Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Dec 2, 2024

Manage WebAuthn credentials

Amplify Auth enables your users to associate, keep track of, and delete passkeys.

Associate WebAuthN credentials

Note that users must be authenticated to register a passkey. That also means users cannot create a passkey during sign up; consequently, they must have at least one other first factor authentication mechanism associated with their account to use WebAuthn.

You can associate a passkey using the following API:

Amplify.Auth.associateWebAuthnCredential(
activity,
() -> Log.i("AuthQuickstart", "Associated credential"),
error -> Log.e("AuthQuickstart", "Failed to register credential", error)
);
Amplify.Auth.associateWebAuthnCredential(
activity,
{ Log.i("AuthQuickstart", "Associated credential") },
{ Log.e("AuthQuickstart", "Failed to register credential", error) }
)
try {
val result = Amplify.Auth.associateWebAuthnCredential(activity)
Log.i("AuthQuickstart", "Associated credential")
} catch (error: AuthException) {
Log.e("AuthQuickstart", "Failed to associate credential", error)
}
RxAmplify.Auth.associateWebAuthnCredential(activity)
.subscribe(
result -> Log.i("AuthQuickstart", "Associated credential"),
error -> Log.e("AuthQuickstart", "Failed to associate credential", error)
);

You must supply an Activity instance so that Amplify can display the PassKey UI in your Application's Task.

The user will be prompted to register a passkey using their local authenticator. Amplify will then associate that passkey with Cognito.

List WebAuthN credentials

You can list registered passkeys using the following API:

Amplify.Auth.listWebAuthnCredentials(
result -> result.getCredentials().forEach(credential -> {
Log.i("AuthQuickstart", "Credential ID: " + credential.getCredentialId());
Log.i("AuthQuickstart", "Friendly Name: " + credential.getFriendlyName());
Log.i("AuthQuickstart", "Relying Party ID: " + credential.getRelyingPartyId());
Log.i("AuthQuickstart", "Created At: " + credential.getCreatedAt());
}),
error -> Log.e("AuthQuickstart", "Failed to list credentials", error)
);
Amplify.Auth.listWebAuthnCredentials(
{ result ->
result.credentials.forEach { credential ->
Log.i("AuthQuickstart", "Credential ID: ${credential.credentialId}")
Log.i("AuthQuickstart", "Friendly Name: ${credential.friendlyName}")
Log.i("AuthQuickstart", "Relying Party ID: ${credential.relyingPartyId}")
Log.i("AuthQuickstart", "Created At: ${credential.createdAt}")
}
},
{ error -> Log.e("AuthQuickstart", "Failed to list credentials", error) }
)
try {
val result = Amplify.Auth.listWebAuthnCredentials()
result.credentials.forEach { credential ->
Log.i("AuthQuickstart", "Credential ID: ${credential.credentialId}")
Log.i("AuthQuickstart", "Friendly Name: ${credential.friendlyName}")
Log.i("AuthQuickstart", "Relying Party ID: ${credential.relyingPartyId}")
Log.i("AuthQuickstart", "Created At: ${credential.createdAt}")
}
} catch (error: AuthException) {
Log.e("AuthQuickstart", "Failed to list credentials", error)
}
RxAmplify.Auth.listWebAuthnCredentials()
.subscribe(
result -> result.getCredentials().forEach(credential -> {
Log.i("AuthQuickstart", "Credential ID: " + credential.getCredentialId());
Log.i("AuthQuickstart", "Friendly Name: " + credential.getFriendlyName());
Log.i("AuthQuickstart", "Relying Party ID: " + credential.getRelyingPartyId());
Log.i("AuthQuickstart", "Created At: " + credential.getCreatedAt());
}),
error -> Log.e("AuthQuickstart", "Failed to list credentials", error)
);

Delete WebAuthN credentials

You can delete a passkey with the following API:

Amplify.Auth.deleteWebAuthnCredential(
credentialId,
(result) -> Log.i("AuthQuickstart", "Deleted credential"),
error -> Log.e("AuthQuickstart", "Failed to delete credential", error)
);
Amplify.Auth.deleteWebAuthnCredential(
credentialId,
{ Log.i("AuthQuickstart", "Deleted credential") },
{ Log.e("AuthQuickstart", "Failed to delete credential", error) }
)
try {
val result = Amplify.Auth.deleteWebAuthnCredential(credentialId)
Log.i("AuthQuickstart", "Deleted credential")
} catch (error: AuthException) {
Log.e("AuthQuickstart", "Failed to delete credential", error)
}
RxAmplify.Auth.deleteWebAuthnCredential(credentialId)
.subscribe(
result -> Log.i("AuthQuickstart", "Deleted credential"),
error -> Log.e("AuthQuickstart", "Failed to delete credential", error)
);

The delete passkey API has only the required credentialId as input, and it does not return a value.