Class AWSStorageService

AWS-specific token storage service that manages OAuth tokens, credentials, and KMS configuration. Extends TokenStorageService to provide AWS Cognito and STS token management capabilities.

Hierarchy (view full)

Constructors

constructor

Properties

config credentialKeys prefix storage

Methods

calculateTokenExpiration calculateTokenIssuedTime clearOAuthToken extractJWT getAllItems getCachedCredentials getCachedOAuthToken getItem getKey getStorageItem hasCachedToken initLemonConfig saveKMS saveOAuthToken setItem shouldRefreshToken updatePrefix

Constructors

constructor

Properties

Readonly config

config: WebCoreConfig<"aws">

AWS-specific web core configuration

Private credentialKeys

credentialKeys: string[] = ...

List of credential keys stored in the token storage. These keys represent the complete set of AWS authentication data.

Protected prefix

prefix: string = 'lemon'

Protected storage

storage: Storage = ...

Methods

calculateTokenExpiration

  • calculateTokenExpiration(serverExpiration?, jwtToken?): number

  • Calculates the token expiration timestamp with built-in safety buffer. Uses a priority-based approach: server expiration first, then JWT expiration, finally fallback duration. Automatically applies a 5-minute safety buffer to prevent token expiry during requests.

    Parameters

    • Optional serverExpiration: string

      ISO string or date string from server response

    • Optional jwtToken: string

      JWT token string to extract expiration from

    Returns number

    Unix timestamp (milliseconds) when the token should be considered expired

calculateTokenIssuedTime

  • calculateTokenIssuedTime(jwtToken?): string | number

  • Extracts the issued time from a JWT token for token lifecycle tracking. Used to calculate token age and determine refresh timing based on token lifetime.

    Parameters

    • Optional jwtToken: string

      JWT token string to extract issued time from

    Returns string | number

    Unix timestamp in milliseconds if found, empty string if not available or on error

clearOAuthToken

  • clearOAuthToken(): Promise<void>

  • Removes all stored OAuth tokens and credentials from storage. Performs complete cleanup of all credential-related storage keys.

    Returns Promise<void>

    Promise that resolves when all tokens are cleared

extractJWT

  • extractJWT(jwt): JwtPayload

  • Safely decodes a JWT token and extracts its payload. Provides error-safe JWT parsing without throwing exceptions on malformed tokens.

    Parameters

    • jwt: string

      JWT token string to decode

    Returns JwtPayload

    Decoded JWT payload object, or null if decoding fails

getAllItems

getCachedCredentials

getCachedOAuthToken

  • getCachedOAuthToken(): Promise<LemonOAuthToken>

  • Retrieves and transforms cached OAuth token data. Converts snake_case storage keys to camelCase and structures the data for OAuth usage. Excludes sensitive credential details from the returned object.

    Returns Promise<LemonOAuthToken>

    Promise resolving to formatted OAuth token object

getItem

Private getKey

Private getStorageItem

  • getStorageItem(key): Promise<string>

  • Gets a value from storage, checking both snake_case and camelCase formats for backward compatibility.

    Parameters

    • key: string

    Returns Promise<string>

hasCachedToken

initLemonConfig

  • initLemonConfig(): Promise<void>

  • Initializes Lemon configuration by setting default values for identity usage and region. Sets up the storage with required configuration flags and regional settings.

    Returns Promise<void>

    Promise that resolves when initialization is complete

saveKMS

  • saveKMS(kms): Promise<void>

  • Saves KMS (Key Management Service) configuration to storage. Stores the KMS ARN for encryption/decryption operations.

    Parameters

    • kms: LemonKMS

      KMS configuration object containing ARN

    Returns Promise<void>

    Promise that resolves when KMS data is saved

saveOAuthToken

  • saveOAuthToken(token): Promise<void>

  • Saves OAuth token and associated AWS credentials to storage. Calculates and stores expiration and issued times for token lifecycle management.

    Parameters

    • token: LemonOAuthToken

      OAuth token object containing credentials and metadata

    Returns Promise<void>

    Promise that resolves when save operation is complete

setItem

shouldRefreshToken

updatePrefix

Settings

Member Visibility

Theme

On This Page

constructorconfigcredentialKeysprefixstoragecalculateTokenExpirationcalculateTokenIssuedTimeclearOAuthTokenextractJWTgetAllItemsgetCachedCredentialsgetCachedOAuthTokengetItemgetKeygetStorageItemhasCachedTokeninitLemonConfigsaveKMSsaveOAuthTokensetItemshouldRefreshTokenupdatePrefix