Sign-in
Amplify provides a client library that enables you to interact with backend resources such as Amplify Auth.
Using the signIn API
import { signIn } from 'aws-amplify/auth'
await signIn({ username: "hello@mycompany.com", password: "hunter2",})
The signIn
API response will include a nextStep
property, which can be used to determine if further action is required. It may return the following next steps:
CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED
- The user was created with a temporary password and must set a new one. Complete the process withconfirmSignIn
.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE
- The sign-in must be confirmed with a custom challenge response. Complete the process withconfirmSignIn
.CONFIRM_SIGN_IN_WITH_TOTP_CODE
- The sign-in must be confirmed with a TOTP code from the user. Complete the process withconfirmSignIn
.CONTINUE_SIGN_IN_WITH_TOTP_SETUP
- The TOTP setup process must be continued. Complete the process withconfirmSignIn
.CONFIRM_SIGN_IN_WITH_SMS_CODE
- The sign-in must be confirmed with a SMS code from the user. Complete the process withconfirmSignIn
.CONTINUE_SIGN_IN_WITH_MFA_SELECTION
- The user must select their mode of MFA verification before signing in. Complete the process withconfirmSignIn
.RESET_PASSWORD
- The user must reset their password viaresetPassword
.CONFIRM_SIGN_UP
- The user hasn't completed the sign-up flow fully and must be confirmed viaconfirmSignUp
.DONE
- The sign in process has been completed.
For more information on handling the TOTP and MFA steps that may be returned, see multi-factor authentication.
Confirm sign-in
With multi-factor auth enabled
When multi-factor authentication (MFA) is required with SMS in your backend auth resource, you will need to pass the phone number during sign-up API call. If you are using the email
or username
as the primary sign-in mechanism, you will need to pass the phone_number
attribute as a user attribute. This will change depending on if you enable SMS, TOTP, or both. Visit the multi-factor authentication documentation to learn more about enabling MFA on your backend auth resource.
You will then confirm sign-up, sign in, and receive a nextStep
in the sign-in result of type CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE
. A confirmation code will also be texted to the phone number provided above. Pass the code you received to the confirmSignIn
API:
Sign in with an external identity provider
To sign in using an external identity provider such as Google, use the signInWithRedirect
function.
import { signInWithRedirect } from "aws-amplify/auth"
signInWithRedirect({ provider: "Google" })
Alternatively if you have configured OIDC or SAML-based identity providers in your auth resource, you can specify a "custom" provider in signInWithRedirect
:
import { signInWithRedirect } from "aws-amplify/auth"
signInWithRedirect({ provider: { custom: "MyOidcProvider"}})