release: Amplify JS release (#14139)

.github/actions/load-verdaccio-with-amplify-js/action.yml

@@ -49,10 +49,11 @@ runs:
         yarn info aws-amplify@unstable description
         npm info aws-amplify@unstable version
     - name: Upload artifact
-      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       if: failure()
       with:
         name: ${{ inputs.test_name }}-npm-log
         if-no-files-found: ignore
         path: /Users/runner/.npm/_logs/
         retention-days: 3
+        overwrite: true

.github/actions/node-and-build/action.yml

@@ -13,7 +13,7 @@ runs:
         node-version: 18.20.2
       env:
         SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
-    - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+    - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       id: cache-build-artifacts
       with:
         path: |

.github/actions/setup-samples-staging/action.yml

@@ -10,7 +10,7 @@ runs:
   using: 'composite'
   steps:
     - name: Create cache
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       id: cache-samples-staging-build
       with:
         key: aws-amplify-js-samples-staging-build-${{ github.sha }}

.github/integ-config/integ-all.yml

@@ -425,6 +425,13 @@ tests:
     sample_name: [data-client-gen2]
     spec: data-client-gen2
     browser: [chrome] # Issues using Auth category / setting secure cookies in FF using Cypress with a Next.js app. Manual testing in FF works as expected
+  - test_name: integ_next_api_multi_endpoint_gen2
+    desc: Next.js Multi Endpoint Gen 2
+    framework: next
+    category: api
+    sample_name: [multi-endpoint-gen2]
+    spec: multi-endpoint-gen2
+    browser: [chrome]
   - test_name: integ_react_rest_api
     desc: 'Vite + React REST API'
     framework: vite
@@ -625,7 +632,7 @@ tests:
     browser: *minimal_browser_list
     env:
       NEXT_PUBLIC_BACKEND_CONFIG: resum-signin
-      
+
   # DISABLED Angular/Vue tests:
   # TODO: delete tests or add custom ui logic to support them.
 

.github/workflows/callable-canary-e2e-tests.yml

@@ -138,7 +138,7 @@ jobs:
         working-directory: amplify-js-samples-staging
         shell: bash
       - name: Upload artifact
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         if: failure()
         with:
           name: ${{ inputs.test_name }}
@@ -147,3 +147,4 @@ jobs:
             amplify-js-samples-staging/cypress/videos
             amplify-js-samples-staging/cypress/screenshots
           retention-days: 14
+          overwrite: true

.github/workflows/callable-e2e-test-headless.yml

@@ -65,7 +65,7 @@ jobs:
           -n $E2E_RETRY_COUNT
 
       - name: Upload artifact
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         if: failure()
         with:
           name: ${{ inputs.test_name }}
@@ -74,3 +74,4 @@ jobs:
             amplify-js-samples-staging/cypress/videos
             amplify-js-samples-staging/cypress/screenshots
           retention-days: 14
+          overwrite: true

.github/workflows/callable-e2e-test.yml

@@ -148,7 +148,7 @@ jobs:
             yarn "$E2E_YARN_SCRIPT" "$E2E_YARN_SCRIPT_ARGS"
           fi
       - name: Upload artifact
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         if: failure()
         with:
           name: ${{ inputs.test_name }}
@@ -157,3 +157,4 @@ jobs:
             amplify-js-samples-staging/cypress/videos
             amplify-js-samples-staging/cypress/screenshots
           retention-days: 14
+          overwrite: true

.github/workflows/callable-get-package-list.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       - name: Checkout AmplifyJs
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0.0
+      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         id: cache-package-list
         with:
           path: |

packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts

@@ -295,6 +295,7 @@ describe('signInWithRedirect', () => {
 			);
 			expect(mockHandleFailure).toHaveBeenCalledWith(expectedError);
 		});
+
 		it('should not set the Oauth flag on non-browser environments', async () => {
 			const mockOpenAuthSessionResult = {
 				type: 'success',
@@ -308,6 +309,28 @@ describe('signInWithRedirect', () => {
 
 			expect(oAuthStore.storeOAuthInFlight).toHaveBeenCalledTimes(0);
 		});
+
+		it('should send the login_hint, lang and nonce in the query string if provided', async () => {
+			await signInWithRedirect({
+				provider: 'Google',
+				options: {
+					loginHint: 'someone@gmail.com',
+					lang: 'en',
+					nonce: '88388838883',
+				},
+			});
+
+			const [oauthUrl, redirectSignIn, preferPrivateSession] =
+				mockOpenAuthSession.mock.calls[0];
+
+			expect(oauthUrl).toStrictEqual(
+				'https://oauth.domain.com/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&response_type=code&client_id=userPoolClientId&identity_provider=Google&scope=phone%20email%20openid%20profile%20aws.cognito.signin.user.admin&login_hint=someone%40gmail.com&lang=en&nonce=88388838883&state=oauth_state&code_challenge=code_challenge&code_challenge_method=S256',
+			);
+			expect(redirectSignIn).toEqual(
+				mockAuthConfigWithOAuth.Auth.Cognito.loginWith.oauth.redirectSignIn,
+			);
+			expect(preferPrivateSession).toBeUndefined();
+		});
 	});
 
 	describe('errors', () => {

packages/auth/package.json

@@ -91,6 +91,8 @@
 		"enable-oauth-listener"
 	],
 	"dependencies": {
+		"@aws-crypto/sha256-js": "5.2.0",
+		"@smithy/types": "^3.3.0",
 		"tslib": "^2.5.0"
 	},
 	"peerDependencies": {

packages/auth/src/providers/cognito/apis/signInWithRedirect.ts

@@ -57,6 +57,11 @@ export async function signInWithRedirect(
 		provider,
 		customState: input?.customState,
 		preferPrivateSession: input?.options?.preferPrivateSession,
+		options: {
+			loginHint: input?.options?.loginHint,
+			lang: input?.options?.lang,
+			nonce: input?.options?.nonce,
+		},
 	});
 }
 
@@ -66,14 +71,17 @@ const oauthSignIn = async ({
 	clientId,
 	customState,
 	preferPrivateSession,
+	options,
 }: {
 	oauthConfig: OAuthConfig;
 	provider: string;
 	clientId: string;
 	customState?: string;
 	preferPrivateSession?: boolean;
+	options?: SignInWithRedirectInput['options'];
 }) => {
 	const { domain, redirectSignIn, responseType, scopes } = oauthConfig;
+	const { loginHint, lang, nonce } = options ?? {};
 	const randomState = generateState();
 
 	/* encodeURIComponent is not URL safe, use urlSafeEncode instead. Cognito
@@ -99,6 +107,10 @@ const oauthSignIn = async ({
 		client_id: clientId,
 		identity_provider: provider,
 		scope: scopes.join(' '),
+		// eslint-disable-next-line camelcase
+		...(loginHint && { login_hint: loginHint }),
+		...(lang && { lang }),
+		...(nonce && { nonce }),
 		state,
 		...(responseType === 'code' && {
 			code_challenge: toCodeChallenge(),

packages/auth/src/types/inputs.ts

@@ -68,6 +68,33 @@ export interface AuthSignInWithRedirectInput {
 		 * On all other platforms, this flag is ignored.
 		 */
 		preferPrivateSession?: boolean;
+		/**
+		 * A username prompt that you want to pass to the authorization server. You can collect a username, email address or phone number from your user and allow the destination provider to pre-populate the user's sign-in name. When you submit a `login_hint` parameter and no `idp_identifier` or `identity_provider` parameters to the `/oauth2/authorize` endpoint, managed login fills the username field with your hint value. You can also pass this parameter to the Login endpoint and automatically fill the username value.
+		 * @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
+		 */
+		loginHint?: string;
+		/**
+		 * The language that you want to display user-interactive pages in. Managed login pages can be localized, but hosted UI (classic) pages can not
+		 * @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
+		 */
+		lang?:
+			| 'de'
+			| 'en'
+			| 'es'
+			| 'fr'
+			| 'id'
+			| 'it'
+			| 'ja'
+			| 'ko'
+			| 'pt-BR'
+			| 'zh-CN'
+			| 'zh-TW'
+			| (string & NonNullable<unknown>);
+		/**
+		 * A random value that you can add to the request. The nonce value that you provide is included in the ID token that Amazon Cognito issues. To guard against replay attacks, your app can inspect the `nonce` claim in the ID token and compare it to the one you generated.
+		 * @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
+		 */
+		nonce?: string;
 	};
 }
 

packages/geo/__tests__/testData.ts

@@ -58,6 +58,7 @@ export const TestPlacePascalCase = {
 	Geometry: {
 		Point: [2345, 6789],
 	},
+	Interpolated: false,
 	Label: "don't try to label me",
 	Municipality: 'Muni',
 	Neighborhood: 'hay',

packages/geo/src/types/Geo.ts

@@ -73,6 +73,7 @@ export interface Place {
 	addressNumber?: string;
 	country?: string;
 	geometry: PlaceGeometry | undefined;
+	interpolated?: boolean;
 	label?: string;
 	municipality?: string;
 	neighborhood?: string;