Page updated Nov 3, 2023

Accessing credentials

An intentional decision with Amplify Auth was to avoid any public methods exposing credentials or manipulating them.

With Auth, you simply sign in and it handles everything else needed to keep the credentials up to date and vend them to the other categories.

However, if you need to access them in relation to working with an API outside Amplify or want access to AWS specific identifying information (e.g. IdentityId), you can access these implementation details by calling fetchAuthSession on the Cognito Auth Plugin. This will return a CognitoAuthSession, which has additional attributes compared to AuthSession, which is typically returned by fetchAuthSession. See the example below:

1Future<void> fetchAuthSession() async {
2 try {
3 final result = await Amplify.Auth.fetchAuthSession();
4 safePrint('User is signed in: ${result.isSignedIn}');
5 } on AuthException catch (e) {
6 safePrint('Error retrieving auth session: ${e.message}');
7 }

Retrieving AWS credentials

Sometimes it can be helpful to retrieve the instance of the underlying plugin which has more specific typing. In the case of Cognito, calling fetchAuthSession on the Cognito plugin returns AWS-specific values such as the identity ID, AWS credentials, and Cognito User Pool tokens.

1Future<void> fetchCognitoAuthSession() async {
2 try {
3 final cognitoPlugin = Amplify.Auth.getPlugin(AmplifyAuthCognito.pluginKey);
4 final result = await cognitoPlugin.fetchAuthSession();
5 final identityId = result.identityIdResult.value;
6 safePrint("Current user's identity ID: $identityId");
7 } on AuthException catch (e) {
8 safePrint('Error retrieving auth session: ${e.message}');
9 }