diff --git a/src/targets/adminInitiateAuth.test.ts b/src/targets/adminInitiateAuth.test.ts index de32b5d1..468e4111 100644 --- a/src/targets/adminInitiateAuth.test.ts +++ b/src/targets/adminInitiateAuth.test.ts @@ -3,6 +3,7 @@ import { newMockUserPoolService } from "../__tests__/mockUserPoolService"; import { newMockTriggers } from "../__tests__/mockTriggers"; import { ClockFake } from "../__tests__/clockFake"; import * as TDB from "../__tests__/testDataBuilder"; +import { DefaultConfig } from "../server/config"; import { CognitoService, Messages, @@ -37,6 +38,12 @@ describe("AdminInitiateAuth target", () => { adminInitiateAuth = AdminInitiateAuth({ clock: new ClockFake(new Date(0)), + config: { + ...DefaultConfig, + TokenConfig: { + IssuerDomain: "http://issuer-domain", + }, + }, triggers: mockTriggers, cognito: mockCognitoService, }); @@ -57,7 +64,31 @@ describe("AdminInitiateAuth target", () => { }, }); + expect(response.AuthenticationResult?.AccessToken).toBeTruthy(); expect(response.AuthenticationResult?.IdToken).toBeTruthy(); expect(response.AuthenticationResult?.RefreshToken).toBeTruthy(); }); + + it("supports REFRESH_TOKEN_AUTH", async () => { + const existingUser = TDB.user({ + RefreshTokens: ["refresh token"], + }); + + mockUserPoolService.getUserByRefreshToken.mockResolvedValue(existingUser); + + const response = await adminInitiateAuth({ + AuthFlow: "REFRESH_TOKEN_AUTH", + ClientId: "clientId", + UserPoolId: "test", + AuthParameters: { + REFRESH_TOKEN: "refresh token", + }, + }); + + expect(response.AuthenticationResult?.AccessToken).toBeTruthy(); + expect(response.AuthenticationResult?.IdToken).toBeTruthy(); + + // does not return a refresh token as part of a refresh token flow + expect(response.AuthenticationResult?.RefreshToken).not.toBeDefined(); + }); }); diff --git a/src/targets/adminInitiateAuth.ts b/src/targets/adminInitiateAuth.ts index 4f625ea2..fd5d7d98 100644 --- a/src/targets/adminInitiateAuth.ts +++ b/src/targets/adminInitiateAuth.ts @@ -2,22 +2,22 @@ import { AdminInitiateAuthRequest, AdminInitiateAuthResponse, } from "aws-sdk/clients/cognitoidentityserviceprovider"; -import { Services } from "../services"; import { InvalidParameterError, InvalidPasswordError, NotAuthorizedError, UnsupportedError, } from "../errors"; +import { Services } from "../services"; import { generateTokens } from "../services/tokens"; export type AdminInitiateAuthTarget = ( req: AdminInitiateAuthRequest ) => Promise; -type AuthServices = Pick; +type AuthServices = Pick; -const handleAdminUserPasswordAuth = async ( +const adminUserPasswordAuthFlow = async ( services: AuthServices, req: AdminInitiateAuthRequest ): Promise => { @@ -65,7 +65,7 @@ const handleAdminUserPasswordAuth = async ( user, req.ClientId, userPool.config.Id, - {}, + services.config.TokenConfig, services.clock ); @@ -86,7 +86,7 @@ const handleAdminUserPasswordAuth = async ( }; }; -const handleRefreshTokenAuth = async ( +const refreshTokenAuthFlow = async ( services: AuthServices, req: AdminInitiateAuthRequest ): Promise => { @@ -112,7 +112,7 @@ const handleRefreshTokenAuth = async ( user, req.ClientId, userPool.config.Id, - {}, + services.config.TokenConfig, services.clock ); @@ -135,10 +135,13 @@ export const AdminInitiateAuth = (services: AuthServices): AdminInitiateAuthTarget => async (req) => { if (req.AuthFlow === "ADMIN_USER_PASSWORD_AUTH") { - return handleAdminUserPasswordAuth(services, req); - } else if (req.AuthFlow === "REFRESH_TOKEN_AUTH") { - return handleRefreshTokenAuth(services, req); + return adminUserPasswordAuthFlow(services, req); + } else if ( + req.AuthFlow === "REFRESH_TOKEN_AUTH" || + req.AuthFlow === "REFRESH_TOKEN" + ) { + return refreshTokenAuthFlow(services, req); } else { - throw new UnsupportedError(`InitAuth with AuthFlow=${req.AuthFlow}`); + throw new UnsupportedError(`AdminInitAuth with AuthFlow=${req.AuthFlow}`); } };