@earnup/cognito-login v2.0.3
EarnUp Cognito library
This is a simple client library to interface with the EarnUp Cognito user pool.
Supported methods
signup
login
Usage:
Configuring the client:
require CognitoClient from '@earnup/cognito-login'; const cognitoClient = new CognitoClient(COGNITO_USER_POOL_ID, COGNITO_CLIENT_ID);
Signing up a user
const loggedIn = await cognitoClient.signup(
TEST_USER, TEST_PASS, TEST_EMAIL, TEST_PHONE
);
}
Note that new user accounts start out as unconfirmed accounts, meaning they cannot be logged into before the user takes action through email or another channel to activate the account.
Logging in a user
Once an account is confirmed a JWT token can be retrieved with the username and password of the account.
const loggedIn = await cognitoClient.login(
TEST_USER, TEST_PASS
);
The payload includes an idToken
which is the JWT token for authenticating with our services. The payload also contains
the refresh token and the decoded token payload claims like the following:
{
"custom:customer_id": "1000059651",
"sub": "f0f56195-fba4-4b4a-82c8-c7ca05a13fc2",
"aud": "nkeo7sbs4a7j02lubqa87rgoh",
"email_verified": true,
"event_id": "8e894747-3400-4ac8-a783-66e33c702845",
"token_use": "id",
"auth_time": 1586153770,
"iss":
"https://cognito-idp.us-west-2.amazonaws.com/us-west-2_uDiejirsB",
"cognito:username": "test_user20190624134040@mailinator.com",
"exp": 1586157370,
"iat": 1586153770,
"email": "test_user20190624134040@mailinator.com"
}
The sub
field is the token subject, which is an ID that uniquely identifies the user that has been
issued the token. Note that although usernames among active are unique, Cognito is free to reuse names but subject IDs
will never be reused.
Validating client access tokens
Each EarnUp enterprise partner has an App Client in the EarnUp Cognito user pool. Calling the oauth2/token endpoint with the client_credentials
grant type can be used to generate an accessToken
. This is a Bearer
authorization token that enables partners to interact with EarnUp's external facing APIs. It is a JWT and the decoded payload looks like this (notice token_use
is different than when authenticating a user):
{
"sub": "o17ge3vpl7pmtdnh7l52eb4d9",
"token_use": "access",
"scope": "https://partner.earnup.com/cfba52b5-dd9b-45b9-ac96-736e55ee42e0/customers.write https://partner.earnup.com/cfba52b5-dd9b-45b9-ac96-736e55ee42e0/loans.write",
"auth_time": 1634012306,
"iss": "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_XksD0cYpc",
"exp": 1634015906,
"iat": 1634012306,
"version": 2,
"jti": "63bd71eb-61ae-4531-8bc8-b5b49f3e8416",
"client_id": "o17ge3vpl7pmtdnh7l52eb4d9"
}
You can validate an accessToken
like this:
let decodedToken = await CognitoClient.getValidatedTokenPayload(
accessToken,
COGNITO_USER_POOL_ID,
clientId
);
2 years ago
2 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago