async function updateUserPoolClient()

in src/cfn-custom-resources/user-pool-client/index.ts [42:97]

• 47 lines of code
• 2 McCabe index (conditional complexity)

async function updateUserPoolClient(
  props: Props,
  redirectUrisSignIn: string[],
  redirectUrisSignOut: string[],
  existingUserPoolClient: CognitoIdentityServiceProvider.UserPoolClientType
) {
  const userPoolId = props.UserPoolArn.split("/")[1];
  const userPoolRegion = props.UserPoolArn.split(":")[3];
  const cognitoClient = new CognitoIdentityServiceProvider({
    region: userPoolRegion,
  });

  const CallbackURLs = [...new Set(redirectUrisSignIn)].filter(
    (uri) => new URL(uri).hostname !== SENTINEL_DOMAIN
  );
  const LogoutURLs = [...new Set(redirectUrisSignOut)].filter(
    (uri) => new URL(uri).hostname !== SENTINEL_DOMAIN
  );

  // To be able to set the redirect URL's, we must enable OAuth––required by Cognito
  // Vice versa, when removing redirect URL's, we must disable OAuth if there's no more redirect URL's left
  let AllowedOAuthFlows: string[];
  let AllowedOAuthFlowsUserPoolClient: boolean;
  let AllowedOAuthScopes: string[];
  if (CallbackURLs.length) {
    AllowedOAuthFlows = ["code"];
    AllowedOAuthFlowsUserPoolClient = true;
    AllowedOAuthScopes = props.OAuthScopes;
  } else {
    AllowedOAuthFlows = [];
    AllowedOAuthFlowsUserPoolClient = false;
    AllowedOAuthScopes = [];
  }

  // Provide existing fields as well (excluding properties not valid for Update operations), experience teaches this prevents errors when calling the Cognito API
  // https://github.com/aws-samples/cloudfront-authorization-at-edge/issues/144
  // https://github.com/aws-samples/cloudfront-authorization-at-edge/issues/172
  const existingFields = { ...existingUserPoolClient };
  delete existingFields.CreationDate;
  delete existingFields.LastModifiedDate;
  delete existingFields.ClientSecret;

  const input: CognitoIdentityServiceProvider.Types.UpdateUserPoolClientRequest =
    {
      ...existingFields,
      AllowedOAuthFlows,
      AllowedOAuthFlowsUserPoolClient,
      AllowedOAuthScopes,
      ClientId: props.UserPoolClientId,
      UserPoolId: userPoolId,
      CallbackURLs,
      LogoutURLs,
    };
  console.debug("Updating User Pool Client", JSON.stringify(input, null, 4));
  await cognitoClient.updateUserPoolClient(input).promise();
}