Multi-step sign-in
After a user has finished signup, they can proceed to sign in. Amplify Auth signin flows can be multi step processes. The required steps are determined by the configuration you provided when you ran amplify add auth. Depending on the configuration, you may need to call various APIs to finish authenticating a user's signin attempt. To identify the next step in a signin flow, inspect the nextStep parameter in the signin result.
When called successfully, the signin APIs will return an AuthSignInResult. Inspect the nextStep property in the result to see if additional signin steps are required.
func signIn(username: String, password: String) { Amplify.Auth.signIn(username: username, password: password) { result in do { let signinResult = try result.get() switch signinResult.nextStep { case .confirmSignInWithSMSMFACode(let deliveryDetails, let info): print("SMS code send to \(deliveryDetails.destination)") print("Additional info \(info)")
// Prompt the user to enter the SMSMFA code they received // Then invoke `confirmSignIn` api with the code case .confirmSignInWithCustomChallenge(let info): print("Custom challenge, additional info \(info)") // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer case .confirmSignInWithNewPassword(let info): print("New password additional info \(info)") // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password case .resetPassword(let info): print("Reset password additional info \(info)") // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signin flow again. case .confirmSignUp(let info): print("Confirm signup additional info \(info)") // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. case .done: // Use has successfully signed in to the app print("Signin complete") } } catch { print ("Sign in failed \(error)") } }}The nextStep property is of enum type AuthSignInStep. Depending on its value, your code should take one of the following actions:
Confirm signin with SMS MFA
If the next step is confirmSignInWithSMSMFACode, Amplify Auth has sent the user a random code over SMS, and is waiting to find out if the user successfully received it. To handle this step, your app's UI must prompt the user to enter the code. After the user enters the code, your implementation must pass the value to Amplify Auth confirmSignIn API.
Note: the signin result also includes an AuthCodeDeliveryDetails member. It includes additional information about the code delivery such as the partial phone number of the SMS recipient.
func confirmSignIn(confirmationCodeFromUser: String) { Amplify.Auth.confirmSignIn(challengeResponse: confirmationCodeFromUser) { result in switch result { case .success(let signInResult): if signInResult.isSignedIn { print("Confirm sign in succeeded. The user is signed in.") } else { print("Confirm sign in succeeded.") print("Next step: \(signInResult.nextStep)") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } case .failure(let error): print("Confirm sign in failed \(error)") } }}func confirmSignIn(confirmationCodeFromUser: String) -> AnyCancellable { Amplify.Auth.confirmSignIn(challengeResponse: confirmationCodeFromUser) .resultPublisher .sink { if case let .failure(authError) = $0 { print("Confirm sign in failed \(authError)") } } receiveValue: { signInResult in if signInResult.isSignedIn { print("Confirm sign in succeeded. The user is signed in.") } else { print("Confirm sign in succeeded.") print("Next step: \(signInResult.nextStep)") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }}Confirm signin with custom challenge
If the next step is confirmSignInWithCustomChallenge, Amplify Auth is awaiting completion of a custom authentication challenge. The challenge is based on the Lambda trigger you setup when you configured a custom sign in flow. To complete this step, you should prompt the user for the custom challenge answer, and pass the answer to the confirmSignIn API.
func confirmSignIn(challengeAnswerFromUser: String) { Amplify.Auth.confirmSignIn(challengeResponse: challengeAnswerFromUser) { result in switch result { case .success(let signInResult): if signInResult.isSignedIn { print("Confirm sign in succeeded. The user is signed in.") } else { print("Confirm sign in succeeded.") print("Next step: \(signInResult.nextStep)") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } case .failure(let error): print("Confirm sign in failed \(error)") } }}func confirmSignIn(challengeAnswerFromUser: String) -> AnyCancellable { Amplify.Auth.confirmSignIn(challengeResponse: challengeAnswerFromUser) .resultPublisher .sink { if case let .failure(authError) = $0 { print("Confirm sign in failed \(authError)") } } receiveValue: { signInResult in if signInResult.isSignedIn { print("Confirm sign in succeeded. The user is signed in.") } else { print("Confirm sign in succeeded.") print("Next step: \(signInResult.nextStep)") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }}Confirm signin with new password
If the next step is confirmSignInWithNewPassword, Amplify Auth requires a new password for the user before they can proceed. Prompt the user for a new password and pass it to the confirmSignIn API.
func confirmSignIn(newPasswordFromUser: String) { Amplify.Auth.confirmSignIn(challengeResponse: newPasswordFromUser) { result in switch result { case .success(let signInResult): if signInResult.isSignedIn { print("Confirm sign in succeeded. The user is signed in.") } else { print("Confirm sign in succeeded.") print("Next step: \(signInResult.nextStep)") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } case .failure(let error): print("Confirm sign in failed \(error)") } }}func confirmSignIn(newPasswordFromUser: String) -> AnyCancellable { Amplify.Auth.confirmSignIn(challengeResponse: newPasswordFromUser) .resultPublisher .sink { if case let .failure(authError) = $0 { print("Confirm sign in failed \(authError)") } } receiveValue: { signInResult in if signInResult.isSignedIn { print("Confirm sign in succeeded. The user is signed in.") } else { print("Confirm sign in succeeded.") print("Next step: \(signInResult.nextStep)") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }}Reset password
If you receive resetPassword, authentication flow could not proceed without resetting the password. The next step is to invoke resetPassword api and follow the reset password flow.
func resetPassword(username: String) { Amplify.Auth.resetPassword(for: username) { result in switch result { case .success(let resetPasswordResult): print("Reset password succeeded." print("Next step: \(resetPasswordResult.nextStep)") case .failure(let error): print("Reset password failed \(error)") } }}func resetPassword(username: String) -> AnyCancellable { Amplify.Auth.resetPassword(for: username) .resultPublisher .sink { if case let .failure(authError) = $0 { print("Reset password failed \(authError)") } } receiveValue: { resetPasswordResult in print("Reset password succeeded." print("Next step: \(resetPasswordResult.nextStep)") }}Confirm Signup
If you receive confirmSignUp as a next step, sign up could not proceed without confirming user information such as email or phone number. The next step is to invoke the confirmSignUp API and follow the confirm signup flow.
func confirmSignUp(for username: String, with confirmationCode: String) { Amplify.Auth.confirmSignUp(for: username, confirmationCode: confirmationCode) { result in switch result { case .success: print("Confirm signUp succeeded") case .failure(let error): print("An error occurred while confirming sign up \(error)") } }}func confirmSignUp(for username: String, with confirmationCode: String) -> AnyCancellable { Amplify.Auth.confirmSignUp(for: username, confirmationCode: confirmationCode) .resultPublisher .sink { if case let .failure(authError) = $0 { print("An error occurred while confirming sign up \(authError)") } } receiveValue: { _ in print("Confirm signUp succeeded") }}Done
Signin flow is complete when you get done. This means the user is successfully authenticated. As a convenience, the SignInResult also provides the isSignedIn property, which will be true if the next step is done.