Multi-step sign-in
After a user has finished signup, they can proceed to sign in. Amplify Auth signin flows can be multi step processes. The required steps are determined by the configuration you provided when you define your auth resources like described on Manage MFA Settings page.
Depending on the configuration, you may need to call various APIs to finish authenticating a user's signin attempt. To identify the next step in a signin flow, inspect the nextStep
parameter in the signin result.
When called successfully, the signin APIs will return an AuthSignInResult
. Inspect the nextStep
property in the result to see if additional signin steps are required.
The nextStep
property is of enum type AuthSignInStep
. Depending on its value, your code should take one of the following actions:
try { Amplify.Auth.signIn( "hello@example.com", "password", result -> { AuthNextSignInStep nextStep = result.getNextStep(); switch (nextStep.getSignInStep()) { case CONFIRM_SIGN_IN_WITH_TOTP_CODE: { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code"); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup"); Log.i("AuthQuickstart", "Allowed MFA types for setup" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA"); // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address break; } case CONTINUE_SIGN_IN_WITH_TOTP_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP"); Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app" + nextStep.getTotpSetupDetails().getSharedSecret()); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type"); Log.i("AuthQuickstart", "Allowed MFA type" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION: { Log.i("AuthQuickstart", "Available authentication factors for this user: " + result.getNextStep().getAvailableFactors()); // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection break; } case CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE: { Log.i("AuthQuickstart", "SMS code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_OTP: { Log.i("AuthQuickstart", "OTP code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_PASSWORD: { Log.i("AuthQuickstart", "Received next step as confirm sign in with password"); // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password break; } case CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE: { Log.i("AuthQuickstart", "Custom challenge, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer break; } case CONFIRM_SIGN_IN_WITH_NEW_PASSWORD: { Log.i("AuthQuickstart", "Sign in with new password, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password break; } case DONE: { Log.i("AuthQuickstart", "SignIn complete"); // User has successfully signed in to the app break; } } }, error -> { if (error instanceof UserNotConfirmedException) { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.i("AuthQuickstart", "Signup confirmation required" + error); } else if (error instanceof PasswordResetRequiredException) { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.i("AuthQuickstart", "Password reset required" + error); } else { Log.e("AuthQuickstart", "SignIn failed: " + error); } } );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error occurred: " + error);}
try { Amplify.Auth.signIn( "hello@example.com", "password", { result -> val nextStep = result.nextStep when(nextStep.signInStep){ AuthSignInStep.CONFIRM_SIGN_IN_WITH_TOTP_CODE -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup") Log.i("AuthQuickstart", "Allowed MFA types for setup ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA") // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address } AuthSignInStep.CONTINUE_SIGN_IN_WITH_TOTP_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP") Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app ${nextStep.totpSetupDetails?.sharedSecret}") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type") Log.i("AuthQuickstart", "Allowed MFA types ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION -> { Log.i("AuthQuickstart", "Available authentication factors for this user: ${result.nextStep.availableFactors}") // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection } AuthSignInStep.CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE -> { Log.i("AuthQuickstart", "SMS code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP -> { Log.i("AuthQuickstart", "OTP code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_PASSWORD -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with password") // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password } AuthSignInStep.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE -> { Log.i("AuthQuickstart","Custom challenge, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer } AuthSignInStep.CONFIRM_SIGN_IN_WITH_NEW_PASSWORD -> { Log.i("AuthQuickstart", "Sign in with new password, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password } AuthSignInStep.DONE -> { Log.i("AuthQuickstart", "SignIn complete") // User has successfully signed in to the app } }
} ) { error -> when (error) { is UserNotConfirmedException -> { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.e("AuthQuickstart", "Signup confirmation required", error) } is PasswordResetRequiredException -> { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.e("AuthQuickstart", "Password reset required", error) } else -> { Log.e("AuthQuickstart", "Unexpected error occurred: $error") } } }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error occurred: $error")}
try { val result = Amplify.Auth.signIn( "hello@example.com", "password" ) val nextStep = result.nextStep when (nextStep.signInStep) { AuthSignInStep.CONFIRM_SIGN_IN_WITH_TOTP_CODE -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup") Log.i("AuthQuickstart", "Allowed MFA types for setup ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA") // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address } AuthSignInStep.CONTINUE_SIGN_IN_WITH_TOTP_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP") Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app ${nextStep.totpSetupDetails?.sharedSecret}") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type") Log.i("AuthQuickstart", "Allowed MFA types ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION -> { Log.i("AuthQuickstart", "Available authentication factors for this user: ${result.nextStep.availableFactors}") // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection } AuthSignInStep.CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE -> { Log.i("AuthQuickstart", "SMS code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP -> { Log.i("AuthQuickstart", "OTP code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_PASSWORD -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with password") // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password } AuthSignInStep.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE -> { Log.i("AuthQuickstart","Custom challenge, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer } AuthSignInStep.CONFIRM_SIGN_IN_WITH_NEW_PASSWORD -> { Log.i("AuthQuickstart", "Sign in with new password, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password } AuthSignInStep.DONE -> { Log.i("AuthQuickstart", "SignIn complete") // User has successfully signed in to the app } }} catch (error: Exception) { when (error) { is UserNotConfirmedException -> { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.e("AuthQuickstart", "Signup confirmation required", error) } is PasswordResetRequiredException -> { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.e("AuthQuickstart", "Password reset required", error) } else -> { Log.e("AuthQuickstart", "Unexpected error occurred: $error") } }}
RxAmplify.Auth.signIn("hello@example.com", "password").subscribe( result -> { AuthNextSignInStep nextStep = result.getNextStep(); switch (nextStep.getSignInStep()) { case CONFIRM_SIGN_IN_WITH_TOTP_CODE: { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code"); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup"); Log.i("AuthQuickstart", "Allowed MFA types for setup" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA"); // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address break; } case CONTINUE_SIGN_IN_WITH_TOTP_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP"); Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app" + nextStep.getTotpSetupDetails().getSharedSecret()); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type"); Log.i("AuthQuickstart", "Allowed MFA type" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION: { Log.i("AuthQuickstart", "Available authentication factors for this user: " + result.getNextStep().getAvailableFactors()); // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection break; } case CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE: { Log.i("AuthQuickstart", "SMS code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_OTP: { Log.i("AuthQuickstart", "OTP code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_PASSWORD: { Log.i("AuthQuickstart", "Received next step as confirm sign in with password"); // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password break; } case CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE: { Log.i("AuthQuickstart", "Custom challenge, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer break; } case CONFIRM_SIGN_IN_WITH_NEW_PASSWORD: { Log.i("AuthQuickstart", "Sign in with new password, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password break; } case DONE: { Log.i("AuthQuickstart", "SignIn complete"); // User has successfully signed in to the app break; } } }, error -> { if (error instanceof UserNotConfirmedException) { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.i("AuthQuickstart", "Signup confirmation required" + error); } else if (error instanceof PasswordResetRequiredException) { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.i("AuthQuickstart", "Password reset required" + error); } else { Log.e("AuthQuickstart", "SignIn failed: " + error); } });
Confirm sign-in with SMS MFA
If the next step is CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE
, Amplify Auth has sent the user a random code over SMS, and is waiting to find out if the user successfully received it. To handle this step, your app's UI must prompt the user to enter the code. After the user enters the code, your implementation must pass the value to Amplify Auth confirmSignIn
API.
try { Amplify.Auth.confirmSignIn( "confirmation code", result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}
try { Amplify.Auth.confirmSignIn( "confirmation code", { result -> if (result.isSignedIn) { Log.i("AuthQuickstart","Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } } ) { error -> Log.e("AuthQuickstart", "Confirm sign in failed: $error")}} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
try { val result = Amplify.Auth.confirmSignIn( "confirmation code" ) if (result.isSignedIn) { Log.i("AuthQuickstart", "Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}" ) // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
RxAmplify.Auth.confirmSignIn( "confirmation code").subscribe( result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );
Confirm sign-in with TOTP MFA
If the next step is CONFIRM_SIGN_IN_WITH_TOTP_CODE
, you should prompt the user to enter the TOTP code from their associated authenticator app during set up. The code is a six-digit number that changes every 30 seconds. The user must enter the code before the 30-second window expires.
After the user enters the code, your implementation must pass the value to Amplify Auth confirmSignIn
API.
Confirm sign-in with Email MFA
If the next step is CONFIRM_SIGN_IN_WITH_EMAIL_MFA_CODE
, Amplify Auth has sent the user a random code to their email address and is waiting to find out if the user successfully received it. To handle this step, your app's UI must prompt the user to enter the code. After the user enters the code, your implementation must pass the value to Amplify Auth confirmSignIn
API.
Confirm sign-in with OTP
If the next step is CONFIRM_SIGN_IN_WITH_OTP
, Amplify Auth has sent the user a random code to the medium of the user's choosing (e.g. SMS or email) and is waiting for the user to verify that code. To handle this step, your app's UI must prompt the user to enter the code. After the user enters the code, pass the value to the confirmSignIn
API.
Continue sign-in with MFA Selection
If the next step is CONTINUE_SIGN_IN_WITH_MFA_SELECTION
, the user must select the MFA method to use. Amplify Auth currently supports SMS, TOTP, and email as MFA methods. After the user selects an MFA method, your implementation must pass the selected MFA method to Amplify Auth using confirmSignIn
API.
Continue sign-in with Email Setup
If the next step is CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP
, then the user must provide an email address to complete the sign in process. Once this value has been collected from the user, call the confirmSignIn
API to continue.
Continue sign-in with TOTP Setup
If the next step is CONTINUE_SIGN_IN_WITH_TOTP_SETUP
, then the user must provide a TOTP code to complete the sign in process. The step returns an associated value of type TOTPSetupDetails
which would be used for generating TOTP. TOTPSetupDetails
provides a helper method called getSetupURI
that can be used to generate a URI, which can be used by native password managers for TOTP association. For example. if the URI is used on Apple platforms, it will trigger the platform's native password manager to associate TOTP with the account. For more advanced use cases, TOTPSetupDetails
also contains the sharedSecret
that will be used to either generate a QR code or can be manually entered into an authenticator app.
Once the authenticator app is set up, the user can generate a TOTP code and provide it to the library to complete the sign in process.
Continue sign-in with MFA Setup Selection
If the next step is CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION
, the user must select the MFA method to setup. Amplify Auth currently supports SMS, TOTP, and email as MFA methods. After the user selects an MFA method, your implementation must pass the selected MFA method to Amplify Auth using confirmSignIn
API.
Continue sign-in with First Factor Selection
If the next step is CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION
, the user must select an authentication factor to use either because they did not specify one or because the one they chose is not supported (e.g. selecting SMS when they don't have a phone number registered to their account). Amplify Auth currently supports SMS, email, password, and webauthn as authentication factors. After the user selects an authentication method, your implementation must pass the selected authentication method to Amplify Auth using confirmSignIn
API.
Visit the sign-in documentation to see examples on how to call the confirmSignIn
API.
Confirm sign-in with custom challenge
If the next step is CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE
, Amplify Auth is awaiting completion of a custom authentication challenge. The challenge is based on the Lambda trigger you setup when you configured a custom sign in flow. To complete this step, you should prompt the user for the custom challenge answer, and pass the answer to the confirmSignIn
API.
try { Amplify.Auth.confirmSignIn( "challenge answer", result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}
try { Amplify.Auth.confirmSignIn( "challenge answer", { result -> if (result.isSignedIn) { Log.i("AuthQuickstart","Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } } ) { error -> Log.e("AuthQuickstart", "Confirm sign in failed: $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
try { val result = Amplify.Auth.confirmSignIn( "challenge answer" ) if (result.isSignedIn) { Log.i("AuthQuickstart", "Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
RxAmplify.Auth.confirmSignIn( "challenge answer").subscribe( result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error));
Confirm sign-in with new password
If you receive a UserNotConfirmedException
while signing in, Amplify Auth requires a new password for the user before they can proceed. Prompt the user for a new password and pass it to the confirmSignIn
API.
try { Amplify.Auth.confirmSignIn( "confirmation code", result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}
try { Amplify.Auth.confirmSignIn( "confirmation code", { result -> if (result.isSignedIn) { Log.i("AuthQuickstart","Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") } } ) { error -> Log.e("AuthQuickstart", "Confirm sign in failed: $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}}
try { val result = Amplify.Auth.confirmSignIn( "confirmation code" ) if (result.isSignedIn) { Log.i("AuthQuickstart", "Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
RxAmplify.Auth.confirmSignIn( "confirmation code").subscribe( result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );
Reset password
If you receive PasswordResetRequiredException
, authentication flow could not proceed without resetting the password. The next step is to invoke resetPassword
api and follow the reset password flow.
try { Amplify.Auth.resetPassword( "username", result -> Log.i("AuthQuickstart", "Reset password succeeded"), error -> Log.e("AuthQuickstart", "Reset password failed : " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}
try { Amplify.Auth.resetPassword( "username", { Log.i("AuthQuickstart", "Reset password succeeded") } ) { error -> Log.e("AuthQuickstart", "Reset password failed : $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
try { Amplify.Auth.resetPassword("username") Log.i("AuthQuickstart", "Reset password succeeded")} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}
RxAmplify.Auth.resetPassword( "username").subscribe( result -> Log.i("AuthQuickstart", "Reset password succeeded"), error -> Log.e("AuthQuickstart", "Reset password failed : " + error));
Confirm Signup
If you receive CONFIRM_SIGN_UP
as a next step, sign up could not proceed without confirming user information such as email or phone number. The next step is to invoke the confirmSignUp
API and follow the confirm signup flow.
try { Amplify.Auth.confirmSignUp( "username", "confirmation code", result -> Log.i("AuthQuickstart", "Confirm signUp result completed: " + result.isSignUpComplete()), error -> Log.e("AuthQuickstart", "An error occurred while confirming sign up: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "unexpected error: " + error);}
try { Amplify.Auth.confirmSignUp( "username", "confirmation code", { result -> Log.i("AuthQuickstart", "Confirm signUp result completed: ${result.isSignUpComplete}") } ) { error -> Log.e("AuthQuickstart", "An error occurred while confirming sign up: $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "unexpected error: $error")}
try { val result = Amplify.Auth.confirmSignUp( "username", "confirmation code" ) Log.i("AuthQuickstart", "Confirm signUp result completed: ${result.isSignUpComplete}")} catch (error: Exception) { Log.e("AuthQuickstart", "unexpected error: $error")}
RxAmplify.Auth.confirmSignUp( "username", "confirmation code").subscribe( result -> Log.i("AuthQuickstart", "Confirm signUp result completed: " + result.isSignUpComplete()), error -> Log.e("AuthQuickstart", "An error occurred while confirming sign up: " + error));
Get Current User
This call fetches the current logged in user and should be used after a user has been successfully signed in. If the user is signed in, it will return the current userId and username.
try { Amplify.Auth.getCurrentUser( result -> Log.i("AuthQuickstart", "Current user details are:" + result.toString(), error -> Log.e("AuthQuickstart", "getCurrentUser failed with an exception: " + error) ); } catch (Exception error) { Log.e("AuthQuickstart", "unexpected error: " + error); }
Amplify.Auth.getCurrentUser({ Log.i("AuthQuickStart", "Current user details are: $it")},{ Log.e("AuthQuickStart", "getCurrentUser failed with an exception: $it")})
try { val result = Amplify.Auth.getCurrentUser() Log.i("AuthQuickstart", "Current user details are: $result")} catch (error: Exception) { Log.e("AuthQuickstart", "getCurrentUser failed with an exception: $error")}
RxAmplify.Auth.getCurrentUser().subscribe( result -> Log.i("AuthQuickStart getCurrentUser: " + result.toString()), error -> Log.e("AuthQuickStart", error.toString()) );
Done
Sign In flow is complete when you get done
. This means the user is successfully authenticated. As a convenience, the SignInResult also provides the isSignedIn
property, which will be true if the next step is done
.