| Function | Description |
|---|
createCognitoConfig(security) | Create Cognito config from SecurityConfig |
buildUserPoolConfig(config) | Build User Pool infrastructure config |
| Function | Signature | Description |
|---|
hasScope | (roles: string[], scope: string, config: RolesConfig) => boolean | Check if roles grant a scope |
hasAnyScope | (roles: string[], scopes: string[], config: RolesConfig) => boolean | Check if roles grant any of the scopes |
hasAllScopes | (roles: string[], scopes: string[], config: RolesConfig) => boolean | Check if roles grant all scopes |
getScopesForRoles | (roles: string[], config: RolesConfig) => string[] | Get all scopes granted by roles |
validateRolesConfig | (config: RolesConfig) => ValidationResult | Validate a roles configuration |
| Function | Signature | Description |
|---|
decodeToken | (jwt: string) => Record<string, unknown> | Decode JWT without verification |
extractUserFromToken | (jwt: string) => User | Extract user from ID token |
isTokenExpired | (jwt: string) => boolean | Check if token is expired |
getTokenExpiry | (jwt: string) => Date | Get token expiry as Date |
Exported from ./types/index.js — includes User, Session, Role, Permission, RolesConfig, and related types.
| Type | Description |
|---|
UserPoolOutputs | Cognito User Pool deployment outputs |
UserPoolInfraConfig | Cognito infrastructure configuration |
| Constant | Description |
|---|
DEFAULT_COGNITO_CONFIG | Default Cognito configuration |