feat: createAwsCognitoOAuthConfig() (#311)

* Add cognito provider. * Update README. * Rename provider. * tweak order * fix * fix --------- Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
denoland · Mar 18, 2024 · fcc8068 · fcc8068
1 parent 9dfc2a7
commit fcc8068
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -314,6 +314,7 @@ is set in the following order of precedence:
 The following providers have pre-defined OAuth configurations:
 
 1. [Auth0](https://deno.land/x/deno_kv_oauth/mod.ts?s=createAuth0OAuthConfig)
+1. [AWS Cognito User Pool](https://deno.land/x/deno_kv_oauth/mod.ts?s=createAwsCognitoOAuthConfig)
 1. [AzureAD](https://deno.land/x/deno_kv_oauth/mod.ts?s=createAzureADAuthConfig)
 1. [AzureADB2C](https://deno.land/x/deno_kv_oauth/mod.ts?s=createAzureADB2CAuthConfig)
 1. [Discord](https://deno.land/x/deno_kv_oauth/mod.ts?s=createDiscordOAuthConfig)
@@ -342,7 +343,7 @@ starting your server. E.g. `DISCORD`, `GOOGLE`, or `SLACK`.
    [Client secret](https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/)
    of a given OAuth application.
 1. `PROVIDER_DOMAIN` (optional) - Server domain of a given OAuth application.
-   Only required for Okta and Auth0.
+   Required for Auth0, AzureADB2C, AWS Cognito, and Okta.
 
 > Note: reading environment variables requires the
 > `--allow-env[=<VARIABLE_NAME>...]` permission flag. See

diff --git a/lib/create_aws_cognito_oauth_config.ts b/lib/create_aws_cognito_oauth_config.ts
@@ -0,0 +1,45 @@
+// Copyright 2023-2024 the Deno authors. All rights reserved. MIT license.
+import type { OAuth2ClientConfig } from "../deps.ts";
+import { getRequiredEnv } from "./get_required_env.ts";
+
+/**
+ * Returns the OAuth configuration for an Amazon Cognito user pool.
+ *
+ * Requires `--allow-env[=AWS_COGNITO_CLIENT_ID,AWS_COGNITO_CLIENT_SECRET,AWS_COGNITO_DOMAIN]`
+ * permissions and environment variables:
+ * 1. `AWS_COGNITO_CLIENT_ID`
+ * 2. `AWS_COGNITO_CLIENT_SECRET`
+ * 3. `AWS_COGNITO_DOMAIN`
+ *
+ * @example
+ * ```ts
+ * import { createAwsCognitoOAuthConfig } from "https://deno.land/x/deno_kv_oauth/mod.ts";
+ *
+ * const oauthConfig = createAwsCognitoOAuthConfig({
+ *   redirectUri: "http://localhost:8000/callback",
+ *   scope: "openid"
+ * });
+ * ```
+ *
+ * @see {@link https://docs.aws.amazon.com/cognito/latest/developerguide/federation-endpoints-oauth-grants.html}
+ */
+
+export function createAwsCognitoOAuthConfig(
+  config: {
+    /** @see {@linkcode OAuth2ClientConfig.redirectUri} */
+    redirectUri: string;
+    /** @see {@linkcode OAuth2ClientConfig.defaults.scope} */
+    scope?: string | string[];
+  },
+): OAuth2ClientConfig {
+  const domain = getRequiredEnv("AWS_COGNITO_DOMAIN");
+  const baseURL = `https://${domain}/oauth2`;
+  return {
+    clientId: getRequiredEnv("AWS_COGNITO_CLIENT_ID"),
+    clientSecret: getRequiredEnv("AWS_COGNITO_CLIENT_SECRET"),
+    authorizationEndpointUri: `${baseURL}/authorize`,
+    tokenUri: `${baseURL}/token`,
+    redirectUri: config.redirectUri,
+    defaults: { scope: config?.scope },
+  };
+}
diff --git a/mod.ts b/mod.ts
@@ -6,6 +6,7 @@ export * from "./lib/sign_out.ts";
 export * from "./lib/create_auth0_oauth_config.ts";
 export * from "./lib/create_azure_ad_oauth_config.ts";
 export * from "./lib/create_azure_adb2c_oauth_config.ts";
+export * from "./lib/create_aws_cognito_oauth_config.ts";
 export * from "./lib/create_discord_oauth_config.ts";
 export * from "./lib/create_dropbox_oauth_config.ts";
 export * from "./lib/create_facebook_oauth_config.ts";