├── .github └── PULL_REQUEST_TEMPLATE.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── NOTICE ├── OpenIdAuthentication ├── README.md ├── cloudformation │ ├── QuickSightEmbeddingCognito.yaml │ ├── QuickSightEmbeddingLambda.yaml │ └── QuickSightEmbeddingWebApp.yaml ├── lambda │ ├── .gitignore │ ├── README.md │ ├── getDashboardEmbeded.zip │ ├── index.js │ ├── package-lock.json │ └── package.json └── web │ ├── Cognito-confirm-user │ ├── amazon-cognito-identity.min.js │ └── index.html ├── QuickSightAuthentication ├── README.md ├── cloudformation │ ├── QuickSightEmbeddingLambda.yaml │ └── QuickSightEmbeddingWebApp.yaml ├── lambda │ ├── .gitignore │ ├── README.md │ ├── index.js │ ├── package-lock.json │ └── package.json └── web │ └── index.html └── README.md /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | *Issue #, if available:* 2 | 3 | *Description of changes:* 4 | 5 | 6 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 7 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check [existing open](https://github.com/aws-samples/amazon-quicksight-embedding-sample/issues), or [recently closed](https://github.com/aws-samples/amazon-quicksight-embedding-sample/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *master* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-samples/amazon-quicksight-embedding-sample/labels/help%20wanted) issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](https://github.com/aws-samples/amazon-quicksight-embedding-sample/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | 61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. 62 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Amazon QuickSight Embedding Sample 2 | Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /OpenIdAuthentication/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Usage 3 | Before you can embed an Amazon QuickSight dashboard, you need to publish it and ensure that users are granted necessary permissions. For more information, see [Embedding Amazon QuickSight Dashboards](https://docs.aws.amazon.com/quicksight/latest/user/embedding-dashboards.html) in the Amazon QuickSight User Guide. 4 | 5 | The example below is using Amazon Cognito for authenticating users into the app (you could use your own OpenID connect based auth provider and change the lambda code accordingly). Amazon API Gateway is used to expose an API which can be invoked by the web app. The API gateway triggers a function in AWS Lambda, which eventually calls the `GetDashboardEmbedUrl` API with the parameters you pass to the API gateway, along with the cognito user credentials. An authenticated Cognito role, bound to the Cognito Identity Pool, is used to invoke the embeddiing API to get the embed url. 6 | 7 | ### Step 1: Setup the Cognito stack using AWS CloudFormation 8 | 9 | - Create a new CloudFormation stack using `QuickSightEmbeddingCognito.yaml`, which you can find inside the cloudformation/ folder of this repo. 10 | 11 | - Make a note of the output of the cloudformation stack: `IdentityPoolId`, `UserPoolClientId`, `UserPoolId`. We will need this in a later step. 12 | 13 | - Create a user in the Cognito user pool using your app. Verify the user so that user status changes to CONFIRMED. For more information about Amazon Cognito, see [Amazon Cognito Documentation](https://docs.aws.amazon.com/cognito/index.html). Assuming you already have a CONFIRMED Cognito User Pool user, make a note of the username and password for this user. You could also confirm a user for testing by using the below commands: 14 | 15 | ``` 16 | aws cognito-idp admin-initiate-auth --user-pool-id <> --client-id <> --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=<>,PASSWORD=<> 17 | 18 | aws cognito-idp admin-respond-to-auth-challenge --user-pool-id <> --client-id <> --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses NEW_PASSWORD=<>,USERNAME=<>,userAttributes.name=<> --session “output_of_previous_command" 19 | ``` 20 | 21 | ### Step 2: Setup the Lambda stack using AWS CloudFormation 22 | 23 | - Create a new CloudFormation stack using `QuickSightEmbeddingLambda.json`, which you can find inside the cloudformation/ folder of this repo. 24 | 25 | - Note: Lambda Execution role created has permissions to call `quicksight:RegisterUser` action on the assumedRole user, before vending a QuickSight dashboard embedding URL with Authcode. 26 | 27 | - Note: 28 | 29 | - The `QuickSightCognito-CognitoAuthorizedRole-XXXX...` roleArn is assumed by the lambda on behalf of the user principle with the openId token. 30 | 31 | - The`QuickSightCognito-CognitoAuthorizedRole-XXXX...` give the assumed role user the permission to call `quicksight:GetDashboardEmbedURL` action. 32 | 33 | - Make a note of the `RootUrl`, which will be an output of the CloudFormation stack. This is our API Gateway endpoint. 34 | 35 | - You should see a new lambda function created for you in the AWS Lambda console called `GetDashboardEmbedURL`, and also a new API in the AWS API Gateway console called `GetDashboardEmbedURL`. 36 | 37 | ### Step 3: Package and deploy Lambda code 38 | 39 | - Inside the lambda/ directory, run 40 | 41 | ``` 42 | npm install 43 | ``` 44 | 45 | - The above command should create a new folder called node_modules. Inside the lambda code (index.js), 46 | - Next, package the index.js, package.json, and node_modules into a zip. Run the below command inside the lambda/ directory. 47 | 48 | ``` 49 | zip -r getDashboardEmbedURL.zip * 50 | ``` 51 | 52 | - Go to the lambda, inside the AWS console and upload this zip file and hit save. 53 | 54 | ### Step 4: Setup your web app to call the API Gateway endpoint 55 | 56 | - Create a new CloudFormation stack using `QuickSightEmbeddingWebApp.yaml`, which you can find inside the cloudformation/ folder of this repo. 57 | 58 | - The cloud formation creates a cloud front endpoint supported by an S3 bucket `quicksightembwebapp-thebucket-xxxxxxxx` bucket. 59 | 60 | - Replace the following parameters in the `index.html` within the `web` folder and upload the following file 61 | 62 | 1. `amazon-cognito-identity.min.js` obtained from `https://www.npmjs.com/package/amazon-cognito-identity-js`. 63 | 64 | 2. `index.html` 65 | 66 | to the S3 bucket, and give read permisions to everyone. 67 | 68 | ``` 69 | var awsData = { 70 | cognitoAuthenticatedUserName:`''`, 71 | cognitoAuthenticatedUserPassword:`''`, 72 | dashboardId: getParameterValues('dashboardid'), 73 | region:`''`, 74 | cognitoIdentityPoolId:`''`, 75 | cognitoAuthenticatedUserPoolId:`''`, 76 | cognitoAuthenticatedClientId:`''`, 77 | roleSessionName: `''`, 78 | apiGatewayUrl:`'https:///prod/getDashboardEmbedURL?'`, 79 | cognitoAuthenticatedLogins: `'cognito-idp..amazonaws.com/'` 80 | } 81 | ``` 82 | 83 | - Pick the `Domain name` from cloudfront and whitelist it in QuickSight `Domains and Embedding` section of the QuickSight Admin page. 84 | 85 | - Try the url in the browser - `https://?dashboardid=` and verify the embedding page load. 86 | 87 | - Make sure to use the [Amazon QuickSight Embedding SDK](https://github.com/awslabs/amazon-quicksight-embedding-sdk) for setting up embedding and passing parameter between parent and embedded iframe in your web app. 88 | 89 | ## License 90 | This library is licensed under the Apache 2.0 License. 91 | -------------------------------------------------------------------------------- /OpenIdAuthentication/cloudformation/QuickSightEmbeddingCognito.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | 3 | Description: Cognito Stack 4 | 5 | Resources: 6 | 7 | UserPool: 8 | Type: "AWS::Cognito::UserPool" 9 | Properties: 10 | UserPoolName: quicksightEmbeddingUserPool 11 | Schema: 12 | - Name: name 13 | AttributeDataType: String 14 | Mutable: true 15 | Required: true 16 | - Name: email 17 | AttributeDataType: String 18 | Mutable: false 19 | Required: true 20 | 21 | UserPoolClient: 22 | Type: "AWS::Cognito::UserPoolClient" 23 | Properties: 24 | ClientName: quicksightEmbeddingClient 25 | ExplicitAuthFlows: 26 | - ADMIN_NO_SRP_AUTH 27 | GenerateSecret: false 28 | UserPoolId: !Ref UserPool 29 | 30 | IdentityPool: 31 | Type: "AWS::Cognito::IdentityPool" 32 | Properties: 33 | IdentityPoolName: quickSightEmbeddingIdentity 34 | AllowUnauthenticatedIdentities: true 35 | CognitoIdentityProviders: 36 | - ClientId: !Ref UserPoolClient 37 | ProviderName: !GetAtt UserPool.ProviderName 38 | 39 | CognitoUnAuthorizedRole: 40 | Type: "AWS::IAM::Role" 41 | Properties: 42 | RoleName: QuicksightCognitoUnAuthorizedRole 43 | AssumeRolePolicyDocument: 44 | Version: "2012-10-17" 45 | Statement: 46 | - Effect: "Allow" 47 | Principal: 48 | Federated: "cognito-identity.amazonaws.com" 49 | Action: 50 | - "sts:AssumeRoleWithWebIdentity" 51 | Condition: 52 | StringEquals: 53 | "cognito-identity.amazonaws.com:aud": !Ref IdentityPool 54 | "ForAnyValue:StringLike": 55 | "cognito-identity.amazonaws.com:amr": unauthenticated 56 | Policies: 57 | - PolicyName: "CognitoUnauthorizedPolicy" 58 | PolicyDocument: 59 | Version: "2012-10-17" 60 | Statement: 61 | - Effect: "Allow" 62 | Action: 63 | - "quicksight:GetDashboardEmbedUrl" 64 | Resource: !Join 65 | - ':' 66 | - - 'arn' 67 | - 'aws' 68 | - 'quicksight' 69 | - !Ref 'AWS::Region' 70 | - !Ref 'AWS::AccountId' 71 | - 'dashboard/*' 72 | 73 | CognitoAuthorizedRole: 74 | Type: "AWS::IAM::Role" 75 | Properties: 76 | RoleName: QuicksightCognitoAuthorizedRole 77 | AssumeRolePolicyDocument: 78 | Version: "2012-10-17" 79 | Statement: 80 | - Effect: "Allow" 81 | Principal: 82 | Federated: "cognito-identity.amazonaws.com" 83 | Action: 84 | - "sts:AssumeRoleWithWebIdentity" 85 | Condition: 86 | StringEquals: 87 | "cognito-identity.amazonaws.com:aud": !Ref IdentityPool 88 | "ForAnyValue:StringLike": 89 | "cognito-identity.amazonaws.com:amr": authenticated 90 | Policies: 91 | - PolicyName: "CognitoAuthorizedPolicy" 92 | PolicyDocument: 93 | Version: "2012-10-17" 94 | Statement: 95 | - Effect: "Allow" 96 | Action: 97 | - "quicksight:GetDashboardEmbedUrl" 98 | Resource: !Join 99 | - ':' 100 | - - 'arn' 101 | - 'aws' 102 | - 'quicksight' 103 | - !Ref 'AWS::Region' 104 | - !Ref 'AWS::AccountId' 105 | - 'dashboard/*' 106 | 107 | IdentityPoolRoleMapping: 108 | Type: "AWS::Cognito::IdentityPoolRoleAttachment" 109 | Properties: 110 | IdentityPoolId: !Ref IdentityPool 111 | Roles: 112 | authenticated: !GetAtt CognitoAuthorizedRole.Arn 113 | unauthenticated: !GetAtt CognitoUnAuthorizedRole.Arn 114 | 115 | Outputs: 116 | UserPoolId: 117 | Value: !Ref UserPool 118 | Export: 119 | Name: "UserPool::Id" 120 | UserPoolClientId: 121 | Value: !Ref UserPoolClient 122 | Export: 123 | Name: "UserPoolClient::Id" 124 | IdentityPoolId: 125 | Value: !Ref IdentityPool 126 | Export: 127 | Name: "IdentityPool::Id" 128 | CognitoAuthorizedRoleArn: 129 | Value: !GetAtt CognitoAuthorizedRole.Arn 130 | Export: 131 | Name: "CognitoAuthorizedRole:Arn" 132 | CognitoUnAuthorizedRoleArn: 133 | Value: !GetAtt CognitoUnAuthorizedRole.Arn 134 | Export: 135 | Name: "CognitoUnAuthorizedRole:Arn" -------------------------------------------------------------------------------- /OpenIdAuthentication/cloudformation/QuickSightEmbeddingLambda.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation template that contains a single Lambda function behind an 4 | API Gateway 5 | Resources: 6 | GetDashboardEmbedURLLambda: 7 | Type: 'AWS::Lambda::Function' 8 | Properties: 9 | Code: 10 | ZipFile: !Join 11 | - |+ 12 | 13 | - - '''use strict'';' 14 | - '' 15 | - // GetDashboardEmbedURL 16 | - 'exports.handler = (event, context, callback) => {' 17 | - ' console.log(''Event:'', JSON.stringify(event));' 18 | - ' const name = event.name || ''World'';' 19 | - ' const response = {greeting: `Hello, ${name}!`};' 20 | - ' callback(null, response);' 21 | - '};' 22 | Description: Quicksight GetDashboardEmbedURL function 23 | FunctionName: GetDashboardEmbedURL 24 | Handler: index.handler 25 | Timeout: 50 26 | Role: !GetAtt 27 | - LambdaExecutionRole 28 | - Arn 29 | Runtime: nodejs12.x 30 | LambdaExecutionRole: 31 | Type: 'AWS::IAM::Role' 32 | Properties: 33 | AssumeRolePolicyDocument: 34 | Version: 2012-10-17 35 | Statement: 36 | - Effect: Allow 37 | Principal: 38 | Service: 39 | - lambda.amazonaws.com 40 | Action: 41 | - 'sts:AssumeRole' 42 | ManagedPolicyArns: 43 | - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' 44 | Policies: 45 | - PolicyName: ApiGatewayLogsPolicy 46 | PolicyDocument: 47 | Version: 2012-10-17 48 | Statement: 49 | - Action: 'quicksight:RegisterUser' 50 | Resource: '*' 51 | Effect: Allow 52 | GetDashboardEmbedURLApi: 53 | Type: 'AWS::ApiGateway::RestApi' 54 | Properties: 55 | Name: GetDashboardEmbedURL 56 | Description: API used for GetDashboardEmbedURL requests 57 | FailOnWarnings: true 58 | LambdaPermission: 59 | Type: 'AWS::Lambda::Permission' 60 | Properties: 61 | Action: 'lambda:invokeFunction' 62 | FunctionName: !GetAtt 63 | - GetDashboardEmbedURLLambda 64 | - Arn 65 | Principal: apigateway.amazonaws.com 66 | SourceArn: !Join 67 | - '' 68 | - - 'arn:aws:execute-api:' 69 | - !Ref 'AWS::Region' 70 | - ':' 71 | - !Ref 'AWS::AccountId' 72 | - ':' 73 | - !Ref GetDashboardEmbedURLApi 74 | - /* 75 | ApiGatewayCloudWatchLogsRole: 76 | Type: 'AWS::IAM::Role' 77 | Properties: 78 | AssumeRolePolicyDocument: 79 | Version: 2012-10-17 80 | Statement: 81 | - Effect: Allow 82 | Principal: 83 | Service: 84 | - apigateway.amazonaws.com 85 | Action: 86 | - 'sts:AssumeRole' 87 | Policies: 88 | - PolicyName: ApiGatewayLogsPolicy 89 | PolicyDocument: 90 | Version: 2012-10-17 91 | Statement: 92 | - Effect: Allow 93 | Action: 94 | - 'logs:CreateLogGroup' 95 | - 'logs:CreateLogStream' 96 | - 'logs:DescribeLogGroups' 97 | - 'logs:DescribeLogStreams' 98 | - 'logs:PutLogEvents' 99 | - 'logs:GetLogEvents' 100 | - 'logs:FilterLogEvents' 101 | Resource: '*' 102 | ApiGatewayAccount: 103 | Type: 'AWS::ApiGateway::Account' 104 | Properties: 105 | CloudWatchRoleArn: !GetAtt 106 | - ApiGatewayCloudWatchLogsRole 107 | - Arn 108 | GetDashboardEmbedURLApiStage: 109 | DependsOn: 110 | - ApiGatewayAccount 111 | Type: 'AWS::ApiGateway::Stage' 112 | Properties: 113 | DeploymentId: !Ref ApiDeployment 114 | MethodSettings: 115 | - DataTraceEnabled: true 116 | HttpMethod: '*' 117 | LoggingLevel: INFO 118 | ResourcePath: /* 119 | RestApiId: !Ref GetDashboardEmbedURLApi 120 | StageName: LATEST 121 | ApiDeployment: 122 | Type: 'AWS::ApiGateway::Deployment' 123 | DependsOn: 124 | - GetDashboardEmbedURLRequest 125 | - GetDashboardEmbedURLOptionsRequest 126 | Properties: 127 | RestApiId: !Ref GetDashboardEmbedURLApi 128 | StageName: prod 129 | GetDashboardEmbedURLResource: 130 | Type: 'AWS::ApiGateway::Resource' 131 | Properties: 132 | RestApiId: !Ref GetDashboardEmbedURLApi 133 | ParentId: !GetAtt 134 | - GetDashboardEmbedURLApi 135 | - RootResourceId 136 | PathPart: getDashboardEmbedURL 137 | RequestValidator: 138 | Type: 'AWS::ApiGateway::RequestValidator' 139 | Properties: 140 | Name: getDashboardEmbedURLValidator 141 | RestApiId: !Ref GetDashboardEmbedURLApi 142 | ValidateRequestParameters: true 143 | GetDashboardEmbedURLRequest: 144 | DependsOn: LambdaPermission 145 | Type: 'AWS::ApiGateway::Method' 146 | Properties: 147 | AuthorizationType: NONE 148 | HttpMethod: GET 149 | RequestValidatorId: !Ref RequestValidator 150 | Integration: 151 | Type: AWS_PROXY 152 | IntegrationHttpMethod: POST 153 | Uri: !Join 154 | - '' 155 | - - 'arn:aws:apigateway:' 156 | - !Ref 'AWS::Region' 157 | - ':lambda:path/2015-03-31/functions/' 158 | - !GetAtt 159 | - GetDashboardEmbedURLLambda 160 | - Arn 161 | - /invocations 162 | IntegrationResponses: 163 | - StatusCode: 200 164 | ResponseParameters: 165 | method.response.header.Access-Control-Allow-Origin: '''*''' 166 | method.response.header.Access-Control-Allow-Methods: '''GET,OPTIONS''' 167 | method.response.header.Access-Control-Allow-Headers: >- 168 | 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token' 169 | RequestTemplates: 170 | application/json: !Join 171 | - '' 172 | - - '{' 173 | - ' "dashboardId": "$input.params(''dashboardId'')"' 174 | - ' "openIdToken": "$input.params(''openIdToken'')"' 175 | - ' "authenticated": "$input.params(''authenticated'')"' 176 | - ' "sessionName": "$input.params(''sessionName'')"' 177 | - ' "resetDisabled": "$input.params(''resetDisabled'')"' 178 | - ' "undoRedoDisabled": "$input.params(''undoRedoDisabled'')"' 179 | - '}' 180 | RequestParameters: 181 | method.request.querystring.dashboardId: true 182 | method.request.querystring.openIdToken: true 183 | method.request.querystring.authenticated: true 184 | method.request.querystring.sessionName: true 185 | method.request.querystring.resetDisabled: true 186 | method.request.querystring.undoRedoDisabled: true 187 | ResourceId: !Ref GetDashboardEmbedURLResource 188 | RestApiId: !Ref GetDashboardEmbedURLApi 189 | MethodResponses: 190 | - StatusCode: 200 191 | ResponseParameters: 192 | method.response.header.Access-Control-Allow-Origin: true 193 | method.response.header.Access-Control-Allow-Methods: true 194 | method.response.header.Access-Control-Allow-Headers: true 195 | GetDashboardEmbedURLOptionsRequest: 196 | Type: 'AWS::ApiGateway::Method' 197 | Properties: 198 | AuthorizationType: NONE 199 | HttpMethod: OPTIONS 200 | MethodResponses: 201 | - StatusCode: '200' 202 | ResponseParameters: 203 | method.response.header.Access-Control-Allow-Origin: true 204 | method.response.header.Access-Control-Allow-Headers: true 205 | method.response.header.Access-Control-Allow-Methods: true 206 | ResponseModels: {} 207 | RequestParameters: {} 208 | Integration: 209 | Type: MOCK 210 | RequestTemplates: 211 | application/json: '{statusCode:200}' 212 | IntegrationResponses: 213 | - StatusCode: '200' 214 | ResponseParameters: 215 | method.response.header.Access-Control-Allow-Origin: '''*''' 216 | method.response.header.Access-Control-Allow-Headers: >- 217 | 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent' 218 | method.response.header.Access-Control-Allow-Methods: '''GET,OPTIONS''' 219 | ResponseTemplates: 220 | application/json: '' 221 | ResourceId: !Ref GetDashboardEmbedURLResource 222 | RestApiId: !Ref GetDashboardEmbedURLApi 223 | Outputs: 224 | RootUrl: 225 | Description: Root URL of the API gateway 226 | Value: !Join 227 | - '' 228 | - - 'https://' 229 | - !Ref GetDashboardEmbedURLApi 230 | - .execute-api. 231 | - !Ref 'AWS::Region' 232 | - .amazonaws.com 233 | -------------------------------------------------------------------------------- /OpenIdAuthentication/cloudformation/QuickSightEmbeddingWebApp.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: > 3 | Resources for hosting a static website (generated with Hugo for example) on 4 | Amazon Simple Storage Service (S3) & CloudFront. 5 | ############################################################################### 6 | Parameters: 7 | ############################################################################### 8 | 9 | PriceClass: 10 | Type: String 11 | Description: The CloudFront distribution price class 12 | Default: 'PriceClass_All' 13 | AllowedValues: 14 | - 'PriceClass_100' 15 | - 'PriceClass_200' 16 | - 'PriceClass_All' 17 | 18 | ############################################################################### 19 | Resources: 20 | ############################################################################### 21 | 22 | TheCloudFrontDistribution: 23 | Type: AWS::CloudFront::Distribution 24 | Properties: 25 | DistributionConfig: 26 | DefaultCacheBehavior: 27 | Compress: true 28 | ForwardedValues: 29 | QueryString: true 30 | TargetOriginId: the-s3-bucket 31 | ViewerProtocolPolicy: redirect-to-https 32 | DefaultRootObject: index.html 33 | CustomErrorResponses: 34 | - ErrorCachingMinTTL: 300 35 | ErrorCode: 403 36 | ResponseCode: 404 37 | ResponsePagePath: /404.html 38 | Enabled: true 39 | HttpVersion: http2 40 | Origins: 41 | - DomainName: 42 | !Join [ "", [ !Ref TheBucket, ".s3.amazonaws.com" ] ] 43 | Id: the-s3-bucket 44 | S3OriginConfig: 45 | OriginAccessIdentity: 46 | !Join [ "", [ "origin-access-identity/cloudfront/", !Ref TheCloudFrontOriginAccessIdentity ] ] 47 | PriceClass: !Ref PriceClass 48 | ViewerCertificate: 49 | CloudFrontDefaultCertificate : true 50 | 51 | TheCloudFrontOriginAccessIdentity: 52 | Type: AWS::CloudFront::CloudFrontOriginAccessIdentity 53 | Properties: 54 | CloudFrontOriginAccessIdentityConfig: 55 | Comment: !Sub 'CloudFront OAI for quicksight embedding' 56 | 57 | TheBucket: 58 | Type: AWS::S3::Bucket 59 | DeletionPolicy: Retain 60 | Properties: 61 | BucketEncryption: 62 | ServerSideEncryptionConfiguration: 63 | - 64 | ServerSideEncryptionByDefault: 65 | SSEAlgorithm: AES256 66 | 67 | TheBucketPolicy: 68 | Type: AWS::S3::BucketPolicy 69 | Properties: 70 | Bucket: !Ref TheBucket 71 | PolicyDocument: 72 | Statement: 73 | - 74 | Action: 75 | - s3:GetObject 76 | Effect: Allow 77 | Resource: !Join [ "", [ "arn:aws:s3:::", !Ref TheBucket, "/*" ] ] 78 | Principal: 79 | CanonicalUser: !GetAtt TheCloudFrontOriginAccessIdentity.S3CanonicalUserId -------------------------------------------------------------------------------- /OpenIdAuthentication/lambda/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | -------------------------------------------------------------------------------- /OpenIdAuthentication/lambda/README.md: -------------------------------------------------------------------------------- 1 | # Lambda Code Files for QuickSight Developer Sandbox website (SpaceNeedleDeveloperSandbox) 2 | 3 | ## Instructions 4 | 1. cd inside the lambda/ directory. 5 | 2. run `npm install` 6 | 3. Package the index.js, package.json, and node_modules into a zip. 7 | To do this, run `zip -r getDashboardEmbedURL.zip *` 8 | 4. Sign into the AWS Console and go to Lambda. Click on the GetDashboardEmbedURL function. 9 | 5. Scroll down to the 'Function code' section and click the Upload button. 10 | 6. Select the zip folder you just created, then click Save. 11 | 12 | For more information, see step 3 at https://github.com/aws-samples/amazon-quicksight-embedding-sample 13 | -------------------------------------------------------------------------------- /OpenIdAuthentication/lambda/getDashboardEmbeded.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/amazon-archives/amazon-quicksight-embedding-sample/974b5cc1d00f133712a5d6125714184b54011eb0/OpenIdAuthentication/lambda/getDashboardEmbeded.zip -------------------------------------------------------------------------------- /OpenIdAuthentication/lambda/index.js: -------------------------------------------------------------------------------- 1 | global.fetch = require('node-fetch'); 2 | const AWS = require('aws-sdk'); 3 | 4 | exports.handler = function(event, context, callback) { 5 | return sendRes(event, context, callback); 6 | }; 7 | 8 | const registerUser = (accountId, sessionName, roleArn) => { 9 | return new Promise((resolve, reject) => { 10 | 11 | const registerUserParams = { 12 | AwsAccountId: accountId, 13 | Email: 'xyz@abc.com', 14 | IdentityType: 'IAM', 15 | Namespace: 'default', 16 | UserRole: 'READER', 17 | IamArn: roleArn, 18 | SessionName: sessionName 19 | }; 20 | 21 | const quicksight = new AWS.QuickSight({ 22 | region: 'us-east-1', 23 | }); 24 | quicksight.registerUser(registerUserParams, function(err, data) { 25 | if (err) { 26 | // error occurred 27 | console.log(err, err.stack); 28 | if (err.code && err.code === 'ResourceExistsException') { 29 | resolve('user already registered'); 30 | } else { 31 | reject(err); 32 | } 33 | } else { 34 | // successful response 35 | setTimeout(function() { 36 | resolve('successfully registered user'); 37 | }, 2000); 38 | } 39 | }); 40 | }); 41 | } 42 | 43 | const getDashboardURL = (accountId, dashboardId, openIdToken, roleArn, sessionName, resetDisabled, undoRedoDisabled) => { 44 | return new Promise((resolve, reject) => { 45 | const stsClient = new AWS.STS(); 46 | let stsParams = { 47 | RoleSessionName: sessionName, 48 | WebIdentityToken: openIdToken, 49 | RoleArn: roleArn 50 | } 51 | 52 | stsClient.assumeRoleWithWebIdentity(stsParams, function(err, data) { 53 | if (err) { 54 | console.log('Error assuming role'); 55 | console.log(err, err.stack); 56 | reject(err); 57 | } else { 58 | const getDashboardParams = { 59 | AwsAccountId: accountId, 60 | DashboardId: dashboardId, 61 | IdentityType: 'IAM', 62 | ResetDisabled: resetDisabled, 63 | SessionLifetimeInMinutes: 600, 64 | UndoRedoDisabled: undoRedoDisabled 65 | }; 66 | 67 | const quicksightGetDashboard = new AWS.QuickSight({ 68 | region: process.env.AWS_REGION, 69 | credentials: { 70 | accessKeyId: data.Credentials.AccessKeyId, 71 | secretAccessKey: data.Credentials.SecretAccessKey, 72 | sessionToken: data.Credentials.SessionToken, 73 | expiration: data.Credentials.Expiration 74 | } 75 | }); 76 | 77 | quicksightGetDashboard.getDashboardEmbedUrl(getDashboardParams, function(err, data) { 78 | if (err) { 79 | console.log(err, err.stack); 80 | reject(err); 81 | } else { 82 | const result = { 83 | "statusCode": 200, 84 | "headers": { 85 | "Access-Control-Allow-Origin": "*", 86 | "Access-Control-Allow-Headers": "Content-Type" 87 | }, 88 | "body": JSON.stringify(data), 89 | "isBase64Encoded": false 90 | } 91 | resolve(result); 92 | } 93 | }); 94 | } 95 | }); 96 | }); 97 | } 98 | 99 | const sendRes = (event, context, callback) => { 100 | const accountId = context.invokedFunctionArn.match(/\d{3,}/)[0]; 101 | const dashboardId = decodeURIComponent(event.dashboardId || event.queryStringParameters.dashboardId); 102 | const openIdToken = decodeURIComponent(event.openIdToken || event.queryStringParameters.openIdToken); 103 | const authenticated = decodeURIComponent(event.authenticated || event.queryStringParameters.authenticated); 104 | const sessionName = decodeURIComponent(event.sessionName || event.queryStringParameters.sessionName); 105 | const resetDisabledParam = decodeURIComponent(event.resetDisabled || event.queryStringParameters.resetDisabled); 106 | const undoRedoDisabledParam = decodeURIComponent(event.undoRedoDisabled || event.queryStringParameters.undoRedoDisabled); 107 | 108 | console.log("Initial variables:"); 109 | console.log(`accountID = ${accountId}`); 110 | console.log(`dashboardID = ${dashboardId}`); 111 | console.log(`openIdToken = ${openIdToken}`); 112 | console.log(`authenticated = ${authenticated}`); 113 | console.log(`sessionName = ${sessionName}`); 114 | console.log(`resetDisabledParam = ${resetDisabledParam}`); 115 | console.log(`undoRedoDisabledParam = ${undoRedoDisabledParam}`); 116 | 117 | if (!accountId) { 118 | const error = new Error("accountId is unavailable"); 119 | callback(error); 120 | } 121 | if (!dashboardId) { 122 | const error = new Error("dashboardId is unavailable"); 123 | callback(error); 124 | } 125 | if (!openIdToken) { 126 | const error = new Error("openIdToken is unavailable"); 127 | callback(error); 128 | } 129 | if (!authenticated) { 130 | const error = new Error("authenticated flag is unavailable"); 131 | callback(error); 132 | } 133 | if (!sessionName) { 134 | const error = new Error("sessionName is unavailable"); 135 | callback(error); 136 | } 137 | if (!resetDisabledParam) { 138 | const error = new Error("resetDisabledParam flag is unavailable"); 139 | callback(error); 140 | } 141 | if (!undoRedoDisabledParam) { 142 | const error = new Error("undoRedoDisabledParam flag is unavailable"); 143 | callback(error); 144 | } 145 | 146 | let roleArn = null; 147 | if (authenticated === "true") { 148 | roleArn = "arn:aws:iam::" + accountId + ":role/QuicksightCognitoAuthorizedRole" 149 | } else { 150 | roleArn = "arn:aws:iam::" + accountId + ":role/QuicksightCognitoUnAuthorizedRole"; 151 | } 152 | 153 | const resetDisabled = resetDisabledParam === "true" ? true : false; 154 | const undoRedoDisabled = undoRedoDisabledParam === "true" ? true : false; 155 | 156 | const registerUserPromise = registerUser(accountId, sessionName, roleArn); 157 | registerUserPromise.then(function(){ 158 | const getDashboardEmbedUrlPromise = getDashboardURL(accountId, dashboardId, openIdToken, roleArn, sessionName, resetDisabled, undoRedoDisabled); 159 | getDashboardEmbedUrlPromise.then(function(result){ 160 | const dashboardEmbedUrlResult = result; 161 | if (dashboardEmbedUrlResult && dashboardEmbedUrlResult.statusCode === 200) { 162 | callback(null, result); 163 | } else { 164 | console.log('getDashboardEmbedUrl failed'); 165 | } 166 | }, function(err){ 167 | console.log(err, err.stack); 168 | }); 169 | }, function(err){ 170 | console.log(err, err.stack); 171 | }); 172 | } 173 | -------------------------------------------------------------------------------- /OpenIdAuthentication/lambda/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "embedding-ga-node", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "requires": true, 6 | "dependencies": { 7 | "amazon-cognito-identity-js": { 8 | "version": "3.0.15", 9 | "resolved": "https://registry.npmjs.org/amazon-cognito-identity-js/-/amazon-cognito-identity-js-3.0.15.tgz", 10 | "integrity": "sha512-FVVd6hO0ipEODE95i2Z/6Ue/6YV8JI3sdK8zzmC8WLvI/FihbiHiNtjXojD6b48Ng2D6MZwN4C/Hqkiw5jVeFw==", 11 | "requires": { 12 | "buffer": "4.9.1", 13 | "crypto-js": "^3.1.9-1", 14 | "js-cookie": "^2.1.4" 15 | } 16 | }, 17 | "aws-sdk": { 18 | "version": "2.516.0", 19 | "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.516.0.tgz", 20 | "integrity": "sha512-YW14hj0LNrcVF6CmN8zphy3fFbHiUGYDLIiD+1C932vDUvwqwFZzV2zd7Z//XKSFa+dSG4aGyHln2/F3/7BgpQ==", 21 | "requires": { 22 | "buffer": "4.9.1", 23 | "events": "1.1.1", 24 | "ieee754": "1.1.8", 25 | "jmespath": "0.15.0", 26 | "querystring": "0.2.0", 27 | "sax": "1.2.1", 28 | "url": "0.10.3", 29 | "uuid": "3.3.2", 30 | "xml2js": "0.4.19" 31 | }, 32 | "dependencies": { 33 | "ieee754": { 34 | "version": "1.1.8", 35 | "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.8.tgz", 36 | "integrity": "sha1-vjPUCsEO8ZJnAfbwii2G+/0a0+Q=" 37 | } 38 | } 39 | }, 40 | "base64-js": { 41 | "version": "1.3.1", 42 | "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", 43 | "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" 44 | }, 45 | "buffer": { 46 | "version": "4.9.1", 47 | "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz", 48 | "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=", 49 | "requires": { 50 | "base64-js": "^1.0.2", 51 | "ieee754": "^1.1.4", 52 | "isarray": "^1.0.0" 53 | } 54 | }, 55 | "crypto-js": { 56 | "version": "3.1.9-1", 57 | "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.1.9-1.tgz", 58 | "integrity": "sha1-/aGedh/Ad+Af+/3G6f38WeiAbNg=" 59 | }, 60 | "events": { 61 | "version": "1.1.1", 62 | "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", 63 | "integrity": "sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=" 64 | }, 65 | "ieee754": { 66 | "version": "1.1.13", 67 | "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", 68 | "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" 69 | }, 70 | "isarray": { 71 | "version": "1.0.0", 72 | "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", 73 | "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" 74 | }, 75 | "jmespath": { 76 | "version": "0.15.0", 77 | "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.15.0.tgz", 78 | "integrity": "sha1-o/Iiqarp+Wb10nx5ZRDigJF2Qhc=" 79 | }, 80 | "js-cookie": { 81 | "version": "2.2.1", 82 | "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.1.tgz", 83 | "integrity": "sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==" 84 | }, 85 | "node-fetch": { 86 | "version": "2.6.0", 87 | "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz", 88 | "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==" 89 | }, 90 | "punycode": { 91 | "version": "1.3.2", 92 | "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz", 93 | "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=" 94 | }, 95 | "querystring": { 96 | "version": "0.2.0", 97 | "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz", 98 | "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=" 99 | }, 100 | "sax": { 101 | "version": "1.2.1", 102 | "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", 103 | "integrity": "sha1-e45lYZCyKOgaZq6nSEgNgozS03o=" 104 | }, 105 | "url": { 106 | "version": "0.10.3", 107 | "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz", 108 | "integrity": "sha1-Ah5NnHcF8hu/N9A861h2dAJ3TGQ=", 109 | "requires": { 110 | "punycode": "1.3.2", 111 | "querystring": "0.2.0" 112 | } 113 | }, 114 | "uuid": { 115 | "version": "3.3.2", 116 | "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz", 117 | "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==" 118 | }, 119 | "xml2js": { 120 | "version": "0.4.19", 121 | "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz", 122 | "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==", 123 | "requires": { 124 | "sax": ">=0.6.0", 125 | "xmlbuilder": "~9.0.1" 126 | } 127 | }, 128 | "xmlbuilder": { 129 | "version": "9.0.7", 130 | "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz", 131 | "integrity": "sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0=" 132 | } 133 | } 134 | } 135 | -------------------------------------------------------------------------------- /OpenIdAuthentication/lambda/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "embedding-ga-node", 3 | "version": "1.0.0", 4 | "description": "Lambda code files for QuickSight Developer Sandbox website", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "ISC", 12 | "dependencies": { 13 | "amazon-cognito-identity-js": "^3.0.5", 14 | "aws-sdk": "^2.361.0", 15 | "node-fetch": "^2.3.0" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /OpenIdAuthentication/web/Cognito-confirm-user: -------------------------------------------------------------------------------- 1 | aws cognito-idp admin-initiate-auth --user-pool-id '' --client-id '' --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME='',PASSWORD='' 2 | 3 | aws cognito-idp admin-respond-to-auth-challenge --user-pool-id '' --client-id '' --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses NEW_PASSWORD='',USERNAME='',userAttributes.name='' --session '' -------------------------------------------------------------------------------- /OpenIdAuthentication/web/amazon-cognito-identity.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright 2016 Amazon.com, 3 | * Inc. or its affiliates. All Rights Reserved. 4 | * 5 | * Licensed under the Amazon Software License (the "License"). 6 | * You may not use this file except in compliance with the 7 | * License. A copy of the License is located at 8 | * 9 | * http://aws.amazon.com/asl/ 10 | * 11 | * or in the "license" file accompanying this file. This file is 12 | * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | * CONDITIONS OF ANY KIND, express or implied. See the License 14 | * for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | !function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.AmazonCognitoIdentity=e():t.AmazonCognitoIdentity=e()}("undefined"!=typeof self?self:this,function(){return function(t){function e(r){if(n[r])return n[r].exports;var i=n[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,e),i.l=!0,i.exports}var n={};return e.m=t,e.c=n,e.d=function(t,n,r){e.o(t,n)||Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:r})},e.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=16)}([function(t,e,n){!function(n,r){t.exports=e=r()}(0,function(){var t=t||function(t,e){var n=Object.create||function(){function t(){}return function(e){var n;return t.prototype=e,n=new t,t.prototype=null,n}}(),r={},i=r.lib={},o=i.Base=function(){return{extend:function(t){var e=n(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),e.init.prototype=e,e.$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}}}(),s=i.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=void 0!=e?e:4*t.length},toString:function(t){return(t||u).stringify(this)},concat:function(t){var e=this.words,n=t.words,r=this.sigBytes,i=t.sigBytes;if(this.clamp(),r%4)for(var o=0;o>>2]>>>24-o%4*8&255;e[r+o>>>2]|=s<<24-(r+o)%4*8}else for(var o=0;o>>2]=n[o>>>2];return this.sigBytes+=i,this},clamp:function(){var e=this.words,n=this.sigBytes;e[n>>>2]&=4294967295<<32-n%4*8,e.length=t.ceil(n/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(e){for(var n,r=[],i=0;i>16)&r,e=18e3*(65535&e)+(e>>16)&r;var i=(n<<16)+e&r;return i/=4294967296,(i+=.5)*(t.random()>.5?1:-1)}}(4294967296*(n||t.random()));n=987654071*o(),r.push(4294967296*o()|0)}return new s.init(r,e)}}),a=r.enc={},u=a.Hex={stringify:function(t){for(var e=t.words,n=t.sigBytes,r=[],i=0;i>>2]>>>24-i%4*8&255;r.push((o>>>4).toString(16)),r.push((15&o).toString(16))}return r.join("")},parse:function(t){for(var e=t.length,n=[],r=0;r>>3]|=parseInt(t.substr(r,2),16)<<24-r%8*4;return new s.init(n,e/2)}},c=a.Latin1={stringify:function(t){for(var e=t.words,n=t.sigBytes,r=[],i=0;i>>2]>>>24-i%4*8&255;r.push(String.fromCharCode(o))}return r.join("")},parse:function(t){for(var e=t.length,n=[],r=0;r>>2]|=(255&t.charCodeAt(r))<<24-r%4*8;return new s.init(n,e)}},h=a.Utf8={stringify:function(t){try{return decodeURIComponent(escape(c.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return c.parse(unescape(encodeURIComponent(t)))}},f=i.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new s.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=h.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(e){var n=this._data,r=n.words,i=n.sigBytes,o=this.blockSize,a=4*o,u=i/a;u=e?t.ceil(u):t.max((0|u)-this._minBufferSize,0);var c=u*o,h=t.min(4*c,i);if(c){for(var f=0;f=r())throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+r().toString(16)+" bytes");return 0|t}function d(t){return+t!=t&&(t=0),o.alloc(+t)}function y(t,e){if(o.isBuffer(t))return t.length;if("undefined"!=typeof ArrayBuffer&&"function"==typeof ArrayBuffer.isView&&(ArrayBuffer.isView(t)||t instanceof ArrayBuffer))return t.byteLength;"string"!=typeof t&&(t=""+t);var n=t.length;if(0===n)return 0;for(var r=!1;;)switch(e){case"ascii":case"latin1":case"binary":return n;case"utf8":case"utf-8":case void 0:return Y(t).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*n;case"hex":return n>>>1;case"base64":return J(t).length;default:if(r)return Y(t).length;e=(""+e).toLowerCase(),r=!0}}function v(t,e,n){var r=!1;if((void 0===e||e<0)&&(e=0),e>this.length)return"";if((void 0===n||n>this.length)&&(n=this.length),n<=0)return"";if(n>>>=0,e>>>=0,n<=e)return"";for(t||(t="utf8");;)switch(t){case"hex":return B(this,e,n);case"utf8":case"utf-8":return R(this,e,n);case"ascii":return _(this,e,n);case"latin1":case"binary":return b(this,e,n);case"base64":return I(this,e,n);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return k(this,e,n);default:if(r)throw new TypeError("Unknown encoding: "+t);t=(t+"").toLowerCase(),r=!0}}function S(t,e,n){var r=t[e];t[e]=t[n],t[n]=r}function m(t,e,n,r,i){if(0===t.length)return-1;if("string"==typeof n?(r=n,n=0):n>2147483647?n=2147483647:n<-2147483648&&(n=-2147483648),n=+n,isNaN(n)&&(n=i?0:t.length-1),n<0&&(n=t.length+n),n>=t.length){if(i)return-1;n=t.length-1}else if(n<0){if(!i)return-1;n=0}if("string"==typeof e&&(e=o.from(e,r)),o.isBuffer(e))return 0===e.length?-1:A(t,e,n,r,i);if("number"==typeof e)return e&=255,o.TYPED_ARRAY_SUPPORT&&"function"==typeof Uint8Array.prototype.indexOf?i?Uint8Array.prototype.indexOf.call(t,e,n):Uint8Array.prototype.lastIndexOf.call(t,e,n):A(t,[e],n,r,i);throw new TypeError("val must be string, number or Buffer")}function A(t,e,n,r,i){function o(t,e){return 1===s?t[e]:t.readUInt16BE(e*s)}var s=1,a=t.length,u=e.length;if(void 0!==r&&("ucs2"===(r=String(r).toLowerCase())||"ucs-2"===r||"utf16le"===r||"utf-16le"===r)){if(t.length<2||e.length<2)return-1;s=2,a/=2,u/=2,n/=2}var c;if(i){var h=-1;for(c=n;ca&&(n=a-u),c=n;c>=0;c--){for(var f=!0,l=0;li&&(r=i):r=i;var o=e.length;if(o%2!=0)throw new TypeError("Invalid hex string");r>o/2&&(r=o/2);for(var s=0;s239?4:o>223?3:o>191?2:1;if(i+a<=n){var u,c,h,f;switch(a){case 1:o<128&&(s=o);break;case 2:u=t[i+1],128==(192&u)&&(f=(31&o)<<6|63&u)>127&&(s=f);break;case 3:u=t[i+1],c=t[i+2],128==(192&u)&&128==(192&c)&&(f=(15&o)<<12|(63&u)<<6|63&c)>2047&&(f<55296||f>57343)&&(s=f);break;case 4:u=t[i+1],c=t[i+2],h=t[i+3],128==(192&u)&&128==(192&c)&&128==(192&h)&&(f=(15&o)<<18|(63&u)<<12|(63&c)<<6|63&h)>65535&&f<1114112&&(s=f)}}null===s?(s=65533,a=1):s>65535&&(s-=65536,r.push(s>>>10&1023|55296),s=56320|1023&s),r.push(s),i+=a}return P(r)}function P(t){var e=t.length;if(e<=$)return String.fromCharCode.apply(String,t);for(var n="",r=0;rr)&&(n=r);for(var i="",o=e;on)throw new RangeError("Trying to access beyond buffer length")}function x(t,e,n,r,i,s){if(!o.isBuffer(t))throw new TypeError('"buffer" argument must be a Buffer instance');if(e>i||et.length)throw new RangeError("Index out of range")}function M(t,e,n,r){e<0&&(e=65535+e+1);for(var i=0,o=Math.min(t.length-n,2);i>>8*(r?i:1-i)}function O(t,e,n,r){e<0&&(e=4294967295+e+1);for(var i=0,o=Math.min(t.length-n,4);i>>8*(r?i:3-i)&255}function N(t,e,n,r,i,o){if(n+r>t.length)throw new RangeError("Index out of range");if(n<0)throw new RangeError("Index out of range")}function V(t,e,n,r,i){return i||N(t,e,n,4,3.4028234663852886e38,-3.4028234663852886e38),X.write(t,e,n,r,23,4),n+4}function K(t,e,n,r,i){return i||N(t,e,n,8,1.7976931348623157e308,-1.7976931348623157e308),X.write(t,e,n,r,52,8),n+8}function q(t){if(t=L(t).replace(tt,""),t.length<2)return"";for(;t.length%4!=0;)t+="=";return t}function L(t){return t.trim?t.trim():t.replace(/^\s+|\s+$/g,"")}function H(t){return t<16?"0"+t.toString(16):t.toString(16)}function Y(t,e){e=e||1/0;for(var n,r=t.length,i=null,o=[],s=0;s55295&&n<57344){if(!i){if(n>56319){(e-=3)>-1&&o.push(239,191,189);continue}if(s+1===r){(e-=3)>-1&&o.push(239,191,189);continue}i=n;continue}if(n<56320){(e-=3)>-1&&o.push(239,191,189),i=n;continue}n=65536+(i-55296<<10|n-56320)}else i&&(e-=3)>-1&&o.push(239,191,189);if(i=null,n<128){if((e-=1)<0)break;o.push(n)}else if(n<2048){if((e-=2)<0)break;o.push(n>>6|192,63&n|128)}else if(n<65536){if((e-=3)<0)break;o.push(n>>12|224,n>>6&63|128,63&n|128)}else{if(!(n<1114112))throw new Error("Invalid code point");if((e-=4)<0)break;o.push(n>>18|240,n>>12&63|128,n>>6&63|128,63&n|128)}}return o}function W(t){for(var e=[],n=0;n>8,i=n%256,o.push(i),o.push(r);return o}function J(t){return Z.toByteArray(q(t))}function z(t,e,n,r){for(var i=0;i=e.length||i>=t.length);++i)e[i+n]=t[i];return i}function G(t){return t!==t}/*! 18 | * The buffer module from node.js, for the browser. 19 | * 20 | * @author Feross Aboukhadijeh 21 | * @license MIT 22 | */ 23 | var Z=n(19),X=n(20),Q=n(21);e.Buffer=o,e.SlowBuffer=d,e.INSPECT_MAX_BYTES=50,o.TYPED_ARRAY_SUPPORT=void 0!==t.TYPED_ARRAY_SUPPORT?t.TYPED_ARRAY_SUPPORT:function(){try{var t=new Uint8Array(1);return t.__proto__={__proto__:Uint8Array.prototype,foo:function(){return 42}},42===t.foo()&&"function"==typeof t.subarray&&0===t.subarray(1,1).byteLength}catch(t){return!1}}(),e.kMaxLength=r(),o.poolSize=8192,o._augment=function(t){return t.__proto__=o.prototype,t},o.from=function(t,e,n){return s(null,t,e,n)},o.TYPED_ARRAY_SUPPORT&&(o.prototype.__proto__=Uint8Array.prototype,o.__proto__=Uint8Array,"undefined"!=typeof Symbol&&Symbol.species&&o[Symbol.species]===o&&Object.defineProperty(o,Symbol.species,{value:null,configurable:!0})),o.alloc=function(t,e,n){return u(null,t,e,n)},o.allocUnsafe=function(t){return c(null,t)},o.allocUnsafeSlow=function(t){return c(null,t)},o.isBuffer=function(t){return!(null==t||!t._isBuffer)},o.compare=function(t,e){if(!o.isBuffer(t)||!o.isBuffer(e))throw new TypeError("Arguments must be Buffers");if(t===e)return 0;for(var n=t.length,r=e.length,i=0,s=Math.min(n,r);i0&&(t=this.toString("hex",0,n).match(/.{2}/g).join(" "),this.length>n&&(t+=" ... ")),""},o.prototype.compare=function(t,e,n,r,i){if(!o.isBuffer(t))throw new TypeError("Argument must be a Buffer");if(void 0===e&&(e=0),void 0===n&&(n=t?t.length:0),void 0===r&&(r=0),void 0===i&&(i=this.length),e<0||n>t.length||r<0||i>this.length)throw new RangeError("out of range index");if(r>=i&&e>=n)return 0;if(r>=i)return-1;if(e>=n)return 1;if(e>>>=0,n>>>=0,r>>>=0,i>>>=0,this===t)return 0;for(var s=i-r,a=n-e,u=Math.min(s,a),c=this.slice(r,i),h=t.slice(e,n),f=0;fi)&&(n=i),t.length>0&&(n<0||e<0)||e>this.length)throw new RangeError("Attempt to write outside buffer bounds");r||(r="utf8");for(var o=!1;;)switch(r){case"hex":return w(this,t,e,n);case"utf8":case"utf-8":return C(this,t,e,n);case"ascii":return U(this,t,e,n);case"latin1":case"binary":return E(this,t,e,n);case"base64":return T(this,t,e,n);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return D(this,t,e,n);default:if(o)throw new TypeError("Unknown encoding: "+r);r=(""+r).toLowerCase(),o=!0}},o.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};var $=4096;o.prototype.slice=function(t,e){var n=this.length;t=~~t,e=void 0===e?n:~~e,t<0?(t+=n)<0&&(t=0):t>n&&(t=n),e<0?(e+=n)<0&&(e=0):e>n&&(e=n),e0&&(i*=256);)r+=this[t+--e]*i;return r},o.prototype.readUInt8=function(t,e){return e||F(t,1,this.length),this[t]},o.prototype.readUInt16LE=function(t,e){return e||F(t,2,this.length),this[t]|this[t+1]<<8},o.prototype.readUInt16BE=function(t,e){return e||F(t,2,this.length),this[t]<<8|this[t+1]},o.prototype.readUInt32LE=function(t,e){return e||F(t,4,this.length),(this[t]|this[t+1]<<8|this[t+2]<<16)+16777216*this[t+3]},o.prototype.readUInt32BE=function(t,e){return e||F(t,4,this.length),16777216*this[t]+(this[t+1]<<16|this[t+2]<<8|this[t+3])},o.prototype.readIntLE=function(t,e,n){t|=0,e|=0,n||F(t,e,this.length);for(var r=this[t],i=1,o=0;++o=i&&(r-=Math.pow(2,8*e)),r},o.prototype.readIntBE=function(t,e,n){t|=0,e|=0,n||F(t,e,this.length);for(var r=e,i=1,o=this[t+--r];r>0&&(i*=256);)o+=this[t+--r]*i;return i*=128,o>=i&&(o-=Math.pow(2,8*e)),o},o.prototype.readInt8=function(t,e){return e||F(t,1,this.length),128&this[t]?-1*(255-this[t]+1):this[t]},o.prototype.readInt16LE=function(t,e){e||F(t,2,this.length);var n=this[t]|this[t+1]<<8;return 32768&n?4294901760|n:n},o.prototype.readInt16BE=function(t,e){e||F(t,2,this.length);var n=this[t+1]|this[t]<<8;return 32768&n?4294901760|n:n},o.prototype.readInt32LE=function(t,e){return e||F(t,4,this.length),this[t]|this[t+1]<<8|this[t+2]<<16|this[t+3]<<24},o.prototype.readInt32BE=function(t,e){return e||F(t,4,this.length),this[t]<<24|this[t+1]<<16|this[t+2]<<8|this[t+3]},o.prototype.readFloatLE=function(t,e){return e||F(t,4,this.length),X.read(this,t,!0,23,4)},o.prototype.readFloatBE=function(t,e){return e||F(t,4,this.length),X.read(this,t,!1,23,4)},o.prototype.readDoubleLE=function(t,e){return e||F(t,8,this.length),X.read(this,t,!0,52,8)},o.prototype.readDoubleBE=function(t,e){return e||F(t,8,this.length),X.read(this,t,!1,52,8)},o.prototype.writeUIntLE=function(t,e,n,r){if(t=+t,e|=0,n|=0,!r){x(this,t,e,n,Math.pow(2,8*n)-1,0)}var i=1,o=0;for(this[e]=255&t;++o=0&&(o*=256);)this[e+i]=t/o&255;return e+n},o.prototype.writeUInt8=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,1,255,0),o.TYPED_ARRAY_SUPPORT||(t=Math.floor(t)),this[e]=255&t,e+1},o.prototype.writeUInt16LE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,2,65535,0),o.TYPED_ARRAY_SUPPORT?(this[e]=255&t,this[e+1]=t>>>8):M(this,t,e,!0),e+2},o.prototype.writeUInt16BE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,2,65535,0),o.TYPED_ARRAY_SUPPORT?(this[e]=t>>>8,this[e+1]=255&t):M(this,t,e,!1),e+2},o.prototype.writeUInt32LE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,4,4294967295,0),o.TYPED_ARRAY_SUPPORT?(this[e+3]=t>>>24,this[e+2]=t>>>16,this[e+1]=t>>>8,this[e]=255&t):O(this,t,e,!0),e+4},o.prototype.writeUInt32BE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,4,4294967295,0),o.TYPED_ARRAY_SUPPORT?(this[e]=t>>>24,this[e+1]=t>>>16,this[e+2]=t>>>8,this[e+3]=255&t):O(this,t,e,!1),e+4},o.prototype.writeIntLE=function(t,e,n,r){if(t=+t,e|=0,!r){var i=Math.pow(2,8*n-1);x(this,t,e,n,i-1,-i)}var o=0,s=1,a=0;for(this[e]=255&t;++o>0)-a&255;return e+n},o.prototype.writeIntBE=function(t,e,n,r){if(t=+t,e|=0,!r){var i=Math.pow(2,8*n-1);x(this,t,e,n,i-1,-i)}var o=n-1,s=1,a=0;for(this[e+o]=255&t;--o>=0&&(s*=256);)t<0&&0===a&&0!==this[e+o+1]&&(a=1),this[e+o]=(t/s>>0)-a&255;return e+n},o.prototype.writeInt8=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,1,127,-128),o.TYPED_ARRAY_SUPPORT||(t=Math.floor(t)),t<0&&(t=255+t+1),this[e]=255&t,e+1},o.prototype.writeInt16LE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,2,32767,-32768),o.TYPED_ARRAY_SUPPORT?(this[e]=255&t,this[e+1]=t>>>8):M(this,t,e,!0),e+2},o.prototype.writeInt16BE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,2,32767,-32768),o.TYPED_ARRAY_SUPPORT?(this[e]=t>>>8,this[e+1]=255&t):M(this,t,e,!1),e+2},o.prototype.writeInt32LE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,4,2147483647,-2147483648),o.TYPED_ARRAY_SUPPORT?(this[e]=255&t,this[e+1]=t>>>8,this[e+2]=t>>>16,this[e+3]=t>>>24):O(this,t,e,!0),e+4},o.prototype.writeInt32BE=function(t,e,n){return t=+t,e|=0,n||x(this,t,e,4,2147483647,-2147483648),t<0&&(t=4294967295+t+1),o.TYPED_ARRAY_SUPPORT?(this[e]=t>>>24,this[e+1]=t>>>16,this[e+2]=t>>>8,this[e+3]=255&t):O(this,t,e,!1),e+4},o.prototype.writeFloatLE=function(t,e,n){return V(this,t,e,!0,n)},o.prototype.writeFloatBE=function(t,e,n){return V(this,t,e,!1,n)},o.prototype.writeDoubleLE=function(t,e,n){return K(this,t,e,!0,n)},o.prototype.writeDoubleBE=function(t,e,n){return K(this,t,e,!1,n)},o.prototype.copy=function(t,e,n,r){if(n||(n=0),r||0===r||(r=this.length),e>=t.length&&(e=t.length),e||(e=0),r>0&&r=this.length)throw new RangeError("sourceStart out of bounds");if(r<0)throw new RangeError("sourceEnd out of bounds");r>this.length&&(r=this.length),t.length-e=0;--i)t[i+e]=this[i+n];else if(s<1e3||!o.TYPED_ARRAY_SUPPORT)for(i=0;i>>=0,n=void 0===n?this.length:n>>>0,t||(t=0);var s;if("number"==typeof t)for(s=e;s>>2]|=t[r]<<24-r%4*8;i.call(this,n,e)}else i.apply(this,arguments)}).prototype=r}}(),t.lib.WordArray})},function(t,e,n){!function(r,i){t.exports=e=i(n(0))}(0,function(t){return function(e){var n=t,r=n.lib,i=r.WordArray,o=r.Hasher,s=n.algo,a=[],u=[];!function(){function t(t){return 4294967296*(t-(0|t))|0}for(var n=2,r=0;r<64;)(function(t){for(var n=e.sqrt(t),r=2;r<=n;r++)if(!(t%r))return!1;return!0})(n)&&(r<8&&(a[r]=t(e.pow(n,.5))),u[r]=t(e.pow(n,1/3)),r++),n++}();var c=[],h=s.SHA256=o.extend({_doReset:function(){this._hash=new i.init(a.slice(0))},_doProcessBlock:function(t,e){for(var n=this._hash.words,r=n[0],i=n[1],o=n[2],s=n[3],a=n[4],h=n[5],f=n[6],l=n[7],p=0;p<64;p++){if(p<16)c[p]=0|t[e+p];else{var g=c[p-15],d=(g<<25|g>>>7)^(g<<14|g>>>18)^g>>>3,y=c[p-2],v=(y<<15|y>>>17)^(y<<13|y>>>19)^y>>>10;c[p]=d+c[p-7]+v+c[p-16]}var S=a&h^~a&f,m=r&i^r&o^i&o,A=(r<<30|r>>>2)^(r<<19|r>>>13)^(r<<10|r>>>22),w=(a<<26|a>>>6)^(a<<21|a>>>11)^(a<<7|a>>>25),C=l+w+S+u[p]+c[p],U=A+m;l=f,f=h,h=a,a=s+C|0,s=o,o=i,i=r,r=C+U|0}n[0]=n[0]+r|0,n[1]=n[1]+i|0,n[2]=n[2]+o|0,n[3]=n[3]+s|0,n[4]=n[4]+a|0,n[5]=n[5]+h|0,n[6]=n[6]+f|0,n[7]=n[7]+l|0},_doFinalize:function(){var t=this._data,n=t.words,r=8*this._nDataBytes,i=8*t.sigBytes;return n[i>>>5]|=128<<24-i%32,n[14+(i+64>>>9<<4)]=e.floor(r/4294967296),n[15+(i+64>>>9<<4)]=r,t.sigBytes=4*n.length,this._process(),this._hash},clone:function(){var t=o.clone.call(this);return t._hash=this._hash.clone(),t}});n.SHA256=o._createHelper(h),n.HmacSHA256=o._createHmacHelper(h)}(Math),t.SHA256})},function(t,e,n){!function(r,i,o){t.exports=e=i(n(0),n(4),n(22))}(0,function(t){return t.HmacSHA256})},function(t,e,n){"use strict";function r(t,e){null!=t&&this.fromString(t,e)}function i(){return new r(null)}function o(t,e,n,r,i,o){for(;--o>=0;){var s=e*this[t++]+n[r]+i;i=Math.floor(s/67108864),n[r++]=67108863&s}return i}function s(t,e,n,r,i,o){for(var s=32767&e,a=e>>15;--o>=0;){var u=32767&this[t],c=this[t++]>>15,h=a*u+c*s;u=s*u+((32767&h)<<15)+n[r]+(1073741823&i),i=(u>>>30)+(h>>>15)+a*c+(i>>>30),n[r++]=1073741823&u}return i}function a(t,e,n,r,i,o){for(var s=16383&e,a=e>>14;--o>=0;){var u=16383&this[t],c=this[t++]>>14,h=a*u+c*s;u=s*u+((16383&h)<<14)+n[r]+i,i=(u>>28)+(h>>14)+a*c,n[r++]=268435455&u}return i}function u(t){return z.charAt(t)}function c(t,e){var n=G[t.charCodeAt(e)];return null==n?-1:n}function h(t){for(var e=this.t-1;e>=0;--e)t[e]=this[e];t.t=this.t,t.s=this.s}function f(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0}function l(t){var e=i();return e.fromInt(t),e}function p(t,e){var n;if(16==e)n=4;else if(8==e)n=3;else if(2==e)n=1;else if(32==e)n=5;else{if(4!=e)throw new Error("Only radix 2, 4, 8, 16, 32 are supported");n=2}this.t=0,this.s=0;for(var i=t.length,o=!1,s=0;--i>=0;){var a=c(t,i);a<0?"-"==t.charAt(i)&&(o=!0):(o=!1,0==s?this[this.t++]=a:s+n>this.DB?(this[this.t-1]|=(a&(1<>this.DB-s):this[this.t-1]|=a<=this.DB&&(s-=this.DB))}this.clamp(),o&&r.ZERO.subTo(this,this)}function g(){for(var t=this.s&this.DM;this.t>0&&this[this.t-1]==t;)--this.t}function d(t){if(this.s<0)return"-"+this.negate().toString();var e;if(16==t)e=4;else if(8==t)e=3;else if(2==t)e=1;else if(32==t)e=5;else{if(4!=t)throw new Error("Only radix 2, 4, 8, 16, 32 are supported");e=2}var n,r=(1<0)for(a>a)>0&&(i=!0,o=u(n));s>=0;)a>(a+=this.DB-e)):(n=this[s]>>(a-=e)&r,a<=0&&(a+=this.DB,--s)),n>0&&(i=!0),i&&(o+=u(n));return i?o:"0"}function y(){var t=i();return r.ZERO.subTo(this,t),t}function v(){return this.s<0?this.negate():this}function S(t){var e=this.s-t.s;if(0!=e)return e;var n=this.t;if(0!=(e=n-t.t))return this.s<0?-e:e;for(;--n>=0;)if(0!=(e=this[n]-t[n]))return e;return 0}function m(t){var e,n=1;return 0!=(e=t>>>16)&&(t=e,n+=16),0!=(e=t>>8)&&(t=e,n+=8),0!=(e=t>>4)&&(t=e,n+=4),0!=(e=t>>2)&&(t=e,n+=2),0!=(e=t>>1)&&(t=e,n+=1),n}function A(){return this.t<=0?0:this.DB*(this.t-1)+m(this[this.t-1]^this.s&this.DM)}function w(t,e){var n;for(n=this.t-1;n>=0;--n)e[n+t]=this[n];for(n=t-1;n>=0;--n)e[n]=0;e.t=this.t+t,e.s=this.s}function C(t,e){for(var n=t;n=0;--n)e[n+s+1]=this[n]>>i|a,a=(this[n]&o)<=0;--n)e[n]=0;e[s]=a,e.t=this.t+s+1,e.s=this.s,e.clamp()}function E(t,e){e.s=this.s;var n=Math.floor(t/this.DB);if(n>=this.t)return void(e.t=0);var r=t%this.DB,i=this.DB-r,o=(1<>r;for(var s=n+1;s>r;r>0&&(e[this.t-n-1]|=(this.s&o)<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;n>=this.DB;r-=t.s}e.s=r<0?-1:0,r<-1?e[n++]=this.DV+r:r>0&&(e[n++]=r),e.t=n,e.clamp()}function D(t,e){var n=this.abs(),i=t.abs(),o=n.t;for(e.t=o+i.t;--o>=0;)e[o]=0;for(o=0;o=0;)t[n]=0;for(n=0;n=e.DV&&(t[n+e.t]-=e.DV,t[n+e.t+1]=1)}t.t>0&&(t[t.t-1]+=e.am(n,e[n],t,2*n,0,1)),t.s=0,t.clamp()}function R(t,e,n){var o=t.abs();if(!(o.t<=0)){var s=this.abs();if(s.t0?(o.lShiftTo(h,a),s.lShiftTo(h,n)):(o.copyTo(a),s.copyTo(n));var f=a.t,l=a[f-1];if(0!=l){var p=l*(1<1?a[f-2]>>this.F2:0),g=this.FV/p,d=(1<=0&&(n[n.t++]=1,n.subTo(A,n)),r.ONE.dlShiftTo(f,A),A.subTo(a,a);a.t=0;){var w=n[--v]==l?this.DM:Math.floor(n[v]*g+(n[v-1]+y)*d);if((n[v]+=a.am(0,w,n,S,0,f))0&&n.rShiftTo(h,n),u<0&&r.ZERO.subTo(n,n)}}}function P(t){var e=i();return this.abs().divRemTo(t,null,e),this.s<0&&e.compareTo(r.ZERO)>0&&t.subTo(e,e),e}function _(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var e=3&t;return e=e*(2-(15&t)*e)&15,e=e*(2-(255&t)*e)&255,e=e*(2-((65535&t)*e&65535))&65535,e=e*(2-t*e%this.DV)%this.DV,e>0?this.DV-e:-e}function b(t){return 0==this.compareTo(t)}function B(t,e){for(var n=0,r=0,i=Math.min(t.t,this.t);n>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;n>=this.DB;r+=t.s}e.s=r<0?-1:0,r>0?e[n++]=r:r<-1&&(e[n++]=this.DV+r),e.t=n,e.clamp()}function k(t){var e=i();return this.addTo(t,e),e}function F(t){var e=i();return this.subTo(t,e),e}function x(t){var e=i();return this.multiplyTo(t,e),e}function M(t){var e=i();return this.divRemTo(t,e,null),e}function O(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<0&&this.m.subTo(e,e),e}function V(t){var e=i();return t.copyTo(e),this.reduce(e),e}function K(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var e=0;e>15)*this.mpl&this.um)<<15)&t.DM;for(n=e+this.m.t,t[n]+=this.m.am(0,r,t,e,0,this.m.t);t[n]>=t.DV;)t[n]-=t.DV,t[++n]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)}function q(t,e){t.squareTo(e),this.reduce(e)}function L(t,e,n){t.multiplyTo(e,n),this.reduce(n)}function H(t,e,n){var r,o=t.bitLength(),s=l(1),a=new O(e);if(o<=0)return s;r=o<18?1:o<48?3:o<144?4:o<768?5:6;var u=new Array,c=3,h=r-1,f=(1<1){var p=i();for(a.sqrTo(u[1],p);c<=f;)u[c]=i(),a.mulTo(p,u[c-2],u[c]),c+=2}var g,d,y=t.t-1,v=!0,S=i();for(o=m(t[y])-1;y>=0;){for(o>=h?g=t[y]>>o-h&f:(g=(t[y]&(1<0&&(g|=t[y-1]>>this.DB+o-h)),c=r;0==(1&g);)g>>=1,--c;if((o-=c)<0&&(o+=this.DB,--y),v)u[g].copyTo(s),v=!1;else{for(;c>1;)a.sqrTo(s,S),a.sqrTo(S,s),c-=2;c>0?a.sqrTo(s,S):(d=s,s=S,S=d),a.mulTo(S,u[g],s)}for(;y>=0&&0==(t[y]&1<0&&void 0!==arguments[0]?arguments[0]:{},o=n.AccessToken;return r(this,e),i(this,t.call(this,o||""))}return o(e,t),e}(s.a);e.a=a},function(t,e,n){"use strict";function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}var i=n(1),o=(n.n(i),function(){function t(e){r(this,t),this.jwtToken=e||"",this.payload=this.decodePayload()}return t.prototype.getJwtToken=function(){return this.jwtToken},t.prototype.getExpiration=function(){return this.payload.exp},t.prototype.getIssuedAt=function(){return this.payload.iat},t.prototype.decodePayload=function(){var t=this.jwtToken.split(".")[1];try{return JSON.parse(i.Buffer.from(t,"base64").toString("utf8"))}catch(t){return{}}},t}());e.a=o},function(t,e,n){"use strict";function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function i(t,e){if(!t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!e||"object"!=typeof e&&"function"!=typeof e?t:e}function o(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function, not "+typeof e);t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),e&&(Object.setPrototypeOf?Object.setPrototypeOf(t,e):t.__proto__=e)}var s=n(8),a=function(t){function e(){var n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},o=n.IdToken;return r(this,e),i(this,t.call(this,o||""))}return o(e,t),e}(s.a);e.a=a},function(t,e,n){"use strict";function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}/*! 24 | * Copyright 2016 Amazon.com, 25 | * Inc. or its affiliates. All Rights Reserved. 26 | * 27 | * Licensed under the Amazon Software License (the "License"). 28 | * You may not use this file except in compliance with the 29 | * License. A copy of the License is located at 30 | * 31 | * http://aws.amazon.com/asl/ 32 | * 33 | * or in the "license" file accompanying this file. This file is 34 | * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 35 | * CONDITIONS OF ANY KIND, express or implied. See the License 36 | * for the specific language governing permissions and 37 | * limitations under the License. 38 | */ 39 | var i=function(){function t(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},n=e.RefreshToken;r(this,t),this.token=n||""}return t.prototype.getToken=function(){return this.token},t}();e.a=i},function(t,e,n){"use strict";function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}var i=n(1),o=(n.n(i),n(0)),s=n.n(o),a=n(3),u=(n.n(a),n(23)),c=n.n(u),h=n(5),f=n.n(h),l=n(6),p=n(2),g=n(7),d=n(9),y=n(10),v=n(12),S=n(13),m=n(14),A=n(15),w=function(){function t(e){if(r(this,t),null==e||null==e.Username||null==e.Pool)throw new Error("Username and pool information are required.");this.username=e.Username||"",this.pool=e.Pool,this.Session=null,this.client=e.Pool.client,this.signInUserSession=null,this.authenticationFlowType="USER_SRP_AUTH",this.storage=e.Storage||(new A.a).getStorage(),this.keyPrefix="CognitoIdentityServiceProvider."+this.pool.getClientId(),this.userDataKey=this.keyPrefix+"."+this.username+".userData"}return t.prototype.setSignInUserSession=function(t){this.clearCachedUserData(),this.signInUserSession=t,this.cacheTokens()},t.prototype.getSignInUserSession=function(){return this.signInUserSession},t.prototype.getUsername=function(){return this.username},t.prototype.getAuthenticationFlowType=function(){return this.authenticationFlowType},t.prototype.setAuthenticationFlowType=function(t){this.authenticationFlowType=t},t.prototype.initiateAuth=function(t,e){var n=this,r=t.getAuthParameters();r.USERNAME=this.username;var i={AuthFlow:"CUSTOM_AUTH",ClientId:this.pool.getClientId(),AuthParameters:r,ClientMetadata:t.getValidationData()};this.getUserContextData()&&(i.UserContextData=this.getUserContextData()),this.client.request("InitiateAuth",i,function(t,r){if(t)return e.onFailure(t);var i=r.ChallengeName,o=r.ChallengeParameters;return"CUSTOM_CHALLENGE"===i?(n.Session=r.Session,e.customChallenge(o)):(n.signInUserSession=n.getCognitoUserSession(r.AuthenticationResult),n.cacheTokens(),e.onSuccess(n.signInUserSession))})},t.prototype.authenticateUser=function(t,e){return"USER_PASSWORD_AUTH"===this.authenticationFlowType?this.authenticateUserPlainUsernamePassword(t,e):"USER_SRP_AUTH"===this.authenticationFlowType||"CUSTOM_AUTH"===this.authenticationFlowType?this.authenticateUserDefaultAuth(t,e):e.onFailure(new Error("Authentication flow type is invalid."))},t.prototype.authenticateUserDefaultAuth=function(t,e){var n=this,r=new p.a(this.pool.getUserPoolId().split("_")[1]),o=new S.a,a=void 0,u=void 0,h={};null!=this.deviceKey&&(h.DEVICE_KEY=this.deviceKey),h.USERNAME=this.username,r.getLargeAValue(function(p,g){p&&e.onFailure(p),h.SRP_A=g.toString(16),"CUSTOM_AUTH"===n.authenticationFlowType&&(h.CHALLENGE_NAME="SRP_A");var d={AuthFlow:n.authenticationFlowType,ClientId:n.pool.getClientId(),AuthParameters:h,ClientMetadata:t.getValidationData()};n.getUserContextData(n.username)&&(d.UserContextData=n.getUserContextData(n.username)),n.client.request("InitiateAuth",d,function(h,p){if(h)return e.onFailure(h);var g=p.ChallengeParameters;n.username=g.USER_ID_FOR_SRP,a=new l.a(g.SRP_B,16),u=new l.a(g.SALT,16),n.getCachedDeviceKeyAndPassword(),r.getPasswordAuthenticationKey(n.username,t.getPassword(),a,u,function(t,a){t&&e.onFailure(t);var u=o.getNowString(),h=s.a.lib.WordArray.create(i.Buffer.concat([i.Buffer.from(n.pool.getUserPoolId().split("_")[1],"utf8"),i.Buffer.from(n.username,"utf8"),i.Buffer.from(g.SECRET_BLOCK,"base64"),i.Buffer.from(u,"utf8")])),l=s.a.lib.WordArray.create(a),d=c.a.stringify(f()(h,l)),y={};y.USERNAME=n.username,y.PASSWORD_CLAIM_SECRET_BLOCK=g.SECRET_BLOCK,y.TIMESTAMP=u,y.PASSWORD_CLAIM_SIGNATURE=d,null!=n.deviceKey&&(y.DEVICE_KEY=n.deviceKey);var v={ChallengeName:"PASSWORD_VERIFIER",ClientId:n.pool.getClientId(),ChallengeResponses:y,Session:p.Session};n.getUserContextData()&&(v.UserContextData=n.getUserContextData()),function t(e,r){return n.client.request("RespondToAuthChallenge",e,function(i,o){return i&&"ResourceNotFoundException"===i.code&&-1!==i.message.toLowerCase().indexOf("device")?(y.DEVICE_KEY=null,n.deviceKey=null,n.randomPassword=null,n.deviceGroupKey=null,n.clearCachedDeviceKeyAndPassword(),t(e,r)):r(i,o)})}(v,function(t,i){return t?e.onFailure(t):n.authenticateUserInternal(i,r,e)})})})})},t.prototype.authenticateUserPlainUsernamePassword=function(t,e){var n=this,r={};if(r.USERNAME=this.username,r.PASSWORD=t.getPassword(),!r.PASSWORD)return void e.onFailure(new Error("PASSWORD parameter is required"));var i=new p.a(this.pool.getUserPoolId().split("_")[1]);this.getCachedDeviceKeyAndPassword(),null!=this.deviceKey&&(r.DEVICE_KEY=this.deviceKey);var o={AuthFlow:"USER_PASSWORD_AUTH",ClientId:this.pool.getClientId(),AuthParameters:r,ClientMetadata:t.getValidationData()};this.getUserContextData(this.username)&&(o.UserContextData=this.getUserContextData(this.username)),this.client.request("InitiateAuth",o,function(t,r){return t?e.onFailure(t):n.authenticateUserInternal(r,i,e)})},t.prototype.authenticateUserInternal=function(t,e,n){var r=this,o=t.ChallengeName,s=t.ChallengeParameters;if("SMS_MFA"===o)return this.Session=t.Session,n.mfaRequired(o,s);if("SELECT_MFA_TYPE"===o)return this.Session=t.Session,n.selectMFAType(o,s);if("MFA_SETUP"===o)return this.Session=t.Session,n.mfaSetup(o,s);if("SOFTWARE_TOKEN_MFA"===o)return this.Session=t.Session,n.totpRequired(o,s);if("CUSTOM_CHALLENGE"===o)return this.Session=t.Session,n.customChallenge(s);if("NEW_PASSWORD_REQUIRED"===o){this.Session=t.Session;var a=null,u=null,c=[],h=e.getNewPasswordRequiredChallengeUserAttributePrefix();if(s&&(a=JSON.parse(t.ChallengeParameters.userAttributes),u=JSON.parse(t.ChallengeParameters.requiredAttributes)),u)for(var f=0;f0&&void 0!==arguments[0]?arguments[0]:{},n=e.IdToken,i=e.RefreshToken,o=e.AccessToken,s=e.ClockDrift;if(r(this,t),null==o||null==n)throw new Error("Id token and Access Token must be present.");this.idToken=n,this.refreshToken=i,this.accessToken=o,this.clockDrift=void 0===s?this.calculateClockDrift():s}return t.prototype.getIdToken=function(){return this.idToken},t.prototype.getRefreshToken=function(){return this.refreshToken},t.prototype.getAccessToken=function(){return this.accessToken},t.prototype.getClockDrift=function(){return this.clockDrift},t.prototype.calculateClockDrift=function(){return Math.floor(new Date/1e3)-Math.min(this.accessToken.getIssuedAt(),this.idToken.getIssuedAt())},t.prototype.isValid=function(){var t=Math.floor(new Date/1e3),e=t-this.clockDrift;return e0&&void 0!==arguments[0]?arguments[0]:{},n=e.Name,i=e.Value;r(this,t),this.Name=n||"",this.Value=i||""}return t.prototype.getValue=function(){return this.Value},t.prototype.setValue=function(t){return this.Value=t,this},t.prototype.getName=function(){return this.Name},t.prototype.setName=function(t){return this.Name=t,this},t.prototype.toString=function(){return JSON.stringify(this)},t.prototype.toJSON=function(){return{Name:this.Name,Value:this.Value}},t}();e.a=i},function(t,e,n){"use strict";function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}/*! 88 | * Copyright 2016 Amazon.com, 89 | * Inc. or its affiliates. All Rights Reserved. 90 | * 91 | * Licensed under the Amazon Software License (the "License"). 92 | * You may not use this file except in compliance with the 93 | * License. A copy of the License is located at 94 | * 95 | * http://aws.amazon.com/asl/ 96 | * 97 | * or in the "license" file accompanying this file. This file is 98 | * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 99 | * CONDITIONS OF ANY KIND, express or implied. See the License 100 | * for the specific language governing permissions and 101 | * limitations under the License. 102 | */ 103 | var i={},o=function(){function t(){r(this,t)}return t.setItem=function(t,e){return i[t]=e,i[t]},t.getItem=function(t){return Object.prototype.hasOwnProperty.call(i,t)?i[t]:void 0},t.removeItem=function(t){return delete i[t]},t.clear=function(){return i={}},t}(),s=function(){function t(){r(this,t);try{this.storageWindow=window.localStorage,this.storageWindow.setItem("aws.cognito.test-ls",1),this.storageWindow.removeItem("aws.cognito.test-ls")}catch(t){this.storageWindow=o}}return t.prototype.getStorage=function(){return this.storageWindow},t}();e.a=s},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(17);n.d(e,"AuthenticationDetails",function(){return r.a});var i=n(2);n.d(e,"AuthenticationHelper",function(){return i.a});var o=n(7);n.d(e,"CognitoAccessToken",function(){return o.a});var s=n(9);n.d(e,"CognitoIdToken",function(){return s.a});var a=n(10);n.d(e,"CognitoRefreshToken",function(){return a.a});var u=n(11);n.d(e,"CognitoUser",function(){return u.a});var c=n(14);n.d(e,"CognitoUserAttribute",function(){return c.a});var h=n(24);n.d(e,"CognitoUserPool",function(){return h.a});var f=n(12);n.d(e,"CognitoUserSession",function(){return f.a});var l=n(27);n.d(e,"CookieStorage",function(){return l.a});var p=n(13);n.d(e,"DateHelper",function(){return p.a})},function(t,e,n){"use strict";function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}/*! 104 | * Copyright 2016 Amazon.com, 105 | * Inc. or its affiliates. All Rights Reserved. 106 | * 107 | * Licensed under the Amazon Software License (the "License"). 108 | * You may not use this file except in compliance with the 109 | * License. A copy of the License is located at 110 | * 111 | * http://aws.amazon.com/asl/ 112 | * 113 | * or in the "license" file accompanying this file. This file is 114 | * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 115 | * CONDITIONS OF ANY KIND, express or implied. See the License 116 | * for the specific language governing permissions and 117 | * limitations under the License. 118 | */ 119 | var i=function(){function t(e){r(this,t);var n=e||{},i=n.ValidationData,o=n.Username,s=n.Password,a=n.AuthParameters;this.validationData=i||{},this.authParameters=a||{},this.username=o,this.password=s}return t.prototype.getUsername=function(){return this.username},t.prototype.getPassword=function(){return this.password},t.prototype.getValidationData=function(){return this.validationData},t.prototype.getAuthParameters=function(){return this.authParameters},t}();e.a=i},function(t,e){var n;n=function(){return this}();try{n=n||Function("return this")()||(0,eval)("this")}catch(t){"object"==typeof window&&(n=window)}t.exports=n},function(t,e,n){"use strict";function r(t){var e=t.length;if(e%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var n=t.indexOf("=");return-1===n&&(n=e),[n,n===e?0:4-n%4]}function i(t){var e=r(t),n=e[0],i=e[1];return 3*(n+i)/4-i}function o(t,e,n){return 3*(e+n)/4-n}function s(t){for(var e,n=r(t),i=n[0],s=n[1],a=new l(o(t,i,s)),u=0,c=s>0?i-4:i,h=0;h>16&255,a[u++]=e>>8&255,a[u++]=255&e;return 2===s&&(e=f[t.charCodeAt(h)]<<2|f[t.charCodeAt(h+1)]>>4,a[u++]=255&e),1===s&&(e=f[t.charCodeAt(h)]<<10|f[t.charCodeAt(h+1)]<<4|f[t.charCodeAt(h+2)]>>2,a[u++]=e>>8&255,a[u++]=255&e),a}function a(t){return h[t>>18&63]+h[t>>12&63]+h[t>>6&63]+h[63&t]}function u(t,e,n){for(var r,i=[],o=e;os?s:o+16383));return 1===r?(e=t[n-1],i.push(h[e>>2]+h[e<<4&63]+"==")):2===r&&(e=(t[n-2]<<8)+t[n-1],i.push(h[e>>10]+h[e>>4&63]+h[e<<2&63]+"=")),i.join("")}e.byteLength=i,e.toByteArray=s,e.fromByteArray=c;for(var h=[],f=[],l="undefined"!=typeof Uint8Array?Uint8Array:Array,p="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",g=0,d=p.length;g>1,h=-7,f=n?i-1:0,l=n?-1:1,p=t[e+f];for(f+=l,o=p&(1<<-h)-1,p>>=-h,h+=a;h>0;o=256*o+t[e+f],f+=l,h-=8);for(s=o&(1<<-h)-1,o>>=-h,h+=r;h>0;s=256*s+t[e+f],f+=l,h-=8);if(0===o)o=1-c;else{if(o===u)return s?NaN:1/0*(p?-1:1);s+=Math.pow(2,r),o-=c}return(p?-1:1)*s*Math.pow(2,o-r)},e.write=function(t,e,n,r,i,o){var s,a,u,c=8*o-i-1,h=(1<>1,l=23===i?Math.pow(2,-24)-Math.pow(2,-77):0,p=r?0:o-1,g=r?1:-1,d=e<0||0===e&&1/e<0?1:0;for(e=Math.abs(e),isNaN(e)||e===1/0?(a=isNaN(e)?1:0,s=h):(s=Math.floor(Math.log(e)/Math.LN2),e*(u=Math.pow(2,-s))<1&&(s--,u*=2),e+=s+f>=1?l/u:l*Math.pow(2,1-f),e*u>=2&&(s++,u/=2),s+f>=h?(a=0,s=h):s+f>=1?(a=(e*u-1)*Math.pow(2,i),s+=f):(a=e*Math.pow(2,f-1)*Math.pow(2,i),s=0));i>=8;t[n+p]=255&a,p+=g,a/=256,i-=8);for(s=s<0;t[n+p]=255&s,p+=g,s/=256,c-=8);t[n+p-g]|=128*d}},function(t,e){var n={}.toString;t.exports=Array.isArray||function(t){return"[object Array]"==n.call(t)}},function(t,e,n){!function(r,i){t.exports=e=i(n(0))}(0,function(t){!function(){var e=t,n=e.lib,r=n.Base,i=e.enc,o=i.Utf8,s=e.algo;s.HMAC=r.extend({init:function(t,e){t=this._hasher=new t.init,"string"==typeof e&&(e=o.parse(e));var n=t.blockSize,r=4*n;e.sigBytes>r&&(e=t.finalize(e)),e.clamp();for(var i=this._oKey=e.clone(),s=this._iKey=e.clone(),a=i.words,u=s.words,c=0;c>>6-s%4*2;r[o>>>2]|=(a|u)<<24-o%4*8,o++}return i.create(r,o)}var n=t,r=n.lib,i=r.WordArray,o=n.enc;o.Base64={stringify:function(t){var e=t.words,n=t.sigBytes,r=this._map;t.clamp();for(var i=[],o=0;o>>2]>>>24-o%4*8&255,a=e[o+1>>>2]>>>24-(o+1)%4*8&255,u=e[o+2>>>2]>>>24-(o+2)%4*8&255,c=s<<16|a<<8|u,h=0;h<4&&o+.75*h>>6*(3-h)&63));var f=r.charAt(64);if(f)for(;i.length%4;)i.push(f);return i.join("")},parse:function(t){var n=t.length,r=this._map,i=this._reverseMap;if(!i){i=this._reverseMap=[];for(var o=0;o1){if(o=t({path:"/"},r.defaults,o),"number"==typeof o.expires){var a=new Date;a.setMilliseconds(a.getMilliseconds()+864e5*o.expires),o.expires=a}o.expires=o.expires?o.expires.toUTCString():"";try{s=JSON.stringify(i),/^[\{\[]/.test(s)&&(i=s)}catch(t){}i=n.write?n.write(i,e):encodeURIComponent(String(i)).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent),e=encodeURIComponent(String(e)),e=e.replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent),e=e.replace(/[\(\)]/g,escape);var u="";for(var c in o)o[c]&&(u+="; "+c,!0!==o[c]&&(u+="="+o[c]));return document.cookie=e+"="+i+u}e||(s={});for(var h=document.cookie?document.cookie.split("; "):[],f=/(%[0-9A-Z]{2})+/g,l=0;l 3 | 4 | 5 | 6 | Embedding demo 7 | 8 | 9 | 10 | 11 | 171 | 172 | 173 | 174 |
175 |
176 |
177 | 178 | 179 | -------------------------------------------------------------------------------- /QuickSightAuthentication/README.md: -------------------------------------------------------------------------------- 1 | ## Usage 2 | Before you can embed an Amazon QuickSight dashboard, you need to publish it and ensure that users are granted necessary permissions. For more information, see [Embedding Amazon QuickSight Dashboards](https://docs.aws.amazon.com/quicksight/latest/user/embedding-dashboards.html) in the Amazon QuickSight User Guide. 3 | 4 | The example below is using QuickSight for authenticating users into the app. Amazon API Gateway is used to expose an API which can be invoked by the web app. The API gateway triggers a function in AWS Lambda, which eventually calls the `GetDashboardEmbedUrl` API with the parameters you pass to the API gateway. A registerd QuickSight userArn is used to invoke embeddiing API to get the embed url. 5 | 6 | - Note: Although this setup treats Lambda as an identity broker, it is expected that the lambda or a similar identity broker, gets dashboard embedding url by passing a unique userArn for each user's embedding sessions. 7 | 8 | - Its against the user agreement to pass the same userArn for each unique user embedding session. 9 | 10 | ### Step 1: Setup the Lambda stack using AWS CloudFormation 11 | 12 | - Create a new CloudFormation stack using `QuickSightEmbeddingLambda.json`, which you can find inside the cloudformation/ folder of this repo. 13 | 14 | - Make a note of the `RootUrl`, which will be an output of the CloudFormation stack. This is our API Gateway endpoint. 15 | 16 | - You should see a new lambda function created for you in the AWS Lambda console called `GetDashboardEmbedURL`, and also a new API in the AWS API Gateway console called `GetDashboardEmbedURL`. 17 | 18 | - Note: The lambda execution role is given permissions to take the following actions `quicksight:GetDashboardEmbedURL` for all dashboards in the region and `quicksight:GetAuthCode` for all users. 19 | 20 | ### Step 2: Package and deploy Lambda code 21 | 22 | - Inside the lambda/ directory, run 23 | 24 | ``` 25 | npm install 26 | ``` 27 | 28 | - Next, package the index.js, package.json, and node_modules into a zip. Run the below command inside the lambda/ directory. 29 | 30 | ``` 31 | zip -r getDashboardEmbedURL.zip * 32 | ``` 33 | 34 | - Go to the lambda, inside the AWS console and upload this zip file and hit save. 35 | 36 | ### Step 3: Setup your web app to call the API Gateway endpoint 37 | 38 | - Create a new CloudFormation stack using `QuickSightEmbeddingWebApp.yaml`, which you can find inside the cloudformation/ folder of this repo. 39 | 40 | - The cloud formation creates a cloud front endpoint supported by an S3 bucket `quicksightembwebapp-thebucket-xxxxxxxx` bucket. 41 | 42 | - Replace the following parameters in the `index.html` within the `web` folder and upload the file to the S3 bucket, and give read permisions to everyone. 43 | 44 | ``` 45 | var awsData = { 46 | dashboardId: getParameterValues('dashboardid'), 47 | userArn: getParameterValues('userarn'), 48 | apiGatewayUrl:'https:///prod/getDashboardEmbedURL?', 49 | } 50 | ``` 51 | 52 | - Pick the `Domain name` from cloudfront and whitelist it in QuickSight `Domains and Embedding` section of the QuickSight Admin page. 53 | 54 | - UserArn is of the form - arn:aws:quicksight:::user// 55 | 56 | - UserArn can also be obtained by calling quickSight:DescribeUser AWS SDK API call. 57 | 58 | - Link to DescribeUser API call documentation - `https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeUser.html` 59 | 60 | - Try the url in the browser - `https://?dashboardid=&userarn=` and verify the embedding page load. 61 | 62 | - Make sure to use the [Amazon QuickSight Embedding SDK](https://github.com/awslabs/amazon-quicksight-embedding-sdk) for setting up embedding and passing parameter between parent and embedded iframe in your web app. 63 | 64 | 65 | ## License 66 | This library is licensed under the Apache 2.0 License. 67 | -------------------------------------------------------------------------------- /QuickSightAuthentication/cloudformation/QuickSightEmbeddingLambda.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation template that contains a single Lambda function behind an 4 | API Gateway 5 | Resources: 6 | GetDashboardEmbedURLLambda: 7 | Type: 'AWS::Lambda::Function' 8 | Properties: 9 | Code: 10 | ZipFile: !Join 11 | - |+ 12 | 13 | - - '''use strict'';' 14 | - '' 15 | - // GetDashboardEmbedURL 16 | - 'exports.handler = (event, context, callback) => {' 17 | - ' console.log(''Event:'', JSON.stringify(event));' 18 | - ' const name = event.name || ''World'';' 19 | - ' const response = {greeting: `Hello, ${name}!`};' 20 | - ' callback(null, response);' 21 | - '};' 22 | Description: Quicksight GetDashboardEmbedURL function 23 | FunctionName: GetDashboardEmbedURL 24 | Handler: index.handler 25 | Timeout: 50 26 | Role: !GetAtt 27 | - LambdaExecutionRole 28 | - Arn 29 | Runtime: nodejs12.x 30 | LambdaExecutionRole: 31 | Type: 'AWS::IAM::Role' 32 | Properties: 33 | AssumeRolePolicyDocument: 34 | Version: 2012-10-17 35 | Statement: 36 | - Effect: Allow 37 | Principal: 38 | Service: 39 | - lambda.amazonaws.com 40 | Action: 41 | - 'sts:AssumeRole' 42 | ManagedPolicyArns: 43 | - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' 44 | Policies: 45 | - PolicyName: ApiGatewayLogsPolicy 46 | PolicyDocument: 47 | Version: 2012-10-17 48 | Statement: 49 | - Action: 'quicksight:GetDashboardEmbedUrl' 50 | Resource: '*' 51 | Effect: Allow 52 | - Action: 'quicksight:GetAuthCode' 53 | Resource: '*' 54 | Effect: Allow 55 | GetDashboardEmbedURLApi: 56 | Type: 'AWS::ApiGateway::RestApi' 57 | Properties: 58 | Name: GetDashboardEmbedURL 59 | Description: API used for GetDashboardEmbedURL requests 60 | FailOnWarnings: true 61 | LambdaPermission: 62 | Type: 'AWS::Lambda::Permission' 63 | Properties: 64 | Action: 'lambda:invokeFunction' 65 | FunctionName: !GetAtt 66 | - GetDashboardEmbedURLLambda 67 | - Arn 68 | Principal: apigateway.amazonaws.com 69 | SourceArn: !Join 70 | - '' 71 | - - 'arn:aws:execute-api:' 72 | - !Ref 'AWS::Region' 73 | - ':' 74 | - !Ref 'AWS::AccountId' 75 | - ':' 76 | - !Ref GetDashboardEmbedURLApi 77 | - /* 78 | ApiGatewayCloudWatchLogsRole: 79 | Type: 'AWS::IAM::Role' 80 | Properties: 81 | AssumeRolePolicyDocument: 82 | Version: 2012-10-17 83 | Statement: 84 | - Effect: Allow 85 | Principal: 86 | Service: 87 | - apigateway.amazonaws.com 88 | Action: 89 | - 'sts:AssumeRole' 90 | Policies: 91 | - PolicyName: ApiGatewayLogsPolicy 92 | PolicyDocument: 93 | Version: 2012-10-17 94 | Statement: 95 | - Effect: Allow 96 | Action: 97 | - 'logs:CreateLogGroup' 98 | - 'logs:CreateLogStream' 99 | - 'logs:DescribeLogGroups' 100 | - 'logs:DescribeLogStreams' 101 | - 'logs:PutLogEvents' 102 | - 'logs:GetLogEvents' 103 | - 'logs:FilterLogEvents' 104 | Resource: '*' 105 | ApiGatewayAccount: 106 | Type: 'AWS::ApiGateway::Account' 107 | Properties: 108 | CloudWatchRoleArn: !GetAtt 109 | - ApiGatewayCloudWatchLogsRole 110 | - Arn 111 | GetDashboardEmbedURLApiStage: 112 | DependsOn: 113 | - ApiGatewayAccount 114 | Type: 'AWS::ApiGateway::Stage' 115 | Properties: 116 | DeploymentId: !Ref ApiDeployment 117 | MethodSettings: 118 | - DataTraceEnabled: true 119 | HttpMethod: '*' 120 | LoggingLevel: INFO 121 | ResourcePath: /* 122 | RestApiId: !Ref GetDashboardEmbedURLApi 123 | StageName: LATEST 124 | ApiDeployment: 125 | Type: 'AWS::ApiGateway::Deployment' 126 | DependsOn: 127 | - GetDashboardEmbedURLRequest 128 | - GetDashboardEmbedURLOptionsRequest 129 | Properties: 130 | RestApiId: !Ref GetDashboardEmbedURLApi 131 | StageName: prod 132 | GetDashboardEmbedURLResource: 133 | Type: 'AWS::ApiGateway::Resource' 134 | Properties: 135 | RestApiId: !Ref GetDashboardEmbedURLApi 136 | ParentId: !GetAtt 137 | - GetDashboardEmbedURLApi 138 | - RootResourceId 139 | PathPart: getDashboardEmbedURL 140 | RequestValidator: 141 | Type: 'AWS::ApiGateway::RequestValidator' 142 | Properties: 143 | Name: getDashboardEmbedURLValidator 144 | RestApiId: !Ref GetDashboardEmbedURLApi 145 | ValidateRequestParameters: true 146 | GetDashboardEmbedURLRequest: 147 | DependsOn: LambdaPermission 148 | Type: 'AWS::ApiGateway::Method' 149 | Properties: 150 | AuthorizationType: NONE 151 | HttpMethod: GET 152 | RequestValidatorId: !Ref RequestValidator 153 | Integration: 154 | Type: AWS_PROXY 155 | IntegrationHttpMethod: POST 156 | Uri: !Join 157 | - '' 158 | - - 'arn:aws:apigateway:' 159 | - !Ref 'AWS::Region' 160 | - ':lambda:path/2015-03-31/functions/' 161 | - !GetAtt 162 | - GetDashboardEmbedURLLambda 163 | - Arn 164 | - /invocations 165 | IntegrationResponses: 166 | - StatusCode: 200 167 | ResponseParameters: 168 | method.response.header.Access-Control-Allow-Origin: '''*''' 169 | method.response.header.Access-Control-Allow-Methods: '''GET,OPTIONS''' 170 | method.response.header.Access-Control-Allow-Headers: >- 171 | 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token' 172 | RequestTemplates: 173 | application/json: !Join 174 | - '' 175 | - - '{' 176 | - ' "dashboardId": "$input.params(''dashboardId'')"' 177 | - ' "userArn": "$input.params(''userArn'')"' 178 | - ' "resetDisabled": "$input.params(''resetDisabled'')"' 179 | - ' "undoRedoDisabled": "$input.params(''undoRedoDisabled'')"' 180 | - '}' 181 | RequestParameters: 182 | method.request.querystring.dashboardId: true 183 | method.request.querystring.userArn: true 184 | method.request.querystring.resetDisabled: true 185 | method.request.querystring.undoRedoDisabled: true 186 | ResourceId: !Ref GetDashboardEmbedURLResource 187 | RestApiId: !Ref GetDashboardEmbedURLApi 188 | MethodResponses: 189 | - StatusCode: 200 190 | ResponseParameters: 191 | method.response.header.Access-Control-Allow-Origin: true 192 | method.response.header.Access-Control-Allow-Methods: true 193 | method.response.header.Access-Control-Allow-Headers: true 194 | GetDashboardEmbedURLOptionsRequest: 195 | Type: 'AWS::ApiGateway::Method' 196 | Properties: 197 | AuthorizationType: NONE 198 | HttpMethod: OPTIONS 199 | MethodResponses: 200 | - StatusCode: '200' 201 | ResponseParameters: 202 | method.response.header.Access-Control-Allow-Origin: true 203 | method.response.header.Access-Control-Allow-Headers: true 204 | method.response.header.Access-Control-Allow-Methods: true 205 | ResponseModels: {} 206 | RequestParameters: {} 207 | Integration: 208 | Type: MOCK 209 | RequestTemplates: 210 | application/json: '{statusCode:200}' 211 | IntegrationResponses: 212 | - StatusCode: '200' 213 | ResponseParameters: 214 | method.response.header.Access-Control-Allow-Origin: '''*''' 215 | method.response.header.Access-Control-Allow-Headers: >- 216 | 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent' 217 | method.response.header.Access-Control-Allow-Methods: '''GET,OPTIONS''' 218 | ResponseTemplates: 219 | application/json: '' 220 | ResourceId: !Ref GetDashboardEmbedURLResource 221 | RestApiId: !Ref GetDashboardEmbedURLApi 222 | Outputs: 223 | RootUrl: 224 | Description: Root URL of the API gateway 225 | Value: !Join 226 | - '' 227 | - - 'https://' 228 | - !Ref GetDashboardEmbedURLApi 229 | - .execute-api. 230 | - !Ref 'AWS::Region' 231 | - .amazonaws.com 232 | -------------------------------------------------------------------------------- /QuickSightAuthentication/cloudformation/QuickSightEmbeddingWebApp.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: > 3 | Resources for hosting a static website (generated with Hugo for example) on 4 | Amazon Simple Storage Service (S3) & CloudFront. 5 | ############################################################################### 6 | Parameters: 7 | ############################################################################### 8 | 9 | PriceClass: 10 | Type: String 11 | Description: The CloudFront distribution price class 12 | Default: 'PriceClass_All' 13 | AllowedValues: 14 | - 'PriceClass_100' 15 | - 'PriceClass_200' 16 | - 'PriceClass_All' 17 | 18 | ############################################################################### 19 | Resources: 20 | ############################################################################### 21 | 22 | TheCloudFrontDistribution: 23 | Type: AWS::CloudFront::Distribution 24 | Properties: 25 | DistributionConfig: 26 | DefaultCacheBehavior: 27 | Compress: true 28 | ForwardedValues: 29 | QueryString: true 30 | TargetOriginId: the-s3-bucket 31 | ViewerProtocolPolicy: redirect-to-https 32 | DefaultRootObject: index.html 33 | CustomErrorResponses: 34 | - ErrorCachingMinTTL: 300 35 | ErrorCode: 403 36 | ResponseCode: 404 37 | ResponsePagePath: /404.html 38 | Enabled: true 39 | HttpVersion: http2 40 | Origins: 41 | - DomainName: 42 | !Join [ "", [ !Ref TheBucket, ".s3.amazonaws.com" ] ] 43 | Id: the-s3-bucket 44 | S3OriginConfig: 45 | OriginAccessIdentity: 46 | !Join [ "", [ "origin-access-identity/cloudfront/", !Ref TheCloudFrontOriginAccessIdentity ] ] 47 | PriceClass: !Ref PriceClass 48 | ViewerCertificate: 49 | CloudFrontDefaultCertificate : true 50 | 51 | TheCloudFrontOriginAccessIdentity: 52 | Type: AWS::CloudFront::CloudFrontOriginAccessIdentity 53 | Properties: 54 | CloudFrontOriginAccessIdentityConfig: 55 | Comment: !Sub 'CloudFront OAI for quicksight embedding' 56 | 57 | TheBucket: 58 | Type: AWS::S3::Bucket 59 | DeletionPolicy: Retain 60 | Properties: 61 | BucketEncryption: 62 | ServerSideEncryptionConfiguration: 63 | - 64 | ServerSideEncryptionByDefault: 65 | SSEAlgorithm: AES256 66 | 67 | TheBucketPolicy: 68 | Type: AWS::S3::BucketPolicy 69 | Properties: 70 | Bucket: !Ref TheBucket 71 | PolicyDocument: 72 | Statement: 73 | - 74 | Action: 75 | - s3:GetObject 76 | Effect: Allow 77 | Resource: !Join [ "", [ "arn:aws:s3:::", !Ref TheBucket, "/*" ] ] 78 | Principal: 79 | CanonicalUser: !GetAtt TheCloudFrontOriginAccessIdentity.S3CanonicalUserId -------------------------------------------------------------------------------- /QuickSightAuthentication/lambda/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | -------------------------------------------------------------------------------- /QuickSightAuthentication/lambda/README.md: -------------------------------------------------------------------------------- 1 | # Lambda Code Files for QuickSight Developer Sandbox website (SpaceNeedleDeveloperSandbox) 2 | 3 | ## Instructions 4 | 1. cd inside the lambda/ directory. 5 | 2. run `npm install` 6 | 3. Package the index.js, package.json, and node_modules into a zip. 7 | To do this, run `zip -r getDashboardEmbedURL.zip *` 8 | 4. Sign into the AWS Console and go to Lambda. Click on the GetDashboardEmbedURL function. 9 | 5. Scroll down to the 'Function code' section and click the Upload button. 10 | 6. Select the zip folder you just created, then click Save. 11 | 12 | For more information, see step 3 at https://github.com/aws-samples/amazon-quicksight-embedding-sample 13 | -------------------------------------------------------------------------------- /QuickSightAuthentication/lambda/index.js: -------------------------------------------------------------------------------- 1 | global.fetch = require('node-fetch'); 2 | const AWS = require('aws-sdk'); 3 | 4 | exports.handler = function(event, context, callback) { 5 | return sendRes(event, context, callback); 6 | }; 7 | 8 | const getDashboardURL = (accountId, dashboardId, userArn, resetDisabled, undoRedoDisabled) => { 9 | return new Promise((resolve, reject) => { 10 | 11 | const getDashboardParams = { 12 | AwsAccountId: accountId, 13 | DashboardId: dashboardId, 14 | UserArn: userArn, 15 | IdentityType: 'QUICKSIGHT', 16 | ResetDisabled: resetDisabled, 17 | SessionLifetimeInMinutes: 600, 18 | UndoRedoDisabled: undoRedoDisabled 19 | }; 20 | 21 | const quicksightGetDashboard = new AWS.QuickSight({ 22 | region: process.env.AWS_REGION, 23 | }); 24 | 25 | quicksightGetDashboard.getDashboardEmbedUrl(getDashboardParams, function(err, data) { 26 | if (err) { 27 | console.log(err, err.stack); 28 | reject(err); 29 | } else { 30 | const result = { 31 | "statusCode": 200, 32 | "headers": { 33 | "Access-Control-Allow-Origin": "*", 34 | "Access-Control-Allow-Headers": "Content-Type" 35 | }, 36 | "body": JSON.stringify(data), 37 | "isBase64Encoded": false 38 | } 39 | resolve(result); 40 | } 41 | }); 42 | }); 43 | } 44 | 45 | const sendRes = (event, context, callback) => { 46 | const accountId = context.invokedFunctionArn.match(/\d{3,}/)[0]; 47 | const dashboardId = decodeURIComponent(event.dashboardId || event.queryStringParameters.dashboardId); 48 | const userArn = decodeURIComponent(event.userArn || event.queryStringParameters.userArn); 49 | const resetDisabledParam = decodeURIComponent(event.resetDisabled || event.queryStringParameters.resetDisabled); 50 | const undoRedoDisabledParam = decodeURIComponent(event.undoRedoDisabled || event.queryStringParameters.undoRedoDisabled); 51 | 52 | console.log("Initial variables:"); 53 | console.log(`accountID = ${accountId}`); 54 | console.log(`dashboardID = ${dashboardId}`); 55 | console.log(`userArn = ${userArn}`); 56 | console.log(`resetDisabledParam = ${resetDisabledParam}`); 57 | console.log(`undoRedoDisabledParam = ${undoRedoDisabledParam}`); 58 | 59 | if (!accountId) { 60 | const error = new Error("accountId is unavailable"); 61 | callback(error); 62 | } 63 | if (!dashboardId) { 64 | const error = new Error("dashboardId is unavailable"); 65 | callback(error); 66 | } 67 | if (!userArn) { 68 | const error = new Error("userArn is unavailable"); 69 | callback(error); 70 | } 71 | 72 | if (!resetDisabledParam) { 73 | const error = new Error("resetDisabledParam flag is unavailable"); 74 | callback(error); 75 | } 76 | if (!undoRedoDisabledParam) { 77 | const error = new Error("undoRedoDisabledParam flag is unavailable"); 78 | callback(error); 79 | } 80 | 81 | const resetDisabled = resetDisabledParam === "true" ? true : false; 82 | const undoRedoDisabled = undoRedoDisabledParam === "true" ? true : false; 83 | 84 | const getDashboardEmbedUrlPromise = getDashboardURL(accountId, dashboardId, userArn, resetDisabled, undoRedoDisabled); 85 | getDashboardEmbedUrlPromise.then(function(result){ 86 | const dashboardEmbedUrlResult = result; 87 | if (dashboardEmbedUrlResult && dashboardEmbedUrlResult.statusCode === 200) { 88 | callback(null, result); 89 | } else { 90 | console.log('getDashboardEmbedUrl failed'); 91 | } 92 | }, function(err){ 93 | console.log(err, err.stack); 94 | }); 95 | } 96 | -------------------------------------------------------------------------------- /QuickSightAuthentication/lambda/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "embedding-ga-node", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "requires": true, 6 | "dependencies": { 7 | "amazon-cognito-identity-js": { 8 | "version": "3.0.15", 9 | "resolved": "https://registry.npmjs.org/amazon-cognito-identity-js/-/amazon-cognito-identity-js-3.0.15.tgz", 10 | "integrity": "sha512-FVVd6hO0ipEODE95i2Z/6Ue/6YV8JI3sdK8zzmC8WLvI/FihbiHiNtjXojD6b48Ng2D6MZwN4C/Hqkiw5jVeFw==", 11 | "requires": { 12 | "buffer": "4.9.1", 13 | "crypto-js": "^3.1.9-1", 14 | "js-cookie": "^2.1.4" 15 | } 16 | }, 17 | "aws-sdk": { 18 | "version": "2.516.0", 19 | "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.516.0.tgz", 20 | "integrity": "sha512-YW14hj0LNrcVF6CmN8zphy3fFbHiUGYDLIiD+1C932vDUvwqwFZzV2zd7Z//XKSFa+dSG4aGyHln2/F3/7BgpQ==", 21 | "requires": { 22 | "buffer": "4.9.1", 23 | "events": "1.1.1", 24 | "ieee754": "1.1.8", 25 | "jmespath": "0.15.0", 26 | "querystring": "0.2.0", 27 | "sax": "1.2.1", 28 | "url": "0.10.3", 29 | "uuid": "3.3.2", 30 | "xml2js": "0.4.19" 31 | }, 32 | "dependencies": { 33 | "ieee754": { 34 | "version": "1.1.8", 35 | "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.8.tgz", 36 | "integrity": "sha1-vjPUCsEO8ZJnAfbwii2G+/0a0+Q=" 37 | } 38 | } 39 | }, 40 | "base64-js": { 41 | "version": "1.3.1", 42 | "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", 43 | "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" 44 | }, 45 | "buffer": { 46 | "version": "4.9.1", 47 | "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz", 48 | "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=", 49 | "requires": { 50 | "base64-js": "^1.0.2", 51 | "ieee754": "^1.1.4", 52 | "isarray": "^1.0.0" 53 | } 54 | }, 55 | "crypto-js": { 56 | "version": "3.1.9-1", 57 | "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.1.9-1.tgz", 58 | "integrity": "sha1-/aGedh/Ad+Af+/3G6f38WeiAbNg=" 59 | }, 60 | "events": { 61 | "version": "1.1.1", 62 | "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", 63 | "integrity": "sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=" 64 | }, 65 | "ieee754": { 66 | "version": "1.1.13", 67 | "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", 68 | "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" 69 | }, 70 | "isarray": { 71 | "version": "1.0.0", 72 | "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", 73 | "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" 74 | }, 75 | "jmespath": { 76 | "version": "0.15.0", 77 | "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.15.0.tgz", 78 | "integrity": "sha1-o/Iiqarp+Wb10nx5ZRDigJF2Qhc=" 79 | }, 80 | "js-cookie": { 81 | "version": "2.2.1", 82 | "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.1.tgz", 83 | "integrity": "sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==" 84 | }, 85 | "node-fetch": { 86 | "version": "2.6.0", 87 | "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz", 88 | "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==" 89 | }, 90 | "punycode": { 91 | "version": "1.3.2", 92 | "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz", 93 | "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=" 94 | }, 95 | "querystring": { 96 | "version": "0.2.0", 97 | "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz", 98 | "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=" 99 | }, 100 | "sax": { 101 | "version": "1.2.1", 102 | "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", 103 | "integrity": "sha1-e45lYZCyKOgaZq6nSEgNgozS03o=" 104 | }, 105 | "url": { 106 | "version": "0.10.3", 107 | "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz", 108 | "integrity": "sha1-Ah5NnHcF8hu/N9A861h2dAJ3TGQ=", 109 | "requires": { 110 | "punycode": "1.3.2", 111 | "querystring": "0.2.0" 112 | } 113 | }, 114 | "uuid": { 115 | "version": "3.3.2", 116 | "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz", 117 | "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==" 118 | }, 119 | "xml2js": { 120 | "version": "0.4.19", 121 | "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz", 122 | "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==", 123 | "requires": { 124 | "sax": ">=0.6.0", 125 | "xmlbuilder": "~9.0.1" 126 | } 127 | }, 128 | "xmlbuilder": { 129 | "version": "9.0.7", 130 | "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz", 131 | "integrity": "sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0=" 132 | } 133 | } 134 | } 135 | -------------------------------------------------------------------------------- /QuickSightAuthentication/lambda/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "embedding-ga-node", 3 | "version": "1.0.0", 4 | "description": "Lambda code files for QuickSight Developer Sandbox website", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "ISC", 12 | "dependencies": { 13 | "amazon-cognito-identity-js": "^3.0.5", 14 | "aws-sdk": "^2.361.0", 15 | "node-fetch": "^2.3.0" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /QuickSightAuthentication/web/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Embedding demo 7 | 8 | 9 | 10 | 92 | 93 | 94 | 95 |
96 |
97 |
98 | 99 | 100 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Amazon QuickSight Embedding Sample 2 | Thank you for using Amazon QuickSight. We have put together a sample for embedding dashboards in your apps running on a web browser. As the embedding API currently does not support CORS, we have provided an example of a lambda based setup, which enables you to invoke the embedding API from your web app. 3 | 4 | ## Usage 5 | Before you can embed an Amazon QuickSight dashboard, you need to publish it and ensure that users are granted necessary permissions. For more information, see [Embedding Amazon QuickSight Dashboards](https://docs.aws.amazon.com/quicksight/latest/user/embedding-dashboards.html) in the Amazon QuickSight User Guide. 6 | 7 | # Amazon QuickSight SSO 8 | QuickSight Embedding SSO works by obtaining AWS Credentials from the users logged in credentials. 9 | 10 | Amazon QuickSight provides the following options for implementing SSO. 11 | 1. OpenID Connect 12 | 2. SAML 13 | 3. QuickSight authenticated. 14 | 15 | The sample application covers OpenID Connect based SSO integrating with Cognito - Refer to OpenIDAuthentication folder for more details. 16 | 17 | QuickSight authenticated can be used for QuickSight enterprise account with AD integration, or can be used in cases. A sample application highlighting that is available in QuickSightAuthentication folder. --------------------------------------------------------------------------------