@aws-sdk/token-providers
Advanced tools
Comparing version 3.185.0 to 3.186.0
@@ -6,2 +6,10 @@ # Change Log | ||
| # [3.186.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.185.0...v3.186.0) (2022-10-06) | ||
| **Note:** Version bump only for package @aws-sdk/token-providers | ||
| # [3.185.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.184.0...v3.185.0) (2022-10-05) | ||
@@ -8,0 +16,0 @@ |
@@ -1,2 +0,2 @@ | ||
| export const EXPIRE_WINDOW_MS = 5 * 60 * 1000; | ||
| export const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; | ||
| export var EXPIRE_WINDOW_MS = 5 * 60 * 1000; | ||
| export var REFRESH_MESSAGE = "To refresh this SSO session run 'aws sso login' with the corresponding profile."; |
@@ -0,1 +1,2 @@ | ||
| import { __assign, __awaiter, __generator, __values } from "tslib"; | ||
| import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
@@ -8,72 +9,103 @@ import { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { writeSSOTokenToFile } from "./writeSSOTokenToFile"; | ||
| const lastRefreshAttemptTime = new Date(0); | ||
| export const fromSso = (init = {}) => async () => { | ||
| const profiles = await parseKnownFiles(init); | ||
| const profileName = getProfileName(init); | ||
| const profile = profiles[profileName]; | ||
| if (!profile) { | ||
| throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); | ||
| } | ||
| else if (!profile["sso_session"]) { | ||
| throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); | ||
| } | ||
| const ssoSessionName = profile["sso_session"]; | ||
| const ssoSessions = await loadSsoSessionData(init); | ||
| const ssoSession = ssoSessions[ssoSessionName]; | ||
| if (!ssoSession) { | ||
| throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false); | ||
| } | ||
| for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { | ||
| if (!ssoSession[ssoSessionRequiredKey]) { | ||
| throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false); | ||
| } | ||
| } | ||
| const ssoStartUrl = ssoSession["sso_start_url"]; | ||
| const ssoRegion = ssoSession["sso_region"]; | ||
| let ssoToken; | ||
| try { | ||
| ssoToken = await getSSOTokenFromFile(ssoSessionName); | ||
| } | ||
| catch (e) { | ||
| throw new TokenProviderError(`The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}`, false); | ||
| } | ||
| validateTokenKey("accessToken", ssoToken.accessToken); | ||
| validateTokenKey("expiresAt", ssoToken.expiresAt); | ||
| const { accessToken, expiresAt } = ssoToken; | ||
| const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; | ||
| if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { | ||
| return existingToken; | ||
| } | ||
| if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) { | ||
| validateTokenExpiry(existingToken); | ||
| return existingToken; | ||
| } | ||
| validateTokenKey("clientId", ssoToken.clientId); | ||
| validateTokenKey("clientSecret", ssoToken.clientSecret); | ||
| validateTokenKey("refreshToken", ssoToken.refreshToken); | ||
| try { | ||
| lastRefreshAttemptTime.setTime(Date.now()); | ||
| const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion); | ||
| validateTokenKey("accessToken", newSsoOidcToken.accessToken); | ||
| validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); | ||
| const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000); | ||
| try { | ||
| await writeSSOTokenToFile(ssoSessionName, { | ||
| ...ssoToken, | ||
| accessToken: newSsoOidcToken.accessToken, | ||
| expiresAt: newTokenExpiration.toISOString(), | ||
| refreshToken: newSsoOidcToken.refreshToken, | ||
| }); | ||
| } | ||
| catch (error) { | ||
| } | ||
| return { | ||
| token: newSsoOidcToken.accessToken, | ||
| expiration: newTokenExpiration, | ||
| }; | ||
| } | ||
| catch (error) { | ||
| validateTokenExpiry(existingToken); | ||
| return existingToken; | ||
| } | ||
| var lastRefreshAttemptTime = new Date(0); | ||
| export var fromSso = function (init) { | ||
| if (init === void 0) { init = {}; } | ||
| return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
| var profiles, profileName, profile, ssoSessionName, ssoSessions, ssoSession, _a, _b, ssoSessionRequiredKey, ssoStartUrl, ssoRegion, ssoToken, e_1, accessToken, expiresAt, existingToken, newSsoOidcToken, newTokenExpiration, error_1, error_2; | ||
| var e_2, _c; | ||
| return __generator(this, function (_d) { | ||
| switch (_d.label) { | ||
| case 0: return [4, parseKnownFiles(init)]; | ||
| case 1: | ||
| profiles = _d.sent(); | ||
| profileName = getProfileName(init); | ||
| profile = profiles[profileName]; | ||
| if (!profile) { | ||
| throw new TokenProviderError("Profile '".concat(profileName, "' could not be found in shared credentials file."), false); | ||
| } | ||
| else if (!profile["sso_session"]) { | ||
| throw new TokenProviderError("Profile '".concat(profileName, "' is missing required property 'sso_session'.")); | ||
| } | ||
| ssoSessionName = profile["sso_session"]; | ||
| return [4, loadSsoSessionData(init)]; | ||
| case 2: | ||
| ssoSessions = _d.sent(); | ||
| ssoSession = ssoSessions[ssoSessionName]; | ||
| if (!ssoSession) { | ||
| throw new TokenProviderError("Sso session '".concat(ssoSessionName, "' could not be found in shared credentials file."), false); | ||
| } | ||
| try { | ||
| for (_a = __values(["sso_start_url", "sso_region"]), _b = _a.next(); !_b.done; _b = _a.next()) { | ||
| ssoSessionRequiredKey = _b.value; | ||
| if (!ssoSession[ssoSessionRequiredKey]) { | ||
| throw new TokenProviderError("Sso session '".concat(ssoSessionName, "' is missing required property '").concat(ssoSessionRequiredKey, "'."), false); | ||
| } | ||
| } | ||
| } | ||
| catch (e_2_1) { e_2 = { error: e_2_1 }; } | ||
| finally { | ||
| try { | ||
| if (_b && !_b.done && (_c = _a.return)) _c.call(_a); | ||
| } | ||
| finally { if (e_2) throw e_2.error; } | ||
| } | ||
| ssoStartUrl = ssoSession["sso_start_url"]; | ||
| ssoRegion = ssoSession["sso_region"]; | ||
| _d.label = 3; | ||
| case 3: | ||
| _d.trys.push([3, 5, , 6]); | ||
| return [4, getSSOTokenFromFile(ssoSessionName)]; | ||
| case 4: | ||
| ssoToken = _d.sent(); | ||
| return [3, 6]; | ||
| case 5: | ||
| e_1 = _d.sent(); | ||
| throw new TokenProviderError("The SSO session associated with this profile is invalid. ".concat(REFRESH_MESSAGE), false); | ||
| case 6: | ||
| validateTokenKey("accessToken", ssoToken.accessToken); | ||
| validateTokenKey("expiresAt", ssoToken.expiresAt); | ||
| accessToken = ssoToken.accessToken, expiresAt = ssoToken.expiresAt; | ||
| existingToken = { token: accessToken, expiration: new Date(expiresAt) }; | ||
| if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { | ||
| return [2, existingToken]; | ||
| } | ||
| if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) { | ||
| validateTokenExpiry(existingToken); | ||
| return [2, existingToken]; | ||
| } | ||
| validateTokenKey("clientId", ssoToken.clientId); | ||
| validateTokenKey("clientSecret", ssoToken.clientSecret); | ||
| validateTokenKey("refreshToken", ssoToken.refreshToken); | ||
| _d.label = 7; | ||
| case 7: | ||
| _d.trys.push([7, 13, , 14]); | ||
| lastRefreshAttemptTime.setTime(Date.now()); | ||
| return [4, getNewSsoOidcToken(ssoToken, ssoRegion)]; | ||
| case 8: | ||
| newSsoOidcToken = _d.sent(); | ||
| validateTokenKey("accessToken", newSsoOidcToken.accessToken); | ||
| validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); | ||
| newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000); | ||
| _d.label = 9; | ||
| case 9: | ||
| _d.trys.push([9, 11, , 12]); | ||
| return [4, writeSSOTokenToFile(ssoSessionName, __assign(__assign({}, ssoToken), { accessToken: newSsoOidcToken.accessToken, expiresAt: newTokenExpiration.toISOString(), refreshToken: newSsoOidcToken.refreshToken }))]; | ||
| case 10: | ||
| _d.sent(); | ||
| return [3, 12]; | ||
| case 11: | ||
| error_1 = _d.sent(); | ||
| return [3, 12]; | ||
| case 12: return [2, { | ||
| token: newSsoOidcToken.accessToken, | ||
| expiration: newTokenExpiration, | ||
| }]; | ||
| case 13: | ||
| error_2 = _d.sent(); | ||
| validateTokenExpiry(existingToken); | ||
| return [2, existingToken]; | ||
| case 14: return [2]; | ||
| } | ||
| }); | ||
| }); }; | ||
| }; |
@@ -0,7 +1,13 @@ | ||
| import { __awaiter, __generator } from "tslib"; | ||
| import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
| export const fromStatic = ({ token }) => async () => { | ||
| if (!token || !token.token) { | ||
| throw new TokenProviderError(`Please pass a valid token to fromStatic`, false); | ||
| } | ||
| return token; | ||
| export var fromStatic = function (_a) { | ||
| var token = _a.token; | ||
| return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
| return __generator(this, function (_a) { | ||
| if (!token || !token.token) { | ||
| throw new TokenProviderError("Please pass a valid token to fromStatic", false); | ||
| } | ||
| return [2, token]; | ||
| }); | ||
| }); }; | ||
| }; |
| import { CreateTokenCommand } from "@aws-sdk/client-sso-oidc"; | ||
| import { getSsoOidcClient } from "./getSsoOidcClient"; | ||
| export const getNewSsoOidcToken = (ssoToken, ssoRegion) => { | ||
| const ssoOidcClient = getSsoOidcClient(ssoRegion); | ||
| export var getNewSsoOidcToken = function (ssoToken, ssoRegion) { | ||
| var ssoOidcClient = getSsoOidcClient(ssoRegion); | ||
| return ssoOidcClient.send(new CreateTokenCommand({ | ||
@@ -6,0 +6,0 @@ clientId: ssoToken.clientId, |
| import { SSOOIDCClient } from "@aws-sdk/client-sso-oidc"; | ||
| const ssoOidcClientsHash = {}; | ||
| export const getSsoOidcClient = (ssoRegion) => { | ||
| var ssoOidcClientsHash = {}; | ||
| export var getSsoOidcClient = function (ssoRegion) { | ||
| if (ssoOidcClientsHash[ssoRegion]) { | ||
| return ssoOidcClientsHash[ssoRegion]; | ||
| } | ||
| const ssoOidcClient = new SSOOIDCClient({ region: ssoRegion }); | ||
| var ssoOidcClient = new SSOOIDCClient({ region: ssoRegion }); | ||
| ssoOidcClientsHash[ssoRegion] = ssoOidcClient; | ||
| return ssoOidcClient; | ||
| }; |
@@ -0,5 +1,11 @@ | ||
| import { __awaiter, __generator } from "tslib"; | ||
| import { chain, memoize, TokenProviderError } from "@aws-sdk/property-provider"; | ||
| import { fromSso } from "./fromSso"; | ||
| export const nodeProvider = (init = {}) => memoize(chain(fromSso(init), async () => { | ||
| throw new TokenProviderError("Could not load token from any providers", false); | ||
| }), (token) => token.expiration !== undefined && token.expiration.getTime() - Date.now() < 300000, (token) => token.expiration !== undefined); | ||
| export var nodeProvider = function (init) { | ||
| if (init === void 0) { init = {}; } | ||
| return memoize(chain(fromSso(init), function () { return __awaiter(void 0, void 0, void 0, function () { | ||
| return __generator(this, function (_a) { | ||
| throw new TokenProviderError("Could not load token from any providers", false); | ||
| }); | ||
| }); }), function (token) { return token.expiration !== undefined && token.expiration.getTime() - Date.now() < 300000; }, function (token) { return token.expiration !== undefined; }); | ||
| }; |
| import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
| import { REFRESH_MESSAGE } from "./constants"; | ||
| export const validateTokenExpiry = (token) => { | ||
| export var validateTokenExpiry = function (token) { | ||
| if (token.expiration && token.expiration.getTime() < Date.now()) { | ||
| throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); | ||
| throw new TokenProviderError("Token is expired. ".concat(REFRESH_MESSAGE), false); | ||
| } | ||
| }; |
| import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
| import { REFRESH_MESSAGE } from "./constants"; | ||
| export const validateTokenKey = (key, value) => { | ||
| export var validateTokenKey = function (key, value) { | ||
| if (typeof value === "undefined") { | ||
| throw new TokenProviderError(`Value not present for '${key}' in SSO Token'. ${REFRESH_MESSAGE}`, false); | ||
| throw new TokenProviderError("Value not present for '".concat(key, "' in SSO Token'. ").concat(REFRESH_MESSAGE), false); | ||
| } | ||
| }; |
| import { getSSOTokenFilepath } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { promises as fsPromises } from "fs"; | ||
| const { writeFile } = fsPromises; | ||
| export const writeSSOTokenToFile = (ssoStartUrl, ssoToken) => { | ||
| const tokenFilepath = getSSOTokenFilepath(ssoStartUrl); | ||
| const tokenString = JSON.stringify(ssoToken, null, 2); | ||
| var writeFile = fsPromises.writeFile; | ||
| export var writeSSOTokenToFile = function (ssoStartUrl, ssoToken) { | ||
| var tokenFilepath = getSSOTokenFilepath(ssoStartUrl); | ||
| var tokenString = JSON.stringify(ssoToken, null, 2); | ||
| return writeFile(tokenFilepath, tokenString); | ||
| }; |
| { | ||
| "name": "@aws-sdk/token-providers", | ||
| "version": "3.185.0", | ||
| "version": "3.186.0", | ||
| "description": "A collection of token providers", | ||
@@ -28,6 +28,6 @@ "main": "./dist-cjs/index.js", | ||
| "dependencies": { | ||
| "@aws-sdk/client-sso-oidc": "3.185.0", | ||
| "@aws-sdk/property-provider": "3.183.0", | ||
| "@aws-sdk/shared-ini-file-loader": "3.183.0", | ||
| "@aws-sdk/types": "3.183.0", | ||
| "@aws-sdk/client-sso-oidc": "3.186.0", | ||
| "@aws-sdk/property-provider": "3.186.0", | ||
| "@aws-sdk/shared-ini-file-loader": "3.186.0", | ||
| "@aws-sdk/types": "3.186.0", | ||
| "tslib": "^2.3.1" | ||
@@ -34,0 +34,0 @@ }, |
Improved metrics
- Total package byte prevSize
- increased by8.89%
40422
- Lines of code
- increased by10.55%
461
Dependency changes
+ Added@aws-sdk/abort-controller@3.186.0(transitive)
+ Added@aws-sdk/client-sso-oidc@3.186.0(transitive)
+ Added@aws-sdk/config-resolver@3.186.0(transitive)
+ Added@aws-sdk/credential-provider-imds@3.186.0(transitive)
+ Added@aws-sdk/fetch-http-handler@3.186.0(transitive)
+ Added@aws-sdk/hash-node@3.186.0(transitive)
+ Added@aws-sdk/invalid-dependency@3.186.0(transitive)
+ Added@aws-sdk/is-array-buffer@3.186.0(transitive)
+ Added@aws-sdk/middleware-content-length@3.186.0(transitive)
+ Added@aws-sdk/middleware-host-header@3.186.0(transitive)
+ Added@aws-sdk/middleware-logger@3.186.0(transitive)
+ Added@aws-sdk/middleware-recursion-detection@3.186.0(transitive)
+ Added@aws-sdk/middleware-retry@3.186.0(transitive)
+ Added@aws-sdk/middleware-serde@3.186.0(transitive)
+ Added@aws-sdk/middleware-stack@3.186.0(transitive)
+ Added@aws-sdk/middleware-user-agent@3.186.0(transitive)
+ Added@aws-sdk/node-config-provider@3.186.0(transitive)
+ Added@aws-sdk/node-http-handler@3.186.0(transitive)
+ Added@aws-sdk/property-provider@3.186.0(transitive)
+ Added@aws-sdk/protocol-http@3.186.0(transitive)
+ Added@aws-sdk/querystring-builder@3.186.0(transitive)
+ Added@aws-sdk/querystring-parser@3.186.0(transitive)
+ Added@aws-sdk/service-error-classification@3.186.0(transitive)
+ Added@aws-sdk/shared-ini-file-loader@3.186.0(transitive)
+ Added@aws-sdk/signature-v4@3.186.0(transitive)
+ Added@aws-sdk/smithy-client@3.186.0(transitive)
+ Added@aws-sdk/types@3.186.0(transitive)
+ Added@aws-sdk/url-parser@3.186.0(transitive)
+ Added@aws-sdk/util-base64-browser@3.186.0(transitive)
+ Added@aws-sdk/util-base64-node@3.186.0(transitive)
+ Added@aws-sdk/util-body-length-browser@3.186.0(transitive)
+ Added@aws-sdk/util-body-length-node@3.186.0(transitive)
+ Added@aws-sdk/util-buffer-from@3.186.0(transitive)
+ Added@aws-sdk/util-config-provider@3.186.0(transitive)
+ Added@aws-sdk/util-defaults-mode-browser@3.186.0(transitive)
+ Added@aws-sdk/util-defaults-mode-node@3.186.0(transitive)
+ Added@aws-sdk/util-hex-encoding@3.186.0(transitive)
+ Added@aws-sdk/util-middleware@3.186.0(transitive)
+ Added@aws-sdk/util-uri-escape@3.186.0(transitive)
+ Added@aws-sdk/util-user-agent-browser@3.186.0(transitive)
+ Added@aws-sdk/util-user-agent-node@3.186.0(transitive)
+ Added@aws-sdk/util-utf8-browser@3.186.0(transitive)
+ Added@aws-sdk/util-utf8-node@3.186.0(transitive)
- Removed@aws-sdk/abort-controller@3.183.0(transitive)
- Removed@aws-sdk/client-sso-oidc@3.185.0(transitive)
- Removed@aws-sdk/config-resolver@3.183.0(transitive)
- Removed@aws-sdk/credential-provider-imds@3.183.0(transitive)
- Removed@aws-sdk/fetch-http-handler@3.183.0(transitive)
- Removed@aws-sdk/hash-node@3.183.0(transitive)
- Removed@aws-sdk/invalid-dependency@3.183.0(transitive)
- Removed@aws-sdk/is-array-buffer@3.183.0(transitive)
- Removed@aws-sdk/middleware-content-length@3.183.0(transitive)
- Removed@aws-sdk/middleware-host-header@3.183.0(transitive)
- Removed@aws-sdk/middleware-logger@3.183.0(transitive)
- Removed@aws-sdk/middleware-recursion-detection@3.183.0(transitive)
- Removed@aws-sdk/middleware-retry@3.185.0(transitive)
- Removed@aws-sdk/middleware-serde@3.183.0(transitive)
- Removed@aws-sdk/middleware-stack@3.183.0(transitive)
- Removed@aws-sdk/middleware-user-agent@3.183.0(transitive)
- Removed@aws-sdk/node-config-provider@3.183.0(transitive)
- Removed@aws-sdk/node-http-handler@3.185.0(transitive)
- Removed@aws-sdk/property-provider@3.183.0(transitive)
- Removed@aws-sdk/protocol-http@3.183.0(transitive)
- Removed@aws-sdk/querystring-builder@3.183.0(transitive)
- Removed@aws-sdk/querystring-parser@3.183.0(transitive)
- Removed@aws-sdk/service-error-classification@3.185.0(transitive)
- Removed@aws-sdk/shared-ini-file-loader@3.183.0(transitive)
- Removed@aws-sdk/signature-v4@3.183.0(transitive)
- Removed@aws-sdk/smithy-client@3.183.0(transitive)
- Removed@aws-sdk/types@3.183.0(transitive)
- Removed@aws-sdk/url-parser@3.183.0(transitive)
- Removed@aws-sdk/util-base64-browser@3.183.0(transitive)
- Removed@aws-sdk/util-base64-node@3.183.0(transitive)
- Removed@aws-sdk/util-body-length-browser@3.183.0(transitive)
- Removed@aws-sdk/util-body-length-node@3.183.0(transitive)
- Removed@aws-sdk/util-buffer-from@3.183.0(transitive)
- Removed@aws-sdk/util-config-provider@3.183.0(transitive)
- Removed@aws-sdk/util-defaults-mode-browser@3.183.0(transitive)
- Removed@aws-sdk/util-defaults-mode-node@3.183.0(transitive)
- Removed@aws-sdk/util-hex-encoding@3.183.0(transitive)
- Removed@aws-sdk/util-middleware@3.183.0(transitive)
- Removed@aws-sdk/util-uri-escape@3.183.0(transitive)
- Removed@aws-sdk/util-user-agent-browser@3.183.0(transitive)
- Removed@aws-sdk/util-user-agent-node@3.183.0(transitive)
- Removed@aws-sdk/util-utf8-browser@3.183.0(transitive)
- Removed@aws-sdk/util-utf8-node@3.183.0(transitive)
Updated@aws-sdk/types@3.186.0