{"version":3,"file":"signInWithRedirect.mjs","sources":["../../../../../src/providers/cognito/apis/signInWithRedirect.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { Amplify } from '@aws-amplify/core';\nimport { AuthAction, assertOAuthConfig, assertTokenProviderConfig, isBrowser, urlSafeEncode, } from '@aws-amplify/core/internals/utils';\nimport '../utils/oauth/enableOAuthListener';\nimport { cognitoHostedUIIdentityProviderMap } from '../types/models';\nimport { openAuthSession as _openAuthSession, getAuthUserAgentValue, } from '../../../utils';\nimport { assertUserNotAuthenticated } from '../utils/signInHelpers';\nimport { completeOAuthFlow, generateCodeVerifier, generateState, getRedirectUrl, handleFailure, oAuthStore, } from '../utils/oauth';\nimport { createOAuthError } from '../utils/oauth/createOAuthError';\nimport { listenForOAuthFlowCancellation } from '../utils/oauth/cancelOAuthFlow';\n/**\n * Signs in a user with OAuth. Redirects the application to an Identity Provider.\n *\n * @param input - The SignInWithRedirectInput object, if empty it will redirect to Cognito HostedUI\n *\n * @throws AuthTokenConfigException - Thrown when the user pool config is invalid.\n * @throws OAuthNotConfigureException - Thrown when the oauth config is invalid.\n */\nexport async function signInWithRedirect(input) {\n    const authConfig = Amplify.getConfig().Auth?.Cognito;\n    assertTokenProviderConfig(authConfig);\n    assertOAuthConfig(authConfig);\n    oAuthStore.setAuthConfig(authConfig);\n    if (!input?.options?.prompt) {\n        await assertUserNotAuthenticated();\n    }\n    let provider = 'COGNITO'; // Default\n    let idpIdentifier;\n    if (typeof input?.provider === 'string') {\n        provider = cognitoHostedUIIdentityProviderMap[input.provider];\n    }\n    else if (input?.provider?.custom) {\n        provider = input.provider.custom;\n    }\n    else if (input?.provider?.idpIdentifier) {\n        ({ idpIdentifier } = input.provider);\n    }\n    return oauthSignIn({\n        oauthConfig: authConfig.loginWith.oauth,\n        clientId: authConfig.userPoolClientId,\n        provider,\n        idpIdentifier,\n        customState: input?.customState,\n        preferPrivateSession: input?.options?.preferPrivateSession,\n        options: {\n            loginHint: input?.options?.loginHint,\n            lang: input?.options?.lang,\n            nonce: input?.options?.nonce,\n            prompt: input?.options?.prompt,\n        },\n        authSessionOpener: input?.options?.authSessionOpener,\n    });\n}\nconst oauthSignIn = async ({ oauthConfig, provider, idpIdentifier, clientId, customState, preferPrivateSession, options, authSessionOpener, }) => {\n    const { domain, redirectSignIn, responseType, scopes } = oauthConfig;\n    const { loginHint, lang, nonce, prompt } = options ?? {};\n    const randomState = generateState();\n    const openAuthSession = authSessionOpener || _openAuthSession;\n    /* encodeURIComponent is not URL safe, use urlSafeEncode instead. Cognito\n    single-encodes/decodes url on first sign in and double-encodes/decodes url\n    when user already signed in. Using encodeURIComponent, Base32, Base64 add\n    characters % or = which on further encoding becomes unsafe. '=' create issue\n    for parsing query params.\n    Refer: https://github.com/aws-amplify/amplify-js/issues/5218 */\n    const state = customState\n        ? `${randomState}-${urlSafeEncode(customState)}`\n        : randomState;\n    const { value, method, toCodeChallenge } = generateCodeVerifier(128);\n    const redirectUri = getRedirectUrl(oauthConfig.redirectSignIn);\n    if (isBrowser())\n        oAuthStore.storeOAuthInFlight(true);\n    oAuthStore.storeOAuthState(state);\n    oAuthStore.storePKCE(value);\n    const params = new URLSearchParams();\n    params.append('redirect_uri', redirectUri);\n    params.append('response_type', responseType);\n    params.append('client_id', clientId);\n    // Add either identity_provider or idp_identifier, but not both\n    if (idpIdentifier) {\n        params.append('idp_identifier', idpIdentifier);\n    }\n    else {\n        params.append('identity_provider', provider);\n    }\n    params.append('scope', scopes.join(' '));\n    loginHint && params.append('login_hint', loginHint);\n    lang && params.append('lang', lang);\n    nonce && params.append('nonce', nonce);\n    prompt && params.append('prompt', prompt.toLowerCase());\n    params.append('state', state);\n    if (responseType === 'code') {\n        params.append('code_challenge', toCodeChallenge());\n        params.append('code_challenge_method', method);\n    }\n    // Using URL object is not supported in React Native as the `search` property is read-only\n    // See: https://github.com/facebook/react-native/blob/main/packages/react-native/Libraries/Blob/URL.js\n    const oAuthUrl = `https://${domain}/oauth2/authorize?${params.toString()}`;\n    // this will only take effect in the following scenarios:\n    // 1. the user cancels the OAuth flow on web via back button, and\n    // 2. when bfcache is enabled\n    listenForOAuthFlowCancellation(oAuthStore);\n    // the following is effective only in react-native as openAuthSession resolves only in react-native\n    const { type, error, url } = (await openAuthSession(oAuthUrl, redirectSignIn, preferPrivateSession)) ??\n        {};\n    try {\n        if (type === 'error') {\n            throw createOAuthError(String(error));\n        }\n        if (type === 'canceled') {\n            throw createOAuthError(String(type));\n        }\n        if (type === 'success' && url) {\n            await completeOAuthFlow({\n                currentUrl: url,\n                clientId,\n                domain,\n                redirectUri,\n                responseType,\n                userAgentValue: getAuthUserAgentValue(AuthAction.SignInWithRedirect),\n                preferPrivateSession,\n            });\n        }\n    }\n    catch (err) {\n        await handleFailure(err);\n        // rethrow the error so it can be caught by `await signInWithRedirect()` in react-native\n        throw err;\n    }\n};\n"],"names":["openAuthSession","_openAuthSession"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAe,kBAAkB,CAAC,KAAK,EAAE;AAChD,IAAI,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,OAAO;AACxD,IAAI,yBAAyB,CAAC,UAAU,CAAC;AACzC,IAAI,iBAAiB,CAAC,UAAU,CAAC;AACjC,IAAI,UAAU,CAAC,aAAa,CAAC,UAAU,CAAC;AACxC,IAAI,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE;AACjC,QAAQ,MAAM,0BAA0B,EAAE;AAC1C,IAAI;AACJ,IAAI,IAAI,QAAQ,GAAG,SAAS,CAAC;AAC7B,IAAI,IAAI,aAAa;AACrB,IAAI,IAAI,OAAO,KAAK,EAAE,QAAQ,KAAK,QAAQ,EAAE;AAC7C,QAAQ,QAAQ,GAAG,kCAAkC,CAAC,KAAK,CAAC,QAAQ,CAAC;AACrE,IAAI;AACJ,SAAS,IAAI,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE;AACtC,QAAQ,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM;AACxC,IAAI;AACJ,SAAS,IAAI,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE;AAC7C,QAAQ,CAAC,EAAE,aAAa,EAAE,GAAG,KAAK,CAAC,QAAQ;AAC3C,IAAI;AACJ,IAAI,OAAO,WAAW,CAAC;AACvB,QAAQ,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,KAAK;AAC/C,QAAQ,QAAQ,EAAE,UAAU,CAAC,gBAAgB;AAC7C,QAAQ,QAAQ;AAChB,QAAQ,aAAa;AACrB,QAAQ,WAAW,EAAE,KAAK,EAAE,WAAW;AACvC,QAAQ,oBAAoB,EAAE,KAAK,EAAE,OAAO,EAAE,oBAAoB;AAClE,QAAQ,OAAO,EAAE;AACjB,YAAY,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS;AAChD,YAAY,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI;AACtC,YAAY,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AACxC,YAAY,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM;AAC1C,SAAS;AACT,QAAQ,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,iBAAiB;AAC5D,KAAK,CAAC;AACN;AACA,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE,OAAO,EAAE,iBAAiB,GAAG,KAAK;AAClJ,IAAI,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,WAAW;AACxE,IAAI,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,IAAI,EAAE;AAC5D,IAAI,MAAM,WAAW,GAAG,aAAa,EAAE;AACvC,IAAI,MAAMA,iBAAe,GAAG,iBAAiB,IAAIC,eAAgB;AACjE;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,KAAK,GAAG;AAClB,UAAU,CAAC,EAAE,WAAW,CAAC,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;AACvD,UAAU,WAAW;AACrB,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,oBAAoB,CAAC,GAAG,CAAC;AACxE,IAAI,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,cAAc,CAAC;AAClE,IAAI,IAAI,SAAS,EAAE;AACnB,QAAQ,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC;AAC3C,IAAI,UAAU,CAAC,eAAe,CAAC,KAAK,CAAC;AACrC,IAAI,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC;AAC/B,IAAI,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE;AACxC,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC;AAC9C,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,CAAC;AAChD,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC;AACxC;AACA,IAAI,IAAI,aAAa,EAAE;AACvB,QAAQ,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,CAAC;AACtD,IAAI;AACJ,SAAS;AACT,QAAQ,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,QAAQ,CAAC;AACpD,IAAI;AACJ,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5C,IAAI,SAAS,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC;AACvD,IAAI,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;AACvC,IAAI,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC;AAC1C,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;AAC3D,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC;AACjC,IAAI,IAAI,YAAY,KAAK,MAAM,EAAE;AACjC,QAAQ,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,eAAe,EAAE,CAAC;AAC1D,QAAQ,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC;AACtD,IAAI;AACJ;AACA;AACA,IAAI,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC9E;AACA;AACA;AACA,IAAI,8BAA8B,CAAC,UAAU,CAAC;AAC9C;AACA,IAAI,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,MAAMD,iBAAe,CAAC,QAAQ,EAAE,cAAc,EAAE,oBAAoB,CAAC;AACvG,QAAQ,EAAE;AACV,IAAI,IAAI;AACR,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE;AAC9B,YAAY,MAAM,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjD,QAAQ;AACR,QAAQ,IAAI,IAAI,KAAK,UAAU,EAAE;AACjC,YAAY,MAAM,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAChD,QAAQ;AACR,QAAQ,IAAI,IAAI,KAAK,SAAS,IAAI,GAAG,EAAE;AACvC,YAAY,MAAM,iBAAiB,CAAC;AACpC,gBAAgB,UAAU,EAAE,GAAG;AAC/B,gBAAgB,QAAQ;AACxB,gBAAgB,MAAM;AACtB,gBAAgB,WAAW;AAC3B,gBAAgB,YAAY;AAC5B,gBAAgB,cAAc,EAAE,qBAAqB,CAAC,UAAU,CAAC,kBAAkB,CAAC;AACpF,gBAAgB,oBAAoB;AACpC,aAAa,CAAC;AACd,QAAQ;AACR,IAAI;AACJ,IAAI,OAAO,GAAG,EAAE;AAChB,QAAQ,MAAM,aAAa,CAAC,GAAG,CAAC;AAChC;AACA,QAAQ,MAAM,GAAG;AACjB,IAAI;AACJ,CAAC;;;;"}