forked from leandrosalo/aws-sso-creds-tool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws.js
91 lines (80 loc) · 2.35 KB
/
aws.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import open from "open";
import { startUrl, region, clientName } from "./params.js";
import {
SSOClient,
ListAccountsCommand,
ListAccountRolesCommand,
GetRoleCredentialsCommand,
} from "@aws-sdk/client-sso";
import {
SSOOIDCClient,
RegisterClientCommand,
StartDeviceAuthorizationCommand,
CreateTokenCommand,
} from "@aws-sdk/client-sso-oidc";
const clientSso = new SSOClient({ region: region });
const clientDevice = new SSOOIDCClient({ region: region });
export async function registerClient() {
const registerClientCommand = new RegisterClientCommand({
clientName: clientName,
clientType: "public",
});
return await clientDevice.send(registerClientCommand);
}
export async function authorizeDevice(clientId, clientSecret) {
const startDeviceAuthorizationCommand = new StartDeviceAuthorizationCommand({
clientId: clientId,
clientSecret: clientSecret,
startUrl: startUrl,
});
const { verificationUri, deviceCode, userCode } = await clientDevice.send(
startDeviceAuthorizationCommand
);
open(`${verificationUri}?user_code=${userCode}`);
console.info("Waiting for login, to cancel press CTRL+C");
return {
deviceCode: deviceCode,
userCode: userCode,
};
}
export async function getAccessToken(
clientId,
clientSecret,
deviceCode,
userCode
) {
const createTokenCommand = new CreateTokenCommand({
clientId: clientId,
clientSecret: clientSecret,
grantType: "urn:ietf:params:oauth:grant-type:device_code",
deviceCode: deviceCode,
code: userCode,
});
return await clientDevice.send(createTokenCommand);
}
export async function getAccounts(accessToken) {
const listAccountsCommand = new ListAccountsCommand({
accessToken: accessToken,
});
return await clientSso.send(listAccountsCommand);
}
export async function getAccountRoles(accessToken, accountId) {
const listAccountRolesCommand = new ListAccountRolesCommand({
accessToken: accessToken,
accountId: accountId,
});
return await clientSso.send(listAccountRolesCommand);
}
export async function getAccountRoleCredentials(
accessToken,
accountId,
roleName
) {
const getRoleCredentialsCommand = new GetRoleCredentialsCommand({
accessToken: accessToken,
accountId: accountId,
roleName: roleName,
});
const { roleCredentials } = await clientSso.send(getRoleCredentialsCommand);
return roleCredentials;
}