Manage WebAuthn credentials
Amplify Auth enables your users to associate, keep track of, and delete passkeys.
Associate WebAuthN credentials
Note that users must be authenticated to register a passkey. That also means users cannot create a passkey during sign up; consequently, they must have at least one other first factor authentication mechanism associated with their account to use WebAuthn.
You can associate a passkey using the following API:
Amplify.Auth.associateWebAuthnCredential( activity, () -> Log.i("AuthQuickstart", "Associated credential"), error -> Log.e("AuthQuickstart", "Failed to register credential", error));
Amplify.Auth.associateWebAuthnCredential( activity, { Log.i("AuthQuickstart", "Associated credential") }, { Log.e("AuthQuickstart", "Failed to register credential", error) })
try { val result = Amplify.Auth.associateWebAuthnCredential(activity) Log.i("AuthQuickstart", "Associated credential")} catch (error: AuthException) { Log.e("AuthQuickstart", "Failed to associate credential", error)}
RxAmplify.Auth.associateWebAuthnCredential(activity) .subscribe( result -> Log.i("AuthQuickstart", "Associated credential"), error -> Log.e("AuthQuickstart", "Failed to associate credential", error) );
You must supply an Activity
instance so that Amplify can display the PassKey UI in your Application's Task.
The user will be prompted to register a passkey using their local authenticator. Amplify will then associate that passkey with Cognito.
List WebAuthN credentials
You can list registered passkeys using the following API:
Amplify.Auth.listWebAuthnCredentials( result -> result.getCredentials().forEach(credential -> { Log.i("AuthQuickstart", "Credential ID: " + credential.getCredentialId()); Log.i("AuthQuickstart", "Friendly Name: " + credential.getFriendlyName()); Log.i("AuthQuickstart", "Relying Party ID: " + credential.getRelyingPartyId()); Log.i("AuthQuickstart", "Created At: " + credential.getCreatedAt()); }), error -> Log.e("AuthQuickstart", "Failed to list credentials", error));
Amplify.Auth.listWebAuthnCredentials( { result -> result.credentials.forEach { credential -> Log.i("AuthQuickstart", "Credential ID: ${credential.credentialId}") Log.i("AuthQuickstart", "Friendly Name: ${credential.friendlyName}") Log.i("AuthQuickstart", "Relying Party ID: ${credential.relyingPartyId}") Log.i("AuthQuickstart", "Created At: ${credential.createdAt}") } }, { error -> Log.e("AuthQuickstart", "Failed to list credentials", error) })
try { val result = Amplify.Auth.listWebAuthnCredentials() result.credentials.forEach { credential -> Log.i("AuthQuickstart", "Credential ID: ${credential.credentialId}") Log.i("AuthQuickstart", "Friendly Name: ${credential.friendlyName}") Log.i("AuthQuickstart", "Relying Party ID: ${credential.relyingPartyId}") Log.i("AuthQuickstart", "Created At: ${credential.createdAt}") }} catch (error: AuthException) { Log.e("AuthQuickstart", "Failed to list credentials", error)}
RxAmplify.Auth.listWebAuthnCredentials() .subscribe( result -> result.getCredentials().forEach(credential -> { Log.i("AuthQuickstart", "Credential ID: " + credential.getCredentialId()); Log.i("AuthQuickstart", "Friendly Name: " + credential.getFriendlyName()); Log.i("AuthQuickstart", "Relying Party ID: " + credential.getRelyingPartyId()); Log.i("AuthQuickstart", "Created At: " + credential.getCreatedAt()); }), error -> Log.e("AuthQuickstart", "Failed to list credentials", error) );
Delete WebAuthN credentials
You can delete a passkey with the following API:
Amplify.Auth.deleteWebAuthnCredential( credentialId, (result) -> Log.i("AuthQuickstart", "Deleted credential"), error -> Log.e("AuthQuickstart", "Failed to delete credential", error));
Amplify.Auth.deleteWebAuthnCredential( credentialId, { Log.i("AuthQuickstart", "Deleted credential") }, { Log.e("AuthQuickstart", "Failed to delete credential", error) })
try { val result = Amplify.Auth.deleteWebAuthnCredential(credentialId) Log.i("AuthQuickstart", "Deleted credential")} catch (error: AuthException) { Log.e("AuthQuickstart", "Failed to delete credential", error)}
RxAmplify.Auth.deleteWebAuthnCredential(credentialId) .subscribe( result -> Log.i("AuthQuickstart", "Deleted credential"), error -> Log.e("AuthQuickstart", "Failed to delete credential", error) );
The delete passkey API has only the required credentialId
as input, and it does not return a value.