-
Notifications
You must be signed in to change notification settings - Fork 43
Expand file tree
/
Copy pathauth.ts
More file actions
91 lines (79 loc) · 2.77 KB
/
auth.ts
File metadata and controls
91 lines (79 loc) · 2.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import { CfnOutput, CfnResource, Duration, RemovalPolicy } from 'aws-cdk-lib';
import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
import { CfnManagedLoginBranding, ManagedLoginVersion, UserPool, UserPoolClient } from 'aws-cdk-lib/aws-cognito';
import { CnameRecord, IHostedZone } from 'aws-cdk-lib/aws-route53';
import { Construct } from 'constructs';
export interface AuthProps {
readonly hostedZone: IHostedZone;
readonly sharedCertificate: ICertificate;
}
export class Auth extends Construct {
readonly userPool: UserPool;
readonly client: UserPoolClient;
readonly domainName: string;
private callbackUrlCount = 0;
constructor(scope: Construct, id: string, props: AuthProps) {
super(scope, id);
const { hostedZone } = props;
const subDomain = 'auth';
this.domainName = `${subDomain}.${hostedZone.zoneName}`;
const userPool = new UserPool(this, 'UserPool', {
passwordPolicy: {
requireUppercase: true,
requireSymbols: true,
requireDigits: true,
minLength: 8,
},
selfSignUpEnabled: true,
signInAliases: {
username: false,
email: true,
},
removalPolicy: RemovalPolicy.DESTROY,
});
const client = userPool.addClient(`Client`, {
idTokenValidity: Duration.days(1),
authFlows: {
userPassword: true,
userSrp: true,
},
oAuth: {
flows: {
authorizationCodeGrant: true,
},
callbackUrls: ['http://localhost/dummy'],
logoutUrls: ['http://localhost/dummy'],
},
});
this.client = client;
this.userPool = userPool;
const domain = userPool.addDomain('CognitoDomain', {
customDomain: {
domainName: this.domainName,
certificate: props.sharedCertificate,
},
managedLoginVersion: ManagedLoginVersion.NEWER_MANAGED_LOGIN,
});
new CnameRecord(this, 'CognitoDomainRecord', {
zone: hostedZone,
recordName: subDomain,
domainName: domain.cloudFrontEndpoint,
});
new CfnManagedLoginBranding(this, 'Branding', {
userPoolId: this.userPool.userPoolId,
clientId: client.userPoolClientId,
useCognitoProvidedValues: true,
});
new CfnOutput(this, 'UserPoolId', { value: userPool.userPoolId });
new CfnOutput(this, 'UserPoolClientId', { value: client.userPoolClientId });
}
public addAllowedCallbackUrls(callbackUrl: string, logoutUrl: string) {
const resource = this.client.node.defaultChild;
if (!CfnResource.isCfnResource(resource)) {
throw new Error('Expected CfnResource');
}
resource.addPropertyOverride(`CallbackURLs.${this.callbackUrlCount}`, callbackUrl);
resource.addPropertyOverride(`LogoutURLs.${this.callbackUrlCount}`, logoutUrl);
this.callbackUrlCount += 1;
}
}