maskaravivek/twt-1687669c-c16f-4b66-93e5-cdfe7dd19f8c.js

## twt-1687669c-c16f-4b66-93e5-cdfe7dd19f8c.js
import NextAuth from "next-auth"
import CognitoProvider from "next-auth/providers/cognito";

export const authOptions = {
  providers: [
    CognitoProvider({
      clientId: process.env.COGNITO_CLIENT_ID,
      clientSecret: process.env.COGNITO_CLIENT_SECRET,
      issuer: process.env.COGNITO_DOMAIN,
      idToken: true,
      name: 'Cognito',
      checks: 'nonce',
    }),
  ],
  callbacks: {
    async jwt({ token, user, account }) {
      if (account && user) {
        if (account['provider'] === 'cognito') {
          token.accessToken = account?.access_token;
          var tokenParsed = JSON.parse(Buffer.from(account.id_token.split('.')[1], 'base64').toString());
          token.username = tokenParsed['cognito:username'];
          token.refreshToken = account?.refresh_token;
          token.accessTokenExpires = account.expires_at * 1000;
        }
      }
      // Return previous token if the access token has not expired yet
      if ((Date.now()) < (token.accessTokenExpires ?? 0)) {
        return token;
      }

      // Access token has expired, try to update it
      return refreshAccessToken(token);
    },
    async session({ session, token }) {
      session.accessToken = token.accessToken
      session.username = token.username
      session.refreshToken = token.refreshToken
      session.accessTokenExpires = token.accessTokenExpires

      return session
    },
  },
  debug: process.env.NODE_ENV === 'development' ? true : false
}

async function refreshAccessToken(token) {
  try {
    const refreshedTokensResponse = await fetch("https://cognito-idp.us-west-2.amazonaws.com", {
      headers: {
        "X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth",
        "Content-Type": "application/x-amz-json-1.1",
      },
      method: "POST",
      body: JSON.stringify({
        "AuthFlow": "REFRESH_TOKEN_AUTH",
        "ClientId": process.env.COGNITO_CLIENT_ID,
        "UserPoolId": process.env.COGNITO_USER_POOL_ID,
        "AuthParameters": {
          "REFRESH_TOKEN": token.refreshToken,
          "SECRET_HASH": process.env.COGNITO_CLIENT_SECRET,
        },
      }),
    })

    const refreshedTokens = await refreshedTokensResponse.json();

    if (!refreshedTokensResponse.ok) {
      throw refreshedTokens;
    }

    return {
      ...token,
      accessToken: refreshedTokens.AuthenticationResult.AccessToken,
      accessTokenExpires: Date.now() + refreshedTokens.AuthenticationResult.ExpiresIn * 1000,
      refreshToken: refreshedTokens.AuthenticationResult.RefreshToken ?? token.refreshToken, // Fall back to old refresh token
    };

  } catch (error) {

    return {
      ...token,
      error: "RefreshAccessTokenError",
    };
  }
}

export default NextAuth(authOptions)
	import NextAuth from "next-auth"
	import CognitoProvider from "next-auth/providers/cognito";

	export const authOptions = {
	providers: [
	CognitoProvider({
	clientId: process.env.COGNITO_CLIENT_ID,
	clientSecret: process.env.COGNITO_CLIENT_SECRET,
	issuer: process.env.COGNITO_DOMAIN,
	idToken: true,
	name: 'Cognito',
	checks: 'nonce',
	}),
	],
	callbacks: {
	async jwt({ token, user, account }) {
	if (account && user) {
	if (account['provider'] === 'cognito') {
	token.accessToken = account?.access_token;
	var tokenParsed = JSON.parse(Buffer.from(account.id_token.split('.')[1], 'base64').toString());
	token.username = tokenParsed['cognito:username'];
	token.refreshToken = account?.refresh_token;
	token.accessTokenExpires = account.expires_at * 1000;
	}
	}
	// Return previous token if the access token has not expired yet
	if ((Date.now()) < (token.accessTokenExpires ?? 0)) {
	return token;
	}

	// Access token has expired, try to update it
	return refreshAccessToken(token);
	},
	async session({ session, token }) {
	session.accessToken = token.accessToken
	session.username = token.username
	session.refreshToken = token.refreshToken
	session.accessTokenExpires = token.accessTokenExpires

	return session
	},
	},
	debug: process.env.NODE_ENV === 'development' ? true : false
	}

	async function refreshAccessToken(token) {
	try {
	const refreshedTokensResponse = await fetch("https://cognito-idp.us-west-2.amazonaws.com", {
	headers: {
	"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth",
	"Content-Type": "application/x-amz-json-1.1",
	},
	method: "POST",
	body: JSON.stringify({
	"AuthFlow": "REFRESH_TOKEN_AUTH",
	"ClientId": process.env.COGNITO_CLIENT_ID,
	"UserPoolId": process.env.COGNITO_USER_POOL_ID,
	"AuthParameters": {
	"REFRESH_TOKEN": token.refreshToken,
	"SECRET_HASH": process.env.COGNITO_CLIENT_SECRET,
	},
	}),
	})

	const refreshedTokens = await refreshedTokensResponse.json();

	if (!refreshedTokensResponse.ok) {
	throw refreshedTokens;
	}

	return {
	...token,
	accessToken: refreshedTokens.AuthenticationResult.AccessToken,
	accessTokenExpires: Date.now() + refreshedTokens.AuthenticationResult.ExpiresIn * 1000,
	refreshToken: refreshedTokens.AuthenticationResult.RefreshToken ?? token.refreshToken, // Fall back to old refresh token
	};

	} catch (error) {

	return {
	...token,
	error: "RefreshAccessTokenError",
	};
	}
	}

	export default NextAuth(authOptions)