`;return new IdentityPoolProviderUrl(IdentityPoolProviderType.USER_POOL,url)}static custom(url){return new IdentityPoolProviderUrl(IdentityPoolProviderType.CUSTOM,url)}constructor(type,value){this.type=type,this.value=value;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_identitypool_IdentityPoolProviderType(type)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,IdentityPoolProviderUrl),error}}}exports.IdentityPoolProviderUrl=IdentityPoolProviderUrl;var RoleMappingMatchType;(function(RoleMappingMatchType2){RoleMappingMatchType2.EQUALS="Equals",RoleMappingMatchType2.CONTAINS="Contains",RoleMappingMatchType2.STARTS_WITH="StartsWith",RoleMappingMatchType2.NOTEQUAL="NotEqual"})(RoleMappingMatchType||(exports.RoleMappingMatchType=RoleMappingMatchType={}));let IdentityPool=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource,_instanceExtraInitializers=[],_addUserPoolAuthentication_decorators;var IdentityPool2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addUserPoolAuthentication_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addUserPoolAuthentication_decorators,{kind:"method",name:"addUserPoolAuthentication",static:!1,private:!1,access:{has:obj=>"addUserPoolAuthentication"in obj,get:obj=>obj.addUserPoolAuthentication},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),IdentityPool2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito_identitypool.IdentityPool",version:"2.251.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito-identitypool.IdentityPool";static fromIdentityPoolId(scope,id,identityPoolId){const identityPoolArn=core_1().Stack.of(scope).formatArn({service:"cognito-identity",resource:"identitypool",resourceName:identityPoolId,arnFormat:core_1().ArnFormat.SLASH_RESOURCE_NAME});return IdentityPool2.fromIdentityPoolArn(scope,id,identityPoolArn)}static fromIdentityPoolArn(scope,id,identityPoolArn){const pool=core_1().Stack.of(scope).splitArn(identityPoolArn,core_1().ArnFormat.SLASH_RESOURCE_NAME),res=pool.resourceName||"";if(!res)throw new(core_1()).ValidationError((0,literal_string_1().lit)`InvalidIdentityPool`,"Invalid Identity Pool ARN",scope);if(!core_1().Token.isUnresolved(res)){const idParts=res.split(":");if(idParts.length!==2)throw new(core_1()).ValidationError((0,literal_string_1().lit)`InvalidIdentityPoolIdIdentity`,"Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>",scope);if(!core_1().Token.isUnresolved(pool.region)&&idParts[0]!==pool.region)throw new(core_1()).ValidationError((0,literal_string_1().lit)`InvalidIdentityPoolIdRegion`,"Invalid Identity Pool Id: Region in Identity Pool Id must match stack region",scope)}class ImportedIdentityPool extends core_1().Resource{identityPoolId=res;identityPoolArn=identityPoolArn;identityPoolName;constructor(){super(scope,id,{account:pool.account,region:pool.region}),this.identityPoolName=this.physicalName}get identityPoolRef(){return{identityPoolId:this.identityPoolId}}}return new ImportedIdentityPool}identityPoolId=__runInitializers(this,_instanceExtraInitializers);identityPoolArn;identityPoolName;authenticatedRole;unauthenticatedRole;roleAttachment;cognitoIdentityProviders=[];constructor(scope,id,props={}){super(scope,id,{physicalName:props.identityPoolName});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_identitypool_IdentityPoolProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,IdentityPool2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const authProviders=props.authenticationProviders||{},providers=authProviders.userPools?authProviders.userPools.map(userPool=>userPool.bind(this,this)):void 0;providers&&providers.length&&(this.cognitoIdentityProviders=providers);const openIdConnectProviderArns=authProviders.openIdConnectProviders?authProviders.openIdConnectProviders.map(openIdProvider=>openIdProvider.oidcProviderRef.oidcProviderArn):void 0,samlProviderArns=authProviders.samlProviders?authProviders.samlProviders.map(samlProvider=>samlProvider.samlProviderRef.samlProviderArn):void 0;let supportedLoginProviders={};authProviders.amazon&&(supportedLoginProviders[IdentityPoolProviderUrl.AMAZON.value]=authProviders.amazon.appId),authProviders.facebook&&(supportedLoginProviders[IdentityPoolProviderUrl.FACEBOOK.value]=authProviders.facebook.appId),authProviders.google&&(supportedLoginProviders[IdentityPoolProviderUrl.GOOGLE.value]=authProviders.google.clientId),authProviders.apple&&(supportedLoginProviders[IdentityPoolProviderUrl.APPLE.value]=authProviders.apple.servicesId),authProviders.twitter&&(supportedLoginProviders[IdentityPoolProviderUrl.TWITTER.value]=`${authProviders.twitter.consumerKey};${authProviders.twitter.consumerSecret}`),Object.keys(supportedLoginProviders).length||(supportedLoginProviders=void 0);const cfnIdentityPool=new(aws_cognito_1()).CfnIdentityPool(this,"Resource",{allowUnauthenticatedIdentities:!!props.allowUnauthenticatedIdentities,allowClassicFlow:props.allowClassicFlow,identityPoolName:this.physicalName,developerProviderName:authProviders.customProvider,openIdConnectProviderArns,samlProviderArns,supportedLoginProviders,cognitoIdentityProviders:core_1().Lazy.any({produce:()=>this.cognitoIdentityProviders})});this.identityPoolName=cfnIdentityPool.attrName,this.identityPoolId=cfnIdentityPool.ref,this.identityPoolArn=core_1().Stack.of(scope).formatArn({service:"cognito-identity",resource:"identitypool",resourceName:this.identityPoolId,arnFormat:core_1().ArnFormat.SLASH_RESOURCE_NAME}),this.authenticatedRole=props.authenticatedRole?props.authenticatedRole:this.configureDefaultRole("Authenticated"),this.unauthenticatedRole=props.unauthenticatedRole?props.unauthenticatedRole:this.configureDefaultRole("Unauthenticated"),this.roleAttachment=new IdentityPoolRoleAttachment(this,"DefaultRoleAttachment",{identityPool:this,authenticatedRole:this.authenticatedRole,unauthenticatedRole:this.unauthenticatedRole,roleMappings:props.roleMappings}).resource,Array.isArray(this.roleAttachment)}addUserPoolAuthentication(userPool){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_identitypool_IUserPoolAuthenticationProvider(userPool)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addUserPoolAuthentication),error}const providers=userPool.bind(this,this);this.cognitoIdentityProviders=this.cognitoIdentityProviders.concat(providers)}configureDefaultRole(type){const assumedBy=this.configureDefaultGrantPrincipal(type.toLowerCase());return new(aws_iam_1()).Role(this,`${type}Role`,{description:`Default ${type} Role for Identity Pool ${this.identityPoolName}`,assumedBy})}configureDefaultGrantPrincipal(type){return new(aws_iam_1()).FederatedPrincipal("cognito-identity.amazonaws.com",{StringEquals:{"cognito-identity.amazonaws.com:aud":this.identityPoolId},"ForAnyValue:StringLike":{"cognito-identity.amazonaws.com:amr":type}},"sts:AssumeRoleWithWebIdentity")}get identityPoolRef(){return{identityPoolId:this.identityPoolId}}static{__runInitializers(_classThis,_classExtraInitializers)}};return IdentityPool2=_classThis})();exports.IdentityPool=IdentityPool;let IdentityPoolRoleAttachment=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource;var IdentityPoolRoleAttachment2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),IdentityPoolRoleAttachment2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito-identitypool.IdentityPoolRoleAttachment";identityPoolId;resource;constructor(scope,id,props){super(scope,id),(0,metadata_resource_1().addConstructMetadata)(this,props),this.identityPoolId=props.identityPool.identityPoolId;const mappings=props.roleMappings||[];let roles,roleMappings;(props.authenticatedRole||props.unauthenticatedRole)&&(roles={},props.authenticatedRole&&(roles.authenticated=props.authenticatedRole.roleRef.roleArn),props.unauthenticatedRole&&(roles.unauthenticated=props.unauthenticatedRole.roleRef.roleArn)),mappings&&(roleMappings=this.configureRoleMappings(...mappings)),this.resource=new(aws_cognito_1()).CfnIdentityPoolRoleAttachment(this,"Resource",{identityPoolId:this.identityPoolId,roles,roleMappings})}configureRoleMappings(...props){if(!(!props||!props.length))return props.reduce((acc,prop)=>{let mappingKey;if(prop.mappingKey)mappingKey=prop.mappingKey;else{const providerUrl=prop.providerUrl.value;if(core_1().Token.isUnresolved(providerUrl))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MustBeMappingkeyProvidedProviderurl`,"mappingKey must be provided when providerUrl.value is a token");mappingKey=providerUrl}let roleMapping={ambiguousRoleResolution:prop.resolveAmbiguousRoles?"AuthenticatedRole":"Deny",type:prop.useToken?"Token":"Rules",identityProvider:prop.providerUrl.value};if(roleMapping.type==="Rules"){if(!prop.rules)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`IdentityPoolRoleMappingRules`,"IdentityPoolRoleMapping.rules is required when useToken is false");roleMapping.rulesConfiguration={rules:prop.rules.map(rule=>({claim:rule.claim,value:rule.claimValue,matchType:rule.matchType||RoleMappingMatchType.EQUALS,roleArn:rule.mappedRole.roleArn}))}}return acc[mappingKey]=roleMapping,acc},{})}static{__runInitializers(_classThis,_classExtraInitializers)}};return IdentityPoolRoleAttachment2=_classThis})();