@boostercloud/rocket-auth-aws-infrastructure
Advanced tools
Booster rocket to deploy an auth api using AWS Cognito
This package is a configurable Booster rocket to add an authentication API based on Cognito to your Booster applications.
Install this package as a devDependency in your Booster project (It's a devDependency because it's only used during deployment, so we don't want this code to be uploaded to the project lambdas)
npm install --save-dev @boostercloud/rocket-auth-aws-infrastructure
In your Booster config file, pass a RocketDescriptor array to the AWS Provider initializer configuring the aws authentication rocket:
import { Booster } from '@boostercloud/framework-core'
import { BoosterConfig } from '@boostercloud/framework-types'
import * as AWS from '@boostercloud/framework-provider-aws'
Booster.configure('production', (config: BoosterConfig): void => {
config.appName = 'my-store'
config.provider = Provider([
{
packageName: '@boostercloud/rocket-auth-aws-infrastructure',
parameters: {
mode: 'Passwordless'
},
},
])
})
Make sure that you have defined the suitable roles for your application. Please, check the Official Booster Documentation for more information.
{
passwordPolicy?: { // Optional, all values are set to true by default.
minLength?: number, // Minimum length, which must be at least 6 characters but fewer than 99 character
requireDigits: boolean, // Require numbers
requireLowercase: boolean, // Require lowercase letters
requireSymbols: boolean, // Require special characters
requireUppercase: boolean // Require uppercase letters
}
mode: 'Passwordless' | 'UserPassword' // If Passwordless, the user must be a phone number. If UserPassword, the user must be a valid email.
}
The auth rocket will expose the following base url outputs:
<appName>.AuthApiURL = https://<httpURL>/production/auth
<appName>.AuthApiIssuer = https://cognito-idp.<app-region>.amazonaws.com/{userPoolId}
<appName>.AuthApiJwksUri = https://cognito-idp.<app-region>.amazonaws.com/{userPoolId}/.well-known/jwks.json
| Output | Description |
|---|---|
| AuthApiURL | Base Api Url which will exposed all auth endpoints. |
| AuthApiIssuer | The issuer who sign the JWT tokens. |
| AuthApiJwksUri | Uri with all the public keys used to sign the JWT tokens. |
The AuthApiIssuer and AuthApiJwksUri must be used in the tokenVerifier Booster config. More information about JWT Configuration here.
Users can use this endpoint to register in your application and get a role assigned to them.
POST https://<httpURL>/auth/sign-up
{
"username": "string",
"password": "string",
"userAttributes": {
"role": "string"
}
}
| Parameter | Description |
|---|---|
| username | The username of the user you want to register. It must be an email in UserPassword mode or an phone number in Passwordless mode. |
| password | The password the user will use to later login into your application and get access tokens. Only in UserPassword mode |
| userAttributes | Here you can specify the attributes of your user. These are: -role: A unique role this user will have. You can only specify here a role where the signUpOptions property is not empty. |
{
"id": "cb61c0a4-8f85-4774-88a9-448ce6321eea",
"username": "+34999999999",
"userAttributes": {
"role": "User"
}
}
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error.
Example of an account with the given username which already exists:
{
"error": {
"type": "UsernameExistsException",
"message": "An account with the given phone_number already exists."
}
}
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error.
Whenever a User signs up with their phone number in Passwordless mode, an SMS message will be sent with a confirmation code. If you're using a UserPassword mode an email with a confirmation link will be sent.
They will need to provide this code to confirm registation by calling thesign-up/confirm endpoint
POST https://<httpURL>/auth/sign-up/confirm
{
"confirmationCode": "string",
"username": "string"
}
| Parameter | Description |
|---|---|
| confirmationCode | The confirmation code received in the SMS message. |
| username | The username of the user you want to sign in. They must have previously signed up. |
{
"message": "The username: +34999999999 has been confirmed."
}
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error. Common errors would be like submitting an expired confirmation code or a non valid one.
Example of an invalid verification code:
{
"error": {
"type": "CodeMismatchException",
"message": "Invalid verification code provided, please try again."
}
}
If for some reason the confirmation code never reaches your email, or your phone via SMS, you can ask the API to resend a new one.
POST https://<httpURL>/auth/sign-up/resend-code
{
"username": "string"
}
| Parameter | Description |
|---|---|
| username | The username of the user you want to sign in. They must have previously signed up. |
{
"message": "The confirmation code to activate your account has been sent to: +34999999999."
}
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error. Common errors would be like submitting an expired confirmation code or a non valid one.
This endpoint creates a session for an already registered user, returning an access token that can be used to access role-protected resources
POST https://<httpURL>/auth/sign-in
{
"username": "string",
"password": "string"
}
| Parameter | Description |
|---|---|
| username | The username of the user you want to sign in. They must have previously signed up. |
| password | The password used to sign up the user. Only in UserPassword mode |
UserPassword:
{
"accessToken": "string",
"expiresIn": "string",
"refreshToken": "string",
"tokenType": "string"
}
| Parameter | Description |
|---|---|
| accessToken | The token you can use to finish de session. |
| tokenId | The token you can use to access restricted resources. It must be sent in the Authorization header (prefixed with the tokenType). |
| expiresIn | The period of time, in seconds, after which the token will expire. |
| refreshToken | The token you can use to get a new access token after it has expired. |
| tokenType | The type of token used. It is always Bearer. |
Passwordless:
{
"session": "string",
"message": "string"
}
| Parameter | Description |
|---|---|
| session | The type of token used. It is always Bearer. |
| message | Message with the next steps. It is always: Use the session and the code we have sent you via SMS to get your access tokens via POST /token.. |
Query to get the access tokens for Passwordless mode:
POST https://<httpURL>/auth/token
{
"username": "string",
"session": "string",
"confirmationCode": "string"
}
| Parameter | Description |
|---|---|
| username | The phone number of the user you want to sign in. They must have previously signed up. |
| session | The session obtained in the sign in response. |
| confirmationCode | The confirmation code received in the SMS message after sign in. |
{
"accessToken": "string",
"expiresIn": "string",
"refreshToken": "string",
"tokenType": "string"
}
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error.
Example: Login of a user that has not been confirmed
{
"error": {
"type": "UserNotConfirmedException",
"message": "User is not confirmed.."
}
}
Users can call this endpoint to finish the session.
POST https://<httpURL>/auth/token/revoke
{
"accessToken": "string"
}
| Parameter | Description |
|---|---|
| accessToken | The access token you get in the sign-in process. |
{
"message": "string"
}
| Parameter | Description |
|---|---|
| message | Message with sign out confirmation. It is always: Signed out |
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error.
Example: Invalid access token specified
{
"error": {
"type": "NotAuthorizedException",
"message": "Invalid Access Token"
}
}
Users can call this endpoint to refresh the access token.
POST https://<httpURL>/auth/token/refresh
Refresh-token request body
{
"refreshToken": "string"
}
| Parameter | Description |
|---|---|
| refreshToken | The token you can use to get a new access token after it has expired. |
{
"accessToken": "string",
"expiresIn": "string",
"refreshToken": "string",
"tokenType": "string"
}
Refresh token error response body example: Invalid refresh token specified
{
"error": {
"type": "NotAuthorizedException",
"message": "Invalid Refresh Token"
}
}
You will get a HTTP status code different from 2XX and a body with a message telling you the reason of the error.
In case the password is forgotten, users can initiate the password change process through this endpoint.
POST https://<httpURL>/auth/password/forgot
{
"username": "string"
}
| Parameter | Description |
|---|---|
| username | The username of the user whose password you want to change. They must have previously signed up. |
{
"message": "string"
}
| Parameter | Description |
|---|---|
| message | Confirmation message. It is always: "The confirmation code to change your password has been sent to: [USER_EMAIL]." |
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error.
Example: User not found.
{
"error": {
"type": "UserNotFoundException",
"message": "Username/client id combination not found."
}
}
Using the code obtained from the email sent by the forgot password endpoint, users can change their password.
POST https://<httpURL>/auth/password/change
{
"username": "string",
"password": "string",
"confirmationCode": "string"
}
| Parameter | Description |
|---|---|
| username | The username of the user you want to change the password. They must have signed up previously. |
| password | The new password for sign in. |
| confirmationCode | The confirmation code received in the user's email. |
{
"message": "string"
}
| Parameter | Description |
|---|---|
| message | Confirmation Message. It is always: "Your password has been successfully changed." |
You will get an HTTP status code different from 2XX and a body with a message telling you the reason of the error.
Example: Confirmation Code is missing.
{
"error": {
"type": "MissingRequiredParameter",
"message": "Missing required key 'ConfirmationCode' in params"
}
}
FAQs
Booster rocket to deploy an auth api using AWS Cognito
The npm package @boostercloud/rocket-auth-aws-infrastructure receives a total of 22 weekly downloads. As such, @boostercloud/rocket-auth-aws-infrastructure popularity was classified as not popular.
We found that @boostercloud/rocket-auth-aws-infrastructure demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
Security News
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.