From 85df8b36b487c3a41cb318321ab954d5618b216d Mon Sep 17 00:00:00 2001
From: Josh Crawford <joshua@sgroup.com.au>
Date: Fri, 12 Jul 2024 18:57:30 +1000
Subject: [PATCH] Add Amazon Cognito provider

---
 .../amazoncognito/provider/AmazonCognito.php  | 221 ++++++++++++++++
 .../provider/AmazonCognitoUser.php            | 242 ++++++++++++++++++
 src/helpers/Provider.php                      |   3 +
 src/providers/AmazonCognito.php               |  22 ++
 4 files changed, 488 insertions(+)
 create mode 100644 src/clients/amazoncognito/provider/AmazonCognito.php
 create mode 100644 src/clients/amazoncognito/provider/AmazonCognitoUser.php
 create mode 100644 src/providers/AmazonCognito.php

diff --git a/src/clients/amazoncognito/provider/AmazonCognito.php b/src/clients/amazoncognito/provider/AmazonCognito.php
new file mode 100644
index 0000000..3bd415e
--- /dev/null
+++ b/src/clients/amazoncognito/provider/AmazonCognito.php
@@ -0,0 +1,221 @@
+<?php
+namespace verbb\auth\clients\amazoncognito\provider;
+
+use League\OAuth2\Client\Exception\HostedDomainException;
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
+use Psr\Http\Message\ResponseInterface;
+
+class AmazonCognito extends AbstractProvider
+{
+    use BearerAuthorizationTrait;
+
+    const BASE_COGNITO_URL = 'https://%s.auth.%s.amazoncognito.com%s';
+    /**
+     * @var array List of scopes that will be used for authentication.
+     *
+     * Valid scopes: phone, email, openid, aws.cognito.signin.user.admin, profile
+     * Defaults to email, openid
+     *
+     */
+    protected $scopes = [];
+
+    /**
+     * @var string If set, it will replace default AWS Cognito urls.
+     */
+    protected $hostedDomain;
+    
+    /**
+     * @var string If set, it will be added to AWS Cognito urls.
+     */
+    protected $cognitoDomain;
+
+    /**
+     * @var string If set, it will be added to AWS Cognito urls.
+     */
+    protected $region;
+
+    /**
+     * @param array $options
+     * @param array $collaborators
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function __construct($options = [], array $collaborators = [])
+    {
+        parent::__construct($options, $collaborators);
+        
+        if (!empty($options['hostedDomain'])) {
+            $this->hostedDomain = $options['hostedDomain'];
+        } elseif (!empty($options['cognitoDomain']) && !empty($options['region'])) {
+            $this->cognitoDomain = $options['cognitoDomain'];
+            $this->region = $options['region'];
+        } else {
+            throw new \InvalidArgumentException(
+                'Neither "cognitoDomain" and "region" nor "hostedDomain" options are set. Please set one of them.'
+            );
+        }
+
+        if (!empty($options['scope'])) {
+            $this->scopes = explode($this->getScopeSeparator(), $options['scope']);
+        }
+    }
+
+    /**
+     * @return array
+     */
+    public function getScopes()
+    {
+        return $this->scopes;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getRegion()
+    {
+        return $this->region;
+    }
+
+    /**
+     * @param $region
+     */
+    public function setRegion($region)
+    {
+        $this->region = $region;
+    }
+
+    /**
+     * @return string
+     */
+    public function getHostedDomain()
+    {
+        return $this->hostedDomain;
+    }
+
+    /**
+     * @param string $hostedDomain
+     */
+    public function setHostedDomain($hostedDomain)
+    {
+        $this->hostedDomain = $hostedDomain;
+    }
+
+    /**
+     * @return string
+     */
+    public function getCognitoDomain()
+    {
+        return $this->cognitoDomain;
+    }
+
+    /**
+     * @param string $cognitoDomain
+     */
+    public function setCognitoDomain($cognitoDomain)
+    {
+        $this->cognitoDomain = $cognitoDomain;
+    }
+
+    /**
+     * Returns the url for given action
+     *
+     * @param $action
+     * @return string
+     */
+    private function getCognitoUrl($action)
+    {
+        return !empty($this->hostedDomain) ? $this->hostedDomain . $action :
+            sprintf(self::BASE_COGNITO_URL, $this->cognitoDomain, $this->region, $action);
+    }
+
+    /**
+     * @return string
+     */
+    public function getBaseAuthorizationUrl()
+    {
+        return $this->getCognitoUrl('/authorize');
+    }
+
+    /**
+     * @param array $params
+     * @return string
+     */
+    public function getBaseAccessTokenUrl(array $params)
+    {
+        return $this->getCognitoUrl('/token');
+    }
+
+    /**
+     * @param AccessToken $token
+     * @return string
+     */
+    public function getResourceOwnerDetailsUrl(AccessToken $token)
+    {
+        return $this->getCognitoUrl('/oauth2/userInfo');
+    }
+
+    /**
+     * @param array $options
+     * @return array
+     */
+    protected function getAuthorizationParameters(array $options)
+    {
+        $scopes = array_merge($this->getDefaultScopes(), $this->scopes);
+
+        if (!empty($options['scope'])) {
+            $scopes = array_merge($scopes, $options['scope']);
+        }
+
+        $options['scope'] = array_unique($scopes);
+
+        return parent::getAuthorizationParameters($options);
+    }
+
+    /**
+     * @return array
+     */
+    protected function getDefaultScopes()
+    {
+        return ['openid', 'email'];
+    }
+
+    /**
+     * @return string
+     */
+    protected function getScopeSeparator()
+    {
+        return ' ';
+    }
+
+    /**
+     * @param ResponseInterface $response
+     * @param array|string $data
+     * @throws IdentityProviderException
+     */
+    protected function checkResponse(ResponseInterface $response, $data)
+    {
+        if (empty($data['error'])) {
+            return;
+        }
+        
+        $code = 0;
+        $error = $data['error'];
+        
+        throw new IdentityProviderException($error, $code, $data);
+    }
+
+    /**
+     * @param array $response
+     * @param AccessToken $token
+     * @return CognitoUser|\League\OAuth2\Client\Provider\ResourceOwnerInterface
+     */
+    protected function createResourceOwner(array $response, AccessToken $token)
+    {
+        $user = new CognitoUser($response);
+
+        return $user;
+    }
+}
\ No newline at end of file
diff --git a/src/clients/amazoncognito/provider/AmazonCognitoUser.php b/src/clients/amazoncognito/provider/AmazonCognitoUser.php
new file mode 100644
index 0000000..f5cb5b2
--- /dev/null
+++ b/src/clients/amazoncognito/provider/AmazonCognitoUser.php
@@ -0,0 +1,242 @@
+<?php
+namespace verbb\auth\clients\amazoncognito\provider;
+
+use League\OAuth2\Client\Provider\ResourceOwnerInterface;
+
+class AmazonCognitoUser implements ResourceOwnerInterface
+{
+    /**
+     * @var array
+     */
+    protected $data;
+
+    /**
+     * @param array $response
+     */
+    public function __construct(array $response)
+    {
+        $this->data = $response;
+    }
+
+    /**
+     * Get id
+     *
+     * @return string
+     */
+    public function getId()
+    {
+        return $this->getField('sub');
+    }
+
+    /**
+     * Get address.
+     *
+     * @return string|null
+     */
+    public function getAddress()
+    {
+        return $this->getField('address');
+    }
+    
+    /**
+     * Get username.
+     *
+     * @return string|null
+     */
+    public function getUsername()
+    {
+        return $this->getField('username');
+    }
+
+    /**
+     * Get email address.
+     *
+     * @return string|null
+     */
+    public function getEmail()
+    {
+        return $this->getField('email');
+    }
+
+    /**
+     * Get email verified.
+     *
+     * @return string|null
+     */
+    public function getEmailVerified()
+    {
+        return $this->getField('email_verified');
+    }
+
+    /**
+     * Get phone number.
+     *
+     * @return string|null
+     */
+    public function getPhoneNumber()
+    {
+        return $this->getField('phone_number');
+    }
+
+    /**
+     * Get phone number verified.
+     *
+     * @return string|null
+     */
+    public function getPhoneNumberVerified()
+    {
+        return $this->getField('phone_number_verified');
+    }
+
+    /**
+     * Get birthdate.
+     *
+     * @return string|null
+     */
+    public function getBirthdate()
+    {
+        return $this->getField('birthdate');
+    }
+
+    /**
+     * Get profile.
+     *
+     * @return string|null
+     */
+    public function getProfile()
+    {
+        return $this->getField('profile');
+    }
+
+    /**
+     * Get gender.
+     *
+     * @return string|null
+     */
+    public function getGender()
+    {
+        return $this->getField('gender');
+    }
+
+    /**
+     * Get name.
+     *
+     * @return string|null
+     */
+    public function getName()
+    {
+        return $this->getField('name');
+    }
+    
+    /**
+     * Get given name.
+     *
+     * @return string|null
+     */
+    public function getGivenName()
+    {
+        return $this->getField('given_name');
+    }
+
+    /**
+     * Get middle name.
+     *
+     * @return string|null
+     */
+    public function getMiddleName()
+    {
+        return $this->getField('middle_name');
+    }
+
+    /**
+     * Get family name.
+     *
+     * @return string|null
+     */
+    public function getFamilyName()
+    {
+        return $this->getField('family_name');
+    }
+
+    /**
+     * Get locale.
+     *
+     * @return string|null
+     */
+    public function getLocale()
+    {
+        return $this->getField('locale');
+    }
+    
+    /**
+     * Get zone info.
+     *
+     * @return string|null
+     */
+    public function getZoneinfo()
+    {
+        return $this->getField('zoneinfo');
+    }
+
+    /**
+     * Get preferred username.
+     *
+     * @return string|null
+     */
+    public function getPreferredUsername()
+    {
+        return $this->getField('preferred_username');
+    }
+
+    /**
+     * Get nickname.
+     *
+     * @return string|null
+     */
+    public function getNickname()
+    {
+        return $this->getField('nickname');
+    }
+
+    /**
+     * Get website.
+     *
+     * @return string|null
+     */
+    public function getWebsite()
+    {
+        return $this->getField('website');
+    }
+
+    /**
+     * Get picture.
+     *
+     * @return string|null
+     */
+    public function getPicture()
+    {
+        return $this->getField('picture');
+    }
+    
+    /**
+     * Get user data as an array.
+     *
+     * @return array
+     */
+    public function toArray()
+    {
+        return $this->data;
+    }
+    
+    /**
+     * Returns a field from the Graph node data.
+     *
+     * @param string $key
+     *
+     * @return mixed|null
+     */
+    private function getField($key)
+    {
+        return isset($this->data[$key]) ? $this->data[$key] : null;
+    }
+}
\ No newline at end of file
diff --git a/src/helpers/Provider.php b/src/helpers/Provider.php
index 06aeaaa..d722d99 100644
--- a/src/helpers/Provider.php
+++ b/src/helpers/Provider.php
@@ -12,6 +12,7 @@ public static function getPrimaryColor(string $handle): ?string
             '500px' => '#0099e5',
             'airbnb' => '#ff5b5e',
             'amazon' => '#ff9900',
+            'amazonCognito' => '#ff9900',
             'angelList' => '#000000',
             'appStore' => '#176fdc',
             'apple' => '#000000',
@@ -175,6 +176,8 @@ public static function getIcon(string $handle): ?string
             'airbnb' => '<svg fill="currentColor" viewBox="0 0 448 512"><path d="M224 373.12c-25.24-31.67-40.08-59.43-45-83.18-22.55-88 112.61-88 90.06 0-5.45 24.25-20.29 52-45 83.18zm138.15 73.23c-42.06 18.31-83.67-10.88-119.3-50.47 103.9-130.07 46.11-200-18.85-200-54.92 0-85.16 46.51-73.28 100.5 6.93 29.19 25.23 62.39 54.43 99.5-32.53 36.05-60.55 52.69-85.15 54.92-50 7.43-89.11-41.06-71.3-91.09 15.1-39.16 111.72-231.18 115.87-241.56 15.75-30.07 25.56-57.4 59.38-57.4 32.34 0 43.4 25.94 60.37 59.87 36 70.62 89.35 177.48 114.84 239.09 13.17 33.07-1.37 71.29-37.01 86.64zm47-136.12C280.27 35.93 273.13 32 224 32c-45.52 0-64.87 31.67-84.66 72.79C33.18 317.1 22.89 347.19 22 349.81-3.22 419.14 48.74 480 111.63 480c21.71 0 60.61-6.06 112.37-62.4 58.68 63.78 101.26 62.4 112.37 62.4 62.89.05 114.85-60.86 89.61-130.19.02-3.89-16.82-38.9-16.82-39.58z"/></svg>',
             
             'amazon' => '<svg fill="currentColor" viewBox="0 0 24 24"><path d="M.045 18.02c.072-.116.187-.124.348-.022 3.636 2.11 7.594 3.166 11.87 3.166 2.852 0 5.668-.533 8.447-1.595l.315-.14c.138-.06.234-.1.293-.13.226-.088.39-.046.525.13.12.174.09.336-.12.48-.256.19-.6.41-1.006.654-1.244.743-2.64 1.316-4.185 1.726a17.617 17.617 0 01-10.951-.577 17.88 17.88 0 01-5.43-3.35c-.1-.074-.151-.15-.151-.22 0-.047.021-.09.051-.13zm6.565-6.218c0-1.005.247-1.863.743-2.577.495-.71 1.17-1.25 2.04-1.615.796-.335 1.756-.575 2.912-.72.39-.046 1.033-.103 1.92-.174v-.37c0-.93-.105-1.558-.3-1.875-.302-.43-.78-.65-1.44-.65h-.182c-.48.046-.896.196-1.246.46-.35.27-.575.63-.675 1.096-.06.3-.206.465-.435.51l-2.52-.315c-.248-.06-.372-.18-.372-.39 0-.046.007-.09.022-.15.247-1.29.855-2.25 1.82-2.88.976-.616 2.1-.975 3.39-1.05h.54c1.65 0 2.957.434 3.888 1.29.135.15.27.3.405.48.12.165.224.314.283.45.075.134.15.33.195.57.06.254.105.42.135.51.03.104.062.3.076.615.01.313.02.493.02.553v5.28c0 .376.06.72.165 1.036.105.313.21.54.315.674l.51.674c.09.136.136.256.136.36 0 .12-.06.226-.18.314-1.2 1.05-1.86 1.62-1.963 1.71-.165.135-.375.15-.63.045a6.062 6.062 0 01-.526-.496l-.31-.347a9.391 9.391 0 01-.317-.42l-.3-.435c-.81.886-1.603 1.44-2.4 1.665-.494.15-1.093.227-1.83.227-1.11 0-2.04-.343-2.76-1.034-.72-.69-1.08-1.665-1.08-2.94l-.05-.076zm3.753-.438c0 .566.14 1.02.425 1.364.285.34.675.512 1.155.512.045 0 .106-.007.195-.02.09-.016.134-.023.166-.023.614-.16 1.08-.553 1.424-1.178.165-.28.285-.58.36-.91.09-.32.12-.59.135-.8.015-.195.015-.54.015-1.005v-.54c-.84 0-1.484.06-1.92.18-1.275.36-1.92 1.17-1.92 2.43l-.035-.02zm9.162 7.027c.03-.06.075-.11.132-.17.362-.243.714-.41 1.05-.5a8.094 8.094 0 011.612-.24c.14-.012.28 0 .41.03.65.06 1.05.168 1.172.33.063.09.099.228.099.39v.15c0 .51-.149 1.11-.424 1.8-.278.69-.664 1.248-1.156 1.68-.073.06-.14.09-.197.09-.03 0-.06 0-.09-.012-.09-.044-.107-.12-.064-.24.54-1.26.806-2.143.806-2.64 0-.15-.03-.27-.087-.344-.145-.166-.55-.257-1.224-.257-.243 0-.533.016-.87.046-.363.045-.7.09-1 .135-.09 0-.148-.014-.18-.044-.03-.03-.036-.047-.02-.077 0-.017.006-.03.02-.063v-.06z"/></svg>',
+
+            'amazonCognito' => '<svg fill="currentColor" viewBox="0 0 24 24"><path d="M.045 18.02c.072-.116.187-.124.348-.022 3.636 2.11 7.594 3.166 11.87 3.166 2.852 0 5.668-.533 8.447-1.595l.315-.14c.138-.06.234-.1.293-.13.226-.088.39-.046.525.13.12.174.09.336-.12.48-.256.19-.6.41-1.006.654-1.244.743-2.64 1.316-4.185 1.726a17.617 17.617 0 01-10.951-.577 17.88 17.88 0 01-5.43-3.35c-.1-.074-.151-.15-.151-.22 0-.047.021-.09.051-.13zm6.565-6.218c0-1.005.247-1.863.743-2.577.495-.71 1.17-1.25 2.04-1.615.796-.335 1.756-.575 2.912-.72.39-.046 1.033-.103 1.92-.174v-.37c0-.93-.105-1.558-.3-1.875-.302-.43-.78-.65-1.44-.65h-.182c-.48.046-.896.196-1.246.46-.35.27-.575.63-.675 1.096-.06.3-.206.465-.435.51l-2.52-.315c-.248-.06-.372-.18-.372-.39 0-.046.007-.09.022-.15.247-1.29.855-2.25 1.82-2.88.976-.616 2.1-.975 3.39-1.05h.54c1.65 0 2.957.434 3.888 1.29.135.15.27.3.405.48.12.165.224.314.283.45.075.134.15.33.195.57.06.254.105.42.135.51.03.104.062.3.076.615.01.313.02.493.02.553v5.28c0 .376.06.72.165 1.036.105.313.21.54.315.674l.51.674c.09.136.136.256.136.36 0 .12-.06.226-.18.314-1.2 1.05-1.86 1.62-1.963 1.71-.165.135-.375.15-.63.045a6.062 6.062 0 01-.526-.496l-.31-.347a9.391 9.391 0 01-.317-.42l-.3-.435c-.81.886-1.603 1.44-2.4 1.665-.494.15-1.093.227-1.83.227-1.11 0-2.04-.343-2.76-1.034-.72-.69-1.08-1.665-1.08-2.94l-.05-.076zm3.753-.438c0 .566.14 1.02.425 1.364.285.34.675.512 1.155.512.045 0 .106-.007.195-.02.09-.016.134-.023.166-.023.614-.16 1.08-.553 1.424-1.178.165-.28.285-.58.36-.91.09-.32.12-.59.135-.8.015-.195.015-.54.015-1.005v-.54c-.84 0-1.484.06-1.92.18-1.275.36-1.92 1.17-1.92 2.43l-.035-.02zm9.162 7.027c.03-.06.075-.11.132-.17.362-.243.714-.41 1.05-.5a8.094 8.094 0 011.612-.24c.14-.012.28 0 .41.03.65.06 1.05.168 1.172.33.063.09.099.228.099.39v.15c0 .51-.149 1.11-.424 1.8-.278.69-.664 1.248-1.156 1.68-.073.06-.14.09-.197.09-.03 0-.06 0-.09-.012-.09-.044-.107-.12-.064-.24.54-1.26.806-2.143.806-2.64 0-.15-.03-.27-.087-.344-.145-.166-.55-.257-1.224-.257-.243 0-.533.016-.87.046-.363.045-.7.09-1 .135-.09 0-.148-.014-.18-.044-.03-.03-.036-.047-.02-.077 0-.017.006-.03.02-.063v-.06z"/></svg>',
             
             'angelList' => '<svg fill="currentColor" viewBox="0 0 448 512"><path d="M347.1 215.4c11.7-32.6 45.4-126.9 45.4-157.1 0-26.6-15.7-48.9-43.7-48.9-44.6 0-84.6 131.7-97.1 163.1C242 144 196.6 0 156.6 0c-31.1 0-45.7 22.9-45.7 51.7 0 35.3 34.2 126.8 46.6 162-6.3-2.3-13.1-4.3-20-4.3-23.4 0-48.3 29.1-48.3 52.6 0 8.9 4.9 21.4 8 29.7-36.9 10-51.1 34.6-51.1 71.7C46 435.6 114.4 512 210.6 512c118 0 191.4-88.6 191.4-202.9 0-43.1-6.9-82-54.9-93.7zM311.7 108c4-12.3 21.1-64.3 37.1-64.3 8.6 0 10.9 8.9 10.9 16 0 19.1-38.6 124.6-47.1 148l-34-6 33.1-93.7zM142.3 48.3c0-11.9 14.5-45.7 46.3 47.1l34.6 100.3c-15.6-1.3-27.7-3-35.4 1.4-10.9-28.8-45.5-119.7-45.5-148.8zM140 244c29.3 0 67.1 94.6 67.1 107.4 0 5.1-4.9 11.4-10.6 11.4-20.9 0-76.9-76.9-76.9-97.7.1-7.7 12.7-21.1 20.4-21.1zm184.3 186.3c-29.1 32-66.3 48.6-109.7 48.6-59.4 0-106.3-32.6-128.9-88.3-17.1-43.4 3.8-68.3 20.6-68.3 11.4 0 54.3 60.3 54.3 73.1 0 4.9-7.7 8.3-11.7 8.3-16.1 0-22.4-15.5-51.1-51.4-29.7 29.7 20.5 86.9 58.3 86.9 26.1 0 43.1-24.2 38-42 3.7 0 8.3.3 11.7-.6 1.1 27.1 9.1 59.4 41.7 61.7 0-.9 2-7.1 2-7.4 0-17.4-10.6-32.6-10.6-50.3 0-28.3 21.7-55.7 43.7-71.7 8-6 17.7-9.7 27.1-13.1 9.7-3.7 20-8 27.4-15.4-1.1-11.2-5.7-21.1-16.9-21.1-27.7 0-120.6 4-120.6-39.7 0-6.7.1-13.1 17.4-13.1 32.3 0 114.3 8 138.3 29.1 18.1 16.1 24.3 113.2-31 174.7zm-98.6-126c9.7 3.1 19.7 4 29.7 6-7.4 5.4-14 12-20.3 19.1-2.8-8.5-6.2-16.8-9.4-25.1z"></path></svg>',
             
diff --git a/src/providers/AmazonCognito.php b/src/providers/AmazonCognito.php
new file mode 100644
index 0000000..c42348d
--- /dev/null
+++ b/src/providers/AmazonCognito.php
@@ -0,0 +1,22 @@
+<?php
+namespace verbb\auth\providers;
+
+use verbb\auth\base\ProviderTrait;
+use verbb\auth\clients\amazoncognito\provider\AmazonCognito as AmazonCognitoProvider;
+
+class AmazonCognito extends AmazonCognitoProvider
+{
+    // Traits
+    // =========================================================================
+
+    use ProviderTrait;
+
+
+    // Public Methods
+    // =========================================================================
+
+    public function getBaseApiUrl(): ?string
+    {
+        return 'https://api.amazon.com/';
+    }
+}
\ No newline at end of file