Choose your framework/language

v5v6
Edit on GitHub

Page updated Mar 6, 2024

Set up Amplify Auth

Authentication with Amplify

Amplify uses Amazon Cognito as the main authentication provider. Amazon Cognito is a robust user directory service that handles user registration, authentication, account recovery & other operations. In this tutorial, you'll learn how to add authentication to your application using Amazon Cognito and username/password login.

Install Amplify Libraries

Instructions for React Native version 0.72 and below

@aws-amplify/react-native requires a minimum iOS deployment target of 13.0 if you are using react-native version less than or equal to 0.72. Open the Podfile located in the ios directory and update the target value:

1- platform :ios, min_ios_version_supported
2 + platform :ios, 13.0

Install the necessary dependencies by running the following command:

1npm install @aws-amplify/react-native @react-native-community/netinfo @react-native-async-storage/async-storage react-native-get-random-values

You will also need to install the pod dependencies for iOS:

1npx pod-install

After installing pod dependencies, rebuild the app:

1npm run ios

Install the necessary dependencies by running the following command:

1npm install @aws-amplify/react-native @react-native-community/netinfo @react-native-async-storage/async-storage react-native-get-random-values

Set Up Backend Resources

The most common way to use Authentication with Amplify is via the Amplify CLI, which allows you to create new Amazon Cognito resources or import existing ones. However, you can also use the Amplify Studio console to configure authentication or use the Amplify.configure() method to set up authentication with existing resources.

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

To start provisioning auth resources in the backend, go to your project directory and execute the command:

1amplify add auth
1? Do you want to use the default authentication and security configuration? Default configuration
2? How do you want users to be able to sign in? Username
3? Do you want to configure advanced settings?  No, I am done.

If you have previously enabled an Amplify category that uses Auth behind the scenes (e.g. API category), you can run the amplify update auth command to edit your configuration if needed.

The CLI prompts will help you to customize your auth flow for your app. With the provided options, you can:

  • Customize sign-in/registration flow
  • Customize email and SMS messages for Multi-Factor Authentication
  • Customize attributes for your users, e.g. name, email
  • Enable 3rd party social providers, e.g. Facebook, Twitter, Google and Amazon

If you wish to federate with social providers you will need to configure them first.

After configuring your Authentication options, update your backend and deploy the service by running the push command:

1amplify push

Now, the authentication service has been deployed and you can start using it. To view the deployed services in your project at any time, go to Amplify Console by running the following command:

1amplify console

In your app's entry point (i.e. App.js, index.js, _app.js, or main.js), import and load the configuration file:

1import { Amplify, Auth } from 'aws-amplify';
2import amplifyconfig from './amplifyconfiguration.json';
3Amplify.configure(amplifyconfig);

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

To import existing Amazon Cognito resources into your Amplify project, execute the command:

1amplify import auth
1? What type of auth resource do you want to import?
2   Cognito User Pool and Identity Pool
3   Cognito User Pool only

Once you've selected an option, you'll be able to search for and import an existing Cognito User Pool and Identity Pool (or User Pool only) within your AWS account. The amplify import auth command will also do the following:

  • Automatically populate your Amplify Library configuration files (aws-exports.js, amplifyconfiguration.json) with your chosen Amazon Cognito resource information
  • Provide your designated existing Cognito resource as the authentication & authorization mechanism for all auth-dependent categories (API, Storage and more)
  • Enable Lambda functions to access the chosen Cognito resource if you permit it

If you have previously enabled an Amplify category that uses Auth behind the scenes (e.g. API category), you can run the amplify update auth command to edit your configuration if needed.

After configuring your Authentication options, update your backend and deploy the service by running the push command:

1amplify push

Now, the authentication service has been deployed and you can start using it. To view the deployed services in your project at any time, go to Amplify Console by running the following command:

1amplify console

In your app's entry point (i.e. App.js, index.js, _app.js, or main.js), import and load the configuration file:

1import { Amplify, Auth } from 'aws-amplify';
2import amplifyconfig from './amplifyconfiguration.json';
3Amplify.configure(amplifyconfig);

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

Amplify Studio allows you create auth resources, set up authorization rules, implement Multi-factor authentication (MFA), and more via an intuitive UI. To set up Authentication through the Amplify Studio, take the following steps:

  1. Sign in to the AWS Management Console and open AWS Amplify.
  2. In the navigation pane, choose an application.
  3. On the application information page, choose the Backend environments tab, then choose Launch Studio.
  4. On the Set up menu, choose Authentication.
  5. In the Configure log in section, choose a login mechanism to add from the Add login mechanism list. Valid options are Username, Phone number, Facebook, Google, Amazon, and Sign in with Apple. If you choose one of the social sign-in mechanisms (i.e. Facebook, Google, Amazon, or Sign in with Apple), you will also need to enter your App ID, App Secret, and redirect URLs.
  6. (Optional) Add multi-factor authentication (MFA). MFA is set to Off by default. To turn on MFA, do the following in the Multi-factor authentication section:
  • Choose Enforced to require MFA for all users or choose Optional to allow individual users to enable MFA.
  • (Optional) Choose SMS, and enter your SMS message.
  • (Optional) Choose Authenticator Application if you want your app to load with an authentication flow that includes sign up and sign in.
  1. In the Configure sign up section, expand Password protection settings and customize the password policy settings to enforce. u6. Choose Save and Deploy. This starts a CloudFormation deployment with the progress displayed in the upper right corner of the page.
  2. After creating and configuring your auth resources, you'll need to pull them down from Amplify Studio. To do so, simply click on "Local setup instructions" in the upper right hand corner of the Studio console and execute the CLI command it provides at the root directory of your app.

You can also import existing Amazon Cognito resources and manage users and groups through the Amplify Studio UI.

Existing Authentication resources from AWS (e.g. Amazon Cognito UserPools or Identity Pools) can be used with the Amplify Libraries by calling the Amplify.configure() method.

In your app's entry point (i.e. App.js, index.js, _app.js, or main.js), import and load the configuration file:

1import { Amplify } from 'aws-amplify';
2

3Amplify.configure({
4  Auth: {
5    Cognito: {
6      //  Amazon Cognito User Pool ID
7      userPoolId: 'XX-XXXX-X_abcd1234',
8

9      // OPTIONAL - Amazon Cognito Web Client ID (26-char alphanumeric string)
10      userPoolClientId: 'a1b2c3d4e5f6g7h8i9j0k1l2m3',
11      // REQUIRED only for Federated Authentication - Amazon Cognito Identity Pool ID
12      identityPoolId: 'XX-XXXX-X:XXXXXXXX-XXXX-1234-abcd-1234567890ab',
13

14      // OPTIONAL - This is used when autoSignIn is enabled for Auth.signUp
15      // 'code' is used for Auth.confirmSignUp, 'link' is used for email link verification
16      signUpVerificationMethod: 'code', // 'code' | 'link'
17      loginWith: {
18        // OPTIONAL - Hosted UI configuration
19        oauth: {
20          domain: 'your_cognito_domain',
21

22          scopes: [
23            'phone',
24            'email',
25            'profile',
26            'openid',
27            'aws.cognito.signin.user.admin'
28          ],
29          redirectSignIn: ['http://localhost:3000/'],
30          redirectSignOut: ['http://localhost:3000/'],
31          responseType: 'code' // or 'token', note that REFRESH token will only be generated when the responseType is code
32        }
33      }
34    }
35  }
36});
37

38// You can get the current config object
39const currentConfig = Amplify.getConfig();

If your existing UserPool client has a required attribute that is NOT set to mutable, you may face login issues when using Social sign in. To resolve this, you will need to

create a new UserPool client

and mark the required attribute as mutable.

OAuth configuration parameters:

These settings can be found in the Cognito User Pools console under App Integration section

  • domain: This can be found in the Domain name sub section
  • scope: Remember to have the scope allowed on the Cognito App client, this can be found on App client settings sub section
  • redirectSignIn: URL must be present on Callback URL(s) , check on App client settings sub section
  • redirectSignOut: URL must be present on Sign out URL(s), check on App client settings sub section
  • responseType: Option must be enabled on the App client, look for Allowed OAuth Flows on App client settings sub section. Authorization code grant is for 'code' value and Implicit grant is for 'token' value.

Enable sign-up, sign-in, and sign-out

Follow the instructions in the Sign in, Sign up and Sign out to learn about how to integrate these authentication flows in your application with the Auth APIs.

Summary

To implement authentication flows using Amplify you can either use the Amplify UI libraries or call authentication methods directly on the Auth class.

Auth has over 30 methods including signUp, signIn, forgotPassword, and signOut that allow you full control over all aspects of the user authentication flow.

Check out the complete API here.

NEXT
Manage user session and credentials
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.