Skip to content

Commit

Permalink
feat(token): initiateAuth basic refresh token support
Browse files Browse the repository at this point in the history
  • Loading branch information
@jagregory
jagregory committed Dec 7, 2021
1 parent e71e471 commit 2d6b0e3
Show file tree
Hide file tree
Showing 4 changed files with 359 additions and 112 deletions.
183 changes: 183 additions & 0 deletions integration-tests/aws-sdk/initiateAuth.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import jwt from "jsonwebtoken";
import { UUID } from "../../src/__tests__/patterns";
import { attributeValue } from "../../src/services/userPoolService";
import { withCognitoSdk } from "./setup";
Expand Down Expand Up @@ -76,5 +77,187 @@ describe(
Session: expect.stringMatching(UUID),
});
});

it("can authenticate users with USER_PASSWORD_AUTH auth flow", async () => {
const client = Cognito();

const upc = await client
.createUserPoolClient({
UserPoolId: "test",
ClientName: "test",
})
.promise();

const createUserResponse = await client
.adminCreateUser({
DesiredDeliveryMediums: ["EMAIL"],
TemporaryPassword: "def",
UserAttributes: [{ Name: "email", Value: "example@example.com" }],
Username: "abc",
UserPoolId: "test",
})
.promise();
const userSub = attributeValue(
"sub",
createUserResponse.User?.Attributes
);

await client
.adminConfirmSignUp({
UserPoolId: "test",
Username: "abc",
})
.promise();

const response = await client
.initiateAuth({
ClientId: upc.UserPoolClient?.ClientId!,
AuthFlow: "USER_PASSWORD_AUTH",
AuthParameters: {
USERNAME: "abc",
PASSWORD: "def",
},
})
.promise();

expect(
jwt.decode(response.AuthenticationResult?.AccessToken as string)
).toEqual({
auth_time: expect.any(Number),
client_id: upc.UserPoolClient?.ClientId,
event_id: expect.stringMatching(UUID),
exp: expect.any(Number),
iat: expect.any(Number),
iss: "http://localhost:9229/test",
jti: expect.stringMatching(UUID),
scope: "aws.cognito.signin.user.admin",
sub: userSub,
token_use: "access",
username: "abc",
});

expect(
jwt.decode(response.AuthenticationResult?.IdToken as string)
).toEqual({
"cognito:username": "abc",
aud: upc.UserPoolClient?.ClientId,
auth_time: expect.any(Number),
email: "example@example.com",
email_verified: true,
event_id: expect.stringMatching(UUID),
exp: expect.any(Number),
iat: expect.any(Number),
iss: "http://localhost:9229/test",
jti: expect.stringMatching(UUID),
sub: userSub,
token_use: "id",
});

expect(
jwt.decode(response.AuthenticationResult?.RefreshToken as string)
).toEqual({
"cognito:username": "abc",
email: "example@example.com",
exp: expect.any(Number),
iat: expect.any(Number),
iss: "http://localhost:9229/test",
jti: expect.stringMatching(UUID),
});
});

it("can authenticate users with REFRESH_TOKEN_AUTH auth flow", async () => {
const client = Cognito();

const upc = await client
.createUserPoolClient({
UserPoolId: "test",
ClientName: "test",
})
.promise();

const createUserResponse = await client
.adminCreateUser({
DesiredDeliveryMediums: ["EMAIL"],
TemporaryPassword: "def",
UserAttributes: [{ Name: "email", Value: "example@example.com" }],
Username: "abc",
UserPoolId: "test",
})
.promise();
const userSub = attributeValue(
"sub",
createUserResponse.User?.Attributes
);

await client
.adminConfirmSignUp({
UserPoolId: "test",
Username: "abc",
})
.promise();

const initialLoginResponse = await client
.initiateAuth({
ClientId: upc.UserPoolClient?.ClientId!,
AuthFlow: "USER_PASSWORD_AUTH",
AuthParameters: {
USERNAME: "abc",
PASSWORD: "def",
},
})
.promise();

const refreshTokenLoginResponse = await client
.initiateAuth({
ClientId: upc.UserPoolClient?.ClientId!,
AuthFlow: "REFRESH_TOKEN_AUTH",
AuthParameters: {
REFRESH_TOKEN: initialLoginResponse.AuthenticationResult
?.RefreshToken as string,
},
})
.promise();

expect(
jwt.decode(
refreshTokenLoginResponse.AuthenticationResult?.AccessToken as string
)
).toEqual({
auth_time: expect.any(Number),
client_id: upc.UserPoolClient?.ClientId,
event_id: expect.stringMatching(UUID),
exp: expect.any(Number),
iat: expect.any(Number),
iss: "http://localhost:9229/test",
jti: expect.stringMatching(UUID),
scope: "aws.cognito.signin.user.admin",
sub: userSub,
token_use: "access",
username: "abc",
});

expect(
jwt.decode(
refreshTokenLoginResponse.AuthenticationResult?.IdToken as string
)
).toEqual({
"cognito:username": "abc",
aud: upc.UserPoolClient?.ClientId,
auth_time: expect.any(Number),
email: "example@example.com",
email_verified: true,
event_id: expect.stringMatching(UUID),
exp: expect.any(Number),
iat: expect.any(Number),
iss: "http://localhost:9229/test",
jti: expect.stringMatching(UUID),
sub: userSub,
token_use: "id",
});

expect(
refreshTokenLoginResponse.AuthenticationResult?.RefreshToken
).not.toBeDefined();
});
})
);
24 changes: 24 additions & 0 deletions src/targets/initiateAuth.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,4 +578,28 @@ describe("InitiateAuth target", () => {
});
});
});

describe("REFRESH_TOKEN_AUTH auth flow", () => {
it("returns new tokens", async () => {
const existingUser = TDB.user({
RefreshTokens: ["refresh token"],
});

mockUserPoolService.getUserByRefreshToken.mockResolvedValue(existingUser);

const response = await initiateAuth({
AuthFlow: "REFRESH_TOKEN_AUTH",
ClientId: "clientId",
AuthParameters: {
REFRESH_TOKEN: "refresh token",
},
});

expect(response.AuthenticationResult?.AccessToken).toBeTruthy();
expect(response.AuthenticationResult?.IdToken).toBeTruthy();

// does not return a refresh token as part of a refresh token flow
expect(response.AuthenticationResult?.RefreshToken).not.toBeDefined();
});
});
});
Loading

0 comments on commit 2d6b0e3

Please sign in to comment.