nordcloud / cognitocurl Goto Github PK

View Code? Open in Web Editor NEW

90.0 90.0 11.0 1.73 MB

🦉🤖Easily sign curl calls to API Gateway with Cognito authorization token.

License: MIT License

JavaScript 20.12% Batchfile 0.22% TypeScript 79.66%

amazon-web-services aws cli cognito curl

cognitocurl's People

Stargazers

Watchers

Forkers

scrawlon nascit simoneismann a-ostretsova jechaiz aambertin korutx gb-klein you54f manishreddy255 ckuppel

cognitocurl's Issues

ReferenceError: navigator is not defined

Hi,

I installed cognitocurl like this: yarn global add cognitocurl

When I run the following (details are replaced obv 😄):

cognitocurl --cognitoclient CLIENT_ID --userpool USER_POOL_ID --token --username USER_NAME --password USER_PASSWORD

First I am prompted to enter a username and password which should not happen from what the docs says but also once I enter the details I get the following error:

ReferenceError: navigator is not defined
    at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:552:17
    at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:188:4
    at BigInteger.bnModPow [as modPow] (/Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/BigInteger.js:764:2)
    at AuthenticationHelper.generateHashDevice (/Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:182:10)
    at CognitoUser.authenticateUserInternal (/Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:534:24)
    at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:397:21
    at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:378:15
    at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/Client.js:71:28
    at processTicksAndRejections (internal/process/task_queues.js:97:5)

Any idea what the issue could be?

Login required for every request. Credentials not persisted.

After a successful login, I'm still prompted to login on every request.

I was able to fix this by adding 'await' to the storage.init call in 'getTokenFromCLI'. Pull request to come.

Reset

Hi,

I am trying to use this nice tool and I encounter 2 issues (let me know if I should open 2 distinct ones).
For now my environement is Ubuntu 18.04 inside Win10 and seems to be working quite well.

I was able to retrieve a valid token from my Cognito App, so seems promising.

However, our Cognito Pool is created with account status of users set to : FORCE_CHANGE_PASSWORD.
Then for the first login, we must change password.

And it seems this function is not implemented yet:

$ cognitocurl --cognitoclient <APPID> --userpool <POOL> --token
Username: <user>
Password: *********
TypeError: callback.newPasswordRequired is not a function
    at CognitoUser.authenticateUserInternal (/usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:517:20)
    at /usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:397:21
    at /usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:378:15
    at /usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/Client.js:71:28
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

Would it be possible to add this feature ?

Also it would be nice to use this command in a non-interactive way, passing username and password as parameters rather than CLI input.
No sure it is the way you would like this tool to work, but would make my life way easier.

Second, I tried to use the reset option but I got an error:

$ cognitocurl --cognitoclient <APPID> --userpool <POOL> --reset
Username: <user>
Password: **************
 /bin/sh: 1: undefined: not found

Thanks a lot

cognitocurl prints out id token instead of access token

First of all: Thank you for putting the time and efforts into this nice and useful helper tool!

We tried out cognitocurl for testing token retrieval from our aws cognito userpool. In the documentation it says when specifying the --token parameter the access token will be printed out. However we noticed that the id token is printed instead:

cognitocurl --cognitoclient <clientid> --userpool <userpool> --token --username <my-email> --password <pw>
=>
--- decoded token fragment ---
  "event_id": "250be102-dff9-473b-92c3-70eacc35c515",
  "token_use": "id",
  "auth_time": 1644229920,
---

As we would also need the access token (and optimally also the refresh token) to be printed out it would be really useful to print that as well (maybe via a separate cmd line parameters - e.g. for easier parsing)

Thanks a lot!

Installation on mac

Hi There,

I'm unable to run "npm -i g" command on mac. I get an undefined error

 npm -i g cognitocurl
undefined

To overcome this, I've run the following command which installed a whole bunch of packages.

npm install cognitocurl

After the running the above command, I see the following in the folder where we installed this -

drwxr-xr-x  155 XXXX  wheel   4.8K  6 Mar 11:36 node_modules
-rw-r--r--    1 XXXX  wheel    57K  6 Mar 11:36 package-lock.json

When I run the cognitocurl command after this, I still get a -bash: cognitocurl: command not found
Could you please help fix this problem.

Feature Request: Support cognito pools that use client_secret

Currently, attempting to authenticate against a pool with a client secret enabled just gives

{
  code: 'NotAuthorizedException',
  name: 'NotAuthorizedException',
  message: 'Client XXXXXXXXXXXX is configured for secret but secret was not received'
}

Would be useful to be able to handle this.

On successful login, token is output to console and curl command doesn't run

I'm attempting to use the cli command:
cognitocurl --cognitoclient <client_id> --userpool <pool_id> --run "curl '<api-gateway-url>'"

Upon entering correct username and password, the token displays on the command line, and nothing else happens.

My environment: MacOS 10.14.5, Node 10.16.3, cognitocurl 0.1.6

Let me know if you need any more info. Thanks.

"Authorization header requires" error

Hello,

First, thank you for sharing this excellent module! The concept/ functionality is a huge time saver.

Quick question. I'm seeing an error and can't seem to track down the reason.

I'm running your node component in MacOS Mojave terminal. Latest version. Just installed today.

Shell command executed (w/ credentials omitted):

cognitocurl --cognitoclient CLIENT_ID --userpool USER_POOL_ID --username USERNAME --password PASSWORD--run "curl -v https://search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com/_cat/indices?v"

The following is returned (via CURL verbose output). Note the error and the Authorization header that is sent. Wondering if you may have suggestions as to what I may be doing wrong/ why this error may be occurring. Thanks!

Output:

{"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=eyJraWQiOiJsN0lucEcxVDJPekRTSlFGeFhWMlR6WnJXXC90VjhwcWFuSlZBOXkrRzlwMD0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJhdWQiOiJydjI5dWhqcmYwczJkb2wzazNjbmFjN2Y2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV2ZW50X2lkIjoiNTNjYzdmZWYtOTUzOS00NGUwLWE4MjctMDk0YTU2Y2M2ZjZmIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE2MDkwODU3MDEsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1NSSldRYURyaCIsImNvZ25pdG86dXNlcm5hbWUiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJleHAiOjE2MDkwODkzMDEsImlhdCI6MTYwOTA4NTcwMSwiZW1haWwiOiJjYXJ5QGVyaWRlc2lnbi5jb20ifQ.F6K00boiK7xw5pPZSZb9d_u7WGywDLgYzy1WPhe8Ev557c_5_dEmoSqI_yPbPMeO4-dNqCOmXsCoG9DFY3OKr92TKS5ti2FDcRkqKc7xFPuMXNXNp_9X82OHf9T1dkzUunIGdK4YLGKJ4wRlXepiuDw-cWO4YNMs2T_5GHH2LpNNYxYxsG2GugHgroZUpzPYMaWJWXyuHEgUCHHxBmU3PUsD3UeYeGADt2oDftu4M0Fj35Q3r1wqnlzsxRnk-a9SshAwzzbvTcpmL23Gtwwmnx5qi0p2dLz1dqB3cqZZiQF4dZG6NyQILVU5rTn86HAK4OcEaDhGhd62Uv5-V3Vp1w"} *   Trying 52.55.91.199...
* TCP_NODELAY set
* Connected to search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com (52.55.91.199) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [274 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [98 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4852 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.us-east-1.es.amazonaws.com
*  start date: May 21 00:00:00 2020 GMT
*  expire date: Jun 21 12:00:00 2021 GMT
*  subjectAltName: host "search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com" matched cert's "*.us-east-1.es.amazonaws.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f8419804e00)
> GET /_cat/indices?v HTTP/2
> Host: search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: eyJraWQiOiJsN0lucEcxVDJPekRTSlFGeFhWMlR6WnJXXC90VjhwcWFuSlZBOXkrRzlwMD0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJhdWQiOiJydjI5dWhqcmYwczJkb2wzazNjbmFjN2Y2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV2ZW50X2lkIjoiNTNjYzdmZWYtOTUzOS00NGUwLWE4MjctMDk0YTU2Y2M2ZjZmIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE2MDkwODU3MDEsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1NSSldRYURyaCIsImNvZ25pdG86dXNlcm5hbWUiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJleHAiOjE2MDkwODkzMDEsImlhdCI6MTYwOTA4NTcwMSwiZW1haWwiOiJjYXJ5QGVyaWRlc2lnbi5jb20ifQ.F6K00boiK7xw5pPZSZb9d_u7WGywDLgYzy1WPhe8Ev557c_5_dEmoSqI_yPbPMeO4-dNqCOmXsCoG9DFY3OKr92TKS5ti2FDcRkqKc7xFPuMXNXNp_9X82OHf9T1dkzUunIGdK4YLGKJ4wRlXepiuDw-cWO4YNMs2T_5GHH2LpNNYxYxsG2GugHgroZUpzPYMaWJWXyuHEgUCHHxBmU3PUsD3UeYeGADt2oDftu4M0Fj35Q3r1wqnlzsxRnk-a9SshAwzzbvTcpmL23Gtwwmnx5qi0p2dLz1dqB3cqZZiQF4dZG6NyQILVU5rTn86HAK4OcEaDhGhd62Uv5-V3Vp1w
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 403 
< date: Sun, 27 Dec 2020 16:21:07 GMT
< content-type: application/json
< content-length: 1231
< x-amzn-requestid: 16687046-3e83-4e82-8812-0f17fd1fa457
< access-control-allow-origin: *
< 
{ [1231 bytes data]
* Connection #0 to host search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com left intact

Add CONTRIBUTING guide

As it was pointed out by one of contributors, the project has no guidelines on accepting changes from outside controbutors.

Add a CONTRIBUTING section and some gh actions to check code with reviewdog.

error messages about missing header fields; curl doesn't run

Hi! Thanks for a great tool - this looks like a great solution.

I'm having some trouble getting it to work, though. When I invoke it per the docs, like:

$ cognitocurl --cognitoclient <my_client> --userpool <aws_region-userpool> --run 'curl ...'

I get:

{"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=<token>"}

and the curl command passed to --run doesn't seem to actually run.

When I decode the that's output, it's an id token rather than an access token, FWIW.

Help greatly appreciated.

nordcloud / cognitocurl Goto Github PK

cognitocurl's People

Stargazers

Watchers

Forkers

cognitocurl's Issues

ReferenceError: navigator is not defined

Login required for every request. Credentials not persisted.

Reset

cognitocurl prints out id token instead of access token

Installation on mac

Feature Request: Support cognito pools that use client_secret

On successful login, token is output to console and curl command doesn't run

"Authorization header requires" error

Add CONTRIBUTING guide

error messages about missing header fields; curl doesn't run

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent