A simple, no-fuss authentication library using AWS SDK with SRP-based login. Designed to make AWS Cognito integration straightforward and secure.
Note: The implementation of this library is inspired by AWS Amplify.
- 🔒 Secure Authentication: Uses SRP (Secure Remote Password) for safe user logins.
- ⚙️ AWS SDK Integration: Works seamlessly with AWS Cognito.
- 👤 User Management: Easily handle user registration, login, and password resets.
- ✅ Unit Tests: Fully tested to ensure everything works smoothly.
- Run this command:
npm install @ilittlebig/easy-authBefore using the authentication functions, configure EasyAuth with your AWS Cognito credentials:
EasyAuth.configure({
Auth: {
Cognito: {
userPoolId: "your-user-pool-id",
userPoolClientId: "your-user-pool-client-id"
},
}
});To sign in a user, pass the username and password:
import { signIn } from "easy-auth";
const result = await signIn({
username: "[email protected]",
password: "LongPassword123!!"
});The signIn function may return a nextStep if further action is needed (e.g., setting a new password or entering an MFA code). You can handle each step based on the nextStep.signInStep value:
import { confirmSignIn } from "easy-auth";
if (result.nextStep.signInStep === "CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED") {
// Handle new password requirement
await confirmSignIn({ challengeResponse: "newPassword123" });
}When all steps are completed, nextStep.signInStep will return DONE, indicating a successful sign-in.
To start the password reset flow, provide the username:
import { resetPassword } from "easy-auth";
await resetPassword({ username: "[email protected]" });If a confirmation code is required, confirm the password reset:
import { confirmResetPassword } from "easy-auth";
await confirmResetPassword({
username: "[email protected]",
confirmationCode: "123456",
newPassword: "LongPassword123!!",
});Retrieve the current session tokens, including the access and ID tokens, along with the user ID (sub). These tokens may contain user information, roles, and expiration details.
import { getCurrentSession } from "easy-auth";
const { tokens, sub } = await getCurrentSession();Retrieve the current session tokens and user ID (sub) for ongoing authentication or session management needs.
import { getCurrentUser } from "easy-auth";
const { username, userId } = await getCurrentUser();To sign out a user, use the signOut function. You can pass an optional parameter { isGlobal: true | false } to determine whether the sign-out should be global (across all devices) or just on the current client.
import { signOut } from "easy-auth";
// Sign out from all devices
await signOut({ isGlobal: true });
// Sign out only from the current device
await signOut({ isGlobal: false });Use the updatePassword function to update the password for an authenticated user. This function requires the current (previous) password and the new (proposed) password.
import { updatePassword } from "easy-auth";
await updatePassword({
previousPassword: "oldPassword123",
proposedPassword: "newPassword321"
});Use the updateMFAPreference function to configure the Multi-Factor Authentication (MFA) preferences for an authenticated user. You can set preferences for both totp (Time-based One-Time Password) and sms (SMS-based) MFA methods.
Both totp and sms preferences are optional and can be set to the following values:
"PREFERRED": Sets MFA as the preferred authentication method."ENABLED": Enables MFA but does not make it preferred."DISABLED": Disables MFA for this method."NOT_PREFERRED": Sets MFA as non-preferred.
import { updateMFAPreference } from "easy-auth";
await updateMFAPreference({
totp: "PREFERRED",
sms: "NOT_PREFERRED"
});Use the getMFAPreference function to retrieve the current Multi-Factor Authentication (MFA) preferences for an authenticated user. This function provides the user’s preferred MFA method and a list of all enabled MFA settings.
The response object includes:
preferredMFASetting: The preferred MFA method, such as"TOTP".userMFASettingList: An array of enabled MFA methods, like["TOTP","SMS"].
import { getMFAPreference } from "easy-auth";
const result = await getMFAPreference();Use the getDevices function to retrieve a list of remembered devices associated with the authenticated user. This list includes devices that the user has previously chosen to remember during the login process.
import { getDevices } from "easy-auth";
const devices = await getDevices();Retrieves key profile details for the authenticated user from AWS Cognito. This data often includes information such as the user's email, verification status, and unique user identifier (sub), among other attributes configured in your Cognito setup.
import { getUserAttributes } from "easy-auth";
const attributes = await getUserAttributes();Verifies a Time-based One-Time Password (TOTP) code, typically used for Multi-Factor Authentication (MFA). Checks the code provided by the user and returns a result indicating whether the verification was successful or not.
The result object includes:
status:"SUCCESS"if the verification was successful, or"ERROR"if it failed.session: An optional session token included if a session is available.
import { verifyTOTP } from "easy-auth";
const result = await verifyTOTP();Registers a new user with AWS Cognito. To create a user, provide a username and password. You can also pass optional user attributes to customize the user's profile. AWS Cognito supports the following standard attributes:
namefamily_namegiven_namemiddle_namenicknamepreferred_usernameprofilepicturewebsitegenderbirthdatezoneinfolocaleupdated_ataddressemailphone_numbersub
Example:
import { signUp } from "easy-auth";
const result = await signUp({
username: "[email protected]",
password: "LongPassword123!!",
options: {
userAttributes: {
gender: "Male",
nickname: "Olof"
}
}
});After signing up, the user must confirm their account, typically by entering a confirmation code sent to their email. Use the confirmSignUp function to verify the code and complete the registration process.
import { confirmSignUp } from "easy-auth";
let signUpCode = "123456";
const result = await confirmSignUp({
username: "[email protected]",
confirmationCode: signUpCode
});Allows you to resend the confirmation code to a user who is in the process of signing up but hasn’t yet confirmed their account. This is useful if the user didn’t receive the original code or needs a new one.
import { resendSignUpCode } from "easy-auth";
const codeDeliveryDetails = await resendSignUpCode({
username: "[email protected]",
});Permanently deletes the authenticated user's account from AWS Cognito. This action is irreversible and removes all associated user data. It’s typically used when a user wants to close their account.
import { deleteUser } from "easy-auth";
await deleteUser();Select the default storage provider for managing token storage, such as localStorage or inMemoryStorage, which are stored locally, or opt for cookieStorage, where tokens are stored in cookies.
// Store tokens in cookies
import { EasyAuth, CookieStorage } from "easy-auth";
EasyAuth.setKeyValueStorage(new CookieStorage());
// Store tokens in memory
import { EasyAuth, InMemoryStorage } from "easy-auth";
EasyAuth.setKeyValueStorage(new InMemoryStorage());To run the included unit tests:
npm test