{"version":3,"file":"handleUserAuthFlow.mjs","sources":["../../../../../src/client/flows/userAuth/handleUserAuthFlow.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { AuthAction } from '@aws-amplify/core/internals/utils';\nimport { getUserContextData } from '../../../providers/cognito/utils/userContextData';\nimport { createInitiateAuthClient } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider';\nimport { createCognitoUserPoolEndpointResolver } from '../../../providers/cognito/factories';\nimport { getRegionFromUserPoolId } from '../../../foundation/parsers';\nimport { getAuthUserAgentValue } from '../../../utils';\nimport { handlePasswordSRP } from '../shared/handlePasswordSRP';\nimport { assertValidationError } from '../../../errors/utils/assertValidationError';\nimport { AuthValidationErrorCode } from '../../../errors/types/validation';\nimport { setActiveSignInUsername } from '../../../providers/cognito/utils/setActiveSignInUsername';\n/**\n * Handles user authentication flow with configurable challenge preferences.\n * Supports AuthFactorType challenges through the USER_AUTH flow.\n *\n * @param {HandleUserAuthFlowInput} params - Authentication flow parameters\n * @param {string} params.username - The username for authentication\n * @param {Record<string, string>} [params.clientMetadata] - Optional metadata to pass to authentication service\n * @param {CognitoUserPoolConfig} params.config - Cognito User Pool configuration\n * @param {AuthTokenOrchestrator} params.tokenOrchestrator - Manages authentication tokens and device tracking\n * @param {AuthFactorType} [params.preferredChallenge] - Optional preferred authentication method\n * @param {string} [params.password] - Required when preferredChallenge is 'PASSWORD' or 'PASSWORD_SRP'\n *\n * @returns {Promise<InitiateAuthCommandOutput>} The authentication response from Cognito\n */\nexport async function handleUserAuthFlow({ username, clientMetadata, config, tokenOrchestrator, preferredChallenge, password, session, }) {\n    const { userPoolId, userPoolClientId, userPoolEndpoint } = config;\n    const UserContextData = getUserContextData({\n        username,\n        userPoolId,\n        userPoolClientId,\n    });\n    const authParameters = { USERNAME: username };\n    if (preferredChallenge) {\n        // Validate that the preferred challenge is enabled in the backend config\n        // Only validate if passwordless config exists (for backward compatibility)\n        if (config.passwordless) {\n            const isInvalidChallenge = (preferredChallenge === 'EMAIL_OTP' &&\n                !config.passwordless.emailOtpEnabled) ||\n                (preferredChallenge === 'SMS_OTP' &&\n                    !config.passwordless.smsOtpEnabled) ||\n                (preferredChallenge === 'WEB_AUTHN' && !config.passwordless.webAuthn);\n            if (isInvalidChallenge) {\n                assertValidationError(false, AuthValidationErrorCode.InvalidPreferredChallenge);\n            }\n        }\n        if (preferredChallenge === 'PASSWORD_SRP') {\n            assertValidationError(!!password, AuthValidationErrorCode.EmptySignInPassword);\n            return handlePasswordSRP({\n                username,\n                password,\n                clientMetadata,\n                config,\n                tokenOrchestrator,\n                authFlow: 'USER_AUTH',\n                preferredChallenge,\n            });\n        }\n        if (preferredChallenge === 'PASSWORD') {\n            assertValidationError(!!password, AuthValidationErrorCode.EmptySignInPassword);\n            authParameters.PASSWORD = password;\n        }\n        authParameters.PREFERRED_CHALLENGE = preferredChallenge;\n    }\n    const jsonReq = {\n        AuthFlow: 'USER_AUTH',\n        AuthParameters: authParameters,\n        ClientMetadata: clientMetadata,\n        ClientId: userPoolClientId,\n        UserContextData,\n    };\n    if (session) {\n        jsonReq.Session = session;\n    }\n    const initiateAuth = createInitiateAuthClient({\n        endpointResolver: createCognitoUserPoolEndpointResolver({\n            endpointOverride: userPoolEndpoint,\n        }),\n    });\n    const response = await initiateAuth({\n        region: getRegionFromUserPoolId(userPoolId),\n        userAgentValue: getAuthUserAgentValue(AuthAction.SignIn),\n    }, jsonReq);\n    // Set the active username immediately after successful authentication attempt\n    // If a user starts a new sign-in while another sign-in is incomplete,\n    // this ensures we're tracking the correct user for subsequent auth challenges.\n    setActiveSignInUsername(username);\n    return response;\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AACA;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAe,kBAAkB,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,GAAG,EAAE;AAC1I,IAAI,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,MAAM;AACrE,IAAI,MAAM,eAAe,GAAG,kBAAkB,CAAC;AAC/C,QAAQ,QAAQ;AAChB,QAAQ,UAAU;AAClB,QAAQ,gBAAgB;AACxB,KAAK,CAAC;AACN,IAAI,MAAM,cAAc,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE;AACjD,IAAI,IAAI,kBAAkB,EAAE;AAC5B;AACA;AACA,QAAQ,IAAI,MAAM,CAAC,YAAY,EAAE;AACjC,YAAY,MAAM,kBAAkB,GAAG,CAAC,kBAAkB,KAAK,WAAW;AAC1E,gBAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,eAAe;AACpD,iBAAiB,kBAAkB,KAAK,SAAS;AACjD,oBAAoB,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC;AACvD,iBAAiB,kBAAkB,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC;AACrF,YAAY,IAAI,kBAAkB,EAAE;AACpC,gBAAgB,qBAAqB,CAAC,KAAK,EAAE,uBAAuB,CAAC,yBAAyB,CAAC;AAC/F,YAAY;AACZ,QAAQ;AACR,QAAQ,IAAI,kBAAkB,KAAK,cAAc,EAAE;AACnD,YAAY,qBAAqB,CAAC,CAAC,CAAC,QAAQ,EAAE,uBAAuB,CAAC,mBAAmB,CAAC;AAC1F,YAAY,OAAO,iBAAiB,CAAC;AACrC,gBAAgB,QAAQ;AACxB,gBAAgB,QAAQ;AACxB,gBAAgB,cAAc;AAC9B,gBAAgB,MAAM;AACtB,gBAAgB,iBAAiB;AACjC,gBAAgB,QAAQ,EAAE,WAAW;AACrC,gBAAgB,kBAAkB;AAClC,aAAa,CAAC;AACd,QAAQ;AACR,QAAQ,IAAI,kBAAkB,KAAK,UAAU,EAAE;AAC/C,YAAY,qBAAqB,CAAC,CAAC,CAAC,QAAQ,EAAE,uBAAuB,CAAC,mBAAmB,CAAC;AAC1F,YAAY,cAAc,CAAC,QAAQ,GAAG,QAAQ;AAC9C,QAAQ;AACR,QAAQ,cAAc,CAAC,mBAAmB,GAAG,kBAAkB;AAC/D,IAAI;AACJ,IAAI,MAAM,OAAO,GAAG;AACpB,QAAQ,QAAQ,EAAE,WAAW;AAC7B,QAAQ,cAAc,EAAE,cAAc;AACtC,QAAQ,cAAc,EAAE,cAAc;AACtC,QAAQ,QAAQ,EAAE,gBAAgB;AAClC,QAAQ,eAAe;AACvB,KAAK;AACL,IAAI,IAAI,OAAO,EAAE;AACjB,QAAQ,OAAO,CAAC,OAAO,GAAG,OAAO;AACjC,IAAI;AACJ,IAAI,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAClD,QAAQ,gBAAgB,EAAE,qCAAqC,CAAC;AAChE,YAAY,gBAAgB,EAAE,gBAAgB;AAC9C,SAAS,CAAC;AACV,KAAK,CAAC;AACN,IAAI,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC;AACxC,QAAQ,MAAM,EAAE,uBAAuB,CAAC,UAAU,CAAC;AACnD,QAAQ,cAAc,EAAE,qBAAqB,CAAC,UAAU,CAAC,MAAM,CAAC;AAChE,KAAK,EAAE,OAAO,CAAC;AACf;AACA;AACA;AACA,IAAI,uBAAuB,CAAC,QAAQ,CAAC;AACrC,IAAI,OAAO,QAAQ;AACnB;;;;"}