Migrate from v5 to v6
The Auth
category has moved to a functional approach and named parameters in Amplify v6, so you will now import the functional API’s directly from the aws-amplify/auth
path as shown in the examples below and will need to pay close attention to the changes made to inputs and outputs. You can use the switcher on the API examples to see the differences between v5 and v6 implementations. (v6 is shown by default)
Auth.signUp
The overall input to Auth.signUp
is largely unchanged, but how the object is structured is slightly different: attributes
becomes userAttributes
, and userAttributes
and validationData
are now under an options
object. autoSignIn
can also now be a simple boolean value.
A major difference is that a CognitoUser
is no longer returned from signUp
. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Also notice that userConfirmed
is no longer returned, and instead we return nextStep
. This follows a standardized format shared between the signUp
, signIn
, resetPassword
, and updateUserAttributes
flows, where additional authentication steps will be returned with any additional information included in the same object (in this case, codeDeliveryDetails
)
Input
V5
1// Standard2params: SignUpParams {3 username: string;4 password: string;5 attributes?: object;6 validationData?: {7 [key: string]: string;8 }9 clientMetadata?: { [key: string]: string; };10 autoSignIn?: {11 enabled: boolean;12 clientMetaData?: { [key: string]: string; };13 validationData?: {14 [key: string]: string;15 }16 };17}18
19// Legacy20username: string21password: string22email: string23phone_number: string
V6
1input: SignUpInput {2 username: string;3 password: string;4 options?: {5 userAttributes?: { [key: string]?: string; }6 validationData?: { [key: string]: string; };7 clientMetadata?: { [key: string]: string; };8 autoSignIn?: boolean | {9 authFlowType?:10 | 'USER_SRP_AUTH'11 | 'CUSTOM_WITH_SRP'12 | 'CUSTOM_WITHOUT_SRP'13 | 'USER_PASSWORD_AUTH';14 clientMetadata?: { [key: string]: string; };15 };16 };17}
Output
V5
1ISignUpResult {2 user: CognitoUser;3 userConfirmed: boolean;4 userSub: string;5 codeDeliveryDetails: {6 AttributeName: string;7 DeliveryMedium: string;8 Destination: string;9 };10}
V6
1SignUpOutput {2 isSignUpComplete: boolean;3 userId?: string;4 nextStep: {5 signUpStep:6 | 'DONE'7 | 'CONFIRM_SIGN_UP'8 | 'COMPLETE_AUTO_SIGN_IN',9 codeDeliveryDetails: { // Not included when signUpStep is 'DONE'10 destination?: string;11 deliveryMedium?: 12 | 'EMAIL'13 | 'SMS'14 | 'PHONE'15 | 'UNKNOWN';16 attributeName?: UserAttributeKey;17 }18 };19}
1import { signUp } from 'aws-amplify/auth';2
3const handleSignUp = async ({4 username,5 password,6 email,7 phone_number,8 validationData9}) => {10 const {11 isSignUpComplete,12 userId,13 nextStep14 } = await signUp({15 username,16 password,17 options: {18 userAttributes: {19 email,20 phone_number21 },22 validationData23 }24 });25}
1import { Auth } from 'aws-amplify';2
3const handleSignUp = async ({4 username,5 password,6 email,7 phone_number,8 validationData9}) => {10 const { user } = await Auth.signUp({11 username,12 password,13 attributes: {14 email,15 phone_number16 },17 validationData18 });19}
Auto Sign-in
1import {2 autoSignIn,3 confirmSignUp,4 signUp5} from 'aws-amplify/auth';6
7// 1. Sign Up with autoSignIn enabled8const handleSignUp = async ({9 username,10 password,11 email,12 phone_number,13 validationData14}) => {15 const {16 isSignUpComplete,17 userId,18 nextStep19 } = await signUp({20 username,21 password,22 options: {23 userAttributes: {24 email,25 phone_number26 },27 validationData,28 autoSignIn: true29 },30 });31}32
33// 2. Confirm Sign Up34const handleConfirmSignUp = async ({35 username,36 confirmationCode37}) => {38 const {39 isSignUpComplete,40 userId,41 nextStep42 } = await confirmSignUp({43 username,44 confirmationCode45 });46
47 // 3. Trigger autoSignIn event - will not be triggered automatically48 const { isSignedIn } = await autoSignIn();49}
1import { Auth, Hub } from 'aws-amplify';2
3// 1. Add listener for autoSignIn event4Hub.listen('auth', ({ payload }) => {5 const { event } = payload;6 if (event === 'autoSignIn') {7 const confirmedUser = payload.data;8 } else if (event === 'autoSignIn_failure') {9 // redirect to sign in page10 }11});12
13// 2. Sign Up with autoSignIn enabled14const handleSignUp = async ({15 username,16 password,17 email,18 phone_number,19 validationData20}) => {21 const { user } = await Auth.signUp({22 username,23 password,24 attributes: {25 email,26 phone_number27 },28 validationData,29 autoSignIn: {30 enabled: true31 }32 });33}34
35// 3. Confirm Sign Up - this will trigger autoSignIn36const handleConfirmSignUp = async ({37 username,38 confirmationCode39}) {40 await Auth.confirmSignUp(username, confirmationCode);41}
Legacy
In the past, we've supported the ability to pass in username
, password
, email
, phone_number
as positional parameters instead of as named input parameters for Auth.signUp
for backwards compatibility with older versions of Amplify JavaScript. The following guide shows you how to migrate from that legacy call pattern for Auth.signUp
:
1import { signUp } from 'aws-amplify/auth';2
3const handleSignUp = async ({4 username,5 password,6 email,7 phone_number,8 validationData9}) => {10 const {11 isSignUpComplete,12 userId,13 nextStep14 } = await signUp({15 username,16 password,17 options: {18 userAttributes: {19 email,20 phone_number21 }22 }23 });24}
1import { Auth } from 'aws-amplify';2
3const handleSignUp = async ({4 username,5 password,6 email,7 phone_number,8 validationData9}) => {10 const { user } = await Auth.signUp(11 username,12 password,13 email,14 phone_number15 );16}
Auth.confirmSignUp
In v6, confirmSignUp
now takes named parameters instead of positional parameters. You will send in an object with the properties username
, confirmationCode
, and options
. This API also returns an object containing an isSignUpComplete
flag, the userId
, and nextStep
for autoSignIn
use cases in v6.
Input
V5
1username: string2code: string3options?: ConfirmSignUpOptions {4 forceAliasCreation?: boolean;5 clientMetadata?: { [key: string]: string; };6}
V6
1input: ConfirmSignUpInput = {2 username: string;3 confirmationCode: string;4 options?: {5 clientMetadata?: { [key: string]: string; };6 forceAliasCreation?: boolean;7 };8}
Output
V5
1'SUCCESS'
V6
1type ConfirmSignUpOutput = {2 isSignUpComplete: boolean;3 userId?: string | undefined;4 nextStep: {5 signUpStep:6 | 'DONE'7 | 'CONFIRM_SIGN_UP'8 | 'COMPLETE_AUTO_SIGN_IN',9 codeDeliveryDetails: { // Not included when signUpStep is 'DONE'10 destination?: string;11 deliveryMedium?: 12 | 'EMAIL'13 | 'SMS'14 | 'PHONE'15 | 'UNKNOWN';16 attributeName?: UserAttributeKey;17 }18 };19}
1import { confirmSignUp } from 'aws-amplify/auth';2
3const handleConfirmSignUp = async ({4 username,5 confirmationCode6}) {7 const {8 isSignUpComplete,9 userId,10 nextStep11 } = await confirmSignUp({12 username,13 confirmationCode14 });15}
1import { Auth } from 'aws-amplify';2
3const handleConfirmSignUp = async ({4 username,5 confirmationCode6}) {7 await Auth.confirmSignUp(8 username,9 confirmationCode10 );11}
Force Alias Creation
1import { confirmSignUp } from 'aws-amplify/auth';2
3const handleConfirmSignUp = async ({4 username,5 confirmationCode6}) {7 const {8 isSignUpComplete,9 userId,10 nextStep11 } = await confirmSignUp({12 username,13 confirmationCode,14 options: {15 // default falsy (undefined)16 forceAliasCreation: true17 }18 });19}
1import { Auth } from 'aws-amplify';2
3const handleConfirmSignUp = async ({4 username,5 confirmationCode6}) {7 await Auth.confirmSignUp(8 username,9 confirmationCode,10 options: {11 // default true12 forceAliasCreation: false13 }14 );15}
Auth.resendSignUp
In v6, resendSignUp
now takes named parameters instead of positional parameters. You will send in an object with the properties username
and options
, with clientMetadata
nested under options
for consistency across API's. The output has also been updated to match other API's, returning an object with destination
, deliveryMedium
, and attributeName
properties instead of the PascalCase CodeDeliveryDetails
.
Input
V5
1username: string2clientMetadata?: ClientMetaData {3 [key: string]: string;4}
V6
1input: ResendSignUpCodeInput {2 username: string;3 options?: {4 clientMetadata?: { [key: string]: string; };5 };6}
Output
V5
1{2 CodeDeliveryDetails: {3 AttributeName: string,4 DeliveryMedium: string,5 Destination: string6 }7}
V6
1ResendSignUpCodeOutput {2 destination?: string;3 deliveryMedium?: 4 | 'EMAIL'5 | 'SMS'6 | 'PHONE'7 | 'UNKNOWN';8 attributeName?: AuthVerifiableAttributeKey;9}
1import { resendSignUpCode } from 'aws-amplify/auth';2
3const handleResendCode = async ({ username }) => {4 const {5 destination,6 deliveryMedium,7 attributeName8 } = await resendSignUpCode({ username });9}
1import { Auth } from 'aws-amplify';2
3const handleResendCode = async ({ username }) => {4 const { CodeDeliveryDetails } = await Auth.resendSignUp(username);5}
Auth.signIn
The input to Auth.signIn
is largely unchanged in the v6 signIn
API, but how the object is structured is slightly different: clientMetadata
is now under an options
object that also includes an authFlowType
option if needed.
A major difference is that a CognitoUser
is no longer returned from signIn
. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Also notice that challengeName
and challengeParam
(returned in v5 as additional properties on the CognitoUser
) are replaced in the output object by the nextStep
property. nextStep
includes signInStep
and possibly additional props depending on the step. See the Confirmation Required example for a detailed example of the new signIn
flow.
Input
V5
1// Standard2usernameOrSignInOpts: SignInOpts {3 username: string;4 password: string;5 validationData?: {6 [key: string]: any;7 };8}9pw?: undefined10clientMetadata?: ClientMetaData {11 [key: string]: string;12}13
14// Legacy15usernameOrSignInOpts: string16pw?: string17clientMetadata?: ClientMetaData {18 [key: string]: string;19}
V6
1input: SignInInput {2 username: string;3 password?: string;4 options?: {5 authFlowType?:6 | 'USER_SRP_AUTH'7 | 'CUSTOM_WITH_SRP'8 | 'CUSTOM_WITHOUT_SRP'9 | 'USER_PASSWORD_AUTH';10 clientMetadata?: ClientMetaData {11 [key: string]: string;12 }13 };14}
Output
V5
1CognitoUser {2 challengeName?: string;3 challengeParam?: string;4 username: string;5 signInUserSession: {6 idToken: string;7 refreshToken: string;8 accessToken: string;9 clockDrift: number;10 } | null;11 authenticationFlowType: string;12}
V6
1type SignInOutput = {2 isSignedIn: boolean;3 nextStep: {4 signInStep: {5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'11 | 'CONFIRM_SIGN_UP'12 | 'RESET_PASSWORD'13 | 'DONE';14 },15 // May include additional props depending on the step16 }17}
1import { signIn } from 'aws-amplify/auth';2
3const handleSignIn = async ({4 username,5 password6}) => {7 const {8 isSignedIn,9 nextStep10 } = await signIn({ username, password });11}
1import { Auth } from 'aws-amplify';2
3const handleSignIn = async ({4 username,5 password,6 validationData7}) => {8 const user = await Auth.signIn({9 username,10 password,11 validationData12 });13}
Confirmation Required
1import {2 confirmSignIn,3 signIn4} from 'aws-amplify/auth';5
6const handleSignIn = async ({7 username,8 password9}) => {10 const {11 isSignedIn,12 nextStep13 } = await signIn({ username, password });14
15 switch (nextStep.signInStep) {16 case 'CONFIRM_SIGN_IN_WITH_TOTP_CODE':17 case 'CONFIRM_SIGN_IN_WITH_SMS_CODE':18 // nextStep will contain codeDeliveryDetails when step is CONFIRM_SIGN_IN_WITH_SMS_CODE19 const {20 isSignedIn,21 nextStep22 } = await confirmSignIn({ challengeResponse: 'code' });23 break;24 case 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE':25 const { additionalInfo } = nextStep;26 const {27 isSignedIn,28 nextStep29 } = await confirmSignIn({ challengeResponse: 'answer' });30 break;31 case 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP':32 // Note that calling setupTOTP is unnecessary in this scenario33 // totpSetupDetails are already returned with nextStep34 const { totpSetupDetails } = nextStep;35 const appName = 'my_app_name';36 const setupUri = totpSetupDetails.getSetupUri(appName);37 // Open setupUri with an authenticator APP to retrieve an OTP code38 // Retrieve code from authenticator App39 const {40 isSignedIn,41 nextStep42 } = await confirmSignIn({ challengeResponse: 'code' });43 break;44 case 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION':45 const mfaType = 'SMS' // or TOTP46 const {47 isSignedIn,48 nextStep49 } = await confirmSignIn({ challengeResponse: mfaType});50
51 // if confirmSignIn was called with 'SMS', then the next52 // step will be 'CONFIRM_SIGN_IN_WITH_SMS_CODE'.53 // However if 'TOTP' was used as input then 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'54 // will be returned.55
56 const otpCode = '123456' // code retrieved from authenticator App or cellphone57 const {58 isSignedIn,59 nextStep60 } = await confirmSignIn({ challengeResponse: otpCode});61 break;62 case 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED':63 const { missingAttributes } = nextStep;64 const userAttributes = { ... };65
66 const {67 isSignedIn,68 nextStep69 } = await confirmSignIn({70 challengeResponse: 'newPassword',71 options: {72 userAttributes73 }74 });75 break;76 case 'DONE':77 break;78 }79}
1import { Auth } from 'aws-amplify';2
3const handleSignIn = async ({4 username,5 password,6 validationData7}) => {8 const user = await Auth.signIn({9 username,10 password11 });12
13 if (user.challengeName) {14 switch(user.challengeName) {15 case 'SMS_MFA':16 case 'SOFTWARE_TOKEN':17 const confirmedUser = await Auth.confirmSignIn(18 user,19 'code',20 user.challengeName21 );22 break;23 case 'CUSTOM_CHALLENGE':24 const confirmedUser = await Auth.confirmSignIn(25 user,26 'answer',27 user.challengeName28 );29 break;30 case 'MFA_SETUP':31 const secretCode = await Auth.setupTOTP(user);32 // Proceed to Auth.confirmSignIn33 break;34 case 'SELECT_MFA_TYPE':35 const mfaType = 'SMS_MFA' // or 'SOFTWARE_TOKEN_MFA'36 // user returned from signIn37 user.sendMFASelectionAnswer(mfaType, {38 onFailure: (err) => {39 console.log(err);40 },41 mfaRequired: (challengeName, parameters) => {42 // call confirmSignIn with the OTP code sent to your cellphone43 },44 totpRequired: (challengeName, parameters) => {45 // call confirmSignIn with the OTP code retrieved from your authenticator App46 }47 });48 break;49 case 'NEW_PASSWORD_REQUIRED':50 const {51 userAttributes,52 requiredAttributes53 } = user.challengeParams;54 const attributes = { ... };55
56 const confirmedUser = await Auth.completeNewPassword(57 user,58 'newPassword',59 attributes60 );61 break;62 }63 }64}
Legacy
In the past, we've supported the ability to pass in username
, password
as positional parameters instead of as named input parameters for Auth.signIn
for backwards compatibility with older versions of Amplify JavaScript. The following guide shows you how to migrate from that legacy call pattern for Auth.signIn
:
1import { signIn } from 'aws-amplify/auth';2
3const username = 'username';4const password = 'password';5
6const handleSignIn = async ({7 username,8 password9}) => {10 const {11 isSignedIn,12 nextStep13 } = await signIn({ username, password });14}
1import { Auth } from 'aws-amplify';2
3const handleSignIn = async ({4 username,5 password6}) => {7 const user = await Auth.resendSignUp(8 username,9 password10 );11}
Auth.federatedSignIn
Auth.federatedSignIn
has become signInWithRedirect
in v6, but is otherwise similar. The provider
property accepts specific strings instead of an enum and also includes an option to send in a custom provider if you would like to use a provider not in the default list. For this use case you would pass an object containing the prop custom
to provider
instead of one of the predefined strings.
Input
V5
1// Standard2options?: FederatedSignInOptions {3 provider: { // enum4 Cognito = 'COGNITO',5 Google = 'Google',6 Facebook = 'Facebook',7 Amazon = 'LoginWithAmazon',8 Apple = 'SignInWithApple',9 };10 customState?: string;11}12
13// Custom Provider14options?: FederatedSignInOptionsCustom {15 customProvider: string;16 customState?: string;17}18
19// Legacy20provider:21 | 'google'22 | 'facebook'23 | 'amazon'24 | 'developer'25 | string26response: FederatedResponse {27 token: string;28 identity_id?: string;29 expires_at: number;30}31user: FederatedUser {32 name: string;33 email?: string;34 picture?: string;35}
V6
1input?: SignInWithRedirectInput {2 provider?:3 | 'Amazon'4 | 'Apple'5 | 'Facebook'6 | 'Google'7 | { custom: string; };8 customState?: string;9 options?: {10 preferPrivateSession?: boolean;11 };12}
Output
V5
1// Only returns when FederatedResponse from Identity Pools is provided2ICredentials {3 accessKeyId: string;4 sessionToken: string;5 secretAccessKey: string;6 identityId: string;7 authenticated: boolean;8 expiration?: Date;9}
V6
No output in v6
1import {2 fetchAuthSession,3 signInWithRedirect4} from 'aws-amplify/auth';5
6const handleSocialSignIn = async () => {7 await signInWithRedirect({8 provider: 'Google'9 });10}
1import { Auth } from 'aws-amplify';2
3const handleSocialSignIn = async () => {4 await Auth.federatedSignIn({5 provider: CognitoHostedUIIdentityProvider.Google6 });7}
Custom Provider
1import { signInWithRedirect } from 'aws-amplify/auth';2
3const handleSocialSignIn = () => {4 signInWithRedirect({5 provider: {6 custom: 'SocialProvider'7 }8 });9}
1import { Auth } from 'aws-amplify';2
3const handleSocialSignIn = () => {4 Auth.federatedSignIn({5 customProvider: 'SocialProvider'6 });7}
Defaults
1import { signInWithRedirect } from 'aws-amplify/auth';2
3const handleSocialSignIn = () => {4 signInWithRedirect();5}
1import { Auth } from 'aws-amplify';2
3const handleSocialSignIn = () => {4 Auth.federatedSignIn();5}
Identity Pools - DEPRECATED
signInWithRedirect
does not allow you to pass a pre-authorized user and tokens for Amplify to consume. Follow this guide as an example of how to accomplish this in v6.
Auth.confirmSignIn
In v6, confirmSignIn
is now used not only for MFA confirmation, but also in place of Auth.completeNewPassword
and Auth.sendCustomChallengeAnswer
. The input no longer includes mfaType
and code
separately, but rather contains challengeAnswer
, which will allow you to pass the required information (including MFA type or a new password) as a value. See the Auth.signIn: Confirmation Required example for a detailed example of the new signIn
flow.
Another major difference is that CognitoUser
is no longer required as an input parameter or returned from confirmSignIn
. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Also notice that challengeName
and challengeParam
(returned in v5 as additional properties on the CognitoUser
) are replaced in the output object by the nextStep
property. nextStep
includes signInStep
and possibly additional props depending on the step.
Input
V5
1user: CognitoUser2code: string3mfaType?: 'SMS_MFA' | 'SOFTWARE_TOKEN_MFA' | null4clientMetadata?: ClientMetaData {5 [key: string]: string;6}
V6
1input: ConfirmSignInInput {2 challengeResponse: string;3 options?: {4 userAttributes?: AuthUserAttributes;5 clientMetadata?: ClientMetaData {6 [key: string]: string;7 }8 friendlyDeviceName?: string;9 };10}
Output
V5
1CognitoUser {2 challengeName?: string;3 challengeParam?: string;4 username: string;5 signInUserSession: {6 idToken: string;7 refreshToken: string;8 accessToken: string;9 clockDrift: number;10 } | null;11 authenticationFlowType: string;12}
V6
1ConfirmSignInOutput {2 isSignedIn: boolean;3 nextStep: {4 signInStep: {5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'11 | 'CONFIRM_SIGN_UP'12 | 'RESET_PASSWORD'13 | 'DONE';14 },15 // May include additional props depending on the step16 }17}
1import { confirmSignIn } from 'aws-amplify/auth';2
3const handleConfirmSignIn = async ({ challengeResponse }) => {4 const {5 isSignedIn,6 nextStep7 } = await confirmSignIn({ challengeResponse });8}
1import { Auth } from 'aws-amplify';2
3const handleConfirmSignIn = async ({4 user,5 code,6 mfaType7}) => {8 const user = await Auth.confirmSignIn(9 user,10 code,11 mfaType12 );13}
Auth.setupTOTP
There is now no input for setupTOTP
in v6. All Auth API’s in v6 use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
The output is no longer just a string representing the secret code, but an object with a property called sharedSecret
and the method getSetupUri
that builds and returns the setup uri needed for TOTP authentication based on that secret.
Input
V5
1user: CognitoUser
V6
No input in v6
Output
V5
1string // secretCode
V6
1SetUpTOTPOutput {2 sharedSecret: string;3 getSetupUri: (appName: string, accountName?: string | undefined) => URL;4}
1import { setUpTOTP } from 'aws-amplify/auth';2
3const handleSetupTOTP = async () => {4 const output = await setUpTOTP();5 const secretCode = output.sharedSecret;6 const setupUri = output.getSetupUri('sample-app');7}
1import { Auth } from 'aws-amplify';2
3const handleSetupTOTP = async ({ user }) => {4 const secretCode = await Auth.setupTOTP(user);5 const setupUri = `otpauth://totp/AWSCognito:${user}?secret=${secretCode}&issuer=sample-app`;6}
Auth.verifyTotpToken
In v6, Auth.verifyTotpToken
has become verifyTOTPSetup
, and the input has changed: you no longer need to send in a CognitoUser and the challengeAnswer
parameter has become the code
property in the input object. The method also no longer returns a CognitoSession: see Auth.currentSession for details on how you would retrieve the current session details returned in v5.
Input
V5
1user: CognitoUser2challengeAnswer: string
V6
1input: VerifyTOTPSetupInput {2 code: string;3 options?: {4 friendlyDeviceName?: string;5 }6}
Output
V5
1CognitoUserSession {2 idToken: string;3 refreshToken: string;4 accessToken: string;5 clockDrift: number;6}
V6
No output in v6
1import { verifyTOTPSetup } from 'aws-amplify/auth';2
3const handleVerifyTOTP = async ({ code }) => {4 await verifyTOTPSetup({ code , options });5}
1import { Auth } from 'aws-amplify';2
3const handleVerifyTOTP = async ({ user, code }) => {4 const userSession = await Auth.verifyTotpToken(user, code);5}
Auth.completeNewPassword (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the confirmSignIn
API, which returns an object with nextStep
instead of a CognitoUser
with challengeName
and challengeParam
. For a comprehensive example on the full v6 signIn
flow and how to respond to each nextStep
value, see the Auth.signIn Confirmation Required example.
Input
V5
1user: CognitoUser2password: string3requiredAttributes?: any4clientMetadata?: ClientMetaData {5 [key: string]: string;6}
V6
1input: ConfirmSignInInput {2 challengeResponse: string;3 options?: {4 userAttributes?: AuthUserAttributes;5 clientMetadata?: ClientMetaData {6 [key: string]: string;7 }8 friendlyDeviceName?: string;9 };10}
Output
V5
1CognitoUser {2 challengeName?: string;3 challengeParam?: string;4 username: string;5 signInUserSession: {6 idToken: string;7 refreshToken: string;8 accessToken: string;9 clockDrift: number;10 } | null;11 authenticationFlowType: string;12}
V6
1ConfirmSignInOutput {2 isSignedIn: boolean;3 nextStep: { // See Auth.signIn Example 2 for more details on nextStep types4 signInStep: {5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'11 | 'CONFIRM_SIGN_UP'12 | 'RESET_PASSWORD'13 | 'DONE';14 },15 // May include additional props depending on the step16 }17}
1import { confirmSignIn } from 'aws-amplify/auth';2
3const handleUpdatePassword = async ({ newPassword }) => {4 const {5 isSignedIn,6 nextStep7 } = await confirmSignIn({ challengeResponse: newPassword });8}
1import { Auth } from 'aws-amplify';2
3const handleUpdatePassword = async ({4 user,5 newPassword,6 attributes7}) => {8 const user = await Auth.completeNewPassword(9 user,10 newPassword,11 attributes12 );13}
Auth.sendCustomChallengeAnswer (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the confirmSignIn
API, which returns an object with nextStep
instead of a CognitoUser
with challengeName
and challengeParam
. For a comprehensive example on the full v6 signIn flow and how to respond to each nextStep
value, see the Auth.signIn Confirmation Required example.
Input
V5
1user: CognitoUser2challengeResponses: string3clientMetadata?: ClientMetaData {4 [key: string]: string;5}
V6
1input: ConfirmSignInInput {2 challengeResponse: string;3 options?: {4 userAttributes?: AuthUserAttributes;5 clientMetadata?: ClientMetaData {6 [key: string]: string;7 }8 friendlyDeviceName?: string;9 };10}
Output
V5
1CognitoUser {2 challengeName?: string;3 challengeParam?: string;4 username: string;5 signInUserSession: {6 idToken: string;7 refreshToken: string;8 accessToken: string;9 clockDrift: number;10 } | null;11 authenticationFlowType: string;12}
V6
1ConfirmSignInOutput {2 isSignedIn: boolean;3 nextStep: { // See Auth.signIn Example 2 for more details on nextStep types4 signInStep: {5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'11 | 'CONFIRM_SIGN_UP'12 | 'RESET_PASSWORD'13 | 'DONE';14 },15 // May include additional props depending on the step16 }17}
1import { confirmSignIn } from 'aws-amplify/auth';2
3const handleConfirmSignIn = async ({ challengeResponse }) => {4 const {5 isSignedIn,6 nextStep7 } = await confirmSignIn({ challengeResponse });8}
1import { Auth } from 'aws-amplify';2
3const handleConfirmSignIn = async ({4 user,5 code6}) => {7 const user = await Auth.confirmSignIn(8 user,9 code10 );11}
Auth.getPreferredMFA
In v6, Auth.getPreferredMFA
has become the fetchMFAPreference
API. This API no longer accepts a CognitoUser
: all Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required. There is also no longer a bypassCache option in v6, as fetchMFAPreference
will always make a call to the server.
The return value in v6 is no longer just a string, but is now an object containing an enabled
array and a preferred
string.
Cognito can have multiple enabled
MFA options: as of now, it only supports TOTP
and SMS
. An MFA option is considered to be enabled
when it was previously setup. For instance, the TOTP
set up can be done during the sign-in process when the signIn
API returns the CONTINUE_SIGN_IN_WITH_TOTP_SETUP
step. It can also be set up when the user is authenticated by calling setupTOTP
and verifyTOTPSetup
.
In addition, Cognito only allows 1 option to be preferred
. This can be achieved by calling the updateMFAPreference
API.
Input
V5
1user: CognitoUser2params?: GetPreferredMFAOpts {3 bypassCache: boolean;4}
V6
No input in v6
Output
V5
1'SMS' | 'TOTP'
V6
1FetchMFAPreferenceOutput: {2 enabled?: ('SMS' | 'TOTP')[];3 preferred?: 'SMS' | 'TOTP';4}
1import { fetchMFAPreference } from 'aws-amplify/auth';2
3const getPreferredMFA = async () => {4 const { preferred } = await fetchMFAPreference();5 return preferred;6}
1import { Auth } from 'aws-amplify';2
3const getPreferredMFA = async ({ user }) => {4 const preferredMFA = await Auth.getPreferredMFA(user);5 return preferredMFA;6}
Auth.setPreferredMFA
In v6, Auth.setPreferredMFA
has been replaced by updateMFAPreference
, which can also be used to enable and disable MFA methods. This method accepts an object with the properties sms
and mfa
, each of which can be set to ENABLED
, DISABLED
, PREFERRED
, and NOT_PREFERRED
.
Input
V5
1user: CognitoUser2mfaMethod: 3 | 'TOTP'4 | 'SMS'5 | 'NOMFA'6 | 'SMS_MFA'7 | 'SOFTWARE_TOKEN_MFA'
V6
1input: UpdateMFAPreferenceInput {2 sms?:3 | 'ENABLED'4 | 'DISABLED'5 | 'PREFERRED'6 | 'NOT_PREFERRED'7 mfa?:8 | 'ENABLED'9 | 'DISABLED'10 | 'PREFERRED'11 | 'NOT_PREFERRED'12}
Output
V5
1'No change for mfa type' | 'SUCCESS'
V6
No output in v6
1import { updateMFAPreference } from 'aws-amplify/auth';2
3const handleSetPreferredMFA = async () => {4 await updateMFAPreference({ totp: 'PREFERRED' });5}
1import { Auth } from 'aws-amplify';2
3const handleSetPreferredMFA = async ({ user }) => {4 await Auth.setPreferredMFA(user, 'TOTP');5}
Auth.getMFAOptions (DEPRECATED)
This API has been deprecated and results apply only to SMS MFA configurations: existing use cases can be migrated to fetchMFAPreference
(see Auth.getPreferredMFA), which will apply to both SMS and TOTP configurations.
Input
V5
1user: CognitoUser
V6
No input in v6
Output
V5
1MFAOption[]: {2 DeliveryMedium: 'SMS' | ~~'EMAIL'~~;3 AttributeName: string;4}[]
V6
1FetchMFAPreferenceOutput: {2 enabled?: ('SMS' | 'TOTP')[];3 preferred?: 'SMS' | 'TOTP';4}
1import { fetchMFAPreference } from 'aws-amplify/auth';2
3const getEnabledMFAOptions = async () => {4 const { enabled } = await fetchMFAPreference();5 return enabled;6}
1import { Auth } from 'aws-amplify';2
3const getEnabledMFAOptions = async ({ user }) => {4 const mfaOptions = await Auth.getMFAOptions(user);5 const enabled: string[] = [];6 for(let option of mfaOptions) {7 enabled.push(option.DeliverMedium);8 }9 return enabled;10}
Auth.signOut
The signOut
API has not changed from v5 to v6 other than that it is now a functional API.
Input
V5
1opts?: SignOutOpts {2 global?: boolean;3}
V6
1input?: SignOutInput {2 global: boolean;3}
1import { signOut } from 'aws-amplify/auth';2
3const handleSignOut = async () => {4 await signOut();5}
1import { Auth } from 'aws-amplify';2
3const handleSignOut = async () => {4 await Auth.signOut();5}
Auth.changePassword
The Auth.changePassword
API has become updatePassword
in v6. It now accepts named parameters as input instead of positional parameters. The input is now an object containing oldPassword
and newPassword
.
CognitoUser
is not required input for updatePassword
. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Input
V5
1user: CognitoUser2oldPassword: string3newPassword: string4clientMetadata?: ClientMetaData {5 [key: string]: string6}
V6
1input: UpdatePasswordInput {2 oldPassword: string;3 newPassword: string;4}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { updatePassword } from 'aws-amplify/auth';2
3const handleChangePassword = async ({4 oldPassword,5 newPassword6}) => {7 await updatePassword({8 oldPassword,9 newPassword10 });11}
1import { Auth } from 'aws-amplify';2
3const handleChangePassword = async ({4 user,5 oldPassword,6 newPassword7}) => {8 await Auth.changePassword(9 user,10 oldPassword,11 newPassword12 );13}
Auth.forgotPassword
In v6, the Auth.forgotPassword
API has become resetPassword
. It uses named parameters instead of positional, so the input will now be an object with username
and options
(clientMetadata
can be passed in options
if needed).
Input
V5
1username: string2clientMetadata?: ClientMetaData {3 [key: string]: string;4}
V6
1input: ResetPasswordInput {2 username: string;3 options?: {4 clientMetadata?: {5 [key: string]: string;6 };7 };8}
Output
V5
1{2 CodeDeliveryDetails: {3 AttributeName: string;4 DeliveryMedium: string;5 Destination: string;6 }7}
V6
1ResetPasswordOutput {2 isPasswordReset: boolean;3 nextStep: {4 resetPasswordStep: 5 | 'CONFIRM_RESET_PASSWORD_WITH_CODE'6 | 'DONE';7 additionalInfo?: { 8 [key: string]: string;9 };10 codeDeliveryDetails: {11 destination?: string;12 deliveryMedium?: 13 | 'EMAIL'14 | 'SMS'15 | 'PHONE'16 | 'UNKNOWN';17 attributeName?: 'email' | 'phone_number';18 };19 };20}
1import { resetPassword } from 'aws-amplify/auth';2
3const handleResetPassword = async ({4 username,5 clientMetadata6}) => {7 const result = await resetPassword({8 username,9 options: {10 clientMetadata11 }12 });13 const {14 attributeName,15 deliveryMedium,16 destination17 } = result.nextStep.codeDeliveryDetails;18}
1import { Auth } from 'aws-amplify';2
3const handleResetPassword = async ({4 username,5 clientMetadata6}) => {7 const result = await Auth.forgotPassword(8 username,9 clientMetadata10 );11
12 const {13 AttributeName,14 DeliveryMedium,15 Destination16 } = result.CodeDeliveryDetails;17}
Auth.forgotPasswordSubmit
Auth.forgotPasswordSubmit
has become confirmResetPassword
and takes named parameters instead of positional parameters. The expected input is now an object containing username
, newPassword
, confirmationCode
, and options
. If needed, customMetadata
can be sent through the options
property.
Input
V5
1username: string2code: string3password: string4clientMetadata?: ClientMetaData {5 [key: string]: string;6};
V6
1input: ConfirmResetPasswordInput {2 username: string;3 newPassword: string;4 confirmationCode: string;5 options?: {6 clientMetadata?: {7 [key: string]: string;8 };9 };10}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { confirmResetPassword } from 'aws-amplify/auth';2
3const handleConfirmResetPassword = async ({4 username,5 newPassword,6 confirmationCode,7 clientMetadata8}) => {9 await confirmResetPassword: ({10 username,11 newPassword,12 confirmationCode,13 options: {14 clientMetadata15 }16 });17}
1import { Auth } from 'aws-amplify';2
3const handleConfirmResetPassword = async ({4 username,5 newPassword,6 confirmationCode,7 clientMetadata8}) => {9 await Auth.forgotPasswordSubmit(10 username,11 confirmationCode,12 newPassword,13 clientMetadata14 );15}
Auth.deleteUser
The deleteUser
API has not changed from v5 to v6 other than that it is now a functional API.
1import { deleteUser } from 'aws-amplify/auth';2
3const handleDeleteAttributes = async ({ attributes }) => {4 await deleteUser();5}
1import { Auth } from 'aws-amplify';2
3const handleDeleteUser = async () => {4 await Auth.deleteUser();5}
Auth.currentAuthenticatedUser (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to a combination of the getCurrentUser
and fetchAuthSession
API's.
Also note that we no longer return refreshToken
or clockDrift
with the AuthSession
. These values are used under the hood to refresh/validate the user session.
Input
V5
1params?: CurrentUserOpts {2 bypassCache: boolean;3}
V6
1// fetchAuthSession2options?: FetchAuthSessionOptions {3 forceRefresh?: boolean;4}
Output
V5
1CognitoUser {2 username: string;3 signInUserSession: {4 idToken: string;5 refreshToken: string;6 accessToken: string;7 clockDrift: number;8 } | null;9 authenticationFlowType: string;10}
V6
1// getCurrentUser2GetCurrentUserOutput: {3 username: string;4 userId: string;5 signInDetails?: {6 loginId?: string;7 authFlowType?: 8 | 'USER_SRP_AUTH'9 | 'CUSTOM_WITH_SRP'10 | 'CUSTOM_WITHOUT_SRP'11 | 'USER_PASSWORD_AUTH';;12 };13}14
15// fetchAuthSession16AuthSession {17 tokens?: {18 idToken?: JWT;19 accessToken: JWT;20 };21 credentials?: {22 accessKeyId: string;23 secretAccessKey: string;24 sessionToken?: string;25 expiration?: Date;26 };27 identityId?: string;28 userSub?: string;29}
1import {2 fetchAuthSession,3 getCurrentUser4} from 'aws-amplify/auth';5
6const getAuthenticatedUser = async () => {7 const {8 username,9 signInDetails10 } = await getCurrentUser();11
12 const {13 tokens: session14 } = await fetchAuthSession();15
16 // Note that session will no longer contain refreshToken and clockDrift17 return {18 username,19 session,20 authenticationFlowType: signInDetails.authFlowType21 };22}
1import { Auth } from 'aws-amplify';2
3const getAuthenticatedUser = async () => {4 const {5 username,6 signInUserSession: session,7 authenticationFlowType8 } = await Auth.currentAuthenticatedUser();9
10 return {11 username,12 session,13 authenticationFlowType14 };15}
Auth.currentUserPoolUser (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to a combination of the getCurrentUser
and fetchAuthSession
API's.
Also note that we no longer return refreshToken
or clockDrift
with the AuthSession
. These values are used under the hood to refresh/validate the user session.
Input
V5
1params?: CurrentUserOpts {2 bypassCache: boolean;3}
V6
1// fetchAuthSession2options?: FetchAuthSessionOptions {3 forceRefresh?: boolean;4}
Output
V5
1CognitoUser {2 username: string;3 signInUserSession: {4 idToken: string;5 refreshToken: string;6 accessToken: string;7 clockDrift: number;8 } | null;9 authenticationFlowType: string;10}
V6
1// getCurrentUser2GetCurrentUserOutput: {3 username: string;4 userId: string;5 signInDetails?: {6 loginId?: string;7 authFlowType?: 8 | 'USER_SRP_AUTH'9 | 'CUSTOM_WITH_SRP'10 | 'CUSTOM_WITHOUT_SRP'11 | 'USER_PASSWORD_AUTH';;12 };13}14
15// fetchAuthSession16AuthSession {17 tokens?: {18 idToken?: JWT;19 accessToken: JWT;20 };21 credentials?: {22 accessKeyId: string;23 secretAccessKey: string;24 sessionToken?: string;25 expiration?: Date;26 };27 identityId?: string;28 userSub?: string;29}
1import {2 fetchAuthSession,3 getCurrentUser4} from 'aws-amplify/auth';5
6const getAuthenticatedUser = async () => {7 const {8 username,9 authFlowType: authenticationFlowType10 } = await getCurrentUser();11
12 // Note that session will no longer contain refreshToken and clockDrift13 const {14 tokens: session15 } = await fetchAuthSession();16}
1import { Auth } from 'aws-amplify';2
3const getAuthenticatedUser = async () => {4 const {5 username,6 signInUserSession: session,7 authenticationFlowType8 } = await Auth.currentUserPoolUser();9}
Auth.currentSession
Auth.currentSession
has become fetchAuthSession
in v6. You can now optionally send an object with a forceRefresh
flag as input.
Note that we no longer return refreshToken
or clockDrift
with the AuthSession
. These values are used under the hood to refresh/validate the user session.
Input
V5
No input in v5
V6
1options?: FetchAuthSessionOptions {2 forceRefresh?: boolean;3}
Output
V5
1CognitoUserSession {2 idToken: string;3 refreshToken: string;4 accessToken: string;5 clockDrift: number;6}
V6
1AuthSession {2 tokens?: {3 idToken?: JWT;4 accessToken: JWT;5 };6 credentials?: {7 accessKeyId: string;8 secretAccessKey: string;9 sessionToken?: string;10 expiration?: Date;11 };12 identityId?: string;13 userSub?: string;14}
1import { fetchAuthSession } from 'aws-amplify/auth';2
3const getSession = async () => {4 const {5 tokens,6 credentials,7 identityId,8 userSub9 } = await fetchAuthSession();10
11 const {12 idToken,13 accessToken14 } = tokens;15}
1import { Auth } from 'aws-amplify';2
3const getSession = async () => {4 const {5 idToken,6 refreshToken,7 accessToken,8 clockDrift9 } = await Auth.currentSession();10}
Auth.userSession (DEPRECATED)
Note: we no longer return refreshToken
or clockDrift
with the AuthSession
. These values are used under the hood to refresh/validate the user session
Auth.userSession
is deprecated in favor of fetchUserSession
as all Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Input
V5
1user: CognitoUser
V6
1options?: FetchAuthSessionOptions {2 forceRefresh?: boolean;3}
Output
V5
1CognitoUserSession {2 idToken: string;3 refreshToken: string;4 accessToken: string;5 clockDrift: number;6}
V6
1AuthSession {2 tokens?: {3 idToken?: JWT;4 accessToken: JWT;5 };6 credentials?: {7 accessKeyId: string;8 secretAccessKey: string;9 sessionToken?: string;10 expiration?: Date;11 };12 identityId?: string;13 userSub?: string;14}
1import { fetchAuthSession } from 'aws-amplify/auth';2
3const getSession = async () => {4 const {5 tokens,6 credentials,7 identityId,8 userSub9 } = await fetchAuthSession();10
11 const {12 idToken,13 accessToken14 } = tokens;15}
1import { Auth } from 'aws-amplify';2
3const getSession = async ({ user }) => {4 const {5 idToken,6 refreshToken,7 accessToken,8 clockDrift9 } = await Auth.userSession(user);10}
Auth.userAttributes
Auth.userAttributes
has become fetchUserAttributes
in v6. This API no longer accepts a CognitoUser
as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
The output has also changed: instead of an array of objects containing Name
and Value
, the return value is an object with generic key-value pairs (ie { email: 'email@email.com', phone_number: '+15555555555'}
)
Input
V5
1user: CognitoUser
V6
No input in v6
Output
V5
1CognitoUserAttribute[]: {2 Name: string;3 Value: string;4}[]
V6
1FetchUserAttributesOutput {2 [key: string]?: string;3}
1import { fetchUserAttributes } from 'aws-amplify/auth';2
3const getUserAttributes = async ({ userAttributes }) => {4 // Note that return type has changed from array to object5 const attributes = await fetchUserAttributes();6}
1import { Auth } from 'aws-amplify';2
3const getUserAttributes = async ({4 user5}) => {6 // Note that return type has changed from array to object7 const attributes = await Auth.userAttributes(user);8 return attributes;9}
Auth.updateUserAttributes
In v6, the updateUserAttributes
API accepts named parameters instead of positional parameters. The input is now an object with the properties userAttributes
and options
(where you will send clientMetadata
if required).
Note that this API no longer accepts a CognitoUser
as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Input
V5
1user: CognitoUser2attributes: object3clientMetadata?: ClientMetaData {4 [key: string]: string;5}
V6
1input: UpdateUserAttributesInput {2 userAttributes: {3 [key: string]?: string;4 };5 options?: {6 clientMetadata?: ClientMetaData {7 [key: string]: string;8 }9 };10}
Output
V5
1'SUCCESS'
V6
1UpdateUserAttributesOutput {2 [authKey in UserAttributeKey]: {3 isUpdated: boolean;4 nextStep: {5 updateAttributeStep: 6 | 'CONFIRM_ATTRIBUTE_WITH_CODE'7 | 'DONE';8 codeDeliveryDetails?: {9 destination?: string;10 deliveryMedium?: 11 | 'EMAIL'12 | 'SMS'13 | 'PHONE'14 | 'UNKNOWN';15 attributeName?: UserAttributeKey;16 };17 };18 };19}
1import { updateUserAttributes } from 'aws-amplify/auth';2
3const handleUpdateProfile = async ({ userAttributes }) => {4 // Results will now contain next steps for updated attributes5 const updateResults = await updateUserAttributes({6 userAttributes7 });8}
1import { Auth } from 'aws-amplify';2
3const handleUpdateProfile = async ({4 user,5 attributes6}) => {7 await Auth.updateUserAttributes(user, attributes);8}
Auth.deleteUserAttributes
In v6, the deleteUserAttributes
API accepts named parameters instead of positional parameters. The input is now an object with the property userAttributeKeys
(in place of attributeNames
).
Note that this API no longer accepts a CognitoUser
as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Input
V5
1user: CognitoUser2attributeNames: string[]
V6
1input: DeleteUserAttributesInput {2 userAttributeKeys: [UserAttributeKey, ...UserAttributeKey[]];3}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { deleteUserAttributes } from 'aws-amplify/auth';2
3const handleDeleteAttributes = async ({ attributes }) => {4 await deleteUserAttributes({5 userAttributeKeys: attributes6 });7}
1import { Auth } from 'aws-amplify';2
3const handleDeleteAttributes = async ({ user, attributes }) => {4 await Auth.deleteUserAttributes(5 user,6 attributes7 );8}
Auth.verifyCurrentUserAttribute
In v6, Auth.verifyCurrentUserAttribute
becomes sendUserAttributeVerificationCode
, which uses named parameters instead of the positional parameter attr
. This parameter is an object containing userAttributeKey
(either email
or phone_number
) and options
(where you will send clientMetadata
if required).
sendUserAttributeVerificationCode
also now returns an object with delivery information. See Output for details.
Input
V5
1attr: string
V6
1input: SendUserAttributeVerificationCodeInput {2 userAttributeKey: 'email' | 'phone_number';3 options?: {4 clientMetadata?: {5 [key: string]: string;6 };7 };8}
Output
V5
No output in v5
V6
1SendUserAttributeVerificationCodeOutput {2 destination?: string;3 deliveryMedium?:4 | 'EMAIL'5 | 'SMS'6 | 'PHONE'7 | 'UNKNOWN';8 attributeName?: 'email' | 'phone_number';9}
1import { sendUserAttributeVerificationCode } from 'aws-amplify/auth';2
3const handleVerifyAttribute = async ({4 userAttributeKey5}) => {6 const result = await sendUserAttributeVerificationCode({7 userAttributeKey8 });9}
1import { Auth } from 'aws-amplify';2
3const handleVerifyAttribute = async ({4 attr5}) => {6 await Auth.verifyCurrentUserAttribute(attr);7}
Auth.verifyCurrentUserAttributeSubmit
In v6, Auth.verifyCurrentUserAttributeSubmit
becomes confirmUserAttribute
. The input has changed from positional parameters to named parameters, so you will send an object with the properties userAttributeKey
(email
or phone_number
) and confirmationCode
.
Input
V5
1attr: string2code: string
V6
1input: ConfirmUserAttributeInput {2 userAttributeKey: 'email' | 'phone_number';3 confirmationCode: string;4}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { confirmUserAttribute } from 'aws-amplify/auth';2
3const handleConfirmAttribute = async ({4 userAttributeKey,5 confirmationCode6}) => {7 await confirmUserAttribute({8 userAttributeKey,9 confirmationCode10 });11}
1import { Auth } from 'aws-amplify';2
3const handleConfirmAttribute = async ({4 attr,5 code6}) => {7 await Auth.verifyCurrentUserAttributeSubmit(8 attr,9 code10 );11}
Auth.verifyUserAttribute (DEPRECATED)
Auth.verifyUserAttribute
has been deprecated in favor of sendUserAttributeVerificationCode
in v6. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required. See migration notes on Auth.verifyCurrentUserAttribute for additional migration details.
Input
V5
1user: CognitoUser2attr: string3clientMetadata?: ClientMetadata {4 [key: string]: string;5}
V6
1input: SendUserAttributeVerificationCodeInput {2 userAttributeKey: 'email' | 'phone_number';3 options?: {4 clientMetadata?: {5 [key: string]: string;6 };7 };8}
Output
V5
No output in v5
V6
1SendUserAttributeVerificationCodeOutput {2 destination?: string;3 deliveryMedium?:4 | 'EMAIL'5 | 'SMS'6 | 'PHONE'7 | 'UNKNOWN';8 attributeName?: 'email' | 'phone_number';9}
1import { sendUserAttributeVerificationCode } from 'aws-amplify/auth';2
3const handleVerifyAttribute = async ({4 userAttributeKey,5 clientMetadata6}) => {7 const result = await sendUserAttributeVerificationCode({8 userAttributeKey,9 options: {10 clientMetadata11 }12 });13}
1import { Auth } from 'aws-amplify';2
3const handleVerifyAttribute = async ({4 user,5 attr,6 clientMetadata7}) => {8 await Auth.verifyUserAttribute(9 user,10 attr,11 clientMetadata12 );13}
Auth.verifyUserAttributeSubmit (DEPRECATED)
Auth.verifyUserAttributeSubmit
has been deprecated in favor of confirmUserAttribute
in v6. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required. See migration notes on Auth.verifyCurrentUserAttributeSubmit for additional migration details.
Input
V5
1user: CognitoUser2attr: string3code: string
V6
1input: ConfirmUserAttributeInput {2 userAttributeKey: 'email' | 'phone_number';3 confirmationCode: string;4}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { confirmUserAttribute } from 'aws-amplify/auth';2
3const handleConfirmAttribute = async ({4 userAttributeKey,5 confirmationCode6}) => {7 await Auth.verifyUserAttributeSubmit(8 userAttributeKey,9 confirmationCode10 );11}
1import { Auth } from 'aws-amplify';2
3const handleConfirmAttribute = async ({4 user,5 attr,6 code7}) => {8 await Auth.verifyUserAttributeSubmit(9 user,10 attr,11 code12 );13}
Auth.rememberDevice
The rememberDevice
API has not changed significantly from v5 to v6 other than that it is now a functional API.
Output
V5
1'SUCCESS'
V6
No output in v6
1import { rememberDevice } from 'aws-amplify/auth';2
3const handleRememberDevice = async () => {4 await rememberDevice();5}
1import { Auth } from 'aws-amplify';2
3const handleRememberDevice = async () => {4 await Auth.rememberDevice();5}
Auth.forgetDevice
The forgetDevice
API has not changed significantly from v5 to v6 other than that it is now a functional API. You can also now optionally send in an object with a device id (see Input).
Input
V5
No input in v5
V6
1input?: ForgetDeviceInput {2 device?: {3 id: string;4 }5}
1import { forgetDevice } from 'aws-amplify/auth';2
3const handleForgetDevice = async () => {4 await forgetDevice();5}
1import { Auth } from 'aws-amplify';2
3const handleForgetDevice = async () => {4 await Auth.forgetDevice();5}
Auth.currentCredentials (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the fetchAuthSession
API. Note that fetchAuthSession
will throw an error if there is no authenticated user. See the migration notes on Auth.currentSession for more details on how credentials differ between v5 and v6.
Input
V5
No input in v5
V6
1options?: FetchAuthSessionOptions {2 forceRefresh?: boolean;3}
Output
V5
1ICredentials {2 accessKeyId: string;3 sessionToken: string;4 secretAccessKey: string;5 identityId: string;6 authenticated: boolean;7 expiration?: Date;8}
V6
1AuthSession {2 tokens?: {3 idToken?: JWT;4 accessToken: JWT;5 };6 credentials?: {7 accessKeyId: string;8 secretAccessKey: string;9 sessionToken?: string;10 expiration?: Date;11 };12 identityId?: string;13 userSub?: string;14}
1import { fetchAuthSession } from 'aws-amplify/auth';2
3const getSession = async () => {4 try {5 const {6 tokens,7 credentials,8 identityId,9 userSub10 } = await fetchAuthSession();11
12 const {13 accessKeyId,14 sessionToken,15 secretAccessKey,16 expiration17 } = credentials;18
19 const authenticated = true;20 } catch(e) {21 if (e.name === 'UserUnAuthenticatedException') {22 const authenticated = false;23 }24 }25}
1import { Auth } from 'aws-amplify';2
3const getSession = async () => {4 const {5 accessKeyId,6 sessionToken,7 secretAccessKey,8 identityId,9 authenticated,10 expiration11 } = await Auth.currentCredentials();12}
Auth.currentUserCredentials (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the fetchAuthSession
API. Note that fetchAuthSession
will throw an error if there is no authenticated user. See the migration notes on Auth.currentSession for more details on how credentials differ between v5 and v6.
Input
V5
No input in v5
V6
1options?: FetchAuthSessionOptions {2 forceRefresh?: boolean;3}
Output
V5
1ICredentials {2 accessKeyId: string;3 sessionToken: string;4 secretAccessKey: string;5 identityId: string;6 authenticated: boolean;7 expiration?: Date;8}
V6
1AuthSession {2 tokens?: {3 idToken?: JWT;4 accessToken: JWT;5 };6 credentials?: {7 accessKeyId: string;8 secretAccessKey: string;9 sessionToken?: string;10 expiration?: Date;11 };12 identityId?: string;13 userSub?: string;14}
1import { fetchAuthSession } from 'aws-amplify/auth';2
3const getSession = async () => {4 try {5 const {6 tokens,7 credentials,8 identityId,9 userSub10 } = await fetchAuthSession();11
12 const {13 accessKeyId,14 sessionToken,15 secretAccessKey,16 expiration17 } = credentials;18
19 const authenticated = true;20 } catch(e) {21 if (e.name === 'UserUnAuthenticatedException') {22 const authenticated = false;23 }24 }25}
1import { Auth } from 'aws-amplify';2
3const getSession = async () => {4 const {5 accessKeyId,6 sessionToken,7 secretAccessKey,8 identityId,9 authenticated,10 expiration11 } = await Auth.currentUserCredentials();12}
Auth.currentUserInfo (DEPRECATED)
This API has been deprecated: existing use cases can be migrated by using a combination of getCurrentUser
and fetchUserAttributes
APIs.
Output
V5
1{2 id?: string;3 username: string;4 attributes: {5 [key: string]: string;6 };7}
V6
1// getCurrentUser2GetCurrentUserOutput: {3 username: string;4 userId: string;5 signInDetails?: {6 loginId?: string;7 authFlowType?: 8 | 'USER_SRP_AUTH'9 | 'CUSTOM_WITH_SRP'10 | 'CUSTOM_WITHOUT_SRP'11 | 'USER_PASSWORD_AUTH';;12 };13}14
15// fetchUserAttributes16FetchUserAttributesOutput {17 [key: string]?: string;18}
1import { 2 getCurrentUser, 3 fetchUserAttributes 4} from 'aws-amplify/auth';5
6const getCurrentUserInfo = async () => {7 const {8 username,9 userId: id10 } = await getCurrentUser();11
12 const attributes = fetchUserAttributes();13
14 return {15 id,16 username,17 attributes18 };19}
1import { Auth } from 'aws-amplify';2
3const getCurrentUserInfo = async () => {4 return await Auth.currentUserInfo();5}
Auth.essentialCredentials (DEPRECATED)
This API has been deprecated and there is no parallel method for essentialCredentials
in v6. See Auth.currentUserCredentials for details on retrieving credentials using fetchAuthSession
.
Auth.verifiedContact (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the fetchUserAttributes
API using output.email_verified
and output.phone_number_verified
attributes. See the migration notes on Auth.userAttributes for additional details.
Input
V5
1user: CognitoUser
V6
No input in v6
Output
V5
1{2 verified: {3 email?: boolean;4 phone_number?: boolean;5 },6 unverified: {7 email?: boolean;8 phone_number?: boolean;9 }10}
V6
1FetchUserAttributesOutput {2 [key: string]?: string;3}
1import { fetchUserAttributes } from 'aws-amplify/auth';2
3const checkAttributeVerification = await () => {4 const attributes = await fetchUserAttributes();5
6 const emailVerified = isTruthyString(attributes.email_verified);7 const phoneVerified = isTruthyString(attributes.phone_number_verified);8}9
10const isTruthyString = (value) => {11 return (12 value && typeof value.toLowerCase === 'function' && value.toLowerCase() === 'true'13 );14}
1import { Auth } from 'aws-amplify';2
3const checkAttributeVerification = await ({ user }) => {4 const {5 verified,6 unverified7 } = await Auth.verifiedContact(user);8}
Auth.disableSMS (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the updateMFAPreference
API. To accomplish the same functionality using updateMFAPreference
API, you will send in an object {sms: 'DISABLED'}
as input.
Note that this API does not accept a CognitoUser
as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Input
V5
1user: CognitoUser
V6
1input: UpdateMFAPreferenceInput {2 sms?:3 | 'ENABLED'4 | 'DISABLED'5 | 'PREFERRED'6 | 'NOT_PREFERRED'7 mfa?:8 | 'ENABLED'9 | 'DISABLED'10 | 'PREFERRED'11 | 'NOT_PREFERRED'12}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { updateMFAPreference } from 'aws-amplify/auth';2
3const handleDisableSMS = async () => {4 await updateMFAPreference({ sms: 'DISABLED' });5}
1import { Auth } from 'aws-amplify';2
3const handleDisableSMS = async ({ user }) => {4 await Auth.disableSMS(user);5}
Auth.enableSMS (DEPRECATED)
This API has been deprecated: existing use cases can be migrated to the updateMFAPreference
API. To accomplish the same functionality using updateMFAPreference
API, you will send in an object {sms: 'ENABLED'}
as input.
Note that this API does not accept a CognitoUser
as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser
through every API is no longer required.
Input
V5
1user: CognitoUser
V6
1input: UpdateMFAPreferenceInput {2 sms?:3 | 'ENABLED'4 | 'DISABLED'5 | 'PREFERRED'6 | 'NOT_PREFERRED'7 mfa?:8 | 'ENABLED'9 | 'DISABLED'10 | 'PREFERRED'11 | 'NOT_PREFERRED'12}
Output
V5
1'SUCCESS'
V6
No output in v6
1import { updateMFAPreference } from 'aws-amplify/auth';2
3const handleEnableSMS = async () => {4 await updateMFAPreference({sms: 'ENABLED'});5}
1import { Auth } from 'aws-amplify';2
3const handleEnableSMS = async ({ user }) => {4 const result = await Auth.enableSMS(user);5}