Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Nov 26, 2024

Passwordless

Amplify supports the use of passwordless authentication flows using the following methods:

Passwordless authentication removes the security risks and user friction associated with traditional passwords.

Warning: Passwordless configuration is currently not available in defineAuth. We are currently working towards enabling support for passwordless configurations. Visit the GitHub issue to track the progress

SMS OTP

SMS-based authentication uses phone numbers as the identifier and text messages as the verification channel. At a high level end users will perform the following steps to authenticate:

  1. User enters their phone number to sign up/sign in
  2. They receive a text message with a time-limited code
  3. After the user enters their code they are authenticated

SMS-based one-time password requires your Amazon Cognito user pool to be configured to use Amazon Simple Notification Service (SNS) to send text messages. Learn how to configure your auth resource with SNS.

Learn more about using SMS OTP in your application code.

Email OTP

Email-based authentication uses email addresses for identification and verification. At a high level end users will perform the following steps to authenticate:

  1. User enters their email address to sign up/sign in
  2. They receive an email message with a time-limited code
  3. After the users enters their code they are authenticated

Email-based one-time password requires your Amazon Cognito user pool to be configured to use Amazon Simple Email Service (SES) to send email messages. Learn how to configure your auth resource with SES.

Learn more about using email OTP in your application code.

WebAuthn Passkey

WebAuthn uses biometrics or security keys for authentication, leveraging device-specific security features. At a high level end users will perform the following steps to authenticate:

  1. User chooses to register a passkey
  2. Their device prompts for biometric/security key verification
  3. For future logins, they'll authenticate using the same method

Learn more about using WebAuthn passkeys in your application code.

Managing credentials

Learn more about managing WebAuthn credentials.