feat: exchange identity credentials for iota credentials

affinidi · Aug 14, 2024 · 9f658ea · 9f658ea
1 parent 55c20d1
commit 9f658ea
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 15 deletions.
diff --git a/libs/iota-core/helpers/index.ts b/libs/iota-core/helpers/index.ts
@@ -3,4 +3,5 @@ export {
  type Credentials,
  type IAuthProviderParams,
  type IotaCredentials,
+ type IdentityCredentials,
 } from './iota-auth-provider'
diff --git a/libs/iota-core/helpers/iota-auth-provider.ts b/libs/iota-core/helpers/iota-auth-provider.ts
@@ -22,6 +22,11 @@ export interface Credentials {
  readonly expiration?: Date
 }
 
+export interface IdentityCredentials {
+ readonly identityId: string
+ readonly token: string
+}
+
 export class IotaAuthProvider {
  region: string
  apiGW: string
@@ -31,42 +36,50 @@ export class IotaAuthProvider {
  this.apiGW = param?.apiGW ?? EnvironmentUtils.fetchApiGwUrl()
  }
 
- async limitedTokenToIotaCredentials(token: string): Promise<IotaCredentials> {
+ async limitedTokenToIotaCredentials(
+ limitedToken: string,
+ ): Promise<IotaCredentials> {
  const iotaAPIClient = new IotaApi(
  new Configuration({ basePath: `${this.apiGW}/ais` }),
  )
  const response = await iotaAPIClient.awsExchangeCredentials({
- assertion: token,
+ assertion: limitedToken,
  })
- const {
+ const { connectionClientId, credentials: identityCredentials } =
+ response.data
+
+ const credentials =
+ await this.exchangeIdentityCredentials(identityCredentials)
+
+ return {
+ credentials,
  connectionClientId,
-  credentials: { identityId, token: cognitoToken },
-  } = response.data
+ }
+ }
 
+ async exchangeIdentityCredentials(
+ identityCredentials: IdentityCredentials,
+ ): Promise<Credentials> {
  const cognitoIdentityClient = new CognitoIdentityClient({
  region: this.region,
  })
  const responseCmd = await cognitoIdentityClient.send(
  new GetCredentialsForIdentityCommand({
- IdentityId: identityId,
+ IdentityId: identityCredentials.identityId,
  Logins: {
- 'cognito-identity.amazonaws.com': cognitoToken,
+ 'cognito-identity.amazonaws.com': identityCredentials.token,
  },
  }),
  )
  const credentials = responseCmd.Credentials
  if (!credentials) {
  throw new Error('Error fetching credentials')
  }
-
  return {
- credentials: {
- accessKeyId: credentials.AccessKeyId,
- secretKey: credentials.SecretKey,
- sessionToken: credentials.SessionToken,
- expiration: credentials.Expiration,
- },
- connectionClientId,
+ accessKeyId: credentials.AccessKeyId,
+ secretKey: credentials.SecretKey,
+ sessionToken: credentials.SessionToken,
+ expiration: credentials.Expiration,
  }
  }
 }