Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Fullstack TypeScript

Write your app's data model, auth, storage, and functions in TypeScript; Amplify will do the rest.

Built with the AWS CDK

Use any cloud resource your app needs. Never worry about scale.

Back to Gen 1 DocsLearn more about Gen 2

Choose your framework/language

Edit on GitHub

Page updated Jun 24, 2025

Sign-in

Amplify provides a client library that enables you to interact with backend resources such as Amplify Auth.

The quickest way to get started with Amplify Auth in your frontend application is with the Authenticator component, which provides a customizable UI and complete authentication flows.

Using the signIn API

Amplify.Auth.signIn(
    "username",
    "password",
    result -> Log.i("AuthQuickstart", result.isSignedIn() ? "Sign in succeeded" : "Sign in not complete"),
    error -> Log.e("AuthQuickstart", error.toString())
);
Amplify.Auth.signIn("username", "password",
    { result ->
        if (result.isSignedIn) {
            Log.i("AuthQuickstart", "Sign in succeeded")
        } else {
            Log.i("AuthQuickstart", "Sign in not complete")
        }
    },
    { Log.e("AuthQuickstart", "Failed to sign in", it) }
)
try {
    val result = Amplify.Auth.signIn("username", "password")
    if (result.isSignedIn) {
        Log.i("AuthQuickstart", "Sign in succeeded")
    } else {
        Log.e("AuthQuickstart", "Sign in not complete")
    }
} catch (error: AuthException) {
    Log.e("AuthQuickstart", "Sign in failed", error)
}
RxAmplify.Auth.signIn("username", "password")
    .subscribe(
        result -> Log.i("AuthQuickstart", result.isSignedIn() ? "Sign in succeeded" : "Sign in not complete"),
        error -> Log.e("AuthQuickstart", error.toString())
    );

The signIn API response will include a nextStep property, which can be used to determine if further action is required. It may return the following next steps:

Next StepDescription
CONFIRM_SIGN_IN_WITH_NEW_PASSWORDThe user was created with a temporary password and must set a new one. Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGEThe sign-in must be confirmed with a custom challenge response. Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_TOTP_CODEThe sign-in must be confirmed with a TOTP code from the user. Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_SMS_MFA_CODEThe sign-in must be confirmed with a SMS code from the user. Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_OTPThe sign-in must be confirmed with a code from the user (sent via SMS or Email). Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_PASSWORDThe sign-in must be confirmed with the password from the user. Complete the process with confirmSignIn.
CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTIONThe user must select their mode of MFA verification to setup. Complete the process by passing either MFAType.EMAIL.challengeResponse or MFAType.TOTP.challengeResponse to confirmSignIn.
CONTINUE_SIGN_IN_WITH_MFA_SELECTIONThe user must select their mode of MFA verification before signing in. Complete the process with confirmSignIn.
CONTINUE_SIGN_IN_WITH_TOTP_SETUPThe TOTP setup process must be continued. Complete the process with confirmSignIn.
CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUPThe EMAIL setup process must be continued. Complete the process by passing a valid email address to confirmSignIn.
CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTIONThe user must select their mode of first factor authentication. Complete the process by passing the desired mode to the challengeResponse field of confirmSignIn.
RESET_PASSWORDThe user must reset their password via resetPassword.
CONFIRM_SIGN_UPThe user hasn't completed the sign-up flow fully and must be confirmed via confirmSignUp.
DONEThe sign in process has been completed.

For more information on handling the MFA steps that may be returned, see multi-factor authentication.

With multi-factor auth enabled

When you have Email or SMS MFA enabled, Cognito will send messages to your users on your behalf. Email and SMS messages require that your users have email address and phone number attributes respectively. It is recommended to set these attributes as required in your user pool if you wish to use either Email MFA or SMS MFA. When these attributes are required, a user must provide these details before they can complete the sign up process.

If you have set MFA to be required and you have activated more than one authentication factor, Cognito will prompt new users to select an MFA factor they want to use. Users must have a phone number to select SMS and an email address to select email MFA.

If a user doesn't have the necessary attributes defined for any available message based MFA, Cognito will prompt them to set up TOTP.

Visit the multi-factor authentication documentation to learn more about enabling MFA on your backend auth resource.

ArrayList<AuthUserAttribute> attributes = new ArrayList<>();
attributes.add(new AuthUserAttribute(AuthUserAttributeKey.email(), "my@email.com"));
attributes.add(new AuthUserAttribute(AuthUserAttributeKey.phoneNumber(), "+15551234567"));


Amplify.Auth.signUp(
    "username",
    "Password123",
    AuthSignUpOptions.builder().userAttributes(attributes).build(),
    result -> Log.i("AuthQuickstart", result.toString()),
    error -> Log.e("AuthQuickstart", error.toString())
);
val attrs = mapOf(
    AuthUserAttributeKey.email() to "my@email.com",
    AuthUserAttributeKey.phoneNumber() to "+15551234567"
)
val options = AuthSignUpOptions.builder()
    .userAttributes(attrs.map { AuthUserAttribute(it.key, it.value) })
    .build()
Amplify.Auth.signUp("username", "Password123", options,
    { Log.i("AuthQuickstart", "Sign up result = $it") },
    { Log.e("AuthQuickstart", "Sign up failed", it) }
)
val attrs = mapOf(
    AuthUserAttributeKey.email() to "my@email.com",
    AuthUserAttributeKey.phoneNumber() to "+15551234567"
)
val options = AuthSignUpOptions.builder()
    .userAttributes(attrs.map { AuthUserAttribute(it.key, it.value) })
    .build()
try {
    val result = Amplify.Auth.signUp("username", "Password123", options)
    Log.i("AuthQuickstart", "Sign up OK: $result")
} catch (error: AuthException) {
    Log.e("AuthQuickstart", "Sign up failed", error)
}
ArrayList<AuthUserAttribute> attributes = new ArrayList<>();
attributes.add(new AuthUserAttribute(AuthUserAttributeKey.email(), "my@email.com"));
attributes.add(new AuthUserAttribute(AuthUserAttributeKey.phoneNumber(), "+15551234567"));


RxAmplify.Auth.signUp(
    "username",
    "Password123",
    AuthSignUpOptions.builder().userAttributes(attributes).build())
    .subscribe(
        result -> Log.i("AuthQuickstart", result.toString()),
        error -> Log.e("AuthQuickstart", error.toString())
    );

Confirm sign-in

Following sign in, you will receive a nextStep in the sign-in result of one of the following types. Collect the user response and then pass to the confirmSignIn API to complete the sign in flow.

Next StepDescription
CONFIRM_SIGN_IN_WITH_TOTP_CODEThe sign-in must be confirmed with a TOTP code from the user. Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_SMS_MFA_CODEThe sign-in must be confirmed with a SMS code from the user. Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_OTPThe sign-in must be confirmed with a code from the user (sent via SMS or Email). Complete the process with confirmSignIn.
CONFIRM_SIGN_IN_WITH_PASSWORDThe sign-in must be confirmed with the password from the user. Complete the process with confirmSignIn.
CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTIONThe user must select their mode of first factor authentication. Complete the process by passing the desired mode to the challengeResponse field of confirmSignIn.
CONTINUE_SIGN_IN_WITH_MFA_SELECTIONThe user must select their mode of MFA verification before signing in. Complete the process with confirmSignIn.
CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTIONThe user must select their mode of MFA verification to setup. Complete the process by passing either MFAType.EMAIL.challengeResponse or MFAType.TOTP.challengeResponse to confirmSignIn.
CONTINUE_SIGN_IN_WITH_TOTP_SETUPThe TOTP setup process must be continued. Complete the process with confirmSignIn.
CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUPThe EMAIL setup process must be continued. Complete the process by passing a valid email address to confirmSignIn.

Note: you must call confirmSignIn in the same app session as you call signIn. If you close the app, you will need to call signIn again. As a result, for testing purposes, you'll at least need an input field where you can enter the code sent via SMS and pass it to confirmSignIn.

Amplify.Auth.confirmSignIn(
    "confirmation code received via SMS",
    result -> Log.i("AuthQuickstart", result.toString()),
    error -> Log.e("AuthQuickstart", error.toString())
);
Amplify.Auth.confirmSignIn("code received via SMS",
    { Log.i("AuthQuickstart", "Confirmed signin: $it") },
    { Log.e("AuthQuickstart", "Failed to confirm signin", it) }
)
try {
    val result = Amplify.Auth.confirmSignIn("code received via SMS")
    Log.i("AuthQuickstart", "Confirmed signin: $result")
} catch (error: AuthException) {
    Log.e("AuthQuickstart", "Failed to confirm signin", error)
}
RxAmplify.Auth.confirmSignIn("confirmation code received via SMS")
    .subscribe(
        result -> Log.i("AuthQuickstart", result.toString()),
        error -> Log.e("AuthQuickstart", error.toString())
    );

Sign in with an external identity provider

To sign in using an external identity provider such as Google, use the signInWithSocialWebUI function.

Update AndroidManifest.xml

Add the following activity and queries tag to your app's AndroidManifest.xml file, replacing myapp with your redirect URI prefix if necessary:

<application ...>
  ...
  <activity
      android:name="com.amplifyframework.auth.cognito.activities.HostedUIRedirectActivity"
      android:exported="true">
      <intent-filter>
          <action android:name="android.intent.action.VIEW" />
          <category android:name="android.intent.category.DEFAULT" />
          <category android:name="android.intent.category.BROWSABLE" />
          <data android:scheme="myapp" />
      </intent-filter>
  </activity>
  ...
</application>

Launch Social Web UI Sign In

Sweet! You're now ready to launch sign in with your social provider's web UI.

For now, just add this method to the onCreate method of MainActivity with whatever provider you're using (shown with Facebook below):

// Replace facebook with your chosen auth provider such as google, amazon, or apple
Amplify.Auth.signInWithSocialWebUI(
    AuthProvider.facebook(),
    this,
    result -> Log.i("AuthQuickstart", result.toString()),
    error -> Log.e("AuthQuickstart", error.toString())
);
// Replace facebook with your chosen auth provider such as google, amazon, or apple
Amplify.Auth.signInWithSocialWebUI(
    AuthProvider.facebook(),
    this,
    { Log.i("AuthQuickstart", "Sign in OK: $it") },
    { Log.e("AuthQuickstart", "Sign in failed", it) }
)
try {
    // Replace facebook with your chosen auth provider such as google, amazon, or apple
    val result = Amplify.Auth.signInWithSocialWebUI(AuthProvider.facebook(), this)
    Log.i("AuthQuickstart", "Sign in OK: $result")
} catch (error: AuthException) {
    Log.e("AuthQuickstart", "Sign in failed", error)
}
// Replace facebook with your chosen auth provider such as google, amazon, or apple
RxAmplify.Auth.signInWithSocialWebUI(AuthProvider.facebook(), this)
    .subscribe(
        result -> Log.i("AuthQuickstart", result.toString()),
        error -> Log.e("AuthQuickstart", error.toString())
    );

Sign in with passwordless methods

Your application's users can also sign in using passwordless methods. To learn more, including how to setup the various passwordless authentication flows, visit the concepts page for passwordless.

SMS OTP

Pass SMS_OTP as the preferredFirstFactor when calling the signIn API in order to initiate a passwordless authentication flow with SMS OTP.

// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.SMS_OTP) // Sign in using SMS OTP
    .build();


// Sign in the user
Amplify.Auth.signIn(
    username,
    null, // no password
    options,
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            // Show UI to collect OTP
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
);


// Then pass that OTP into the confirmSignIn API
Amplify.Auth.confirmSignIn(
    "123456",
    result -> {
        // result.getNextStep().getSignInStep() should be "DONE" now
    },
    error -> Log.e("AuthQuickstart", error.toString())
);
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.SMS_OTP) // Sign in using SMS OTP
    .build()


// Sign in the user
Amplify.Auth.signIn(
    username,
    null, // no password
    options,
    { result: AuthSignInResult ->
        if (result.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            // Show UI to collect OTP
        }
    },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)


// Then pass that OTP into the confirmSignIn API
Amplify.Auth.confirmSignIn(
    "123456",
    { result: AuthSignInResult? -> },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.SMS_OTP) // Sign in using SMS OTP
    .build()


// Sign in the user
val result = Amplify.Auth.signIn(
    username = username,
    password = null,
    options = options
)
if (result.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
    // Show UI to collect OTP
}


// Then pass that OTP into the confirmSignIn API
val confirmResult = Amplify.Auth.confirmSignIn(
    challengeResponse = "123456"
)
// confirmResult.nextStep.signInStep should be "DONE"
// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.SMS_OTP) // Sign in using SMS OTP
    .build();


// Sign in the user
RxAmplify.Auth.signIn(
    username,
    null, // no password
    options
).subscribe(
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            // Show UI to collect OTP
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
)


// Then pass that OTP into the confirmSignIn API
RxAmplify.Auth.confirmSignIn("123456")
    .subscribe(
        result -> {
            // result.getNextStep().getSignInStep() should be "DONE" now
        },
        error -> Log.e("AuthQuickstart", error.toString())
    );

Email OTP

Pass EMAIL_OTP as the preferredFirstFactor when calling the signIn API in order to initiate a passwordless authentication flow with Email OTP.

// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.EMAIL_OTP) // Sign in using Email OTP
    .build();


// Sign in the user
Amplify.Auth.signIn(
    username,
    null, // no password
    options,
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            // Show UI to collect OTP
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
);


// Then pass that OTP into the confirmSignIn API
Amplify.Auth.confirmSignIn(
    "123456",
    result -> {
        // result.getNextStep().getSignInStep() should be "DONE" now
    },
    error -> Log.e("AuthQuickstart", error.toString())
);
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.EMAIL_OTP) // Sign in using Email OTP
    .build()


// Sign in the user
Amplify.Auth.signIn(
    username,
    null, // no password
    options,
    { result: AuthSignInResult ->
        if (result.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            // Show UI to collect OTP
        }
    },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)


// Then pass that OTP into the confirmSignIn API
Amplify.Auth.confirmSignIn(
    "123456",
    { result: AuthSignInResult? -> },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.EMAIL_OTP) // Sign in using Email OTP
    .build()


// Sign in the user
val result = Amplify.Auth.signIn(
    username = username,
    password = null,
    options = options
)
if (result.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
    // Show UI to collect OTP
}


// Then pass that OTP into the confirmSignIn API
val confirmResult = Amplify.Auth.confirmSignIn(
    challengeResponse = "123456"
)
// confirmResult.nextStep.signInStep should be "DONE"
// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.EMAIL_OTP) // Sign in using Email OTP
    .build();


// Sign in the user
RxAmplify.Auth.signIn(
    username,
    null, // no password
    options
).subscribe(
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            // Show UI to collect OTP
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
)


// Then pass that OTP into the confirmSignIn API
RxAmplify.Auth.confirmSignIn("123456")
    .subscribe(
        result -> {
            // result.getNextStep().getSignInStep() should be "DONE" now
        },
        error -> Log.e("AuthQuickstart", error.toString())
    );

WebAuthn Passkeys

Pass WEB_AUTHN as the preferredFirstFactor in order to initiate the passwordless authentication flow using a WebAuthn credential. This flow completes without any additional interaction from your application, so there is only one Amplify.Auth call needed for WebAuthn.

The user must have previously associated a credential to use this auth factor. To learn more, visit the manage WebAuthn credentials page.

Amplify requires an Activity reference to attach the PassKey UI to your Application's Task when using WebAuthn - if an Activity is not supplied then the UI will appear in a separate Task. For this reason, we strongly recommend always passing the callingActivity option to both the signIn and confirmSignIn APIs if your application allows users to sign in with passkeys.

// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .callingActivity(callingActivity)
    .preferredFirstFactor(AuthFactorType.WEB_AUTHN) // Sign in using WebAuthn
    .build();


// Sign in the user
Amplify.Auth.signIn(
    username,
    null, // no password
    options,
    result -> Log.i("AuthQuickStart", "Next sign in step: " + result.getNextStep()),
    error -> Log.e("AuthQuickstart", error.toString())
);
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .callingActivity(callingActivity)
    .preferredFirstFactor(AuthFactorType.WEB_AUTHN) // Sign in using WebAuthn
    .build()


// Sign in the user
Amplify.Auth.signIn(
    username,
    null, // no password
    options,
    { result: AuthSignInResult -> Log.i("AuthQuickStart", "Next sign in step: ${result.nextStep}") },
    { error: AuthException -> Log.e("AuthQuickStart", error.toString()) }
)
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .callingActivity(callingActivity)
    .preferredFirstFactor(AuthFactorType.WEB_AUTHN) // Sign in using WebAuthn
    .build()


// Sign in the user
val result = Amplify.Auth.signIn(
    username = username,
    password = null,
    options = options
)


// result.nextStep.signInStep should be "DONE" if use granted access to the passkey
// NOTE: `signIn` will throw a UserCancelledException if user dismissed the passkey UI
// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .callingActivity(callingActivity)
    .preferredFirstFactor(AuthFactorType.WEB_AUTHN) // Sign in using WebAuthn
    .build();


// Sign in the user
RxAmplify.Auth.signIn(
    username,
    null, // no password
    options
).subscribe(
    result -> Log.i("AuthQuickStart", "Next sign in step: " + result.getNextStep()),
    error -> Log.e("AuthQuickstart", error.toString())
)

Using WebAuthn sign in may result in a number of possible exception types.

  • UserCancelledException - If the user declines to authorize access to the passkey in the system UI. You can retry the WebAuthn flow by invoking confirmSignIn again, or restart the signIn process to select a different AuthFactorType.
  • WebAuthnNotEnabledException - This indicates WebAuthn is not enabled in your user pool.
  • WebAuthnNotSupportedException - This indicates WebAuthn is not supported on the user's device.
  • WebAuthnRpMismatchException - This indicates there is a problem with the assetlinks.json file deployed to your relying party.
  • WebAuthnFailedException - This exception is used for other errors that may occur with WebAuthn. Inspect the cause to determine the best course of action.

Password

Pass either PASSWORD or PASSWORD_SRP as the preferredFirstFactor in order to initiate a traditional password based authentication flow.

// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.PASSWORD) // Sign in using Password
    .build();


// Sign in the user
Amplify.Auth.signIn(
    username,
    password, // supply the password if preferredFirstFactor is PASSWORD or PASSWORD_SRP
    options,
    result -> Log.i("AuthQuickStart", "Next sign in step: " + result.getNextStep()),
    error -> Log.e("AuthQuickstart", error.toString())
);
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.PASSWORD) // Sign in using Password
    .build()


// Sign in the user
Amplify.Auth.signIn(
    username,
    password, // supply the password if preferredFirstFactor is PASSWORD or PASSWORD_SRP
    options,
    { result: AuthSignInResult -> Log.i("AuthQuickStart", "Next sign in step: ${result.nextStep}") },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)
// Use options to specify the preferred first factor
val options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.PASSWORD) // Sign in using Password
    .build()


// Sign in the user
val result = Amplify.Auth.signIn(
    username = username,
    password = password, // supply the password if preferredFirstFactor is PASSWORD or PASSWORD_SRP
    options = options
)


// result.nextStep.signInStep should be "DONE"
// Use options to specify the preferred first factor
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .preferredFirstFactor(AuthFactorType.Password) // Sign in using Password
    .build();


// Sign in the user
RxAmplify.Auth.signIn(
    username,
    password, // supply the password if preferredFirstFactor is PASSWORD or PASSWORD_SRP
    options
).subscribe(
    result -> Log.i("AuthQuickStart", "Next sign in step: " + result.getNextStep()),
    error -> Log.e("AuthQuickstart", error.toString())
)

First Factor Selection

Omit the preferredFirstFactor option to discover which first factors are available for a given user. This is useful to allow users to choose how they would like to sign in.

The confirmSignIn API can then be used to select a challenge and initiate the associated authentication flow.

// Omit preferredFirstFactor. If the user has more than one factor available then
// the next step will be CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION.
AuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
                                .authFlowType(AuthFlowType.USER_AUTH)
                                .build();


// Step 1: Sign in the user
Amplify.Auth.signIn(
    "hello@example.com",
    null,
    options,
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION) {
            Log.i(
                "AuthQuickstart",
                "Available authentication factors for this user: " + result.getNextStep().getAvailableFactors()
            );
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
);


// Step 2: Select SMS OTP for sign in
Amplify.Auth.confirmSignIn(
    AuthFactorType.SMS_OTP.getChallengeResponse(),
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            Log.i(
                "AuthQuickStart",
                "OTP code sent to " + result.getNextStep().getCodeDeliveryDetails()
            )
            // Show UI to collect OTP
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
);


// Step 3: Then pass that OTP into the confirmSignIn API
Amplify.Auth.confirmSignIn(
    "123456",
    result -> {
        // result.getNextStep().getSignInStep() should be "DONE" now
    },
    error -> Log.e("AuthQuickstart", error.toString())
);
// Omit preferredFirstFactor. If the user has more than one factor available then
// the next step will be CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION.
val options: AuthSignInOptions = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .build()


// Step 1: Sign in the user
Amplify.Auth.signIn(
    "hello@example.com",
    null,
    options,
    { result: AuthSignInResult ->
        if (result.nextStep.signInStep == AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION) {
            Log.i(
                "AuthQuickstart",
                "Available authentication factors for this user: ${result.nextStep.availableFactors}"
            )
        }
    },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)


// Step 2: Select SMS OTP for sign in
Amplify.Auth.confirmSignIn(
    AuthFactorType.SMS_OTP.getChallengeResponse(),
    { result: AuthSignInResult ->
        if (result.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
            Log.i(
                "AuthQuickStart",
                "OTP code sent to ${result.nextStep.codeDeliveryDetails}"
            )
            // Show UI to collect OTP
        }
    },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)


// Step 3: Then pass that OTP into the confirmSignIn API
Amplify.Auth.confirmSignIn(
    "123456",
    { result: AuthSignInResult? -> 
        // result.nextStep.signInStep should be "DONE" now
    },
    { error: AuthException -> Log.e("AuthQuickstart", error.toString()) }
)
// Omit preferredFirstFactor. If the user has more than one factor available then
// the next step will be CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION.
val options: AuthSignInOptions = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .build()


// Step 1: Sign in the user
val result = Amplify.Auth.signIn(
    username = "hello@example.com",
    password = null,
    options = options
)


if (result.nextStep.signInStep == AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION) {
    Log.i(
        "AuthQuickStart",
        "Available authentication factors for this user: ${result.nextStep.availableFactors}"
    )
}


// Step 2: Select SMS OTP for sign in
val selectFactorResult = Amplify.Auth.confirmSignIn(challengeResponse = AuthFactorType.SMS_OTP.challengeResponse)


if (result.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
    Log.i(
        "AuthQuickStart",
        "OTP code sent to ${result.nextStep.codeDeliveryDetails}"
    )
    // Show UI to collect OTP
}


// Step 3: Then pass that OTP into the confirmSignIn API
val confirmResult = Amplify.Auth.confirmSignIn(challengeResponse = "123456")


// confirmResult.nextStep.signInStep should be "DONE" now
// Omit preferredFirstFactor. If the user has more than one factor available then
// the next step will be CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION.
AWSCognitoAuthSignInOptions options = AWSCognitoAuthSignInOptions.builder()
    .authFlowType(AuthFlowType.USER_AUTH)
    .build();


// Step 1: Sign in the user
RxAmplify.Auth.signIn(
    username,
    null, // no password
    options
).subscribe(
    result -> {
        if (result.getNextStep().getSignInStep() == AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION) {
            Log.i(
                "AuthQuickstart",
                "Available authentication factors for this user: " + result.getNextStep().getAvailableFactors()
            );
        }
    },
    error -> Log.e("AuthQuickstart", error.toString())
)


// Step 2: Select SMS OTP for sign in
RxAmplify.Auth.confirmSignIn(AuthFactorType.SMS_OTP.getChallengeResponse())
    .subscribe(
        result -> {
            if (result.getNextStep().getSignInStep() == AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP) {
                Log.i(
                    "AuthQuickStart",
                    "OTP code sent to " + result.getNextStep().getCodeDeliveryDetails()
                )
                // Show UI to collect OTP
            }
        },
        error -> Log.e("AuthQuickstart", error.toString())
    );


// Step 3: Then pass that OTP into the confirmSignIn API
RxAmplify.Auth.confirmSignIn("123456")
    .subscribe(
        result -> {
            // result.getNextStep().getSignInStep() should be "DONE" now
        },
        error -> Log.e("AuthQuickstart", error.toString())
    );
PREVIOUS
Sign-up
NEXT
Switching authentication flows
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2025, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.