@aws-sdk/token-providers
Advanced tools
Comparing version 3.185.0 to 3.186.0
@@ -6,2 +6,10 @@ # Change Log | ||
# [3.186.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.185.0...v3.186.0) (2022-10-06) | ||
**Note:** Version bump only for package @aws-sdk/token-providers | ||
# [3.185.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.184.0...v3.185.0) (2022-10-05) | ||
@@ -8,0 +16,0 @@ |
@@ -1,2 +0,2 @@ | ||
export const EXPIRE_WINDOW_MS = 5 * 60 * 1000; | ||
export const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; | ||
export var EXPIRE_WINDOW_MS = 5 * 60 * 1000; | ||
export var REFRESH_MESSAGE = "To refresh this SSO session run 'aws sso login' with the corresponding profile."; |
@@ -0,1 +1,2 @@ | ||
import { __assign, __awaiter, __generator, __values } from "tslib"; | ||
import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
@@ -8,72 +9,103 @@ import { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from "@aws-sdk/shared-ini-file-loader"; | ||
import { writeSSOTokenToFile } from "./writeSSOTokenToFile"; | ||
const lastRefreshAttemptTime = new Date(0); | ||
export const fromSso = (init = {}) => async () => { | ||
const profiles = await parseKnownFiles(init); | ||
const profileName = getProfileName(init); | ||
const profile = profiles[profileName]; | ||
if (!profile) { | ||
throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); | ||
} | ||
else if (!profile["sso_session"]) { | ||
throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); | ||
} | ||
const ssoSessionName = profile["sso_session"]; | ||
const ssoSessions = await loadSsoSessionData(init); | ||
const ssoSession = ssoSessions[ssoSessionName]; | ||
if (!ssoSession) { | ||
throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false); | ||
} | ||
for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { | ||
if (!ssoSession[ssoSessionRequiredKey]) { | ||
throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false); | ||
} | ||
} | ||
const ssoStartUrl = ssoSession["sso_start_url"]; | ||
const ssoRegion = ssoSession["sso_region"]; | ||
let ssoToken; | ||
try { | ||
ssoToken = await getSSOTokenFromFile(ssoSessionName); | ||
} | ||
catch (e) { | ||
throw new TokenProviderError(`The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}`, false); | ||
} | ||
validateTokenKey("accessToken", ssoToken.accessToken); | ||
validateTokenKey("expiresAt", ssoToken.expiresAt); | ||
const { accessToken, expiresAt } = ssoToken; | ||
const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; | ||
if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { | ||
return existingToken; | ||
} | ||
if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) { | ||
validateTokenExpiry(existingToken); | ||
return existingToken; | ||
} | ||
validateTokenKey("clientId", ssoToken.clientId); | ||
validateTokenKey("clientSecret", ssoToken.clientSecret); | ||
validateTokenKey("refreshToken", ssoToken.refreshToken); | ||
try { | ||
lastRefreshAttemptTime.setTime(Date.now()); | ||
const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion); | ||
validateTokenKey("accessToken", newSsoOidcToken.accessToken); | ||
validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); | ||
const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000); | ||
try { | ||
await writeSSOTokenToFile(ssoSessionName, { | ||
...ssoToken, | ||
accessToken: newSsoOidcToken.accessToken, | ||
expiresAt: newTokenExpiration.toISOString(), | ||
refreshToken: newSsoOidcToken.refreshToken, | ||
}); | ||
} | ||
catch (error) { | ||
} | ||
return { | ||
token: newSsoOidcToken.accessToken, | ||
expiration: newTokenExpiration, | ||
}; | ||
} | ||
catch (error) { | ||
validateTokenExpiry(existingToken); | ||
return existingToken; | ||
} | ||
var lastRefreshAttemptTime = new Date(0); | ||
export var fromSso = function (init) { | ||
if (init === void 0) { init = {}; } | ||
return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var profiles, profileName, profile, ssoSessionName, ssoSessions, ssoSession, _a, _b, ssoSessionRequiredKey, ssoStartUrl, ssoRegion, ssoToken, e_1, accessToken, expiresAt, existingToken, newSsoOidcToken, newTokenExpiration, error_1, error_2; | ||
var e_2, _c; | ||
return __generator(this, function (_d) { | ||
switch (_d.label) { | ||
case 0: return [4, parseKnownFiles(init)]; | ||
case 1: | ||
profiles = _d.sent(); | ||
profileName = getProfileName(init); | ||
profile = profiles[profileName]; | ||
if (!profile) { | ||
throw new TokenProviderError("Profile '".concat(profileName, "' could not be found in shared credentials file."), false); | ||
} | ||
else if (!profile["sso_session"]) { | ||
throw new TokenProviderError("Profile '".concat(profileName, "' is missing required property 'sso_session'.")); | ||
} | ||
ssoSessionName = profile["sso_session"]; | ||
return [4, loadSsoSessionData(init)]; | ||
case 2: | ||
ssoSessions = _d.sent(); | ||
ssoSession = ssoSessions[ssoSessionName]; | ||
if (!ssoSession) { | ||
throw new TokenProviderError("Sso session '".concat(ssoSessionName, "' could not be found in shared credentials file."), false); | ||
} | ||
try { | ||
for (_a = __values(["sso_start_url", "sso_region"]), _b = _a.next(); !_b.done; _b = _a.next()) { | ||
ssoSessionRequiredKey = _b.value; | ||
if (!ssoSession[ssoSessionRequiredKey]) { | ||
throw new TokenProviderError("Sso session '".concat(ssoSessionName, "' is missing required property '").concat(ssoSessionRequiredKey, "'."), false); | ||
} | ||
} | ||
} | ||
catch (e_2_1) { e_2 = { error: e_2_1 }; } | ||
finally { | ||
try { | ||
if (_b && !_b.done && (_c = _a.return)) _c.call(_a); | ||
} | ||
finally { if (e_2) throw e_2.error; } | ||
} | ||
ssoStartUrl = ssoSession["sso_start_url"]; | ||
ssoRegion = ssoSession["sso_region"]; | ||
_d.label = 3; | ||
case 3: | ||
_d.trys.push([3, 5, , 6]); | ||
return [4, getSSOTokenFromFile(ssoSessionName)]; | ||
case 4: | ||
ssoToken = _d.sent(); | ||
return [3, 6]; | ||
case 5: | ||
e_1 = _d.sent(); | ||
throw new TokenProviderError("The SSO session associated with this profile is invalid. ".concat(REFRESH_MESSAGE), false); | ||
case 6: | ||
validateTokenKey("accessToken", ssoToken.accessToken); | ||
validateTokenKey("expiresAt", ssoToken.expiresAt); | ||
accessToken = ssoToken.accessToken, expiresAt = ssoToken.expiresAt; | ||
existingToken = { token: accessToken, expiration: new Date(expiresAt) }; | ||
if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { | ||
return [2, existingToken]; | ||
} | ||
if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) { | ||
validateTokenExpiry(existingToken); | ||
return [2, existingToken]; | ||
} | ||
validateTokenKey("clientId", ssoToken.clientId); | ||
validateTokenKey("clientSecret", ssoToken.clientSecret); | ||
validateTokenKey("refreshToken", ssoToken.refreshToken); | ||
_d.label = 7; | ||
case 7: | ||
_d.trys.push([7, 13, , 14]); | ||
lastRefreshAttemptTime.setTime(Date.now()); | ||
return [4, getNewSsoOidcToken(ssoToken, ssoRegion)]; | ||
case 8: | ||
newSsoOidcToken = _d.sent(); | ||
validateTokenKey("accessToken", newSsoOidcToken.accessToken); | ||
validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); | ||
newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000); | ||
_d.label = 9; | ||
case 9: | ||
_d.trys.push([9, 11, , 12]); | ||
return [4, writeSSOTokenToFile(ssoSessionName, __assign(__assign({}, ssoToken), { accessToken: newSsoOidcToken.accessToken, expiresAt: newTokenExpiration.toISOString(), refreshToken: newSsoOidcToken.refreshToken }))]; | ||
case 10: | ||
_d.sent(); | ||
return [3, 12]; | ||
case 11: | ||
error_1 = _d.sent(); | ||
return [3, 12]; | ||
case 12: return [2, { | ||
token: newSsoOidcToken.accessToken, | ||
expiration: newTokenExpiration, | ||
}]; | ||
case 13: | ||
error_2 = _d.sent(); | ||
validateTokenExpiry(existingToken); | ||
return [2, existingToken]; | ||
case 14: return [2]; | ||
} | ||
}); | ||
}); }; | ||
}; |
@@ -0,7 +1,13 @@ | ||
import { __awaiter, __generator } from "tslib"; | ||
import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
export const fromStatic = ({ token }) => async () => { | ||
if (!token || !token.token) { | ||
throw new TokenProviderError(`Please pass a valid token to fromStatic`, false); | ||
} | ||
return token; | ||
export var fromStatic = function (_a) { | ||
var token = _a.token; | ||
return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
return __generator(this, function (_a) { | ||
if (!token || !token.token) { | ||
throw new TokenProviderError("Please pass a valid token to fromStatic", false); | ||
} | ||
return [2, token]; | ||
}); | ||
}); }; | ||
}; |
import { CreateTokenCommand } from "@aws-sdk/client-sso-oidc"; | ||
import { getSsoOidcClient } from "./getSsoOidcClient"; | ||
export const getNewSsoOidcToken = (ssoToken, ssoRegion) => { | ||
const ssoOidcClient = getSsoOidcClient(ssoRegion); | ||
export var getNewSsoOidcToken = function (ssoToken, ssoRegion) { | ||
var ssoOidcClient = getSsoOidcClient(ssoRegion); | ||
return ssoOidcClient.send(new CreateTokenCommand({ | ||
@@ -6,0 +6,0 @@ clientId: ssoToken.clientId, |
import { SSOOIDCClient } from "@aws-sdk/client-sso-oidc"; | ||
const ssoOidcClientsHash = {}; | ||
export const getSsoOidcClient = (ssoRegion) => { | ||
var ssoOidcClientsHash = {}; | ||
export var getSsoOidcClient = function (ssoRegion) { | ||
if (ssoOidcClientsHash[ssoRegion]) { | ||
return ssoOidcClientsHash[ssoRegion]; | ||
} | ||
const ssoOidcClient = new SSOOIDCClient({ region: ssoRegion }); | ||
var ssoOidcClient = new SSOOIDCClient({ region: ssoRegion }); | ||
ssoOidcClientsHash[ssoRegion] = ssoOidcClient; | ||
return ssoOidcClient; | ||
}; |
@@ -0,5 +1,11 @@ | ||
import { __awaiter, __generator } from "tslib"; | ||
import { chain, memoize, TokenProviderError } from "@aws-sdk/property-provider"; | ||
import { fromSso } from "./fromSso"; | ||
export const nodeProvider = (init = {}) => memoize(chain(fromSso(init), async () => { | ||
throw new TokenProviderError("Could not load token from any providers", false); | ||
}), (token) => token.expiration !== undefined && token.expiration.getTime() - Date.now() < 300000, (token) => token.expiration !== undefined); | ||
export var nodeProvider = function (init) { | ||
if (init === void 0) { init = {}; } | ||
return memoize(chain(fromSso(init), function () { return __awaiter(void 0, void 0, void 0, function () { | ||
return __generator(this, function (_a) { | ||
throw new TokenProviderError("Could not load token from any providers", false); | ||
}); | ||
}); }), function (token) { return token.expiration !== undefined && token.expiration.getTime() - Date.now() < 300000; }, function (token) { return token.expiration !== undefined; }); | ||
}; |
import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
import { REFRESH_MESSAGE } from "./constants"; | ||
export const validateTokenExpiry = (token) => { | ||
export var validateTokenExpiry = function (token) { | ||
if (token.expiration && token.expiration.getTime() < Date.now()) { | ||
throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); | ||
throw new TokenProviderError("Token is expired. ".concat(REFRESH_MESSAGE), false); | ||
} | ||
}; |
import { TokenProviderError } from "@aws-sdk/property-provider"; | ||
import { REFRESH_MESSAGE } from "./constants"; | ||
export const validateTokenKey = (key, value) => { | ||
export var validateTokenKey = function (key, value) { | ||
if (typeof value === "undefined") { | ||
throw new TokenProviderError(`Value not present for '${key}' in SSO Token'. ${REFRESH_MESSAGE}`, false); | ||
throw new TokenProviderError("Value not present for '".concat(key, "' in SSO Token'. ").concat(REFRESH_MESSAGE), false); | ||
} | ||
}; |
import { getSSOTokenFilepath } from "@aws-sdk/shared-ini-file-loader"; | ||
import { promises as fsPromises } from "fs"; | ||
const { writeFile } = fsPromises; | ||
export const writeSSOTokenToFile = (ssoStartUrl, ssoToken) => { | ||
const tokenFilepath = getSSOTokenFilepath(ssoStartUrl); | ||
const tokenString = JSON.stringify(ssoToken, null, 2); | ||
var writeFile = fsPromises.writeFile; | ||
export var writeSSOTokenToFile = function (ssoStartUrl, ssoToken) { | ||
var tokenFilepath = getSSOTokenFilepath(ssoStartUrl); | ||
var tokenString = JSON.stringify(ssoToken, null, 2); | ||
return writeFile(tokenFilepath, tokenString); | ||
}; |
{ | ||
"name": "@aws-sdk/token-providers", | ||
"version": "3.185.0", | ||
"version": "3.186.0", | ||
"description": "A collection of token providers", | ||
@@ -28,6 +28,6 @@ "main": "./dist-cjs/index.js", | ||
"dependencies": { | ||
"@aws-sdk/client-sso-oidc": "3.185.0", | ||
"@aws-sdk/property-provider": "3.183.0", | ||
"@aws-sdk/shared-ini-file-loader": "3.183.0", | ||
"@aws-sdk/types": "3.183.0", | ||
"@aws-sdk/client-sso-oidc": "3.186.0", | ||
"@aws-sdk/property-provider": "3.186.0", | ||
"@aws-sdk/shared-ini-file-loader": "3.186.0", | ||
"@aws-sdk/types": "3.186.0", | ||
"tslib": "^2.3.1" | ||
@@ -34,0 +34,0 @@ }, |
40422
461
+ Added@aws-sdk/abort-controller@3.186.0(transitive)
+ Added@aws-sdk/client-sso-oidc@3.186.0(transitive)
+ Added@aws-sdk/config-resolver@3.186.0(transitive)
+ Added@aws-sdk/credential-provider-imds@3.186.0(transitive)
+ Added@aws-sdk/fetch-http-handler@3.186.0(transitive)
+ Added@aws-sdk/hash-node@3.186.0(transitive)
+ Added@aws-sdk/invalid-dependency@3.186.0(transitive)
+ Added@aws-sdk/is-array-buffer@3.186.0(transitive)
+ Added@aws-sdk/middleware-content-length@3.186.0(transitive)
+ Added@aws-sdk/middleware-host-header@3.186.0(transitive)
+ Added@aws-sdk/middleware-logger@3.186.0(transitive)
+ Added@aws-sdk/middleware-recursion-detection@3.186.0(transitive)
+ Added@aws-sdk/middleware-retry@3.186.0(transitive)
+ Added@aws-sdk/middleware-serde@3.186.0(transitive)
+ Added@aws-sdk/middleware-stack@3.186.0(transitive)
+ Added@aws-sdk/middleware-user-agent@3.186.0(transitive)
+ Added@aws-sdk/node-config-provider@3.186.0(transitive)
+ Added@aws-sdk/node-http-handler@3.186.0(transitive)
+ Added@aws-sdk/property-provider@3.186.0(transitive)
+ Added@aws-sdk/protocol-http@3.186.0(transitive)
+ Added@aws-sdk/querystring-builder@3.186.0(transitive)
+ Added@aws-sdk/querystring-parser@3.186.0(transitive)
+ Added@aws-sdk/service-error-classification@3.186.0(transitive)
+ Added@aws-sdk/shared-ini-file-loader@3.186.0(transitive)
+ Added@aws-sdk/signature-v4@3.186.0(transitive)
+ Added@aws-sdk/smithy-client@3.186.0(transitive)
+ Added@aws-sdk/types@3.186.0(transitive)
+ Added@aws-sdk/url-parser@3.186.0(transitive)
+ Added@aws-sdk/util-base64-browser@3.186.0(transitive)
+ Added@aws-sdk/util-base64-node@3.186.0(transitive)
+ Added@aws-sdk/util-body-length-browser@3.186.0(transitive)
+ Added@aws-sdk/util-body-length-node@3.186.0(transitive)
+ Added@aws-sdk/util-buffer-from@3.186.0(transitive)
+ Added@aws-sdk/util-config-provider@3.186.0(transitive)
+ Added@aws-sdk/util-defaults-mode-browser@3.186.0(transitive)
+ Added@aws-sdk/util-defaults-mode-node@3.186.0(transitive)
+ Added@aws-sdk/util-hex-encoding@3.186.0(transitive)
+ Added@aws-sdk/util-middleware@3.186.0(transitive)
+ Added@aws-sdk/util-uri-escape@3.186.0(transitive)
+ Added@aws-sdk/util-user-agent-browser@3.186.0(transitive)
+ Added@aws-sdk/util-user-agent-node@3.186.0(transitive)
+ Added@aws-sdk/util-utf8-browser@3.186.0(transitive)
+ Added@aws-sdk/util-utf8-node@3.186.0(transitive)
- Removed@aws-sdk/abort-controller@3.183.0(transitive)
- Removed@aws-sdk/client-sso-oidc@3.185.0(transitive)
- Removed@aws-sdk/config-resolver@3.183.0(transitive)
- Removed@aws-sdk/credential-provider-imds@3.183.0(transitive)
- Removed@aws-sdk/fetch-http-handler@3.183.0(transitive)
- Removed@aws-sdk/hash-node@3.183.0(transitive)
- Removed@aws-sdk/invalid-dependency@3.183.0(transitive)
- Removed@aws-sdk/is-array-buffer@3.183.0(transitive)
- Removed@aws-sdk/middleware-content-length@3.183.0(transitive)
- Removed@aws-sdk/middleware-host-header@3.183.0(transitive)
- Removed@aws-sdk/middleware-logger@3.183.0(transitive)
- Removed@aws-sdk/middleware-recursion-detection@3.183.0(transitive)
- Removed@aws-sdk/middleware-retry@3.185.0(transitive)
- Removed@aws-sdk/middleware-serde@3.183.0(transitive)
- Removed@aws-sdk/middleware-stack@3.183.0(transitive)
- Removed@aws-sdk/middleware-user-agent@3.183.0(transitive)
- Removed@aws-sdk/node-config-provider@3.183.0(transitive)
- Removed@aws-sdk/node-http-handler@3.185.0(transitive)
- Removed@aws-sdk/property-provider@3.183.0(transitive)
- Removed@aws-sdk/protocol-http@3.183.0(transitive)
- Removed@aws-sdk/querystring-builder@3.183.0(transitive)
- Removed@aws-sdk/querystring-parser@3.183.0(transitive)
- Removed@aws-sdk/service-error-classification@3.185.0(transitive)
- Removed@aws-sdk/shared-ini-file-loader@3.183.0(transitive)
- Removed@aws-sdk/signature-v4@3.183.0(transitive)
- Removed@aws-sdk/smithy-client@3.183.0(transitive)
- Removed@aws-sdk/types@3.183.0(transitive)
- Removed@aws-sdk/url-parser@3.183.0(transitive)
- Removed@aws-sdk/util-base64-browser@3.183.0(transitive)
- Removed@aws-sdk/util-base64-node@3.183.0(transitive)
- Removed@aws-sdk/util-body-length-browser@3.183.0(transitive)
- Removed@aws-sdk/util-body-length-node@3.183.0(transitive)
- Removed@aws-sdk/util-buffer-from@3.183.0(transitive)
- Removed@aws-sdk/util-config-provider@3.183.0(transitive)
- Removed@aws-sdk/util-defaults-mode-browser@3.183.0(transitive)
- Removed@aws-sdk/util-defaults-mode-node@3.183.0(transitive)
- Removed@aws-sdk/util-hex-encoding@3.183.0(transitive)
- Removed@aws-sdk/util-middleware@3.183.0(transitive)
- Removed@aws-sdk/util-uri-escape@3.183.0(transitive)
- Removed@aws-sdk/util-user-agent-browser@3.183.0(transitive)
- Removed@aws-sdk/util-user-agent-node@3.183.0(transitive)
- Removed@aws-sdk/util-utf8-browser@3.183.0(transitive)
- Removed@aws-sdk/util-utf8-node@3.183.0(transitive)
Updated@aws-sdk/types@3.186.0