Creates an instance of AWSWebCore with the specified configuration. Initializes internal services including token storage, logging, and HTTP client.
The AWS-specific configuration object containing OAuth endpoints, region settings, and other AWS parameters
Private Readonly configThe AWS-specific configuration object containing OAuth endpoints, region settings, and other AWS parameters
Private Readonly loggerPrivate sharedPrivate Readonly tokenPrivate buildAWSCredentialsPrivate Builds AWS credentials from cached storage data. Private method that creates AWS.Credentials object from stored credential data.
Promise that resolves when credentials are built and set
Throws if cached credentials are missing or invalid
Private buildAWSCredentialsPrivate Builds AWS credentials from an OAuth token and saves to storage. Private method that processes token data, saves it to storage, and creates AWS credentials.
The OAuth token containing credential information
Promise that resolves when token is saved and credentials are created
Throws if token is missing required fields or credential creation fails
Builds AWS credentials from cached storage data and sets them in AWS.config. Uses previously stored credential information to recreate AWS credentials.
Promise resolving to the built AWS credentials
Throws if cached credentials are invalid or AWS credentials cannot be created
const credentials = await webCore.buildCredentialsByStorage();
// AWS.config.credentials is now set from cached data
Builds AWS credentials from an OAuth token and sets them in AWS.config. Saves the token to storage and creates AWS credentials for subsequent API calls.
The OAuth token containing AWS credential information
Promise resolving to the built AWS credentials
Throws if token is invalid or AWS credentials cannot be created
const credentials = await webCore.buildCredentialsByToken(oauthToken);
// AWS.config.credentials is now set and ready for use
Creates an HTTP request builder for unsigned requests. Use this for requests that don't require AWS signature authentication.
The Axios request configuration object containing method, URL, headers, and other request parameters
A configured HTTP request builder instance
const builder = webCore.buildRequest({
method: 'GET',
url: '/api/public-endpoint'
});
const response = await builder.execute();
Creates an HTTP request builder with AWS signature authentication. Use this for requests to AWS services or signed API endpoints.
The Axios request configuration object
A configured AWS HTTP request builder with signature capabilities
const builder = webCore.buildSignedRequest({
method: 'POST',
url: '/api/aws-protected-endpoint'
});
Changes the user's active site and obtains new credentials for the target site. Useful for multi-tenant applications where users can switch between different sites/organizations.
Object containing siteId and userId for the target site
Optional url: stringOptional custom URL for the site change endpoint
Promise resolving to new AWS credentials for the target site
Throws if changeSiteBody is invalid, authId is missing, or site change fails
const credentials = await webCore.changeUserSite({
siteId: 'new-site-123',
userId: 'user-456'
});
// User is now authenticated for the new site
Private createAWSCredentialsPrivate Creates and sets AWS credentials in the global AWS configuration. Private method that instantiates AWS.Credentials and assigns it to AWS.config.credentials.
The credential object containing AWS access keys
No return value, sets AWS.config.credentials directly
Retrieves current AWS credentials, refreshing them if necessary. Checks token validity and performs refresh if the token is expired or near expiration.
Promise resolving to current AWS credentials, or null if no valid token exists or refresh fails
Logs errors but returns null instead of throwing
const credentials = await webCore.getCredentials();
if (credentials) {
// Use credentials for AWS API calls
} else {
// No valid credentials, authentication required
}
Private getPrivate Retrieves the current AWS credentials from AWS.config. Private method that validates and returns the currently configured AWS credentials.
Promise resolving to current AWS credentials
Throws if no credentials are configured or credential validation fails
Generates a cryptographic signature for token-based operations. Creates a time-based signature using stored token information for secure API calls.
Promise resolving to signature object containing: - authId: Authentication identifier - current: Current timestamp in ISO format - signature: Calculated cryptographic signature - originToken: Original token data used for signature
Throws if cached token is invalid or signature calculation fails
Retrieves the token storage service instance. Provides access to the underlying storage service for advanced token management operations.
The storage service that manages OAuth tokens and credentials
Initializes the AWS WebCore service by validating cached tokens and setting up credentials. Performs token refresh if necessary or builds credentials from cached data. This method should be called before using any authenticated operations.
A promise that resolves to the initialization state: - 'no-token': No valid token found - 'refreshed': Token was refreshed successfully - 'build': Credentials built from existing valid token
Throws an error if token refresh fails or credentials cannot be built
const webCore = new AWSWebCore(config);
const state = await webCore.init();
if (state === 'no-token') {
// Handle authentication required
}
Checks if the user is currently authenticated with valid credentials. Performs token validation and refresh if necessary before determining authentication status.
Promise resolving to true if authenticated with valid credentials, false if no token exists or authentication fails
Logs errors but doesn't throw, returning false on any authentication failure
if (await webCore.isAuthenticated()) {
// User is authenticated, proceed with protected operations
} else {
// Redirect to login or handle unauthenticated state
}
Logs out the user by clearing AWS credentials and removing stored tokens. Performs complete cleanup of authentication state.
Promise that resolves when logout is complete
Throws if token cleanup fails
await webCore.logout();
// User is now logged out, all credentials cleared
Refreshes the cached OAuth token by calling the refresh endpoint. Obtains new credentials and updates AWS.config with fresh authentication data.
Optional domain: string = ''Optional domain parameter for multi-tenant refresh requests
Optional url: string = ''Optional custom URL for the refresh endpoint, defaults to config.oAuthEndpoint
Promise resolving to new AWS credentials on success, null if refresh fails or token is invalid
Logs errors but returns null instead of throwing
const newCredentials = await webCore.refreshCachedToken();
if (newCredentials) {
// Token successfully refreshed
} else {
// Refresh failed, user may need to re-authenticate
}
Executes an HTTP request without AWS signature authentication. Suitable for public endpoints or non-AWS services.
The HTTP method (GET, POST, PUT, DELETE, etc.)
The complete request URL or base URL
Optional params: Params = {}Query parameters to append to the URL
Optional body: BodyThe request body for POST/PUT requests
Optional config: AxiosRequestConfig<any>Additional Axios configuration options
Promise resolving to the HTTP response with typed data
Throws on network errors, HTTP errors, or request configuration issues
const response = await webCore.request<UserData>(
'GET',
'/api/users/123',
{ include: 'profile' }
);
Saves KMS (Key Management Service) configuration to storage. Stores KMS ARN and other encryption-related configuration for later use.
The KMS configuration object containing ARN and encryption settings
Promise that resolves when KMS configuration is successfully saved
Throws if KMS configuration cannot be saved to storage
Configures whether to use the X-Lemon-Identity header in requests. Controls identity header inclusion for request identification and tracking.
True to include X-Lemon-Identity header, false to exclude it
Promise that resolves when setting is saved
Configures whether to use the X-Lemon-Language header with a specific key. Controls language header inclusion for localization and language preference tracking.
True to include X-Lemon-Language header, false to exclude it
Optional key: stringThe language key to use when use is true; required if use is true
Promise that resolves when setting is saved
await webCore.setUseXLemonLanguage(true, 'en-US');
// X-Lemon-Language header will be included with 'en-US' value
Executes an HTTP request with AWS signature authentication. Automatically signs the request using stored AWS credentials.
The HTTP method (GET, POST, PUT, DELETE, etc.)
The complete request URL or base URL
Optional params: Params = {}Query parameters to append to the URL
Optional body: BodyThe request body for POST/PUT requests
Optional config: AxiosRequestConfig<any>Additional Axios configuration options
Promise resolving to the signed HTTP response
Throws on authentication errors, network errors, or signature failures
const response = await webCore.signedRequest<ApiResponse>(
'POST',
'/api/protected-resource',
{},
{ data: 'sensitive information' }
);
AWSWebCore class implements AWS-based operations for Lemoncloud authentication logic. Provides comprehensive token management, credential building, and authenticated request capabilities.