nordcloud / cognitocurl Goto Github PK
View Code? Open in Web Editor NEW🦉🤖Easily sign curl calls to API Gateway with Cognito authorization token.
License: MIT License
🦉🤖Easily sign curl calls to API Gateway with Cognito authorization token.
License: MIT License
Hi,
I installed cognitocurl like this: yarn global add cognitocurl
When I run the following (details are replaced obv 😄):
cognitocurl --cognitoclient CLIENT_ID --userpool USER_POOL_ID --token --username USER_NAME --password USER_PASSWORD
First I am prompted to enter a username and password which should not happen from what the docs says but also once I enter the details I get the following error:
ReferenceError: navigator is not defined
at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:552:17
at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:188:4
at BigInteger.bnModPow [as modPow] (/Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/BigInteger.js:764:2)
at AuthenticationHelper.generateHashDevice (/Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:182:10)
at CognitoUser.authenticateUserInternal (/Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:534:24)
at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:397:21
at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:378:15
at /Users/xxxx/.config/yarn/global/node_modules/amazon-cognito-identity-js/lib/Client.js:71:28
at processTicksAndRejections (internal/process/task_queues.js:97:5)
Any idea what the issue could be?
After a successful login, I'm still prompted to login on every request.
I was able to fix this by adding 'await' to the storage.init call in 'getTokenFromCLI'. Pull request to come.
Hi,
I am trying to use this nice tool and I encounter 2 issues (let me know if I should open 2 distinct ones).
For now my environement is Ubuntu 18.04 inside Win10 and seems to be working quite well.
I was able to retrieve a valid token from my Cognito App, so seems promising.
However, our Cognito Pool is created with account status of users set to : FORCE_CHANGE_PASSWORD.
Then for the first login, we must change password.
And it seems this function is not implemented yet:
$ cognitocurl --cognitoclient <APPID> --userpool <POOL> --token
Username: <user>
Password: *********
TypeError: callback.newPasswordRequired is not a function
at CognitoUser.authenticateUserInternal (/usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:517:20)
at /usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:397:21
at /usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:378:15
at /usr/lib/node_modules/cognitocurl/node_modules/amazon-cognito-identity-js/lib/Client.js:71:28
at processTicksAndRejections (internal/process/task_queues.js:93:5)
Would it be possible to add this feature ?
Also it would be nice to use this command in a non-interactive way, passing username and password as parameters rather than CLI input.
No sure it is the way you would like this tool to work, but would make my life way easier.
Second, I tried to use the reset option but I got an error:
$ cognitocurl --cognitoclient <APPID> --userpool <POOL> --reset
Username: <user>
Password: **************
/bin/sh: 1: undefined: not found
Thanks a lot
First of all: Thank you for putting the time and efforts into this nice and useful helper tool!
We tried out cognitocurl for testing token retrieval from our aws cognito userpool. In the documentation it says when specifying the --token parameter the access token will be printed out. However we noticed that the id token is printed instead:
cognitocurl --cognitoclient <clientid> --userpool <userpool> --token --username <my-email> --password <pw>
=>
--- decoded token fragment ---
"event_id": "250be102-dff9-473b-92c3-70eacc35c515",
"token_use": "id",
"auth_time": 1644229920,
---
As we would also need the access token (and optimally also the refresh token) to be printed out it would be really useful to print that as well (maybe via a separate cmd line parameters - e.g. for easier parsing)
Thanks a lot!
Hi There,
I'm unable to run "npm -i g" command on mac. I get an undefined error
npm -i g cognitocurl
undefined
To overcome this, I've run the following command which installed a whole bunch of packages.
npm install cognitocurl
After the running the above command, I see the following in the folder where we installed this -
drwxr-xr-x 155 XXXX wheel 4.8K 6 Mar 11:36 node_modules
-rw-r--r-- 1 XXXX wheel 57K 6 Mar 11:36 package-lock.json
When I run the cognitocurl
command after this, I still get a -bash: cognitocurl: command not found
Could you please help fix this problem.
Currently, attempting to authenticate against a pool with a client secret enabled just gives
{
code: 'NotAuthorizedException',
name: 'NotAuthorizedException',
message: 'Client XXXXXXXXXXXX is configured for secret but secret was not received'
}
Would be useful to be able to handle this.
I'm attempting to use the cli command:
cognitocurl --cognitoclient <client_id> --userpool <pool_id> --run "curl '<api-gateway-url>'"
Upon entering correct username and password, the token displays on the command line, and nothing else happens.
My environment: MacOS 10.14.5, Node 10.16.3, cognitocurl 0.1.6
Let me know if you need any more info. Thanks.
Hello,
First, thank you for sharing this excellent module! The concept/ functionality is a huge time saver.
Quick question. I'm seeing an error and can't seem to track down the reason.
I'm running your node component in MacOS Mojave terminal. Latest version. Just installed today.
Shell command executed (w/ credentials omitted):
cognitocurl --cognitoclient CLIENT_ID --userpool USER_POOL_ID --username USERNAME --password PASSWORD--run "curl -v https://search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com/_cat/indices?v"
The following is returned (via CURL verbose output). Note the error and the Authorization header that is sent. Wondering if you may have suggestions as to what I may be doing wrong/ why this error may be occurring. Thanks!
Output:
{"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=eyJraWQiOiJsN0lucEcxVDJPekRTSlFGeFhWMlR6WnJXXC90VjhwcWFuSlZBOXkrRzlwMD0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJhdWQiOiJydjI5dWhqcmYwczJkb2wzazNjbmFjN2Y2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV2ZW50X2lkIjoiNTNjYzdmZWYtOTUzOS00NGUwLWE4MjctMDk0YTU2Y2M2ZjZmIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE2MDkwODU3MDEsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1NSSldRYURyaCIsImNvZ25pdG86dXNlcm5hbWUiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJleHAiOjE2MDkwODkzMDEsImlhdCI6MTYwOTA4NTcwMSwiZW1haWwiOiJjYXJ5QGVyaWRlc2lnbi5jb20ifQ.F6K00boiK7xw5pPZSZb9d_u7WGywDLgYzy1WPhe8Ev557c_5_dEmoSqI_yPbPMeO4-dNqCOmXsCoG9DFY3OKr92TKS5ti2FDcRkqKc7xFPuMXNXNp_9X82OHf9T1dkzUunIGdK4YLGKJ4wRlXepiuDw-cWO4YNMs2T_5GHH2LpNNYxYxsG2GugHgroZUpzPYMaWJWXyuHEgUCHHxBmU3PUsD3UeYeGADt2oDftu4M0Fj35Q3r1wqnlzsxRnk-a9SshAwzzbvTcpmL23Gtwwmnx5qi0p2dLz1dqB3cqZZiQF4dZG6NyQILVU5rTn86HAK4OcEaDhGhd62Uv5-V3Vp1w"} * Trying 52.55.91.199...
* TCP_NODELAY set
* Connected to search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com (52.55.91.199) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [274 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [98 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4852 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.us-east-1.es.amazonaws.com
* start date: May 21 00:00:00 2020 GMT
* expire date: Jun 21 12:00:00 2021 GMT
* subjectAltName: host "search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com" matched cert's "*.us-east-1.es.amazonaws.com"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f8419804e00)
> GET /_cat/indices?v HTTP/2
> Host: search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: eyJraWQiOiJsN0lucEcxVDJPekRTSlFGeFhWMlR6WnJXXC90VjhwcWFuSlZBOXkrRzlwMD0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJhdWQiOiJydjI5dWhqcmYwczJkb2wzazNjbmFjN2Y2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV2ZW50X2lkIjoiNTNjYzdmZWYtOTUzOS00NGUwLWE4MjctMDk0YTU2Y2M2ZjZmIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE2MDkwODU3MDEsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1NSSldRYURyaCIsImNvZ25pdG86dXNlcm5hbWUiOiIyNGRkZTdlNS1mNDllLTRkNjMtYWYzMS0yMGE3ZWQwYThmMzIiLCJleHAiOjE2MDkwODkzMDEsImlhdCI6MTYwOTA4NTcwMSwiZW1haWwiOiJjYXJ5QGVyaWRlc2lnbi5jb20ifQ.F6K00boiK7xw5pPZSZb9d_u7WGywDLgYzy1WPhe8Ev557c_5_dEmoSqI_yPbPMeO4-dNqCOmXsCoG9DFY3OKr92TKS5ti2FDcRkqKc7xFPuMXNXNp_9X82OHf9T1dkzUunIGdK4YLGKJ4wRlXepiuDw-cWO4YNMs2T_5GHH2LpNNYxYxsG2GugHgroZUpzPYMaWJWXyuHEgUCHHxBmU3PUsD3UeYeGADt2oDftu4M0Fj35Q3r1wqnlzsxRnk-a9SshAwzzbvTcpmL23Gtwwmnx5qi0p2dLz1dqB3cqZZiQF4dZG6NyQILVU5rTn86HAK4OcEaDhGhd62Uv5-V3Vp1w
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 403
< date: Sun, 27 Dec 2020 16:21:07 GMT
< content-type: application/json
< content-length: 1231
< x-amzn-requestid: 16687046-3e83-4e82-8812-0f17fd1fa457
< access-control-allow-origin: *
<
{ [1231 bytes data]
* Connection #0 to host search-readlog-5o7avh6rg363kgb5q6gbzmqjg4.us-east-1.es.amazonaws.com left intact
As it was pointed out by one of contributors, the project has no guidelines on accepting changes from outside controbutors.
Add a CONTRIBUTING section and some gh actions to check code with reviewdog.
Hi! Thanks for a great tool - this looks like a great solution.
I'm having some trouble getting it to work, though. When I invoke it per the docs, like:
$ cognitocurl --cognitoclient <my_client> --userpool <aws_region-userpool> --run 'curl ...'
I get:
{"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=<token>"}
and the curl
command passed to --run
doesn't seem to actually run.
When I decode the that's output, it's an id
token rather than an access
token, FWIW.
Help greatly appreciated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.