fix(tokens): adminInitateAuth uses token IssuerDomain

src/targets/adminInitiateAuth.test.ts

@@ -3,6 +3,7 @@ import { newMockUserPoolService } from "../__tests__/mockUserPoolService";
 import { newMockTriggers } from "../__tests__/mockTriggers";
 import { ClockFake } from "../__tests__/clockFake";
 import * as TDB from "../__tests__/testDataBuilder";
+import { DefaultConfig } from "../server/config";
 import {
   CognitoService,
   Messages,
@@ -37,6 +38,12 @@ describe("AdminInitiateAuth target", () => {
 
     adminInitiateAuth = AdminInitiateAuth({
       clock: new ClockFake(new Date(0)),
+      config: {
+        ...DefaultConfig,
+        TokenConfig: {
+          IssuerDomain: "http://issuer-domain",
+        },
+      },
       triggers: mockTriggers,
       cognito: mockCognitoService,
     });
@@ -57,7 +64,31 @@ describe("AdminInitiateAuth target", () => {
       },
     });
 
+    expect(response.AuthenticationResult?.AccessToken).toBeTruthy();
     expect(response.AuthenticationResult?.IdToken).toBeTruthy();
     expect(response.AuthenticationResult?.RefreshToken).toBeTruthy();
   });
+
+  it("supports REFRESH_TOKEN_AUTH", async () => {
+    const existingUser = TDB.user({
+      RefreshTokens: ["refresh token"],
+    });
+
+    mockUserPoolService.getUserByRefreshToken.mockResolvedValue(existingUser);
+
+    const response = await adminInitiateAuth({
+      AuthFlow: "REFRESH_TOKEN_AUTH",
+      ClientId: "clientId",
+      UserPoolId: "test",
+      AuthParameters: {
+        REFRESH_TOKEN: "refresh token",
+      },
+    });
+
+    expect(response.AuthenticationResult?.AccessToken).toBeTruthy();
+    expect(response.AuthenticationResult?.IdToken).toBeTruthy();
+
+    // does not return a refresh token as part of a refresh token flow
+    expect(response.AuthenticationResult?.RefreshToken).not.toBeDefined();
+  });
 });

src/targets/adminInitiateAuth.ts

@@ -2,22 +2,22 @@ import {
   AdminInitiateAuthRequest,
   AdminInitiateAuthResponse,
 } from "aws-sdk/clients/cognitoidentityserviceprovider";
-import { Services } from "../services";
 import {
   InvalidParameterError,
   InvalidPasswordError,
   NotAuthorizedError,
   UnsupportedError,
 } from "../errors";
+import { Services } from "../services";
 import { generateTokens } from "../services/tokens";
 
 export type AdminInitiateAuthTarget = (
   req: AdminInitiateAuthRequest
 ) => Promise<AdminInitiateAuthResponse>;
 
-type AuthServices = Pick<Services, "cognito" | "clock" | "triggers">;
+type AuthServices = Pick<Services, "cognito" | "clock" | "triggers" | "config">;
 
-const handleAdminUserPasswordAuth = async (
+const adminUserPasswordAuthFlow = async (
   services: AuthServices,
   req: AdminInitiateAuthRequest
 ): Promise<AdminInitiateAuthResponse> => {
@@ -65,7 +65,7 @@ const handleAdminUserPasswordAuth = async (
     user,
     req.ClientId,
     userPool.config.Id,
-    {},
+    services.config.TokenConfig,
     services.clock
   );
 
@@ -86,7 +86,7 @@ const handleAdminUserPasswordAuth = async (
   };
 };
 
-const handleRefreshTokenAuth = async (
+const refreshTokenAuthFlow = async (
   services: AuthServices,
   req: AdminInitiateAuthRequest
 ): Promise<AdminInitiateAuthResponse> => {
@@ -112,7 +112,7 @@ const handleRefreshTokenAuth = async (
     user,
     req.ClientId,
     userPool.config.Id,
-    {},
+    services.config.TokenConfig,
     services.clock
   );
 
@@ -135,10 +135,13 @@ export const AdminInitiateAuth =
   (services: AuthServices): AdminInitiateAuthTarget =>
   async (req) => {
     if (req.AuthFlow === "ADMIN_USER_PASSWORD_AUTH") {
-      return handleAdminUserPasswordAuth(services, req);
-    } else if (req.AuthFlow === "REFRESH_TOKEN_AUTH") {
-      return handleRefreshTokenAuth(services, req);
+      return adminUserPasswordAuthFlow(services, req);
+    } else if (
+      req.AuthFlow === "REFRESH_TOKEN_AUTH" ||
+      req.AuthFlow === "REFRESH_TOKEN"
+    ) {
+      return refreshTokenAuthFlow(services, req);
     } else {
-      throw new UnsupportedError(`InitAuth with AuthFlow=${req.AuthFlow}`);
+      throw new UnsupportedError(`AdminInitAuth with AuthFlow=${req.AuthFlow}`);
     }
   };