1 | import { StrictUnion } from '../../types';
|
2 | import { AtLeastOne } from '../types';
|
3 | interface JwtPayloadStandardFields {
|
4 | exp?: number;
|
5 | iss?: string;
|
6 | aud?: string | string[];
|
7 | nbf?: number;
|
8 | iat?: number;
|
9 | scope?: string;
|
10 | jti?: string;
|
11 | sub?: string;
|
12 | }
|
13 | type JsonPrimitive = null | string | number | boolean;
|
14 |
|
15 | type JsonArray = JsonPrimitive[];
|
16 |
|
17 | interface JsonObject {
|
18 | [x: string]: JsonPrimitive | JsonArray | JsonObject;
|
19 | }
|
20 | export type JwtPayload = JwtPayloadStandardFields & JsonObject;
|
21 | export interface JWT {
|
22 | payload: JwtPayload;
|
23 | toString(): string;
|
24 | }
|
25 | export type JWTCreator = (stringJWT: string) => JWT;
|
26 | export interface AuthSession {
|
27 | tokens?: AuthTokens;
|
28 | credentials?: AWSCredentials;
|
29 | identityId?: string;
|
30 | userSub?: string;
|
31 | }
|
32 | export interface LibraryAuthOptions {
|
33 | tokenProvider?: TokenProvider;
|
34 | credentialsProvider?: CredentialsAndIdentityIdProvider;
|
35 | }
|
36 | export interface Identity {
|
37 | id: string;
|
38 | type: 'guest' | 'primary';
|
39 | }
|
40 | export interface CredentialsAndIdentityIdProvider {
|
41 | getCredentialsAndIdentityId(getCredentialsOptions: GetCredentialsOptions): Promise<CredentialsAndIdentityId | undefined>;
|
42 | clearCredentialsAndIdentityId(): void;
|
43 | }
|
44 | export interface TokenProvider {
|
45 | getTokens({ forceRefresh, }?: {
|
46 | forceRefresh?: boolean;
|
47 | }): Promise<AuthTokens | null>;
|
48 | }
|
49 | export interface FetchAuthSessionOptions {
|
50 | forceRefresh?: boolean;
|
51 | }
|
52 | export interface AuthTokens {
|
53 | idToken?: JWT;
|
54 | accessToken: JWT;
|
55 | |
56 |
|
57 |
|
58 |
|
59 | signInDetails?: AWSAuthSignInDetails;
|
60 | }
|
61 | export type AuthStandardAttributeKey = 'address' | 'birthdate' | 'email_verified' | 'family_name' | 'gender' | 'given_name' | 'locale' | 'middle_name' | 'name' | 'nickname' | 'phone_number_verified' | 'picture' | 'preferred_username' | 'profile' | 'sub' | 'updated_at' | 'website' | 'zoneinfo' | AuthVerifiableAttributeKey;
|
62 | export type LegacyUserAttributeKey = Uppercase<AuthStandardAttributeKey>;
|
63 | export type AuthVerifiableAttributeKey = 'email' | 'phone_number';
|
64 | export type AuthConfigUserAttributes = Partial<Record<AuthStandardAttributeKey, {
|
65 | required: boolean;
|
66 | }>>;
|
67 | export type AuthConfig = AtLeastOne<CognitoProviderConfig>;
|
68 | export type CognitoProviderConfig = StrictUnion<AuthIdentityPoolConfig | AuthUserPoolConfig | AuthUserPoolAndIdentityPoolConfig>;
|
69 | export interface AuthIdentityPoolConfig {
|
70 | Cognito: CognitoIdentityPoolConfig & {
|
71 | userPoolClientId?: never;
|
72 | userPoolId?: never;
|
73 | userPoolEndpoint?: never;
|
74 | loginWith?: never;
|
75 | signUpVerificationMethod?: never;
|
76 | userAttributes?: never;
|
77 | mfa?: never;
|
78 | passwordFormat?: never;
|
79 | };
|
80 | }
|
81 | export interface CognitoIdentityPoolConfig {
|
82 | identityPoolId: string;
|
83 | allowGuestAccess?: boolean;
|
84 | }
|
85 | export interface AuthUserPoolConfig {
|
86 | Cognito: CognitoUserPoolConfig & {
|
87 | identityPoolId?: never;
|
88 | allowGuestAccess?: never;
|
89 | };
|
90 | }
|
91 | export type CognitoUserPoolConfigMfaStatus = 'on' | 'off' | 'optional';
|
92 | export interface CognitoUserPoolConfig {
|
93 | userPoolClientId: string;
|
94 | userPoolId: string;
|
95 | userPoolEndpoint?: string;
|
96 | signUpVerificationMethod?: 'code' | 'link';
|
97 | loginWith?: {
|
98 | oauth?: OAuthConfig;
|
99 | username?: boolean;
|
100 | email?: boolean;
|
101 | phone?: boolean;
|
102 | };
|
103 | userAttributes?: AuthConfigUserAttributes;
|
104 | mfa?: {
|
105 | status?: CognitoUserPoolConfigMfaStatus;
|
106 | totpEnabled?: boolean;
|
107 | smsEnabled?: boolean;
|
108 | };
|
109 | passwordFormat?: {
|
110 | minLength?: number;
|
111 | requireLowercase?: boolean;
|
112 | requireUppercase?: boolean;
|
113 | requireNumbers?: boolean;
|
114 | requireSpecialCharacters?: boolean;
|
115 | };
|
116 | }
|
117 | export interface OAuthConfig {
|
118 | domain: string;
|
119 | scopes: OAuthScope[];
|
120 | redirectSignIn: string[];
|
121 | redirectSignOut: string[];
|
122 | responseType: 'code' | 'token';
|
123 | providers?: (OAuthProvider | CustomProvider)[];
|
124 | }
|
125 | export type OAuthProvider = 'Google' | 'Facebook' | 'Amazon' | 'Apple';
|
126 | interface CustomProvider {
|
127 | custom: string;
|
128 | }
|
129 | type CustomScope = string & NonNullable<unknown>;
|
130 | export type OAuthScope = 'email' | 'openid' | 'phone' | 'email' | 'profile' | 'aws.cognito.signin.user.admin' | CustomScope;
|
131 | export type CognitoUserPoolWithOAuthConfig = CognitoUserPoolConfig & {
|
132 | loginWith: {
|
133 | oauth: OAuthConfig;
|
134 | };
|
135 | };
|
136 | export interface AuthUserPoolAndIdentityPoolConfig {
|
137 | Cognito: CognitoUserPoolAndIdentityPoolConfig;
|
138 | }
|
139 | export type CognitoUserPoolAndIdentityPoolConfig = CognitoUserPoolConfig & CognitoIdentityPoolConfig;
|
140 | export type GetCredentialsOptions = GetCredentialsAuthenticatedUser | GetCredentialsUnauthenticatedUser;
|
141 | interface GetCredentialsAuthenticatedUser {
|
142 | authenticated: true;
|
143 | forceRefresh?: boolean;
|
144 | authConfig: AuthConfig | undefined;
|
145 | tokens: AuthTokens;
|
146 | }
|
147 | interface GetCredentialsUnauthenticatedUser {
|
148 | authenticated: false;
|
149 | forceRefresh?: boolean;
|
150 | authConfig: AuthConfig | undefined;
|
151 | tokens?: never;
|
152 | }
|
153 | export interface CredentialsAndIdentityId {
|
154 | credentials: AWSCredentials;
|
155 | identityId?: string;
|
156 | }
|
157 | export interface AWSCredentials {
|
158 | accessKeyId: string;
|
159 | secretAccessKey: string;
|
160 | sessionToken?: string;
|
161 | expiration?: Date;
|
162 | }
|
163 |
|
164 |
|
165 |
|
166 | interface AWSAuthSignInDetails {
|
167 | loginId?: string;
|
168 | authFlowType?: AuthFlowType;
|
169 | }
|
170 |
|
171 |
|
172 |
|
173 | type AuthFlowType = 'USER_SRP_AUTH' | 'CUSTOM_WITH_SRP' | 'CUSTOM_WITHOUT_SRP' | 'USER_PASSWORD_AUTH';
|
174 | export {};
|