{"version":3,"file":"credentialsProvider.mjs","sources":["../../../../../src/providers/cognito/credentialsProvider/credentialsProvider.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { ConsoleLogger, createGetCredentialsForIdentityClient, } from '@aws-amplify/core';\nimport { assertIdentityPoolIdConfig, } from '@aws-amplify/core/internals/utils';\nimport { AuthError } from '../../../errors/AuthError';\nimport { assertServiceError } from '../../../errors/utils/assertServiceError';\nimport { getRegionFromIdentityPoolId } from '../../../foundation/parsers';\nimport { assertIdTokenInAuthTokens } from '../utils/types';\nimport { createCognitoIdentityPoolEndpointResolver } from '../factories';\nimport { cognitoIdentityIdProvider } from './IdentityIdProvider';\nimport { formLoginsMap } from './utils';\nconst logger = new ConsoleLogger('CognitoCredentialsProvider');\nconst CREDENTIALS_TTL = 50 * 60 * 1000; // 50 min, can be modified on config if required in the future\nexport class CognitoAWSCredentialsAndIdentityIdProvider {\n constructor(identityIdStore) {\n this._nextCredentialsRefresh = 0;\n this._identityIdStore = identityIdStore;\n }\n async clearCredentialsAndIdentityId() {\n logger.debug('Clearing out credentials and identityId');\n this._credentialsAndIdentityId = undefined;\n await this._identityIdStore.clearIdentityId();\n }\n async clearCredentials() {\n logger.debug('Clearing out in-memory credentials');\n this._credentialsAndIdentityId = undefined;\n }\n async getCredentialsAndIdentityId(getCredentialsOptions) {\n const isAuthenticated = getCredentialsOptions.authenticated;\n const { tokens } = getCredentialsOptions;\n const { authConfig } = getCredentialsOptions;\n try {\n assertIdentityPoolIdConfig(authConfig?.Cognito);\n }\n catch {\n // No identity pool configured, skipping\n return;\n }\n if (!isAuthenticated && !authConfig.Cognito.allowGuestAccess) {\n // TODO(V6): return partial result like Native platforms\n return;\n }\n const { forceRefresh } = getCredentialsOptions;\n const tokenHasChanged = this.hasTokenChanged(tokens);\n const identityId = await cognitoIdentityIdProvider({\n tokens,\n authConfig: authConfig.Cognito,\n identityIdStore: this._identityIdStore,\n });\n // Clear cached credentials when forceRefresh is true OR the cache token has changed\n if (forceRefresh || tokenHasChanged) {\n this.clearCredentials();\n }\n if (!isAuthenticated) {\n return this.getGuestCredentials(identityId, authConfig.Cognito);\n }\n else {\n assertIdTokenInAuthTokens(tokens);\n return this.credsForOIDCTokens(authConfig.Cognito, tokens, identityId);\n }\n }\n async getGuestCredentials(identityId, authConfig) {\n // Return existing in-memory cached credentials only if it exists, is not past it's lifetime and is unauthenticated credentials\n if (this._credentialsAndIdentityId &&\n !this.isPastTTL() &&\n this._credentialsAndIdentityId.isAuthenticatedCreds === false) {\n logger.info('returning stored credentials as they neither past TTL nor expired.');\n return this._credentialsAndIdentityId;\n }\n // Clear to discard if any authenticated credentials are set and start with a clean slate\n this.clearCredentials();\n const region = getRegionFromIdentityPoolId(authConfig.identityPoolId);\n const getCredentialsForIdentity = createGetCredentialsForIdentityClient({\n endpointResolver: createCognitoIdentityPoolEndpointResolver({\n endpointOverride: authConfig.identityPoolEndpoint,\n }),\n });\n // use identityId to obtain guest credentials\n // save credentials in-memory\n // No logins params should be passed for guest creds:\n // https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html\n let clientResult;\n try {\n clientResult = await getCredentialsForIdentity({ region }, {\n IdentityId: identityId,\n });\n }\n catch (e) {\n assertServiceError(e);\n throw new AuthError(e);\n }\n if (clientResult?.Credentials?.AccessKeyId &&\n clientResult?.Credentials?.SecretKey) {\n this._nextCredentialsRefresh = new Date().getTime() + CREDENTIALS_TTL;\n const res = {\n credentials: {\n accessKeyId: clientResult.Credentials.AccessKeyId,\n secretAccessKey: clientResult.Credentials.SecretKey,\n sessionToken: clientResult.Credentials.SessionToken,\n expiration: clientResult.Credentials.Expiration,\n },\n identityId,\n };\n if (clientResult.IdentityId) {\n res.identityId = clientResult.IdentityId;\n this._identityIdStore.storeIdentityId({\n id: clientResult.IdentityId,\n type: 'guest',\n });\n }\n this._credentialsAndIdentityId = {\n ...res,\n isAuthenticatedCreds: false,\n };\n return res;\n }\n else {\n throw new AuthError({\n name: 'CredentialsNotFoundException',\n message: `Cognito did not respond with either Credentials, AccessKeyId or SecretKey.`,\n });\n }\n }\n async credsForOIDCTokens(authConfig, authTokens, identityId) {\n if (this._credentialsAndIdentityId &&\n !this.isPastTTL() &&\n this._credentialsAndIdentityId.isAuthenticatedCreds === true) {\n logger.debug('returning stored credentials as they neither past TTL nor expired.');\n return this._credentialsAndIdentityId;\n }\n // Clear to discard if any unauthenticated credentials are set and start with a clean slate\n this.clearCredentials();\n const logins = authTokens.idToken\n ? formLoginsMap(authTokens.idToken.toString())\n : {};\n const region = getRegionFromIdentityPoolId(authConfig.identityPoolId);\n const getCredentialsForIdentity = createGetCredentialsForIdentityClient({\n endpointResolver: createCognitoIdentityPoolEndpointResolver({\n endpointOverride: authConfig.identityPoolEndpoint,\n }),\n });\n let clientResult;\n try {\n clientResult = await getCredentialsForIdentity({ region }, {\n IdentityId: identityId,\n Logins: logins,\n });\n }\n catch (e) {\n assertServiceError(e);\n throw new AuthError(e);\n }\n if (clientResult?.Credentials?.AccessKeyId &&\n clientResult?.Credentials?.SecretKey) {\n this._nextCredentialsRefresh = new Date().getTime() + CREDENTIALS_TTL;\n const res = {\n credentials: {\n accessKeyId: clientResult.Credentials.AccessKeyId,\n secretAccessKey: clientResult.Credentials.SecretKey,\n sessionToken: clientResult.Credentials.SessionToken,\n expiration: clientResult.Credentials.Expiration,\n },\n identityId,\n };\n if (clientResult.IdentityId) {\n res.identityId = clientResult.IdentityId;\n // note: the following call removes guest identityId from the persistent store (localStorage)\n this._identityIdStore.storeIdentityId({\n id: clientResult.IdentityId,\n type: 'primary',\n });\n }\n // Store the credentials in-memory along with the expiration\n this._credentialsAndIdentityId = {\n ...res,\n isAuthenticatedCreds: true,\n associatedIdToken: authTokens.idToken?.toString(),\n };\n return res;\n }\n else {\n throw new AuthError({\n name: 'CredentialsException',\n message: `Cognito did not respond with either Credentials, AccessKeyId or SecretKey.`,\n });\n }\n }\n isPastTTL() {\n return this._nextCredentialsRefresh === undefined\n ? true\n : this._nextCredentialsRefresh <= Date.now();\n }\n hasTokenChanged(tokens) {\n return (!!tokens &&\n !!this._credentialsAndIdentityId?.associatedIdToken &&\n tokens.idToken?.toString() !==\n this._credentialsAndIdentityId.associatedIdToken);\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;AAAA;AACA;AAUA,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,4BAA4B,CAAC;AAC9D,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAChC,MAAM,0CAA0C,CAAC;AACxD,IAAI,WAAW,CAAC,eAAe,EAAE;AACjC,QAAQ,IAAI,CAAC,uBAAuB,GAAG,CAAC;AACxC,QAAQ,IAAI,CAAC,gBAAgB,GAAG,eAAe;AAC/C,IAAI;AACJ,IAAI,MAAM,6BAA6B,GAAG;AAC1C,QAAQ,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC;AAC/D,QAAQ,IAAI,CAAC,yBAAyB,GAAG,SAAS;AAClD,QAAQ,MAAM,IAAI,CAAC,gBAAgB,CAAC,eAAe,EAAE;AACrD,IAAI;AACJ,IAAI,MAAM,gBAAgB,GAAG;AAC7B,QAAQ,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC;AAC1D,QAAQ,IAAI,CAAC,yBAAyB,GAAG,SAAS;AAClD,IAAI;AACJ,IAAI,MAAM,2BAA2B,CAAC,qBAAqB,EAAE;AAC7D,QAAQ,MAAM,eAAe,GAAG,qBAAqB,CAAC,aAAa;AACnE,QAAQ,MAAM,EAAE,MAAM,EAAE,GAAG,qBAAqB;AAChD,QAAQ,MAAM,EAAE,UAAU,EAAE,GAAG,qBAAqB;AACpD,QAAQ,IAAI;AACZ,YAAY,0BAA0B,CAAC,UAAU,EAAE,OAAO,CAAC;AAC3D,QAAQ;AACR,QAAQ,MAAM;AACd;AACA,YAAY;AACZ,QAAQ;AACR,QAAQ,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE;AACtE;AACA,YAAY;AACZ,QAAQ;AACR,QAAQ,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB;AACtD,QAAQ,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;AAC5D,QAAQ,MAAM,UAAU,GAAG,MAAM,yBAAyB,CAAC;AAC3D,YAAY,MAAM;AAClB,YAAY,UAAU,EAAE,UAAU,CAAC,OAAO;AAC1C,YAAY,eAAe,EAAE,IAAI,CAAC,gBAAgB;AAClD,SAAS,CAAC;AACV;AACA,QAAQ,IAAI,YAAY,IAAI,eAAe,EAAE;AAC7C,YAAY,IAAI,CAAC,gBAAgB,EAAE;AACnC,QAAQ;AACR,QAAQ,IAAI,CAAC,eAAe,EAAE;AAC9B,YAAY,OAAO,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,UAAU,CAAC,OAAO,CAAC;AAC3E,QAAQ;AACR,aAAa;AACb,YAAY,yBAAyB,CAAC,MAAM,CAAC;AAC7C,YAAY,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC;AAClF,QAAQ;AACR,IAAI;AACJ,IAAI,MAAM,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE;AACtD;AACA,QAAQ,IAAI,IAAI,CAAC,yBAAyB;AAC1C,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE;AAC7B,YAAY,IAAI,CAAC,yBAAyB,CAAC,oBAAoB,KAAK,KAAK,EAAE;AAC3E,YAAY,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC;AAC7F,YAAY,OAAO,IAAI,CAAC,yBAAyB;AACjD,QAAQ;AACR;AACA,QAAQ,IAAI,CAAC,gBAAgB,EAAE;AAC/B,QAAQ,MAAM,MAAM,GAAG,2BAA2B,CAAC,UAAU,CAAC,cAAc,CAAC;AAC7E,QAAQ,MAAM,yBAAyB,GAAG,qCAAqC,CAAC;AAChF,YAAY,gBAAgB,EAAE,yCAAyC,CAAC;AACxE,gBAAgB,gBAAgB,EAAE,UAAU,CAAC,oBAAoB;AACjE,aAAa,CAAC;AACd,SAAS,CAAC;AACV;AACA;AACA;AACA;AACA,QAAQ,IAAI,YAAY;AACxB,QAAQ,IAAI;AACZ,YAAY,YAAY,GAAG,MAAM,yBAAyB,CAAC,EAAE,MAAM,EAAE,EAAE;AACvE,gBAAgB,UAAU,EAAE,UAAU;AACtC,aAAa,CAAC;AACd,QAAQ;AACR,QAAQ,OAAO,CAAC,EAAE;AAClB,YAAY,kBAAkB,CAAC,CAAC,CAAC;AACjC,YAAY,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC;AAClC,QAAQ;AACR,QAAQ,IAAI,YAAY,EAAE,WAAW,EAAE,WAAW;AAClD,YAAY,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE;AAClD,YAAY,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe;AACjF,YAAY,MAAM,GAAG,GAAG;AACxB,gBAAgB,WAAW,EAAE;AAC7B,oBAAoB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,WAAW;AACrE,oBAAoB,eAAe,EAAE,YAAY,CAAC,WAAW,CAAC,SAAS;AACvE,oBAAoB,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC,YAAY;AACvE,oBAAoB,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU;AACnE,iBAAiB;AACjB,gBAAgB,UAAU;AAC1B,aAAa;AACb,YAAY,IAAI,YAAY,CAAC,UAAU,EAAE;AACzC,gBAAgB,GAAG,CAAC,UAAU,GAAG,YAAY,CAAC,UAAU;AACxD,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;AACtD,oBAAoB,EAAE,EAAE,YAAY,CAAC,UAAU;AAC/C,oBAAoB,IAAI,EAAE,OAAO;AACjC,iBAAiB,CAAC;AAClB,YAAY;AACZ,YAAY,IAAI,CAAC,yBAAyB,GAAG;AAC7C,gBAAgB,GAAG,GAAG;AACtB,gBAAgB,oBAAoB,EAAE,KAAK;AAC3C,aAAa;AACb,YAAY,OAAO,GAAG;AACtB,QAAQ;AACR,aAAa;AACb,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,8BAA8B;AACpD,gBAAgB,OAAO,EAAE,CAAC,0EAA0E,CAAC;AACrG,aAAa,CAAC;AACd,QAAQ;AACR,IAAI;AACJ,IAAI,MAAM,kBAAkB,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE;AACjE,QAAQ,IAAI,IAAI,CAAC,yBAAyB;AAC1C,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE;AAC7B,YAAY,IAAI,CAAC,yBAAyB,CAAC,oBAAoB,KAAK,IAAI,EAAE;AAC1E,YAAY,MAAM,CAAC,KAAK,CAAC,oEAAoE,CAAC;AAC9F,YAAY,OAAO,IAAI,CAAC,yBAAyB;AACjD,QAAQ;AACR;AACA,QAAQ,IAAI,CAAC,gBAAgB,EAAE;AAC/B,QAAQ,MAAM,MAAM,GAAG,UAAU,CAAC;AAClC,cAAc,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE;AACzD,cAAc,EAAE;AAChB,QAAQ,MAAM,MAAM,GAAG,2BAA2B,CAAC,UAAU,CAAC,cAAc,CAAC;AAC7E,QAAQ,MAAM,yBAAyB,GAAG,qCAAqC,CAAC;AAChF,YAAY,gBAAgB,EAAE,yCAAyC,CAAC;AACxE,gBAAgB,gBAAgB,EAAE,UAAU,CAAC,oBAAoB;AACjE,aAAa,CAAC;AACd,SAAS,CAAC;AACV,QAAQ,IAAI,YAAY;AACxB,QAAQ,IAAI;AACZ,YAAY,YAAY,GAAG,MAAM,yBAAyB,CAAC,EAAE,MAAM,EAAE,EAAE;AACvE,gBAAgB,UAAU,EAAE,UAAU;AACtC,gBAAgB,MAAM,EAAE,MAAM;AAC9B,aAAa,CAAC;AACd,QAAQ;AACR,QAAQ,OAAO,CAAC,EAAE;AAClB,YAAY,kBAAkB,CAAC,CAAC,CAAC;AACjC,YAAY,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC;AAClC,QAAQ;AACR,QAAQ,IAAI,YAAY,EAAE,WAAW,EAAE,WAAW;AAClD,YAAY,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE;AAClD,YAAY,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe;AACjF,YAAY,MAAM,GAAG,GAAG;AACxB,gBAAgB,WAAW,EAAE;AAC7B,oBAAoB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,WAAW;AACrE,oBAAoB,eAAe,EAAE,YAAY,CAAC,WAAW,CAAC,SAAS;AACvE,oBAAoB,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC,YAAY;AACvE,oBAAoB,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU;AACnE,iBAAiB;AACjB,gBAAgB,UAAU;AAC1B,aAAa;AACb,YAAY,IAAI,YAAY,CAAC,UAAU,EAAE;AACzC,gBAAgB,GAAG,CAAC,UAAU,GAAG,YAAY,CAAC,UAAU;AACxD;AACA,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;AACtD,oBAAoB,EAAE,EAAE,YAAY,CAAC,UAAU;AAC/C,oBAAoB,IAAI,EAAE,SAAS;AACnC,iBAAiB,CAAC;AAClB,YAAY;AACZ;AACA,YAAY,IAAI,CAAC,yBAAyB,GAAG;AAC7C,gBAAgB,GAAG,GAAG;AACtB,gBAAgB,oBAAoB,EAAE,IAAI;AAC1C,gBAAgB,iBAAiB,EAAE,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE;AACjE,aAAa;AACb,YAAY,OAAO,GAAG;AACtB,QAAQ;AACR,aAAa;AACb,YAAY,MAAM,IAAI,SAAS,CAAC;AAChC,gBAAgB,IAAI,EAAE,sBAAsB;AAC5C,gBAAgB,OAAO,EAAE,CAAC,0EAA0E,CAAC;AACrG,aAAa,CAAC;AACd,QAAQ;AACR,IAAI;AACJ,IAAI,SAAS,GAAG;AAChB,QAAQ,OAAO,IAAI,CAAC,uBAAuB,KAAK;AAChD,cAAc;AACd,cAAc,IAAI,CAAC,uBAAuB,IAAI,IAAI,CAAC,GAAG,EAAE;AACxD,IAAI;AACJ,IAAI,eAAe,CAAC,MAAM,EAAE;AAC5B,QAAQ,QAAQ,CAAC,CAAC,MAAM;AACxB,YAAY,CAAC,CAAC,IAAI,CAAC,yBAAyB,EAAE,iBAAiB;AAC/D,YAAY,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE;AACtC,gBAAgB,IAAI,CAAC,yBAAyB,CAAC,iBAAiB;AAChE,IAAI;AACJ;;;;"}