Manage WebAuthn credentials
Amplify Auth uses passkeys as the credential mechanism for WebAuthn. The following APIs allow users to register, keep track of, and delete the passkeys associated with their Cognito account.
Learn more about using passkeys with Amplify.
Associate WebAuthn credentials
Note that users must be authenticated to register a passkey. That also means users cannot create a passkey during sign up; consequently, they must have at least one other first factor authentication mechanism associated with their account to use WebAuthn.
You can associate a passkey using the following API:
Amplify.Auth.associateWebAuthnCredential( activity, () -> Log.i("AuthQuickstart", "Associated credential"), error -> Log.e("AuthQuickstart", "Failed to associate credential", error));
Amplify.Auth.associateWebAuthnCredential( activity, { Log.i("AuthQuickstart", "Associated credential") }, { Log.e("AuthQuickstart", "Failed to associate credential", error) })
try { val result = Amplify.Auth.associateWebAuthnCredential(activity) Log.i("AuthQuickstart", "Associated credential")} catch (error: AuthException) { Log.e("AuthQuickstart", "Failed to associate credential", error)}
RxAmplify.Auth.associateWebAuthnCredential(activity) .subscribe( result -> Log.i("AuthQuickstart", "Associated credential"), error -> Log.e("AuthQuickstart", "Failed to associate credential", error) );
You must supply an Activity
instance so that Amplify can display the PassKey UI in your application's Task.
The user will be prompted to register a passkey using their local authenticator. Amplify will then associate that passkey with Cognito.
List WebAuthn credentials
You can list registered passkeys using the following API:
Amplify.Auth.listWebAuthnCredentials( result -> result.getCredentials().forEach(credential -> { Log.i("AuthQuickstart", "Credential ID: " + credential.getCredentialId()); Log.i("AuthQuickstart", "Friendly Name: " + credential.getFriendlyName()); Log.i("AuthQuickstart", "Relying Party ID: " + credential.getRelyingPartyId()); Log.i("AuthQuickstart", "Created At: " + credential.getCreatedAt()); }), error -> Log.e("AuthQuickstart", "Failed to list credentials", error));
Amplify.Auth.listWebAuthnCredentials( { result -> result.credentials.forEach { credential -> Log.i("AuthQuickstart", "Credential ID: ${credential.credentialId}") Log.i("AuthQuickstart", "Friendly Name: ${credential.friendlyName}") Log.i("AuthQuickstart", "Relying Party ID: ${credential.relyingPartyId}") Log.i("AuthQuickstart", "Created At: ${credential.createdAt}") } }, { error -> Log.e("AuthQuickstart", "Failed to list credentials", error) })
try { val result = Amplify.Auth.listWebAuthnCredentials() result.credentials.forEach { credential -> Log.i("AuthQuickstart", "Credential ID: ${credential.credentialId}") Log.i("AuthQuickstart", "Friendly Name: ${credential.friendlyName}") Log.i("AuthQuickstart", "Relying Party ID: ${credential.relyingPartyId}") Log.i("AuthQuickstart", "Created At: ${credential.createdAt}") }} catch (error: AuthException) { Log.e("AuthQuickstart", "Failed to list credentials", error)}
RxAmplify.Auth.listWebAuthnCredentials() .subscribe( result -> result.getCredentials().forEach(credential -> { Log.i("AuthQuickstart", "Credential ID: " + credential.getCredentialId()); Log.i("AuthQuickstart", "Friendly Name: " + credential.getFriendlyName()); Log.i("AuthQuickstart", "Relying Party ID: " + credential.getRelyingPartyId()); Log.i("AuthQuickstart", "Created At: " + credential.getCreatedAt()); }), error -> Log.e("AuthQuickstart", "Failed to list credentials", error) );
Delete WebAuthn credentials
You can delete a passkey with the following API:
Amplify.Auth.deleteWebAuthnCredential( credentialId, (result) -> Log.i("AuthQuickstart", "Deleted credential"), error -> Log.e("AuthQuickstart", "Failed to delete credential", error));
Amplify.Auth.deleteWebAuthnCredential( credentialId, { Log.i("AuthQuickstart", "Deleted credential") }, { Log.e("AuthQuickstart", "Failed to delete credential", error) })
try { val result = Amplify.Auth.deleteWebAuthnCredential(credentialId) Log.i("AuthQuickstart", "Deleted credential")} catch (error: AuthException) { Log.e("AuthQuickstart", "Failed to delete credential", error)}
RxAmplify.Auth.deleteWebAuthnCredential(credentialId) .subscribe( result -> Log.i("AuthQuickstart", "Deleted credential"), error -> Log.e("AuthQuickstart", "Failed to delete credential", error) );
The delete passkey API has only the required credentialId
as input, and it does not return a value.