Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
33 changed files
with
767 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"name": "@aws-amplify/adapter-nextjs/client", | ||
"main": "../dist/cjs/client/index.js", | ||
"browser": "../dist/esm/client/index.mjs", | ||
"module": "../dist/esm/client/index.mjs", | ||
"typings": "../dist/esm/client/index.d.ts" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
packages/adapter-nextjs/src/auth/createTokenExchangeRouteHandlerFactory.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
import { NextRequest } from 'next/server'; | ||
import { cookies } from 'next/headers'; | ||
import { fetchAuthSession } from 'aws-amplify/auth/server'; | ||
|
||
import { createRunWithAmplifyServerContext } from '../utils'; | ||
|
||
import { | ||
CreateTokenExchangeRouteHandlerFactory, | ||
CreateTokenExchangeRouteHandlerInput, | ||
} from './types'; | ||
|
||
export const createTokenExchangeRouteHandlerFactory: CreateTokenExchangeRouteHandlerFactory = | ||
input => { | ||
const runWithAmplifyServerContext = | ||
createRunWithAmplifyServerContext(input); | ||
const { origin } = input; | ||
|
||
const handleRequest = async ( | ||
_: NextRequest, | ||
__: CreateTokenExchangeRouteHandlerInput, | ||
) => { | ||
const userSession = await runWithAmplifyServerContext({ | ||
nextServerContext: { cookies }, | ||
operation: contextSpec => fetchAuthSession(contextSpec), | ||
}); | ||
|
||
const clockDrift = cookies() | ||
.getAll() | ||
.find(cookie => cookie.name.endsWith('.clockDrift'))?.value; | ||
|
||
return new Response( | ||
JSON.stringify({ | ||
...userSession, | ||
tokens: { | ||
accessToken: userSession.tokens?.accessToken.toString(), | ||
idToken: userSession.tokens?.idToken?.toString(), | ||
}, | ||
username: userSession.tokens?.accessToken.payload.username, | ||
clockDrift, | ||
userSession, | ||
}), | ||
{ | ||
headers: { | ||
'content-type': 'application/json', | ||
'Access-Control-Allow-Origin': origin, | ||
'Access-Control-Allow-Methods': 'POST', | ||
}, | ||
}, | ||
); | ||
}; | ||
|
||
return handlerInput => ({ | ||
async POST(request) { | ||
try { | ||
return await handleRequest(request, handlerInput); | ||
} catch (error) { | ||
const { onError } = handlerInput; | ||
|
||
onError(error as Error); | ||
} | ||
}, | ||
}); | ||
}; |
57 changes: 57 additions & 0 deletions
57
...extjs/src/auth/httpOnlyCookieBasedAuthProviders/createHttpOnlyCookieBasedAuthProviders.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
import { LibraryOptions, sharedInMemoryStorage } from '@aws-amplify/core'; | ||
import { runInBrowserContext } from '@aws-amplify/core/internals/utils'; | ||
import { | ||
cognitoCredentialsProvider, | ||
cognitoUserPoolsTokenProvider, | ||
} from 'aws-amplify/auth/cognito'; | ||
|
||
export const createHttpOnlyCookieBasedAuthProviders = ({ | ||
authTokenExchangeRoute, | ||
}: { | ||
authTokenExchangeRoute: string; | ||
}): LibraryOptions['Auth'] => { | ||
cognitoUserPoolsTokenProvider.setKeyValueStorage(sharedInMemoryStorage); | ||
|
||
runInBrowserContext(() => { | ||
refreshSession({ | ||
authTokenExchangeRoute, | ||
tokenProvider: cognitoUserPoolsTokenProvider, | ||
credentialsProvider: cognitoCredentialsProvider, | ||
}); | ||
}); | ||
|
||
return { | ||
tokenProvider: cognitoUserPoolsTokenProvider, | ||
credentialsProvider: cognitoCredentialsProvider, | ||
}; | ||
}; | ||
|
||
const refreshSession = async ({ | ||
authTokenExchangeRoute, | ||
tokenProvider, | ||
credentialsProvider, | ||
}: { | ||
authTokenExchangeRoute: string; | ||
tokenProvider: typeof cognitoUserPoolsTokenProvider; | ||
credentialsProvider: typeof cognitoCredentialsProvider; | ||
}) => { | ||
const response = await fetch(authTokenExchangeRoute, { method: 'POST' }); | ||
const session = await response.json(); | ||
|
||
tokenProvider.tokenOrchestrator.setTokens({ | ||
tokens: { | ||
accessToken: session.tokens.accessToken, | ||
idToken: session.tokens.idToken, | ||
clockDrift: session.clockDrift, | ||
username: session.username, | ||
}, | ||
}); | ||
|
||
credentialsProvider.setIdentityIdCredentials( | ||
{ | ||
credentials: session.credentials, | ||
identityId: session.identityId, | ||
}, | ||
session.tokens.idToken, | ||
); | ||
}; |
3 changes: 3 additions & 0 deletions
3
packages/adapter-nextjs/src/auth/httpOnlyCookieBasedAuthProviders/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
import 'client-only'; | ||
|
||
export { createHttpOnlyCookieBasedAuthProviders } from './createHttpOnlyCookieBasedAuthProviders'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
import { ResourcesConfig } from 'aws-amplify'; | ||
import { NextRequest } from 'next/server'; | ||
|
||
import { NextServer } from '../types'; | ||
|
||
interface CreateTokenExchangeRouteHandlerFactoryInput { | ||
config: ResourcesConfig; | ||
origin: string; | ||
setAuthCookieOptions?: NextServer.SetCookieOptions; | ||
} | ||
|
||
interface CreateOAuthRouteHandlerOutput { | ||
POST(request: NextRequest): Promise<Response | void>; | ||
} | ||
|
||
export interface CreateTokenExchangeRouteHandlerInput { | ||
onError(error: Error): void; | ||
} | ||
|
||
export type CreateTokenExchangeRouteHandler = ( | ||
input: CreateTokenExchangeRouteHandlerInput, | ||
) => CreateOAuthRouteHandlerOutput; | ||
|
||
export type CreateTokenExchangeRouteHandlerFactory = ( | ||
input: CreateTokenExchangeRouteHandlerFactoryInput, | ||
) => CreateTokenExchangeRouteHandler; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export { createHttpOnlyCookieBasedAuthProviders } from '../auth/httpOnlyCookieBasedAuthProviders'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
30 changes: 30 additions & 0 deletions
30
packages/adapter-nextjs/src/oauth/createGetOAuthInitiationRouteFactory.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
import { | ||
assertOAuthConfig, | ||
assertTokenProviderConfig, | ||
} from '@aws-amplify/core/internals/utils'; | ||
|
||
import { | ||
CreateGetOAuthInitiationRouteFactory, | ||
GetOAuthInitiationRoute, | ||
} from './types'; | ||
import { getRedirectUrl } from './utils/getRedirectUrl'; | ||
|
||
export const createGetOAuthInitiationRouteFactory: CreateGetOAuthInitiationRouteFactory = | ||
({ config: resourcesConfig, origin }) => { | ||
assertTokenProviderConfig(resourcesConfig.Auth?.Cognito); | ||
assertOAuthConfig(resourcesConfig.Auth.Cognito); | ||
|
||
const { Cognito: cognitoUserPoolConfig } = resourcesConfig.Auth; | ||
const redirectUrl = getRedirectUrl( | ||
origin, | ||
cognitoUserPoolConfig.loginWith.oauth, | ||
); | ||
|
||
const getOAuthInitiationRoute: GetOAuthInitiationRoute = input => { | ||
const { provider } = input; | ||
|
||
return `${redirectUrl}?init=true&provider=${provider}`; | ||
}; | ||
|
||
return getOAuthInitiationRoute; | ||
}; |
74 changes: 74 additions & 0 deletions
74
packages/adapter-nextjs/src/oauth/createOAuthRouteHandlerFactory.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
import { | ||
assertOAuthConfig, | ||
assertTokenProviderConfig, | ||
} from '@aws-amplify/core/internals/utils'; | ||
import { NextRequest } from 'next/server'; | ||
import { AuthError } from '@aws-amplify/auth'; | ||
|
||
import { | ||
CreateOAuthRouteHandler, | ||
CreateOAuthRouteHandlerFactory, | ||
CreateOAuthRouteHandlerInput, | ||
} from './types'; | ||
import { initOAuthFlow } from './utils/initOAuthFlow'; | ||
import { completeOAuthFlow } from './utils/completeOAuthFlow'; | ||
|
||
export const createOAuthRouteHandlerFactory: CreateOAuthRouteHandlerFactory = ({ | ||
config: resourcesConfig, | ||
setAuthCookieOptions, | ||
}): CreateOAuthRouteHandler => { | ||
assertTokenProviderConfig(resourcesConfig.Auth?.Cognito); | ||
assertOAuthConfig(resourcesConfig.Auth.Cognito); | ||
|
||
const { Cognito: cognitoUserPoolConfig } = resourcesConfig.Auth; | ||
|
||
const handleRequest = async ( | ||
request: NextRequest, | ||
{ | ||
customState, | ||
redirectOnAuthComplete, | ||
onError, | ||
}: CreateOAuthRouteHandlerInput, | ||
): Promise<Response | void> => { | ||
const { searchParams } = request.nextUrl; | ||
|
||
// when request url has `init` query param - initiate oauth flow | ||
if (searchParams.has('init')) { | ||
return initOAuthFlow({ | ||
setAuthCookieOptions, | ||
request, | ||
customState, | ||
cognitoUserPoolConfig, | ||
oAuthConfig: cognitoUserPoolConfig.loginWith.oauth, | ||
}); | ||
} | ||
|
||
if (searchParams.has('code') && searchParams.has('state')) { | ||
return completeOAuthFlow({ | ||
request, | ||
redirectOnComplete: redirectOnAuthComplete, | ||
setAuthCookieOptions, | ||
customState, | ||
cognitoUserPoolConfig, | ||
oAuthConfig: cognitoUserPoolConfig.loginWith.oauth, | ||
}); | ||
} | ||
|
||
onError(new Error('Invalid point (update me)')); | ||
}; | ||
|
||
return handlerInput => ({ | ||
async GET(request) { | ||
try { | ||
return await handleRequest(request, handlerInput); | ||
} catch (error) { | ||
const { onError } = handlerInput; | ||
|
||
onError(error as AuthError); | ||
} | ||
}, | ||
}); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
export { createOAuthRouteHandlerFactory } from './createOAuthRouteHandlerFactory'; |
Oops, something went wrong.