in src/index.ts [114:164]
async _getRedirectResponse(tokens, domain, location) {
const decoded = await this._jwtVerifier.verify(tokens.id_token);
const username = decoded['cognito:username'];
const usernameBase = `${this._cookieBase}.${username}`;
const directives = (!this._disableCookieDomain) ?
`Domain=${domain}; Expires=${new Date(Date.now() + this._cookieExpirationDays * 864e+5)}; Secure` :
`Expires=${new Date(Date.now() + this._cookieExpirationDays * 864e+5)}; Secure`;
const response = {
status: '302' ,
headers: {
'location': [{
key: 'Location',
value: location,
}],
'cache-control': [{
key: 'Cache-Control',
value: 'no-cache, no-store, max-age=0, must-revalidate',
}],
'pragma': [{
key: 'Pragma',
value: 'no-cache',
}],
'set-cookie': [
{
key: 'Set-Cookie',
value: `${usernameBase}.accessToken=${tokens.access_token}; ${directives}`,
},
{
key: 'Set-Cookie',
value: `${usernameBase}.idToken=${tokens.id_token}; ${directives}`,
},
{
key: 'Set-Cookie',
value: `${usernameBase}.refreshToken=${tokens.refresh_token}; ${directives}`,
},
{
key: 'Set-Cookie',
value: `${usernameBase}.tokenScopesString=phone email profile openid aws.cognito.signin.user.admin; ${directives}`,
},
{
key: 'Set-Cookie',
value: `${this._cookieBase}.LastAuthUser=${username}; ${directives}`,
},
],
},
};
this._logger.debug({ msg: 'Generated set-cookie response', response });
return response;
}