{"version":3,"file":"completeOAuthFlow.mjs","sources":["../../../../../../src/providers/cognito/utils/oauth/completeOAuthFlow.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { AMPLIFY_SYMBOL, AmplifyUrl, USER_AGENT_HEADER, urlSafeDecode, } from '@aws-amplify/core/internals/utils';\nimport { Hub, decodeJWT } from '@aws-amplify/core';\nimport { cacheCognitoTokens } from '../../tokenProvider/cacheTokens';\nimport { dispatchSignedInHubEvent } from '../dispatchSignedInHubEvent';\nimport { tokenOrchestrator } from '../../tokenProvider';\nimport { createOAuthError } from './createOAuthError';\nimport { resolveAndClearInflightPromises } from './inflightPromise';\nimport { validateState } from './validateState';\nimport { oAuthStore } from './oAuthStore';\nexport const completeOAuthFlow = async ({ currentUrl, userAgentValue, clientId, redirectUri, responseType, domain, preferPrivateSession, }) => {\n    const urlParams = new AmplifyUrl(currentUrl);\n    const error = urlParams.searchParams.get('error');\n    const errorMessage = urlParams.searchParams.get('error_description');\n    if (error) {\n        throw createOAuthError(errorMessage ?? error);\n    }\n    if (responseType === 'code') {\n        return handleCodeFlow({\n            currentUrl,\n            userAgentValue,\n            clientId,\n            redirectUri,\n            domain,\n            preferPrivateSession,\n        });\n    }\n    return handleImplicitFlow({\n        currentUrl,\n        redirectUri,\n        preferPrivateSession,\n    });\n};\nconst handleCodeFlow = async ({ currentUrl, userAgentValue, clientId, redirectUri, domain, preferPrivateSession, }) => {\n    /* Convert URL into an object with parameters as keys\n{ redirect_uri: 'http://localhost:3000/', response_type: 'code', ...} */\n    const url = new AmplifyUrl(currentUrl);\n    const code = url.searchParams.get('code');\n    const state = url.searchParams.get('state');\n    // if `code` or `state` is not presented in the redirect url, most likely\n    // that the end user cancelled the inflight oauth flow by:\n    // 1. clicking the back button of browser\n    // 2. closing the provider hosted UI page and coming back to the app\n    if (!code || !state) {\n        throw createOAuthError('User cancelled OAuth flow.');\n    }\n    // may throw error is being caught in attemptCompleteOAuthFlow.ts\n    const validatedState = await validateState(state);\n    const oAuthTokenEndpoint = 'https://' + domain + '/oauth2/token';\n    // TODO(v6): check hub events\n    // dispatchAuthEvent(\n    // \t'codeFlow',\n    // \t{},\n    // \t`Retrieving tokens from ${oAuthTokenEndpoint}`\n    // );\n    const codeVerifier = await oAuthStore.loadPKCE();\n    const oAuthTokenBody = {\n        grant_type: 'authorization_code',\n        code,\n        client_id: clientId,\n        redirect_uri: redirectUri,\n        ...(codeVerifier ? { code_verifier: codeVerifier } : {}),\n    };\n    const body = Object.entries(oAuthTokenBody)\n        .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)\n        .join('&');\n    const { access_token, refresh_token: refreshToken, id_token, error, error_message: errorMessage, token_type, expires_in, } = await (await fetch(oAuthTokenEndpoint, {\n        method: 'POST',\n        headers: {\n            'Content-Type': 'application/x-www-form-urlencoded',\n            [USER_AGENT_HEADER]: userAgentValue,\n        },\n        body,\n    })).json();\n    if (error) {\n        // error is being caught in attemptCompleteOAuthFlow.ts\n        throw createOAuthError(errorMessage ?? error);\n    }\n    const username = (access_token && decodeJWT(access_token).payload.username) ?? 'username';\n    await cacheCognitoTokens({\n        username,\n        AccessToken: access_token,\n        IdToken: id_token,\n        RefreshToken: refreshToken,\n        TokenType: token_type,\n        ExpiresIn: expires_in,\n    });\n    return completeFlow({\n        redirectUri,\n        state: validatedState,\n        preferPrivateSession,\n    });\n};\nconst handleImplicitFlow = async ({ currentUrl, redirectUri, preferPrivateSession, }) => {\n    // hash is `null` if `#` doesn't exist on URL\n    const url = new AmplifyUrl(currentUrl);\n    const { id_token, access_token, state, token_type, expires_in, error_description, error, } = (url.hash ?? '#')\n        .substring(1) // Remove # from returned code\n        .split('&')\n        .map(pairings => pairings.split('='))\n        .reduce((accum, [k, v]) => ({ ...accum, [k]: v }), {\n        id_token: undefined,\n        access_token: undefined,\n        state: undefined,\n        token_type: undefined,\n        expires_in: undefined,\n        error_description: undefined,\n        error: undefined,\n    });\n    if (error) {\n        throw createOAuthError(error_description ?? error);\n    }\n    if (!access_token) {\n        // error is being caught in attemptCompleteOAuthFlow.ts\n        throw createOAuthError('No access token returned from OAuth flow.');\n    }\n    const validatedState = await validateState(state);\n    const username = (access_token && decodeJWT(access_token).payload.username) ?? 'username';\n    await cacheCognitoTokens({\n        username,\n        AccessToken: access_token,\n        IdToken: id_token,\n        TokenType: token_type,\n        ExpiresIn: expires_in,\n    });\n    return completeFlow({\n        redirectUri,\n        state: validatedState,\n        preferPrivateSession,\n    });\n};\nconst completeFlow = async ({ redirectUri, state, preferPrivateSession, }) => {\n    await tokenOrchestrator.setOAuthMetadata({\n        oauthSignIn: true,\n    });\n    await oAuthStore.clearOAuthData();\n    await oAuthStore.storeOAuthSignIn(true, preferPrivateSession);\n    // this should be called before any call that involves `fetchAuthSession`\n    // e.g. `getCurrentUser()` below, so it allows every inflight async calls to\n    //  `fetchAuthSession` can be resolved\n    resolveAndClearInflightPromises();\n    // clear history before sending out final Hub events\n    clearHistory(redirectUri);\n    if (isCustomState(state)) {\n        Hub.dispatch('auth', {\n            event: 'customOAuthState',\n            data: urlSafeDecode(getCustomState(state)),\n        }, 'Auth', AMPLIFY_SYMBOL);\n    }\n    Hub.dispatch('auth', { event: 'signInWithRedirect' }, 'Auth', AMPLIFY_SYMBOL);\n    await dispatchSignedInHubEvent();\n};\nconst isCustomState = (state) => {\n    return /-/.test(state);\n};\nconst getCustomState = (state) => {\n    return state.split('-').splice(1).join('-');\n};\nconst clearHistory = (redirectUri) => {\n    if (typeof window !== 'undefined' && typeof window.history !== 'undefined') {\n        window.history.replaceState(window.history.state, '', redirectUri);\n    }\n};\n"],"names":[],"mappings":";;;;;;;;;;;;AAAA;AACA;AAUY,MAAC,iBAAiB,GAAG,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,oBAAoB,GAAG,KAAK;AAC/I,IAAI,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC;AAChD,IAAI,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AACrD,IAAI,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC;AACxE,IAAI,IAAI,KAAK,EAAE;AACf,QAAQ,MAAM,gBAAgB,CAAC,YAAY,IAAI,KAAK,CAAC;AACrD,IAAI;AACJ,IAAI,IAAI,YAAY,KAAK,MAAM,EAAE;AACjC,QAAQ,OAAO,cAAc,CAAC;AAC9B,YAAY,UAAU;AACtB,YAAY,cAAc;AAC1B,YAAY,QAAQ;AACpB,YAAY,WAAW;AACvB,YAAY,MAAM;AAClB,YAAY,oBAAoB;AAChC,SAAS,CAAC;AACV,IAAI;AACJ,IAAI,OAAO,kBAAkB,CAAC;AAC9B,QAAQ,UAAU;AAClB,QAAQ,WAAW;AACnB,QAAQ,oBAAoB;AAC5B,KAAK,CAAC;AACN;AACA,MAAM,cAAc,GAAG,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,oBAAoB,GAAG,KAAK;AACvH;AACA;AACA,IAAI,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC;AAC1C,IAAI,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;AAC7C,IAAI,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AAC/C;AACA;AACA;AACA;AACA,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE;AACzB,QAAQ,MAAM,gBAAgB,CAAC,4BAA4B,CAAC;AAC5D,IAAI;AACJ;AACA,IAAI,MAAM,cAAc,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC;AACrD,IAAI,MAAM,kBAAkB,GAAG,UAAU,GAAG,MAAM,GAAG,eAAe;AACpE;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,QAAQ,EAAE;AACpD,IAAI,MAAM,cAAc,GAAG;AAC3B,QAAQ,UAAU,EAAE,oBAAoB;AACxC,QAAQ,IAAI;AACZ,QAAQ,SAAS,EAAE,QAAQ;AAC3B,QAAQ,YAAY,EAAE,WAAW;AACjC,QAAQ,IAAI,YAAY,GAAG,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;AAChE,KAAK;AACL,IAAI,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc;AAC9C,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5E,SAAS,IAAI,CAAC,GAAG,CAAC;AAClB,IAAI,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,GAAG,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,kBAAkB,EAAE;AACxK,QAAQ,MAAM,EAAE,MAAM;AACtB,QAAQ,OAAO,EAAE;AACjB,YAAY,cAAc,EAAE,mCAAmC;AAC/D,YAAY,CAAC,iBAAiB,GAAG,cAAc;AAC/C,SAAS;AACT,QAAQ,IAAI;AACZ,KAAK,CAAC,EAAE,IAAI,EAAE;AACd,IAAI,IAAI,KAAK,EAAE;AACf;AACA,QAAQ,MAAM,gBAAgB,CAAC,YAAY,IAAI,KAAK,CAAC;AACrD,IAAI;AACJ,IAAI,MAAM,QAAQ,GAAG,CAAC,YAAY,IAAI,SAAS,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU;AAC7F,IAAI,MAAM,kBAAkB,CAAC;AAC7B,QAAQ,QAAQ;AAChB,QAAQ,WAAW,EAAE,YAAY;AACjC,QAAQ,OAAO,EAAE,QAAQ;AACzB,QAAQ,YAAY,EAAE,YAGlB,CAAC,CAAC;AACN,IAAI,OAAO,YAAY,CAAC;AACxB,QAAQ,WAAW;AACnB,QAAQ,KAAK,EAAE,cAAc;AAC7B,QAAQ,oBAAoB;AAC5B,KAAK,CAAC;AACN,CAAC;AACD,MAAM,kBAAkB,GAAG,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,oBAAoB,GAAG,KAAK;AACzF;AACA,IAAI,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC;AAC1C,IAAI,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG;AACjH,SAAS,SAAS,CAAC,CAAC,CAAC;AACrB,SAAS,KAAK,CAAC,GAAG;AAClB,SAAS,GAAG,CAAC,QAAQ,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AAC5C,SAAS,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;AAC3D,QAAQ,QAAQ,EAAE,SAAS;AAC3B,QAAQ,YAAY,EAAE,SAAS;AAC/B,QAAQ,KAAK,EAAE,SAAS;AACxB,QAAQ,UAAU,EAAE,SAAS;AAC7B,QAAQ,UAAU,EAAE,SAAS;AAC7B,QAAQ,iBAAiB,EAAE,SAAS;AACpC,QAAQ,KAAK,EAAE,SAAS;AACxB,KAAK,CAAC;AACN,IAAI,IAAI,KAAK,EAAE;AACf,QAAQ,MAAM,gBAAgB,CAAC,iBAAiB,IAAI,KAAK,CAAC;AAC1D,IAAI;AACJ,IAAI,IAAI,CAAC,YAAY,EAAE;AACvB;AACA,QAAQ,MAAM,gBAAgB,CAAC,2CAA2C,CAAC;AAC3E,IAAI;AACJ,IAAI,MAAM,cAAc,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC;AACrD,IAAI,MAAM,QAAQ,GAAG,CAAC,YAAY,IAAI,SAAS,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU;AAC7F,IAAI,MAAM,kBAAkB,CAAC;AAC7B,QAAQ,QAAQ;AAChB,QAAQ,WAAW,EAAE,YAAY;AACjC,QAAQ,OAAO,EAAE,QAGb,CAAC,CAAC;AACN,IAAI,OAAO,YAAY,CAAC;AACxB,QAAQ,WAAW;AACnB,QAAQ,KAAK,EAAE,cAAc;AAC7B,QAAQ,oBAAoB;AAC5B,KAAK,CAAC;AACN,CAAC;AACD,MAAM,YAAY,GAAG,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,oBAAoB,GAAG,KAAK;AAC9E,IAAI,MAAM,iBAAiB,CAAC,gBAAgB,CAAC;AAC7C,QAAQ,WAAW,EAAE,IAAI;AACzB,KAAK,CAAC;AACN,IAAI,MAAM,UAAU,CAAC,cAAc,EAAE;AACrC,IAAI,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,EAAE,oBAAoB,CAAC;AACjE;AACA;AACA;AACA,IAAI,+BAA+B,EAAE;AACrC;AACA,IAAI,YAAY,CAAC,WAAW,CAAC;AAC7B,IAAI,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE;AAC9B,QAAQ,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE;AAC7B,YAAY,KAAK,EAAE,kBAAkB;AACrC,YAAY,IAAI,EAAE,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;AACtD,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC;AAClC,IAAI;AACJ,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,MAAM,EAAE,cAAc,CAAC;AACjF,IAAI,MAAM,wBAAwB,EAAE;AACpC,CAAC;AACD,MAAM,aAAa,GAAG,CAAC,KAAK,KAAK;AACjC,IAAI,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC;AAC1B,CAAC;AACD,MAAM,cAAc,GAAG,CAAC,KAAK,KAAK;AAClC,IAAI,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;AAC/C,CAAC;AACD,MAAM,YAAY,GAAG,CAAC,WAAW,KAAK;AACtC,IAAI,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE;AAChF,QAAQ,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC;AAC1E,IAAI;AACJ,CAAC;;;;"}