fix aws cognito (#224)

docs/pages/providers/apple.md

@@ -48,7 +48,7 @@ const url = apple.createAuthorizationURL(state, scopes);
 
 ### Requesting scopes
 
-When requesting scopes, the `response_mode` query parameter must be set to `form_post`. 
+When requesting scopes, the `response_mode` query parameter must be set to `form_post`.
 
 ```ts
 const url = apple.createAuthorizationURL(state, scopes);

src/providers/amazon-cognito.ts

@@ -1,4 +1,9 @@
-import { OAuth2Client, CodeChallengeMethod } from "../client.js";
+/*
+While HTTP basic auth is supported when used without PKCE,
+only client secret is supported when PKCE is used.
+*/
+import { createS256CodeChallenge } from "../oauth2.js";
+import { createOAuth2Request, sendTokenRequest, sendTokenRevocationRequest } from "../request.js";
 
 import type { OAuth2Tokens } from "../oauth2.js";
 
@@ -7,46 +12,69 @@ export class AmazonCognito {
 	private tokenEndpoint: string;
 	private tokenRevocationEndpoint: string;
 
-	private client: OAuth2Client;
+	private clientId: string;
+	private clientSecret: string;
+	private redirectURI: string;
 
 	constructor(userPool: string, clientId: string, clientSecret: string, redirectURI: string) {
 		this.authorizationEndpoint = userPool + "/oauth2/authorize";
 		this.tokenEndpoint = userPool + "/oauth2/token";
 		this.tokenRevocationEndpoint = userPool + "/oauth2/revoke";
 
-		this.client = new OAuth2Client(clientId, clientSecret, redirectURI);
+		this.clientId = clientId;
+		this.clientSecret = clientSecret;
+		this.redirectURI = redirectURI;
 	}
 
 	public createAuthorizationURL(state: string, codeVerifier: string, scopes: string[]): URL {
-		const url = this.client.createAuthorizationURLWithPKCE(
-			this.authorizationEndpoint,
-			state,
-			CodeChallengeMethod.S256,
-			codeVerifier,
-			scopes
-		);
+		const url = new URL(this.authorizationEndpoint);
+		url.searchParams.set("response_type", "code");
+		url.searchParams.set("client_id", this.clientId);
+		url.searchParams.set("redirect_uri", this.redirectURI);
+		url.searchParams.set("state", state);
+		const codeChallenge = createS256CodeChallenge(codeVerifier);
+		url.searchParams.set("code_challenge_method", "S256");
+		url.searchParams.set("code_challenge", codeChallenge);
+		if (scopes.length > 0) {
+			url.searchParams.set("scope", scopes.join(" "));
+		}
 		return url;
 	}
 
 	public async validateAuthorizationCode(
 		code: string,
 		codeVerifier: string
 	): Promise<OAuth2Tokens> {
-		const tokens = await this.client.validateAuthorizationCode(
-			this.tokenEndpoint,
-			code,
-			codeVerifier
-		);
+		const body = new URLSearchParams();
+		body.set("grant_type", "authorization_code");
+		body.set("code", code);
+		body.set("redirect_uri", this.redirectURI);
+		body.set("code_verifier", codeVerifier);
+		body.set("client_id", this.clientId);
+		body.set("client_secret", this.clientSecret);
+		const request = createOAuth2Request(this.tokenEndpoint, body);
+		const tokens = await sendTokenRequest(request);
 		return tokens;
 	}
 
 	// TODO: Add `scopes` parameter
 	public async refreshAccessToken(refreshToken: string): Promise<OAuth2Tokens> {
-		const tokens = await this.client.refreshAccessToken(this.tokenEndpoint, refreshToken, []);
+		const body = new URLSearchParams();
+		body.set("grant_type", "refresh_token");
+		body.set("refresh_token", refreshToken);
+		body.set("client_id", this.clientId);
+		body.set("client_secret", this.clientSecret);
+		const request = createOAuth2Request(this.tokenEndpoint, body);
+		const tokens = await sendTokenRequest(request);
 		return tokens;
 	}
 
 	public async revokeToken(token: string): Promise<void> {
-		await this.client.revokeToken(this.tokenRevocationEndpoint, token);
+		const body = new URLSearchParams();
+		body.set("token", token);
+		body.set("client_id", this.clientId);
+		body.set("client_secret", this.clientSecret);
+		const request = createOAuth2Request(this.tokenRevocationEndpoint, body);
+		await sendTokenRevocationRequest(request);
 	}
 }