{"version":3,"file":"signInWithRedirect.mjs","sources":["../../../../../src/providers/cognito/apis/signInWithRedirect.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { Amplify } from '@aws-amplify/core';\nimport { AuthAction, assertOAuthConfig, assertTokenProviderConfig, isBrowser, urlSafeEncode, } from '@aws-amplify/core/internals/utils';\nimport '../utils/oauth/enableOAuthListener';\nimport { cognitoHostedUIIdentityProviderMap } from '../types/models';\nimport { getAuthUserAgentValue, openAuthSession } from '../../../utils';\nimport { assertUserNotAuthenticated } from '../utils/signInHelpers';\nimport { completeOAuthFlow, generateCodeVerifier, generateState, getRedirectUrl, handleFailure, oAuthStore, } from '../utils/oauth';\nimport { createOAuthError } from '../utils/oauth/createOAuthError';\nimport { listenForOAuthFlowCancellation } from '../utils/oauth/cancelOAuthFlow';\n/**\n * Signs in a user with OAuth. Redirects the application to an Identity Provider.\n *\n * @param input - The SignInWithRedirectInput object, if empty it will redirect to Cognito HostedUI\n *\n * @throws AuthTokenConfigException - Thrown when the user pool config is invalid.\n * @throws OAuthNotConfigureException - Thrown when the oauth config is invalid.\n */\nexport async function signInWithRedirect(input) {\n const authConfig = Amplify.getConfig().Auth?.Cognito;\n assertTokenProviderConfig(authConfig);\n assertOAuthConfig(authConfig);\n oAuthStore.setAuthConfig(authConfig);\n await assertUserNotAuthenticated();\n let provider = 'COGNITO'; // Default\n if (typeof input?.provider === 'string') {\n provider = cognitoHostedUIIdentityProviderMap[input.provider];\n }\n else if (input?.provider?.custom) {\n provider = input.provider.custom;\n }\n return oauthSignIn({\n oauthConfig: authConfig.loginWith.oauth,\n clientId: authConfig.userPoolClientId,\n provider,\n customState: input?.customState,\n preferPrivateSession: input?.options?.preferPrivateSession,\n options: {\n loginHint: input?.options?.loginHint,\n lang: input?.options?.lang,\n nonce: input?.options?.nonce,\n },\n });\n}\nconst oauthSignIn = async ({ oauthConfig, provider, clientId, customState, preferPrivateSession, options, }) => {\n const { domain, redirectSignIn, responseType, scopes } = oauthConfig;\n const { loginHint, lang, nonce } = options ?? {};\n const randomState = generateState();\n /* encodeURIComponent is not URL safe, use urlSafeEncode instead. Cognito\n single-encodes/decodes url on first sign in and double-encodes/decodes url\n when user already signed in. Using encodeURIComponent, Base32, Base64 add\n characters % or = which on further encoding becomes unsafe. '=' create issue\n for parsing query params.\n Refer: https://github.com/aws-amplify/amplify-js/issues/5218 */\n const state = customState\n ? `${randomState}-${urlSafeEncode(customState)}`\n : randomState;\n const { value, method, toCodeChallenge } = generateCodeVerifier(128);\n const redirectUri = getRedirectUrl(oauthConfig.redirectSignIn);\n if (isBrowser())\n oAuthStore.storeOAuthInFlight(true);\n oAuthStore.storeOAuthState(state);\n oAuthStore.storePKCE(value);\n const queryString = Object.entries({\n redirect_uri: redirectUri,\n response_type: responseType,\n client_id: clientId,\n identity_provider: provider,\n scope: scopes.join(' '),\n // eslint-disable-next-line camelcase\n ...(loginHint && { login_hint: loginHint }),\n ...(lang && { lang }),\n ...(nonce && { nonce }),\n state,\n ...(responseType === 'code' && {\n code_challenge: toCodeChallenge(),\n code_challenge_method: method,\n }),\n })\n .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)\n .join('&');\n // TODO(v6): use URL object instead\n const oAuthUrl = `https://${domain}/oauth2/authorize?${queryString}`;\n // this will only take effect in the following scenarios:\n // 1. the user cancels the OAuth flow on web via back button, and\n // 2. when bfcache is enabled\n listenForOAuthFlowCancellation(oAuthStore);\n // the following is effective only in react-native as openAuthSession resolves only in react-native\n const { type, error, url } = (await openAuthSession(oAuthUrl, redirectSignIn, preferPrivateSession)) ??\n {};\n try {\n if (type === 'error') {\n throw createOAuthError(String(error));\n }\n if (type === 'success' && url) {\n await completeOAuthFlow({\n currentUrl: url,\n clientId,\n domain,\n redirectUri,\n responseType,\n userAgentValue: getAuthUserAgentValue(AuthAction.SignInWithRedirect),\n preferPrivateSession,\n });\n }\n }\n catch (err) {\n await handleFailure(err);\n // rethrow the error so it can be caught by `await signInWithRedirect()` in react-native\n throw err;\n }\n};\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAe,kBAAkB,CAAC,KAAK,EAAE;AAChD,IAAI,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC;AACzD,IAAI,yBAAyB,CAAC,UAAU,CAAC,CAAC;AAC1C,IAAI,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAClC,IAAI,UAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;AACzC,IAAI,MAAM,0BAA0B,EAAE,CAAC;AACvC,IAAI,IAAI,QAAQ,GAAG,SAAS,CAAC;AAC7B,IAAI,IAAI,OAAO,KAAK,EAAE,QAAQ,KAAK,QAAQ,EAAE;AAC7C,QAAQ,QAAQ,GAAG,kCAAkC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AACtE,KAAK;AACL,SAAS,IAAI,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE;AACtC,QAAQ,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;AACzC,KAAK;AACL,IAAI,OAAO,WAAW,CAAC;AACvB,QAAQ,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,KAAK;AAC/C,QAAQ,QAAQ,EAAE,UAAU,CAAC,gBAAgB;AAC7C,QAAQ,QAAQ;AAChB,QAAQ,WAAW,EAAE,KAAK,EAAE,WAAW;AACvC,QAAQ,oBAAoB,EAAE,KAAK,EAAE,OAAO,EAAE,oBAAoB;AAClE,QAAQ,OAAO,EAAE;AACjB,YAAY,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS;AAChD,YAAY,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI;AACtC,YAAY,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AACxC,SAAS;AACT,KAAK,CAAC,CAAC;AACP,CAAC;AACD,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE,OAAO,GAAG,KAAK;AAChH,IAAI,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC;AACzE,IAAI,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;AACrD,IAAI,MAAM,WAAW,GAAG,aAAa,EAAE,CAAC;AACxC;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,KAAK,GAAG,WAAW;AAC7B,UAAU,CAAC,EAAE,WAAW,CAAC,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC;AACxD,UAAU,WAAW,CAAC;AACtB,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;AACzE,IAAI,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;AACnE,IAAI,IAAI,SAAS,EAAE;AACnB,QAAQ,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC5C,IAAI,UAAU,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;AACtC,IAAI,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAChC,IAAI,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;AACvC,QAAQ,YAAY,EAAE,WAAW;AACjC,QAAQ,aAAa,EAAE,YAAY;AACnC,QAAQ,SAAS,EAAE,QAAQ;AAC3B,QAAQ,iBAAiB,EAAE,QAAQ;AACnC,QAAQ,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;AAC/B;AACA,QAAQ,IAAI,SAAS,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnD,QAAQ,IAAI,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;AAC7B,QAAQ,IAAI,KAAK,IAAI,EAAE,KAAK,EAAE,CAAC;AAC/B,QAAQ,KAAK;AACb,QAAQ,IAAI,YAAY,KAAK,MAAM,IAAI;AACvC,YAAY,cAAc,EAAE,eAAe,EAAE;AAC7C,YAAY,qBAAqB,EAAE,MAAM;AACzC,SAAS,CAAC;AACV,KAAK,CAAC;AACN,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,SAAS,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB;AACA,IAAI,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC,CAAC;AACzE;AACA;AACA;AACA,IAAI,8BAA8B,CAAC,UAAU,CAAC,CAAC;AAC/C;AACA,IAAI,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,eAAe,CAAC,QAA8C,CAAC;AACvG,QAAQ,EAAE,CAAC;AACX,IAAI,IAAI;AACR,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE;AAC9B,YAAY,MAAM,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AAClD,SAAS;AACT,QAAQ,IAAI,IAAI,KAAK,SAAS,IAAI,GAAG,EAAE;AACvC,YAAY,MAAM,iBAAiB,CAAC;AACpC,gBAAgB,UAAU,EAAE,GAAG;AAC/B,gBAAgB,QAAQ;AACxB,gBAAgB,MAAM;AACtB,gBAAgB,WAAW;AAC3B,gBAAgB,YAAY;AAC5B,gBAAgB,cAAc,EAAE,qBAAqB,CAAC,UAAU,CAAC,kBAAkB,CAAC;AACpF,gBAAgB,oBAAoB;AACpC,aAAa,CAAC,CAAC;AACf,SAAS;AACT,KAAK;AACL,IAAI,OAAO,GAAG,EAAE;AAChB,QAAQ,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;AACjC;AACA,QAAQ,MAAM,GAAG,CAAC;AAClB,KAAK;AACL,CAAC;;;;"}