Page updated Feb 20, 2024

Migrate from v5 to v6

The Auth category has moved to a functional approach and named parameters in Amplify v6, so you will now import the functional API’s directly from the aws-amplify/auth path as shown in the examples below and will need to pay close attention to the changes made to inputs and outputs. You can use the switcher on the API examples to see the differences between v5 and v6 implementations. (v6 is shown by default)

Auth.signUp

The overall input to Auth.signUp is largely unchanged, but how the object is structured is slightly different: attributes becomes userAttributes , and userAttributes and validationData are now under an options object. autoSignIn can also now be a simple boolean value.

A major difference is that a CognitoUser is no longer returned from signUp. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Also notice that userConfirmed is no longer returned, and instead we return nextStep. This follows a standardized format shared between the signUp, signIn, resetPassword, and updateUserAttributes flows, where additional authentication steps will be returned with any additional information included in the same object (in this case, codeDeliveryDetails)

autoSignIn is no longer triggered automatically in v6 and will need to be called manually through a separate API when the nextStep.signUpStep is COMPLETE_AUTO_SIGN_IN
Input

V5

// Standard params: SignUpParams { username: string; password: string; attributes?: object; validationData?: { [key: string]: string; } clientMetadata?: { [key: string]: string; }; autoSignIn?: { enabled: boolean; clientMetaData?: { [key: string]: string; }; validationData?: { [key: string]: string; } }; } // Legacy username: string password: string email: string phone_number: string
1// Standard
2params: SignUpParams {
3 username: string;
4 password: string;
5 attributes?: object;
6 validationData?: {
7 [key: string]: string;
8 }
9 clientMetadata?: { [key: string]: string; };
10 autoSignIn?: {
11 enabled: boolean;
12 clientMetaData?: { [key: string]: string; };
13 validationData?: {
14 [key: string]: string;
15 }
16 };
17}
18
19// Legacy
20username: string
21password: string
22email: string
23phone_number: string

V6

input: SignUpInput { username: string; password: string; options?: { userAttributes?: { [key: string]?: string; } validationData?: { [key: string]: string; }; clientMetadata?: { [key: string]: string; }; autoSignIn?: boolean | { authFlowType?: | 'USER_SRP_AUTH' | 'CUSTOM_WITH_SRP' | 'CUSTOM_WITHOUT_SRP' | 'USER_PASSWORD_AUTH'; clientMetadata?: { [key: string]: string; }; }; }; }
1input: SignUpInput {
2 username: string;
3 password: string;
4 options?: {
5 userAttributes?: { [key: string]?: string; }
6 validationData?: { [key: string]: string; };
7 clientMetadata?: { [key: string]: string; };
8 autoSignIn?: boolean | {
9 authFlowType?:
10 | 'USER_SRP_AUTH'
11 | 'CUSTOM_WITH_SRP'
12 | 'CUSTOM_WITHOUT_SRP'
13 | 'USER_PASSWORD_AUTH';
14 clientMetadata?: { [key: string]: string; };
15 };
16 };
17}
Output

V5

ISignUpResult { user: CognitoUser; userConfirmed: boolean; userSub: string; codeDeliveryDetails: { AttributeName: string; DeliveryMedium: string; Destination: string; }; }
1ISignUpResult {
2 user: CognitoUser;
3 userConfirmed: boolean;
4 userSub: string;
5 codeDeliveryDetails: {
6 AttributeName: string;
7 DeliveryMedium: string;
8 Destination: string;
9 };
10}

V6

SignUpOutput { isSignUpComplete: boolean; userId?: string; nextStep: { signUpStep: | 'DONE' | 'CONFIRM_SIGN_UP' | 'COMPLETE_AUTO_SIGN_IN', codeDeliveryDetails: { // Not included when signUpStep is 'DONE' destination?: string; deliveryMedium?: | 'EMAIL' | 'SMS' | 'PHONE' | 'UNKNOWN'; attributeName?: UserAttributeKey; } }; }
1SignUpOutput {
2 isSignUpComplete: boolean;
3 userId?: string;
4 nextStep: {
5 signUpStep:
6 | 'DONE'
7 | 'CONFIRM_SIGN_UP'
8 | 'COMPLETE_AUTO_SIGN_IN',
9 codeDeliveryDetails: { // Not included when signUpStep is 'DONE'
10 destination?: string;
11 deliveryMedium?:
12 | 'EMAIL'
13 | 'SMS'
14 | 'PHONE'
15 | 'UNKNOWN';
16 attributeName?: UserAttributeKey;
17 }
18 };
19}
import { signUp } from 'aws-amplify/auth'; const handleSignUp = async ({ username, password, email, phone_number, validationData }) => { const { isSignUpComplete, userId, nextStep } = await signUp({ username, password, options: { userAttributes: { email, phone_number }, validationData } }); }
1import { signUp } from 'aws-amplify/auth';
2
3const handleSignUp = async ({
4 username,
5 password,
6 email,
7 phone_number,
8 validationData
9}) => {
10 const {
11 isSignUpComplete,
12 userId,
13 nextStep
14 } = await signUp({
15 username,
16 password,
17 options: {
18 userAttributes: {
19 email,
20 phone_number
21 },
22 validationData
23 }
24 });
25}
import { Auth } from 'aws-amplify'; const handleSignUp = async ({ username, password, email, phone_number, validationData }) => { const { user } = await Auth.signUp({ username, password, attributes: { email, phone_number }, validationData }); }
1import { Auth } from 'aws-amplify';
2
3const handleSignUp = async ({
4 username,
5 password,
6 email,
7 phone_number,
8 validationData
9}) => {
10 const { user } = await Auth.signUp({
11 username,
12 password,
13 attributes: {
14 email,
15 phone_number
16 },
17 validationData
18 });
19}

Auto Sign-in

autoSignIn is no longer triggered automatically in v6
import { autoSignIn, confirmSignUp, signUp } from 'aws-amplify/auth'; // 1. Sign Up with autoSignIn enabled const handleSignUp = async ({ username, password, email, phone_number, validationData }) => { const { isSignUpComplete, userId, nextStep } = await signUp({ username, password, options: { userAttributes: { email, phone_number }, validationData }, autoSignIn: true }); } // 2. Confirm Sign Up const handleConfirmSignUp = async ({ username, confirmationCode }) => { const { isSignUpComplete, userId, nextStep } = await confirmSignUp({ username, confirmationCode }); // 3. Trigger autoSignIn event - will not be triggered automatically const { isSignedIn } = await autoSignIn(); }
1import {
2 autoSignIn,
3 confirmSignUp,
4 signUp
5} from 'aws-amplify/auth';
6
7// 1. Sign Up with autoSignIn enabled
8const handleSignUp = async ({
9 username,
10 password,
11 email,
12 phone_number,
13 validationData
14}) => {
15 const {
16 isSignUpComplete,
17 userId,
18 nextStep
19 } = await signUp({
20 username,
21 password,
22 options: {
23 userAttributes: {
24 email,
25 phone_number
26 },
27 validationData
28 },
29 autoSignIn: true
30 });
31}
32
33// 2. Confirm Sign Up
34const handleConfirmSignUp = async ({
35 username,
36 confirmationCode
37}) => {
38 const {
39 isSignUpComplete,
40 userId,
41 nextStep
42 } = await confirmSignUp({
43 username,
44 confirmationCode
45 });
46
47 // 3. Trigger autoSignIn event - will not be triggered automatically
48 const { isSignedIn } = await autoSignIn();
49}
import { Auth, Hub } from 'aws-amplify'; // 1. Add listener for autoSignIn event Hub.listen('auth', ({ payload }) => { const { event } = payload; if (event === 'autoSignIn') { const confirmedUser = payload.data; } else if (event === 'autoSignIn_failure') { // redirect to sign in page } }); // 2. Sign Up with autoSignIn enabled const handleSignUp = async ({ username, password, email, phone_number, validationData }) => { const { user } = await Auth.signUp({ username, password, attributes: { email, phone_number }, validationData, autoSignIn: { enabled: true } }); } // 3. Confirm Sign Up - this will trigger autoSignIn const handleConfirmSignUp = async ({ username, confirmationCode }) { await Auth.confirmSignUp(username, confirmationCode); }
1import { Auth, Hub } from 'aws-amplify';
2
3// 1. Add listener for autoSignIn event
4Hub.listen('auth', ({ payload }) => {
5 const { event } = payload;
6 if (event === 'autoSignIn') {
7 const confirmedUser = payload.data;
8 } else if (event === 'autoSignIn_failure') {
9 // redirect to sign in page
10 }
11});
12
13// 2. Sign Up with autoSignIn enabled
14const handleSignUp = async ({
15 username,
16 password,
17 email,
18 phone_number,
19 validationData
20}) => {
21 const { user } = await Auth.signUp({
22 username,
23 password,
24 attributes: {
25 email,
26 phone_number
27 },
28 validationData,
29 autoSignIn: {
30 enabled: true
31 }
32 });
33}
34
35// 3. Confirm Sign Up - this will trigger autoSignIn
36const handleConfirmSignUp = async ({
37 username,
38 confirmationCode
39}) {
40 await Auth.confirmSignUp(username, confirmationCode);
41}

Legacy

In the past, we've supported the ability to pass in username, password, email, phone_number as positional parameters instead of as named input parameters for Auth.signUp for backwards compatibility with older versions of Amplify JavaScript. The following guide shows you how to migrate from that legacy call pattern for Auth.signUp:

import { signUp } from 'aws-amplify/auth'; const handleSignUp = async ({ username, password, email, phone_number, validationData }) => { const { isSignUpComplete, userId, nextStep } = await signUp({ username, password, options: { userAttributes: { email, phone_number } } }); }
1import { signUp } from 'aws-amplify/auth';
2
3const handleSignUp = async ({
4 username,
5 password,
6 email,
7 phone_number,
8 validationData
9}) => {
10 const {
11 isSignUpComplete,
12 userId,
13 nextStep
14 } = await signUp({
15 username,
16 password,
17 options: {
18 userAttributes: {
19 email,
20 phone_number
21 }
22 }
23 });
24}
import { Auth } from 'aws-amplify'; const handleSignUp = async ({ username, password, email, phone_number, validationData }) => { const { user } = await Auth.signUp( username, password, email, phone_number ); }
1import { Auth } from 'aws-amplify';
2
3const handleSignUp = async ({
4 username,
5 password,
6 email,
7 phone_number,
8 validationData
9}) => {
10 const { user } = await Auth.signUp(
11 username,
12 password,
13 email,
14 phone_number
15 );
16}

Auth.confirmSignUp

In v6, confirmSignUp now takes named parameters instead of positional parameters. You will send in an object with the properties username, confirmationCode, and options. This API also returns an object containing an isSignUpComplete flag, the userId, and nextStep for autoSignIn use cases in v6.

autoSignIn is no longer triggered automatically in v6 and will need to be called manually through a separate API when the nextStep.signUpStep is COMPLETE_AUTO_SIGN_IN
forceAliasCreation defaulted to true in v5 but is left undefined by default in v6
Input

V5

username: string code: string options?: ConfirmSignUpOptions { forceAliasCreation?: boolean; clientMetadata?: { [key: string]: string; }; }
1username: string
2code: string
3options?: ConfirmSignUpOptions {
4 forceAliasCreation?: boolean;
5 clientMetadata?: { [key: string]: string; };
6}

V6

input: ConfirmSignUpInput = { username: string; confirmationCode: string; options?: { clientMetadata?: { [key: string]: string; }; forceAliasCreation?: boolean; }; }
1input: ConfirmSignUpInput = {
2 username: string;
3 confirmationCode: string;
4 options?: {
5 clientMetadata?: { [key: string]: string; };
6 forceAliasCreation?: boolean;
7 };
8}
Output

V5

'SUCCESS'
1'SUCCESS'

V6

type ConfirmSignUpOutput = { isSignUpComplete: boolean; userId?: string | undefined; nextStep: { signUpStep: | 'DONE' | 'CONFIRM_SIGN_UP' | 'COMPLETE_AUTO_SIGN_IN', codeDeliveryDetails: { // Not included when signUpStep is 'DONE' destination?: string; deliveryMedium?: | 'EMAIL' | 'SMS' | 'PHONE' | 'UNKNOWN'; attributeName?: UserAttributeKey; } }; }
1type ConfirmSignUpOutput = {
2 isSignUpComplete: boolean;
3 userId?: string | undefined;
4 nextStep: {
5 signUpStep:
6 | 'DONE'
7 | 'CONFIRM_SIGN_UP'
8 | 'COMPLETE_AUTO_SIGN_IN',
9 codeDeliveryDetails: { // Not included when signUpStep is 'DONE'
10 destination?: string;
11 deliveryMedium?:
12 | 'EMAIL'
13 | 'SMS'
14 | 'PHONE'
15 | 'UNKNOWN';
16 attributeName?: UserAttributeKey;
17 }
18 };
19}
import { confirmSignUp } from 'aws-amplify/auth'; const handleConfirmSignUp = async ({ username, confirmationCode }) { const { isSignUpComplete, userId, nextStep } = await confirmSignUp({ username, confirmationCode }); }
1import { confirmSignUp } from 'aws-amplify/auth';
2
3const handleConfirmSignUp = async ({
4 username,
5 confirmationCode
6}) {
7 const {
8 isSignUpComplete,
9 userId,
10 nextStep
11 } = await confirmSignUp({
12 username,
13 confirmationCode
14 });
15}
import { Auth } from 'aws-amplify'; const handleConfirmSignUp = async ({ username, confirmationCode }) { await Auth.confirmSignUp( username, confirmationCode ); }
1import { Auth } from 'aws-amplify';
2
3const handleConfirmSignUp = async ({
4 username,
5 confirmationCode
6}) {
7 await Auth.confirmSignUp(
8 username,
9 confirmationCode
10 );
11}

Force Alias Creation

forceAliasCreation defaulted to true in v5 but is left undefined by default in v6
import { confirmSignUp } from 'aws-amplify/auth'; const handleConfirmSignUp = async ({ username, confirmationCode }) { const { isSignUpComplete, userId, nextStep } = await confirmSignUp({ username, confirmationCode, options: { // default falsy (undefined) forceAliasCreation: true } }); }
1import { confirmSignUp } from 'aws-amplify/auth';
2
3const handleConfirmSignUp = async ({
4 username,
5 confirmationCode
6}) {
7 const {
8 isSignUpComplete,
9 userId,
10 nextStep
11 } = await confirmSignUp({
12 username,
13 confirmationCode,
14 options: {
15 // default falsy (undefined)
16 forceAliasCreation: true
17 }
18 });
19}
import { Auth } from 'aws-amplify'; const handleConfirmSignUp = async ({ username, confirmationCode }) { await Auth.confirmSignUp( username, confirmationCode, options: { // default true forceAliasCreation: false } ); }
1import { Auth } from 'aws-amplify';
2
3const handleConfirmSignUp = async ({
4 username,
5 confirmationCode
6}) {
7 await Auth.confirmSignUp(
8 username,
9 confirmationCode,
10 options: {
11 // default true
12 forceAliasCreation: false
13 }
14 );
15}

Auth.resendSignUp

In v6, resendSignUp now takes named parameters instead of positional parameters. You will send in an object with the properties username and options, with clientMetadata nested under options for consistency across API's. The output has also been updated to match other API's, returning an object with destination, deliveryMedium, and attributeName properties instead of the PascalCase CodeDeliveryDetails.

Input

V5

username: string clientMetadata?: ClientMetaData { [key: string]: string; }
1username: string
2clientMetadata?: ClientMetaData {
3 [key: string]: string;
4}

V6

input: ResendSignUpCodeInput { username: string; options?: { clientMetadata?: { [key: string]: string; }; }; }
1input: ResendSignUpCodeInput {
2 username: string;
3 options?: {
4 clientMetadata?: { [key: string]: string; };
5 };
6}
Output

V5

{ CodeDeliveryDetails: { AttributeName: string, DeliveryMedium: string, Destination: string } }
1{
2 CodeDeliveryDetails: {
3 AttributeName: string,
4 DeliveryMedium: string,
5 Destination: string
6 }
7}

V6

ResendSignUpCodeOutput { destination?: string; deliveryMedium?: | 'EMAIL' | 'SMS' | 'PHONE' | 'UNKNOWN'; attributeName?: AuthVerifiableAttributeKey; }
1ResendSignUpCodeOutput {
2 destination?: string;
3 deliveryMedium?:
4 | 'EMAIL'
5 | 'SMS'
6 | 'PHONE'
7 | 'UNKNOWN';
8 attributeName?: AuthVerifiableAttributeKey;
9}
import { resendSignUpCode } from 'aws-amplify/auth'; const handleResendCode = async ({ username }) => { const { destination, deliveryMedium, attributeName } = await resendSignUpCode({ username }); }
1import { resendSignUpCode } from 'aws-amplify/auth';
2
3const handleResendCode = async ({ username }) => {
4 const {
5 destination,
6 deliveryMedium,
7 attributeName
8 } = await resendSignUpCode({ username });
9}
import { Auth } from 'aws-amplify'; const handleResendCode = async ({ username }) => { const { CodeDeliveryDetails } = await Auth.resendSignUp(username); }
1import { Auth } from 'aws-amplify';
2
3const handleResendCode = async ({ username }) => {
4 const { CodeDeliveryDetails } = await Auth.resendSignUp(username);
5}

Auth.signIn

The input to Auth.signIn is largely unchanged in the v6 signIn API, but how the object is structured is slightly different: clientMetadata is now under an options object that also includes an authFlowType option if needed.

A major difference is that a CognitoUser is no longer returned from signIn. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Also notice that challengeName and challengeParam (returned in v5 as additional properties on the CognitoUser) are replaced in the output object by the nextStepproperty. nextStep includes signInStep and possibly additional props depending on the step. See the Confirmation Required example for a detailed example of the new signIn flow.

The signIn API no longer accepts validationData in v6: in v5 validationData was not used because the underlying Cognito API does not accept validationData
Input

V5

// Standard usernameOrSignInOpts: SignInOpts { username: string; password: string; validationData?: { [key: string]: any; }; } pw?: undefined clientMetadata?: ClientMetaData { [key: string]: string; } // Legacy usernameOrSignInOpts: string pw?: string clientMetadata?: ClientMetaData { [key: string]: string; }
1// Standard
2usernameOrSignInOpts: SignInOpts {
3 username: string;
4 password: string;
5 validationData?: {
6 [key: string]: any;
7 };
8}
9pw?: undefined
10clientMetadata?: ClientMetaData {
11 [key: string]: string;
12}
13
14// Legacy
15usernameOrSignInOpts: string
16pw?: string
17clientMetadata?: ClientMetaData {
18 [key: string]: string;
19}

V6

input: SignInInput { username: string; password?: string; options?: { authFlowType?: | 'USER_SRP_AUTH' | 'CUSTOM_WITH_SRP' | 'CUSTOM_WITHOUT_SRP' | 'USER_PASSWORD_AUTH'; clientMetadata?: ClientMetaData { [key: string]: string; } }; }
1input: SignInInput {
2 username: string;
3 password?: string;
4 options?: {
5 authFlowType?:
6 | 'USER_SRP_AUTH'
7 | 'CUSTOM_WITH_SRP'
8 | 'CUSTOM_WITHOUT_SRP'
9 | 'USER_PASSWORD_AUTH';
10 clientMetadata?: ClientMetaData {
11 [key: string]: string;
12 }
13 };
14}
Output

V5

CognitoUser { challengeName?: string; challengeParam?: string; username: string; signInUserSession: { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; } | null; authenticationFlowType: string; }
1CognitoUser {
2 challengeName?: string;
3 challengeParam?: string;
4 username: string;
5 signInUserSession: {
6 idToken: string;
7 refreshToken: string;
8 accessToken: string;
9 clockDrift: number;
10 } | null;
11 authenticationFlowType: string;
12}

V6

type SignInOutput = { isSignedIn: boolean; nextStep: { signInStep: { | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION' | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP' | 'CONFIRM_SIGN_IN_WITH_SMS_CODE' | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE' | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE' | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED' | 'CONFIRM_SIGN_UP' | 'RESET_PASSWORD' | 'DONE'; }, // May include additional props depending on the step } }
1type SignInOutput = {
2 isSignedIn: boolean;
3 nextStep: {
4 signInStep: {
5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'
6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'
7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'
8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'
9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'
10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'
11 | 'CONFIRM_SIGN_UP'
12 | 'RESET_PASSWORD'
13 | 'DONE';
14 },
15 // May include additional props depending on the step
16 }
17}
import { signIn } from 'aws-amplify/auth'; const handleSignIn = async ({ username, password }) => { const { isSignedIn, nextStep } = await signIn({ username, password }); }
1import { signIn } from 'aws-amplify/auth';
2
3const handleSignIn = async ({
4 username,
5 password
6}) => {
7 const {
8 isSignedIn,
9 nextStep
10 } = await signIn({ username, password });
11}
import { Auth } from 'aws-amplify'; const handleSignIn = async ({ username, password, validationData }) => { const user = await Auth.signIn({ username, password, validationData }); }
1import { Auth } from 'aws-amplify';
2
3const handleSignIn = async ({
4 username,
5 password,
6 validationData
7}) => {
8 const user = await Auth.signIn({
9 username,
10 password,
11 validationData
12 });
13}

Confirmation Required

import { confirmSignIn, signIn } from 'aws-amplify/auth'; const handleSignIn = async ({ username, password }) => { const { isSignedIn, nextStep } = await signIn({ username, password }); switch (nextStep.signInStep) { case 'CONFIRM_SIGN_IN_WITH_TOTP_CODE': case 'CONFIRM_SIGN_IN_WITH_SMS_CODE': // nextStep will contain codeDeliveryDetails when step is CONFIRM_SIGN_IN_WITH_SMS_CODE const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: 'code' }); break; case 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE': const { additionalInfo } = nextStep; const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: 'answer' }); break; case 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP': // Note that calling setupTOTP is unnecessary in this scenario // totpSetupDetails are already returned with nextStep const { totpSetupDetails } = nextStep; const appName = 'my_app_name'; const setupUri = totpSetupDetails.getSetupUri(appName); // Open setupUri with an authenticator APP to retrieve an OTP code // Retrieve code from authenticator App const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: 'code' }); break; case 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION': const mfaType = 'SMS' // or TOTP const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: mfaType}); // if confirmSignIn was called with 'SMS', then the next // step will be 'CONFIRM_SIGN_IN_WITH_SMS_CODE'. // However if 'TOTP' was used as input then 'CONFIRM_SIGN_IN_WITH_TOTP_CODE' // will be returned. const otpCode = '123456' // code retrieved from authenticator App or cellphone const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: otpCode}); break; case 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED': const { missingAttributes } = nextStep; const userAttributes = { ... }; const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: 'newPassword', options: { userAttributes } }); break; case 'DONE': break; } }
1import {
2 confirmSignIn,
3 signIn
4} from 'aws-amplify/auth';
5
6const handleSignIn = async ({
7 username,
8 password
9}) => {
10 const {
11 isSignedIn,
12 nextStep
13 } = await signIn({ username, password });
14
15 switch (nextStep.signInStep) {
16 case 'CONFIRM_SIGN_IN_WITH_TOTP_CODE':
17 case 'CONFIRM_SIGN_IN_WITH_SMS_CODE':
18 // nextStep will contain codeDeliveryDetails when step is CONFIRM_SIGN_IN_WITH_SMS_CODE
19 const {
20 isSignedIn,
21 nextStep
22 } = await confirmSignIn({ challengeResponse: 'code' });
23 break;
24 case 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE':
25 const { additionalInfo } = nextStep;
26 const {
27 isSignedIn,
28 nextStep
29 } = await confirmSignIn({ challengeResponse: 'answer' });
30 break;
31 case 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP':
32 // Note that calling setupTOTP is unnecessary in this scenario
33 // totpSetupDetails are already returned with nextStep
34 const { totpSetupDetails } = nextStep;
35 const appName = 'my_app_name';
36 const setupUri = totpSetupDetails.getSetupUri(appName);
37 // Open setupUri with an authenticator APP to retrieve an OTP code
38 // Retrieve code from authenticator App
39 const {
40 isSignedIn,
41 nextStep
42 } = await confirmSignIn({ challengeResponse: 'code' });
43 break;
44 case 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION':
45 const mfaType = 'SMS' // or TOTP
46 const {
47 isSignedIn,
48 nextStep
49 } = await confirmSignIn({ challengeResponse: mfaType});
50
51 // if confirmSignIn was called with 'SMS', then the next
52 // step will be 'CONFIRM_SIGN_IN_WITH_SMS_CODE'.
53 // However if 'TOTP' was used as input then 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'
54 // will be returned.
55
56 const otpCode = '123456' // code retrieved from authenticator App or cellphone
57 const {
58 isSignedIn,
59 nextStep
60 } = await confirmSignIn({ challengeResponse: otpCode});
61 break;
62 case 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED':
63 const { missingAttributes } = nextStep;
64 const userAttributes = { ... };
65
66 const {
67 isSignedIn,
68 nextStep
69 } = await confirmSignIn({
70 challengeResponse: 'newPassword',
71 options: {
72 userAttributes
73 }
74 });
75 break;
76 case 'DONE':
77 break;
78 }
79}
import { Auth } from 'aws-amplify'; const handleSignIn = async ({ username, password, validationData }) => { const user = await Auth.signIn({ username, password }); if (user.challengeName) { switch(user.challengeName) { case 'SMS_MFA': case 'SOFTWARE_TOKEN': const confirmedUser = await Auth.confirmSignIn( user, 'code', user.challengeName ); break; case 'CUSTOM_CHALLENGE': const confirmedUser = await Auth.confirmSignIn( user, 'answer', user.challengeName ); break; case 'MFA_SETUP': const secretCode = await Auth.setupTOTP(user); // Proceed to Auth.confirmSignIn break; case 'SELECT_MFA_TYPE': const mfaType = 'SMS_MFA' // or 'SOFTWARE_TOKEN_MFA' // user returned from signIn user.sendMFASelectionAnswer(mfaType, { onFailure: (err) => { console.log(err); }, mfaRequired: (challengeName, parameters) => { // call confirmSignIn with the OTP code sent to your cellphone }, totpRequired: (challengeName, parameters) => { // call confirmSignIn with the OTP code retrieved from your authenticator App } }); break; case 'NEW_PASSWORD_REQUIRED': const { userAttributes, requiredAttributes } = user.challengeParams; const attributes = { ... }; const confirmedUser = await Auth.completeNewPassword( user, 'newPassword', attributes ); break; } } }
1import { Auth } from 'aws-amplify';
2
3const handleSignIn = async ({
4 username,
5 password,
6 validationData
7}) => {
8 const user = await Auth.signIn({
9 username,
10 password
11 });
12
13 if (user.challengeName) {
14 switch(user.challengeName) {
15 case 'SMS_MFA':
16 case 'SOFTWARE_TOKEN':
17 const confirmedUser = await Auth.confirmSignIn(
18 user,
19 'code',
20 user.challengeName
21 );
22 break;
23 case 'CUSTOM_CHALLENGE':
24 const confirmedUser = await Auth.confirmSignIn(
25 user,
26 'answer',
27 user.challengeName
28 );
29 break;
30 case 'MFA_SETUP':
31 const secretCode = await Auth.setupTOTP(user);
32 // Proceed to Auth.confirmSignIn
33 break;
34 case 'SELECT_MFA_TYPE':
35 const mfaType = 'SMS_MFA' // or 'SOFTWARE_TOKEN_MFA'
36 // user returned from signIn
37 user.sendMFASelectionAnswer(mfaType, {
38 onFailure: (err) => {
39 console.log(err);
40 },
41 mfaRequired: (challengeName, parameters) => {
42 // call confirmSignIn with the OTP code sent to your cellphone
43 },
44 totpRequired: (challengeName, parameters) => {
45 // call confirmSignIn with the OTP code retrieved from your authenticator App
46 }
47 });
48 break;
49 case 'NEW_PASSWORD_REQUIRED':
50 const {
51 userAttributes,
52 requiredAttributes
53 } = user.challengeParams;
54 const attributes = { ... };
55
56 const confirmedUser = await Auth.completeNewPassword(
57 user,
58 'newPassword',
59 attributes
60 );
61 break;
62 }
63 }
64}

Legacy

In the past, we've supported the ability to pass in username, password as positional parameters instead of as named input parameters for Auth.signIn for backwards compatibility with older versions of Amplify JavaScript. The following guide shows you how to migrate from that legacy call pattern for Auth.signIn:

import { signIn } from 'aws-amplify/auth'; const username = 'username'; const password = 'password'; const handleSignIn = async ({ username, password }) => { const { isSignedIn, nextStep } = await signIn({ username, password }); }
1import { signIn } from 'aws-amplify/auth';
2
3const username = 'username';
4const password = 'password';
5
6const handleSignIn = async ({
7 username,
8 password
9}) => {
10 const {
11 isSignedIn,
12 nextStep
13 } = await signIn({ username, password });
14}
import { Auth } from 'aws-amplify'; const handleSignIn = async ({ username, password }) => { const user = await Auth.resendSignUp( username, password ); }
1import { Auth } from 'aws-amplify';
2
3const handleSignIn = async ({
4 username,
5 password
6}) => {
7 const user = await Auth.resendSignUp(
8 username,
9 password
10 );
11}

Auth.federatedSignIn

Auth.federatedSignIn has become signInWithRedirect in v6, but is otherwise similar. The provider property accepts specific strings instead of an enum and also includes an option to send in a custom provider if you would like to use a provider not in the default list. For this use case you would pass an object containing the prop custom to provider instead of one of the predefined strings.

The usage of federatedSignIn with Identity Pools is deprecated. If you are using an Identity Pool for authentication, please follow this guide.
Input

V5

// Standard options?: FederatedSignInOptions { provider: { // enum Cognito = 'COGNITO', Google = 'Google', Facebook = 'Facebook', Amazon = 'LoginWithAmazon', Apple = 'SignInWithApple', }; customState?: string; } // Custom Provider options?: FederatedSignInOptionsCustom { customProvider: string; customState?: string; } // Legacy provider: | 'google' | 'facebook' | 'amazon' | 'developer' | string response: FederatedResponse { token: string; identity_id?: string; expires_at: number; } user: FederatedUser { name: string; email?: string; picture?: string; }
1// Standard
2options?: FederatedSignInOptions {
3 provider: { // enum
4 Cognito = 'COGNITO',
5 Google = 'Google',
6 Facebook = 'Facebook',
7 Amazon = 'LoginWithAmazon',
8 Apple = 'SignInWithApple',
9 };
10 customState?: string;
11}
12
13// Custom Provider
14options?: FederatedSignInOptionsCustom {
15 customProvider: string;
16 customState?: string;
17}
18
19// Legacy
20provider:
21 | 'google'
22 | 'facebook'
23 | 'amazon'
24 | 'developer'
25 | string
26response: FederatedResponse {
27 token: string;
28 identity_id?: string;
29 expires_at: number;
30}
31user: FederatedUser {
32 name: string;
33 email?: string;
34 picture?: string;
35}

V6

input?: SignInWithRedirectInput { provider?: | 'Amazon' | 'Apple' | 'Facebook' | 'Google' | { custom: string; }; customState?: string; options?: { preferPrivateSession?: boolean; }; }
1input?: SignInWithRedirectInput {
2 provider?:
3 | 'Amazon'
4 | 'Apple'
5 | 'Facebook'
6 | 'Google'
7 | { custom: string; };
8 customState?: string;
9 options?: {
10 preferPrivateSession?: boolean;
11 };
12}
Output

V5

// Only returns when FederatedResponse from Identity Pools is provided ICredentials { accessKeyId: string; sessionToken: string; secretAccessKey: string; identityId: string; authenticated: boolean; expiration?: Date; }
1// Only returns when FederatedResponse from Identity Pools is provided
2ICredentials {
3 accessKeyId: string;
4 sessionToken: string;
5 secretAccessKey: string;
6 identityId: string;
7 authenticated: boolean;
8 expiration?: Date;
9}

V6

No output in v6

import { fetchAuthSession, signInWithRedirect } from 'aws-amplify/auth'; const handleSocialSignIn = async () => { await signInWithRedirect({ provider: 'Google' }); }
1import {
2 fetchAuthSession,
3 signInWithRedirect
4} from 'aws-amplify/auth';
5
6const handleSocialSignIn = async () => {
7 await signInWithRedirect({
8 provider: 'Google'
9 });
10}
import { Auth } from 'aws-amplify'; const handleSocialSignIn = async () => { await Auth.federatedSignIn({ provider: CognitoHostedUIIdentityProvider.Google }); }
1import { Auth } from 'aws-amplify';
2
3const handleSocialSignIn = async () => {
4 await Auth.federatedSignIn({
5 provider: CognitoHostedUIIdentityProvider.Google
6 });
7}

Custom Provider

import { signInWithRedirect } from 'aws-amplify/auth'; const handleSocialSignIn = () => { signInWithRedirect({ provider: { custom: 'SocialProvider' } }); }
1import { signInWithRedirect } from 'aws-amplify/auth';
2
3const handleSocialSignIn = () => {
4 signInWithRedirect({
5 provider: {
6 custom: 'SocialProvider'
7 }
8 });
9}
import { Auth } from 'aws-amplify'; const handleSocialSignIn = () => { Auth.federatedSignIn({ customProvider: 'SocialProvider' }); }
1import { Auth } from 'aws-amplify';
2
3const handleSocialSignIn = () => {
4 Auth.federatedSignIn({
5 customProvider: 'SocialProvider'
6 });
7}

Defaults

import { signInWithRedirect } from 'aws-amplify/auth'; const handleSocialSignIn = () => { signInWithRedirect(); }
1import { signInWithRedirect } from 'aws-amplify/auth';
2
3const handleSocialSignIn = () => {
4 signInWithRedirect();
5}
import { Auth } from 'aws-amplify'; const handleSocialSignIn = () => { Auth.federatedSignIn(); }
1import { Auth } from 'aws-amplify';
2
3const handleSocialSignIn = () => {
4 Auth.federatedSignIn();
5}

Identity Pools - DEPRECATED

signInWithRedirect does not allow you to pass a pre-authorized user and tokens for Amplify to consume. Follow this guide as an example of how to accomplish this in v6.

Auth.confirmSignIn

In v6, confirmSignIn is now used not only for MFA confirmation, but also in place of Auth.completeNewPassword and Auth.sendCustomChallengeAnswer. The input no longer includes mfaType and code separately, but rather contains challengeAnswer, which will allow you to pass the required information (including MFA type or a new password) as a value. See the Auth.signIn: Confirmation Required example for a detailed example of the new signIn flow.

Another major difference is that CognitoUser is no longer required as an input parameter or returned from confirmSignIn. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Also notice that challengeName and challengeParam (returned in v5 as additional properties on the CognitoUser) are replaced in the output object by the nextStep property. nextStep includes signInStep and possibly additional props depending on the step.

Input

V5

user: CognitoUser code: string mfaType?: 'SMS_MFA' | 'SOFTWARE_TOKEN_MFA' | null clientMetadata?: ClientMetaData { [key: string]: string; }
1user: CognitoUser
2code: string
3mfaType?: 'SMS_MFA' | 'SOFTWARE_TOKEN_MFA' | null
4clientMetadata?: ClientMetaData {
5 [key: string]: string;
6}

V6

input: ConfirmSignInInput { challengeResponse: string; options?: { userAttributes?: AuthUserAttributes; clientMetadata?: ClientMetaData { [key: string]: string; } friendlyDeviceName?: string; }; }
1input: ConfirmSignInInput {
2 challengeResponse: string;
3 options?: {
4 userAttributes?: AuthUserAttributes;
5 clientMetadata?: ClientMetaData {
6 [key: string]: string;
7 }
8 friendlyDeviceName?: string;
9 };
10}
Output

V5

CognitoUser { challengeName?: string; challengeParam?: string; username: string; signInUserSession: { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; } | null; authenticationFlowType: string; }
1CognitoUser {
2 challengeName?: string;
3 challengeParam?: string;
4 username: string;
5 signInUserSession: {
6 idToken: string;
7 refreshToken: string;
8 accessToken: string;
9 clockDrift: number;
10 } | null;
11 authenticationFlowType: string;
12}

V6

ConfirmSignInOutput { isSignedIn: boolean; nextStep: { signInStep: { | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION' | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP' | 'CONFIRM_SIGN_IN_WITH_SMS_CODE' | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE' | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE' | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED' | 'CONFIRM_SIGN_UP' | 'RESET_PASSWORD' | 'DONE'; }, // May include additional props depending on the step } }
1ConfirmSignInOutput {
2 isSignedIn: boolean;
3 nextStep: {
4 signInStep: {
5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'
6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'
7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'
8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'
9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'
10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'
11 | 'CONFIRM_SIGN_UP'
12 | 'RESET_PASSWORD'
13 | 'DONE';
14 },
15 // May include additional props depending on the step
16 }
17}
import { confirmSignIn } from 'aws-amplify/auth'; const handleConfirmSignIn = async ({ challengeResponse }) => { const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse }); }
1import { confirmSignIn } from 'aws-amplify/auth';
2
3const handleConfirmSignIn = async ({ challengeResponse }) => {
4 const {
5 isSignedIn,
6 nextStep
7 } = await confirmSignIn({ challengeResponse });
8}
import { Auth } from 'aws-amplify'; const handleConfirmSignIn = async ({ user, code, mfaType }) => { const user = await Auth.confirmSignIn( user, code, mfaType ); }
1import { Auth } from 'aws-amplify';
2
3const handleConfirmSignIn = async ({
4 user,
5 code,
6 mfaType
7}) => {
8 const user = await Auth.confirmSignIn(
9 user,
10 code,
11 mfaType
12 );
13}

Auth.setupTOTP

There is now no input for setupTOTP in v6. All Auth API’s in v6 use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

The output is no longer just a string representing the secret code, but an object with a property called sharedSecret and the method getSetupUri that builds and returns the setup uri needed for TOTP authentication based on that secret.

Input

V5

user: CognitoUser
1user: CognitoUser

V6

No input in v6

Output

V5

string // secretCode
1string // secretCode

V6

SetUpTOTPOutput { sharedSecret: string; getSetupUri: (appName: string, accountName?: string | undefined) => URL; }
1SetUpTOTPOutput {
2 sharedSecret: string;
3 getSetupUri: (appName: string, accountName?: string | undefined) => URL;
4}
import { setUpTOTP } from 'aws-amplify/auth'; const handleSetupTOTP = async () => { const output = await setUpTOTP(); const secretCode = output.sharedSecret; const setupUri = output.getSetupUri('sample-app'); }
1import { setUpTOTP } from 'aws-amplify/auth';
2
3const handleSetupTOTP = async () => {
4 const output = await setUpTOTP();
5 const secretCode = output.sharedSecret;
6 const setupUri = output.getSetupUri('sample-app');
7}
import { Auth } from 'aws-amplify'; const handleSetupTOTP = async ({ user }) => { const secretCode = await Auth.setupTOTP(user); const setupUri = `otpauth://totp/AWSCognito:${user}?secret=${secretCode}&issuer=sample-app`; }
1import { Auth } from 'aws-amplify';
2
3const handleSetupTOTP = async ({ user }) => {
4 const secretCode = await Auth.setupTOTP(user);
5 const setupUri = `otpauth://totp/AWSCognito:${user}?secret=${secretCode}&issuer=sample-app`;
6}

Auth.verifyTotpToken

In v6, Auth.verifyTotpToken has become verifyTOTPSetup, and the input has changed: you no longer need to send in a CognitoUser and the challengeAnswer parameter has become the code property in the input object. The method also no longer returns a CognitoSession: see Auth.currentSession for details on how you would retrieve the current session details returned in v5.

Input

V5

user: CognitoUser challengeAnswer: string
1user: CognitoUser
2challengeAnswer: string

V6

input: VerifyTOTPSetupInput { code: string; options?: { friendlyDeviceName?: string; } }
1input: VerifyTOTPSetupInput {
2 code: string;
3 options?: {
4 friendlyDeviceName?: string;
5 }
6}
Output

V5

CognitoUserSession { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; }
1CognitoUserSession {
2 idToken: string;
3 refreshToken: string;
4 accessToken: string;
5 clockDrift: number;
6}

V6

No output in v6

import { verifyTOTPSetup } from 'aws-amplify/auth'; const handleVerifyTOTP = async ({ code }) => { await verifyTOTPSetup({ code , options }); }
1import { verifyTOTPSetup } from 'aws-amplify/auth';
2
3const handleVerifyTOTP = async ({ code }) => {
4 await verifyTOTPSetup({ code , options });
5}
import { Auth } from 'aws-amplify'; const handleVerifyTOTP = async ({ user, code }) => { const userSession = await Auth.verifyTotpToken(user, code); }
1import { Auth } from 'aws-amplify';
2
3const handleVerifyTOTP = async ({ user, code }) => {
4 const userSession = await Auth.verifyTotpToken(user, code);
5}

Auth.completeNewPassword (DEPRECATED)

This API has been deprecated: existing use cases can be migrated to the confirmSignIn API, which returns an object with nextStep instead of a CognitoUser with challengeName and challengeParam. For a comprehensive example on the full v6 signIn flow and how to respond to each nextStep value, see the Auth.signIn Confirmation Required example.

Input

V5

user: CognitoUser password: string requiredAttributes?: any clientMetadata?: ClientMetaData { [key: string]: string; }
1user: CognitoUser
2password: string
3requiredAttributes?: any
4clientMetadata?: ClientMetaData {
5 [key: string]: string;
6}

V6

input: ConfirmSignInInput { challengeResponse: string; options?: { userAttributes?: AuthUserAttributes; clientMetadata?: ClientMetaData { [key: string]: string; } friendlyDeviceName?: string; }; }
1input: ConfirmSignInInput {
2 challengeResponse: string;
3 options?: {
4 userAttributes?: AuthUserAttributes;
5 clientMetadata?: ClientMetaData {
6 [key: string]: string;
7 }
8 friendlyDeviceName?: string;
9 };
10}
Output

V5

CognitoUser { challengeName?: string; challengeParam?: string; username: string; signInUserSession: { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; } | null; authenticationFlowType: string; }
1CognitoUser {
2 challengeName?: string;
3 challengeParam?: string;
4 username: string;
5 signInUserSession: {
6 idToken: string;
7 refreshToken: string;
8 accessToken: string;
9 clockDrift: number;
10 } | null;
11 authenticationFlowType: string;
12}

V6

ConfirmSignInOutput { isSignedIn: boolean; nextStep: { // See Auth.signIn Example 2 for more details on nextStep types signInStep: { | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION' | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP' | 'CONFIRM_SIGN_IN_WITH_SMS_CODE' | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE' | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE' | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED' | 'CONFIRM_SIGN_UP' | 'RESET_PASSWORD' | 'DONE'; }, // May include additional props depending on the step } }
1ConfirmSignInOutput {
2 isSignedIn: boolean;
3 nextStep: { // See Auth.signIn Example 2 for more details on nextStep types
4 signInStep: {
5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'
6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'
7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'
8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'
9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'
10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'
11 | 'CONFIRM_SIGN_UP'
12 | 'RESET_PASSWORD'
13 | 'DONE';
14 },
15 // May include additional props depending on the step
16 }
17}
import { confirmSignIn } from 'aws-amplify/auth'; const handleUpdatePassword = async ({ newPassword }) => { const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse: newPassword }); }
1import { confirmSignIn } from 'aws-amplify/auth';
2
3const handleUpdatePassword = async ({ newPassword }) => {
4 const {
5 isSignedIn,
6 nextStep
7 } = await confirmSignIn({ challengeResponse: newPassword });
8}
import { Auth } from 'aws-amplify'; const handleUpdatePassword = async ({ user, newPassword, attributes }) => { const user = await Auth.completeNewPassword( user, newPassword, attributes ); }
1import { Auth } from 'aws-amplify';
2
3const handleUpdatePassword = async ({
4 user,
5 newPassword,
6 attributes
7}) => {
8 const user = await Auth.completeNewPassword(
9 user,
10 newPassword,
11 attributes
12 );
13}

Auth.sendCustomChallengeAnswer (DEPRECATED)

This API has been deprecated: existing use cases can be migrated to the confirmSignIn API, which returns an object with nextStep instead of a CognitoUser with challengeName and challengeParam. For a comprehensive example on the full v6 signIn flow and how to respond to each nextStep value, see the Auth.signIn Confirmation Required example.

Input

V5

user: CognitoUser challengeResponses: string clientMetadata?: ClientMetaData { [key: string]: string; }
1user: CognitoUser
2challengeResponses: string
3clientMetadata?: ClientMetaData {
4 [key: string]: string;
5}

V6

input: ConfirmSignInInput { challengeResponse: string; options?: { userAttributes?: AuthUserAttributes; clientMetadata?: ClientMetaData { [key: string]: string; } friendlyDeviceName?: string; }; }
1input: ConfirmSignInInput {
2 challengeResponse: string;
3 options?: {
4 userAttributes?: AuthUserAttributes;
5 clientMetadata?: ClientMetaData {
6 [key: string]: string;
7 }
8 friendlyDeviceName?: string;
9 };
10}
Output

V5

CognitoUser { challengeName?: string; challengeParam?: string; username: string; signInUserSession: { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; } | null; authenticationFlowType: string; }
1CognitoUser {
2 challengeName?: string;
3 challengeParam?: string;
4 username: string;
5 signInUserSession: {
6 idToken: string;
7 refreshToken: string;
8 accessToken: string;
9 clockDrift: number;
10 } | null;
11 authenticationFlowType: string;
12}

V6

ConfirmSignInOutput { isSignedIn: boolean; nextStep: { // See Auth.signIn Example 2 for more details on nextStep types signInStep: { | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION' | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP' | 'CONFIRM_SIGN_IN_WITH_SMS_CODE' | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE' | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE' | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED' | 'CONFIRM_SIGN_UP' | 'RESET_PASSWORD' | 'DONE'; }, // May include additional props depending on the step } }
1ConfirmSignInOutput {
2 isSignedIn: boolean;
3 nextStep: { // See Auth.signIn Example 2 for more details on nextStep types
4 signInStep: {
5 | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'
6 | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'
7 | 'CONFIRM_SIGN_IN_WITH_SMS_CODE'
8 | 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'
9 | 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE'
10 | 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'
11 | 'CONFIRM_SIGN_UP'
12 | 'RESET_PASSWORD'
13 | 'DONE';
14 },
15 // May include additional props depending on the step
16 }
17}
import { confirmSignIn } from 'aws-amplify/auth'; const handleConfirmSignIn = async ({ challengeResponse }) => { const { isSignedIn, nextStep } = await confirmSignIn({ challengeResponse }); }
1import { confirmSignIn } from 'aws-amplify/auth';
2
3const handleConfirmSignIn = async ({ challengeResponse }) => {
4 const {
5 isSignedIn,
6 nextStep
7 } = await confirmSignIn({ challengeResponse });
8}
import { Auth } from 'aws-amplify'; const handleConfirmSignIn = async ({ user, code }) => { const user = await Auth.confirmSignIn( user, code ); }
1import { Auth } from 'aws-amplify';
2
3const handleConfirmSignIn = async ({
4 user,
5 code
6}) => {
7 const user = await Auth.confirmSignIn(
8 user,
9 code
10 );
11}

Auth.getPreferredMFA

In v6, Auth.getPreferredMFA has become the fetchMFAPreference API. This API no longer accepts a CognitoUser: all Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required. There is also no longer a bypassCache option in v6, as fetchMFAPreference will always make a call to the server.

The return value in v6 is no longer just a string, but is now an object containing an enabled array and a preferred string.

Cognito can have multiple enabled MFA options: as of now, it only supports TOTP and SMS. An MFA option is considered to be enabled when it was previously setup. For instance, the TOTP set up can be done during the sign-in process when the signIn API returns the CONTINUE_SIGN_IN_WITH_TOTP_SETUP step. It can also be set up when the user is authenticated by calling setupTOTP and verifyTOTPSetup.

In addition, Cognito only allows 1 option to be preferred. This can be achieved by calling the updateMFAPreference API.

Input

V5

user: CognitoUser params?: GetPreferredMFAOpts { bypassCache: boolean; }
1user: CognitoUser
2params?: GetPreferredMFAOpts {
3 bypassCache: boolean;
4}

V6

No input in v6

Output

V5

'SMS' | 'TOTP'
1'SMS' | 'TOTP'

V6

FetchMFAPreferenceOutput: { enabled?: ('SMS' | 'TOTP')[]; preferred?: 'SMS' | 'TOTP'; }
1FetchMFAPreferenceOutput: {
2 enabled?: ('SMS' | 'TOTP')[];
3 preferred?: 'SMS' | 'TOTP';
4}
import { fetchMFAPreference } from 'aws-amplify/auth'; const getPreferredMFA = async () => { const { preferred } = await fetchMFAPreference(); return preferred; }
1import { fetchMFAPreference } from 'aws-amplify/auth';
2
3const getPreferredMFA = async () => {
4 const { preferred } = await fetchMFAPreference();
5 return preferred;
6}
import { Auth } from 'aws-amplify'; const getPreferredMFA = async ({ user }) => { const preferredMFA = await Auth.getPreferredMFA(user); return preferredMFA; }
1import { Auth } from 'aws-amplify';
2
3const getPreferredMFA = async ({ user }) => {
4 const preferredMFA = await Auth.getPreferredMFA(user);
5 return preferredMFA;
6}

Auth.setPreferredMFA

In v6, Auth.setPreferredMFA has been replaced by updateMFAPreference, which can also be used to enable and disable MFA methods. This method accepts an object with the properties sms and mfa, each of which can be set to ENABLED, DISABLED, PREFERRED, and NOT_PREFERRED.

Input

V5

user: CognitoUser mfaMethod: | 'TOTP' | 'SMS' | 'NOMFA' | 'SMS_MFA' | 'SOFTWARE_TOKEN_MFA'
1user: CognitoUser
2mfaMethod:
3 | 'TOTP'
4 | 'SMS'
5 | 'NOMFA'
6 | 'SMS_MFA'
7 | 'SOFTWARE_TOKEN_MFA'

V6

input: UpdateMFAPreferenceInput { sms?: | 'ENABLED' | 'DISABLED' | 'PREFERRED' | 'NOT_PREFERRED' mfa?: | 'ENABLED' | 'DISABLED' | 'PREFERRED' | 'NOT_PREFERRED' }
1input: UpdateMFAPreferenceInput {
2 sms?:
3 | 'ENABLED'
4 | 'DISABLED'
5 | 'PREFERRED'
6 | 'NOT_PREFERRED'
7 mfa?:
8 | 'ENABLED'
9 | 'DISABLED'
10 | 'PREFERRED'
11 | 'NOT_PREFERRED'
12}
Output

V5

'No change for mfa type' | 'SUCCESS'
1'No change for mfa type' | 'SUCCESS'

V6

No output in v6

import { updateMFAPreference } from 'aws-amplify/auth'; const handleSetPreferredMFA = async () => { await updateMFAPreference({ totp: 'PREFERRED' }); }
1import { updateMFAPreference } from 'aws-amplify/auth';
2
3const handleSetPreferredMFA = async () => {
4 await updateMFAPreference({ totp: 'PREFERRED' });
5}
import { Auth } from 'aws-amplify'; const handleSetPreferredMFA = async ({ user }) => { await Auth.setPreferredMFA(user, 'TOTP'); }
1import { Auth } from 'aws-amplify';
2
3const handleSetPreferredMFA = async ({ user }) => {
4 await Auth.setPreferredMFA(user, 'TOTP');
5}

Auth.getMFAOptions (DEPRECATED)

This API has been deprecated and results apply only to SMS MFA configurations: existing use cases can be migrated to fetchMFAPreference (see Auth.getPreferredMFA), which will apply to both SMS and TOTP configurations.

Input

V5

user: CognitoUser
1user: CognitoUser

V6

No input in v6

Output

V5

MFAOption[]: { DeliveryMedium: 'SMS' | ~~'EMAIL'~~; AttributeName: string; }[]
1MFAOption[]: {
2 DeliveryMedium: 'SMS' | ~~'EMAIL'~~;
3 AttributeName: string;
4}[]

V6

FetchMFAPreferenceOutput: { enabled?: ('SMS' | 'TOTP')[]; preferred?: 'SMS' | 'TOTP'; }
1FetchMFAPreferenceOutput: {
2 enabled?: ('SMS' | 'TOTP')[];
3 preferred?: 'SMS' | 'TOTP';
4}
import { fetchMFAPreference } from 'aws-amplify/auth'; const getEnabledMFAOptions = async () => { const { enabled } = await fetchMFAPreference(); return enabled; }
1import { fetchMFAPreference } from 'aws-amplify/auth';
2
3const getEnabledMFAOptions = async () => {
4 const { enabled } = await fetchMFAPreference();
5 return enabled;
6}
import { Auth } from 'aws-amplify'; const getEnabledMFAOptions = async ({ user }) => { const mfaOptions = await Auth.getMFAOptions(user); const enabled: string[] = []; for(let option of mfaOptions) { enabled.push(option.DeliverMedium); } return enabled; }
1import { Auth } from 'aws-amplify';
2
3const getEnabledMFAOptions = async ({ user }) => {
4 const mfaOptions = await Auth.getMFAOptions(user);
5 const enabled: string[] = [];
6 for(let option of mfaOptions) {
7 enabled.push(option.DeliverMedium);
8 }
9 return enabled;
10}

Auth.signOut

The signOut API has not changed from v5 to v6 other than that it is now a functional API.

Input

V5

opts?: SignOutOpts { global?: boolean; }
1opts?: SignOutOpts {
2 global?: boolean;
3}

V6

input?: SignOutInput { global: boolean; }
1input?: SignOutInput {
2 global: boolean;
3}
import { signOut } from 'aws-amplify/auth'; const handleSignOut = async () => { await signOut(); }
1import { signOut } from 'aws-amplify/auth';
2
3const handleSignOut = async () => {
4 await signOut();
5}
import { Auth } from 'aws-amplify'; const handleSignOut = async () => { await Auth.signOut(); }
1import { Auth } from 'aws-amplify';
2
3const handleSignOut = async () => {
4 await Auth.signOut();
5}

Auth.changePassword

The Auth.changePassword API has become updatePassword in v6. It now accepts named parameters as input instead of positional parameters. The input is now an object containing oldPassword and newPassword.

CognitoUser is not required input for updatePassword. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Input

V5

user: CognitoUser oldPassword: string newPassword: string clientMetadata?: ClientMetaData { [key: string]: string }
1user: CognitoUser
2oldPassword: string
3newPassword: string
4clientMetadata?: ClientMetaData {
5 [key: string]: string
6}

V6

input: UpdatePasswordInput { oldPassword: string; newPassword: string; }
1input: UpdatePasswordInput {
2 oldPassword: string;
3 newPassword: string;
4}
Output

V5

'SUCCESS'
1'SUCCESS'

V6

No output in v6

import { updatePassword } from 'aws-amplify/auth'; const handleChangePassword = async ({ oldPassword, newPassword }) => { await updatePassword({ oldPassword, newPassword }); }
1import { updatePassword } from 'aws-amplify/auth';
2
3const handleChangePassword = async ({
4 oldPassword,
5 newPassword
6}) => {
7 await updatePassword({
8 oldPassword,
9 newPassword
10 });
11}
import { Auth } from 'aws-amplify'; const handleChangePassword = async ({ user, oldPassword, newPassword }) => { await Auth.changePassword( user, oldPassword, newPassword ); }
1import { Auth } from 'aws-amplify';
2
3const handleChangePassword = async ({
4 user,
5 oldPassword,
6 newPassword
7}) => {
8 await Auth.changePassword(
9 user,
10 oldPassword,
11 newPassword
12 );
13}

Auth.forgotPassword

In v6, the Auth.forgotPassword API has become resetPassword. It uses named parameters instead of positional, so the input will now be an object with username and options (clientMetadata can be passed in options if needed).

Input

V5

username: string clientMetadata?: ClientMetaData { [key: string]: string; }
1username: string
2clientMetadata?: ClientMetaData {
3 [key: string]: string;
4}

V6

input: ResetPasswordInput { username: string; options?: { clientMetadata?: { [key: string]: string; }; }; }
1input: ResetPasswordInput {
2 username: string;
3 options?: {
4 clientMetadata?: {
5 [key: string]: string;
6 };
7 };
8}
Output

V5

{ CodeDeliveryDetails: { AttributeName: string; DeliveryMedium: string; Destination: string; } }
1{
2 CodeDeliveryDetails: {
3 AttributeName: string;
4 DeliveryMedium: string;
5 Destination: string;
6 }
7}

V6

ResetPasswordOutput { isPasswordReset: boolean; nextStep: { resetPasswordStep: | 'CONFIRM_RESET_PASSWORD_WITH_CODE' | 'DONE'; additionalInfo?: { [key: string]: string; }; codeDeliveryDetails: { destination?: string; deliveryMedium?: | 'EMAIL' | 'SMS' | 'PHONE' | 'UNKNOWN'; attributeName?: 'email' | 'phone_number'; }; }; }
1ResetPasswordOutput {
2 isPasswordReset: boolean;
3 nextStep: {
4 resetPasswordStep:
5 | 'CONFIRM_RESET_PASSWORD_WITH_CODE'
6 | 'DONE';
7 additionalInfo?: {
8 [key: string]: string;
9 };
10 codeDeliveryDetails: {
11 destination?: string;
12 deliveryMedium?:
13 | 'EMAIL'
14 | 'SMS'
15 | 'PHONE'
16 | 'UNKNOWN';
17 attributeName?: 'email' | 'phone_number';
18 };
19 };
20}
import { resetPassword } from 'aws-amplify/auth'; const handleResetPassword = async ({ username, clientMetadata }) => { const result = await resetPassword({ username, options: { clientMetadata } }); const { attributeName, deliveryMedium, destination } = result.nextStep.codeDeliveryDetails; }
1import { resetPassword } from 'aws-amplify/auth';
2
3const handleResetPassword = async ({
4 username,
5 clientMetadata
6}) => {
7 const result = await resetPassword({
8 username,
9 options: {
10 clientMetadata
11 }
12 });
13 const {
14 attributeName,
15 deliveryMedium,
16 destination
17 } = result.nextStep.codeDeliveryDetails;
18}
import { Auth } from 'aws-amplify'; const handleResetPassword = async ({ username, clientMetadata }) => { const result = await Auth.forgotPassword( username, clientMetadata ); const { AttributeName, DeliveryMedium, Destination } = result.CodeDeliveryDetails; }
1import { Auth } from 'aws-amplify';
2
3const handleResetPassword = async ({
4 username,
5 clientMetadata
6}) => {
7 const result = await Auth.forgotPassword(
8 username,
9 clientMetadata
10 );
11
12 const {
13 AttributeName,
14 DeliveryMedium,
15 Destination
16 } = result.CodeDeliveryDetails;
17}

Auth.forgotPasswordSubmit

Auth.forgotPasswordSubmit has become confirmResetPassword and takes named parameters instead of positional parameters. The expected input is now an object containing username, newPassword, confirmationCode, and options. If needed, customMetadata can be sent through the options property.

Input

V5

username: string code: string password: string clientMetadata?: ClientMetaData { [key: string]: string; };
1username: string
2code: string
3password: string
4clientMetadata?: ClientMetaData {
5 [key: string]: string;
6};

V6

input: ConfirmResetPasswordInput { username: string; newPassword: string; confirmationCode: string; options?: { clientMetadata?: { [key: string]: string; }; }; }
1input: ConfirmResetPasswordInput {
2 username: string;
3 newPassword: string;
4 confirmationCode: string;
5 options?: {
6 clientMetadata?: {
7 [key: string]: string;
8 };
9 };
10}
Output

V5

'SUCCESS'
1'SUCCESS'

V6

No output in v6

import { confirmResetPassword } from 'aws-amplify/auth'; const handleConfirmResetPassword = async ({ username, newPassword, confirmationCode, clientMetadata }) => { await confirmResetPassword: ({ username, newPassword, confirmationCode, options: { clientMetadata } }); }
1import { confirmResetPassword } from 'aws-amplify/auth';
2
3const handleConfirmResetPassword = async ({
4 username,
5 newPassword,
6 confirmationCode,
7 clientMetadata
8}) => {
9 await confirmResetPassword: ({
10 username,
11 newPassword,
12 confirmationCode,
13 options: {
14 clientMetadata
15 }
16 });
17}
import { Auth } from 'aws-amplify'; const handleConfirmResetPassword = async ({ username, newPassword, confirmationCode, clientMetadata }) => { await Auth.forgotPasswordSubmit( username, confirmationCode, newPassword, clientMetadata ); }
1import { Auth } from 'aws-amplify';
2
3const handleConfirmResetPassword = async ({
4 username,
5 newPassword,
6 confirmationCode,
7 clientMetadata
8}) => {
9 await Auth.forgotPasswordSubmit(
10 username,
11 confirmationCode,
12 newPassword,
13 clientMetadata
14 );
15}

Auth.deleteUser

The deleteUser API has not changed from v5 to v6 other than that it is now a functional API.

import { deleteUser } from 'aws-amplify/auth'; const handleDeleteAttributes = async ({ attributes }) => { await deleteUser(); }
1import { deleteUser } from 'aws-amplify/auth';
2
3const handleDeleteAttributes = async ({ attributes }) => {
4 await deleteUser();
5}
import { Auth } from 'aws-amplify'; const handleDeleteUser = async () => { await Auth.deleteUser(); }
1import { Auth } from 'aws-amplify';
2
3const handleDeleteUser = async () => {
4 await Auth.deleteUser();
5}

Auth.currentAuthenticatedUser (DEPRECATED)

This API has been deprecated: existing use cases can be migrated to a combination of the getCurrentUser and fetchAuthSession API's.

Also note that we no longer return refreshToken or clockDrift with the AuthSession. These values are used under the hood to refresh/validate the user session.

Input

V5

params?: CurrentUserOpts { bypassCache: boolean; }
1params?: CurrentUserOpts {
2 bypassCache: boolean;
3}

V6

// fetchAuthSession options?: FetchAuthSessionOptions { forceRefresh?: boolean; }
1// fetchAuthSession
2options?: FetchAuthSessionOptions {
3 forceRefresh?: boolean;
4}
Output

V5

CognitoUser { username: string; signInUserSession: { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; } | null; authenticationFlowType: string; }
1CognitoUser {
2 username: string;
3 signInUserSession: {
4 idToken: string;
5 refreshToken: string;
6 accessToken: string;
7 clockDrift: number;
8 } | null;
9 authenticationFlowType: string;
10}

V6

// getCurrentUser GetCurrentUserOutput: { username: string; userId: string; signInDetails?: { loginId?: string; authFlowType?: | 'USER_SRP_AUTH' | 'CUSTOM_WITH_SRP' | 'CUSTOM_WITHOUT_SRP' | 'USER_PASSWORD_AUTH';; }; } // fetchAuthSession AuthSession { tokens?: { idToken?: JWT; accessToken: JWT; }; credentials?: { accessKeyId: string; secretAccessKey: string; sessionToken?: string; expiration?: Date; }; identityId?: string; userSub?: string; }
1// getCurrentUser
2GetCurrentUserOutput: {
3 username: string;
4 userId: string;
5 signInDetails?: {
6 loginId?: string;
7 authFlowType?:
8 | 'USER_SRP_AUTH'
9 | 'CUSTOM_WITH_SRP'
10 | 'CUSTOM_WITHOUT_SRP'
11 | 'USER_PASSWORD_AUTH';;
12 };
13}
14
15// fetchAuthSession
16AuthSession {
17 tokens?: {
18 idToken?: JWT;
19 accessToken: JWT;
20 };
21 credentials?: {
22 accessKeyId: string;
23 secretAccessKey: string;
24 sessionToken?: string;
25 expiration?: Date;
26 };
27 identityId?: string;
28 userSub?: string;
29}
import { fetchAuthSession, getCurrentUser } from 'aws-amplify/auth'; const getAuthenticatedUser = async () => { const { username, signInDetails } = await getCurrentUser(); const { tokens: session } = await fetchAuthSession(); // Note that session will no longer contain refreshToken and clockDrift return { username, session, authenticationFlowType: signInDetails.authFlowType }; }
1import {
2 fetchAuthSession,
3 getCurrentUser
4} from 'aws-amplify/auth';
5
6const getAuthenticatedUser = async () => {
7 const {
8 username,
9 signInDetails
10 } = await getCurrentUser();
11
12 const {
13 tokens: session
14 } = await fetchAuthSession();
15
16 // Note that session will no longer contain refreshToken and clockDrift
17 return {
18 username,
19 session,
20 authenticationFlowType: signInDetails.authFlowType
21 };
22}
import { Auth } from 'aws-amplify'; const getAuthenticatedUser = async () => { const { username, signInUserSession: session, authenticationFlowType } = await Auth.currentAuthenticatedUser(); return { username, session, authenticationFlowType }; }
1import { Auth } from 'aws-amplify';
2
3const getAuthenticatedUser = async () => {
4 const {
5 username,
6 signInUserSession: session,
7 authenticationFlowType
8 } = await Auth.currentAuthenticatedUser();
9
10 return {
11 username,
12 session,
13 authenticationFlowType
14 };
15}

Auth.currentUserPoolUser (DEPRECATED)

This API has been deprecated: existing use cases can be migrated to a combination of the getCurrentUser and fetchAuthSession API's.

Also note that we no longer return refreshToken or clockDrift with the AuthSession. These values are used under the hood to refresh/validate the user session.

Input

V5

params?: CurrentUserOpts { bypassCache: boolean; }
1params?: CurrentUserOpts {
2 bypassCache: boolean;
3}

V6

// fetchAuthSession options?: FetchAuthSessionOptions { forceRefresh?: boolean; }
1// fetchAuthSession
2options?: FetchAuthSessionOptions {
3 forceRefresh?: boolean;
4}
Output

V5

CognitoUser { username: string; signInUserSession: { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; } | null; authenticationFlowType: string; }
1CognitoUser {
2 username: string;
3 signInUserSession: {
4 idToken: string;
5 refreshToken: string;
6 accessToken: string;
7 clockDrift: number;
8 } | null;
9 authenticationFlowType: string;
10}

V6

// getCurrentUser GetCurrentUserOutput: { username: string; userId: string; signInDetails?: { loginId?: string; authFlowType?: | 'USER_SRP_AUTH' | 'CUSTOM_WITH_SRP' | 'CUSTOM_WITHOUT_SRP' | 'USER_PASSWORD_AUTH';; }; } // fetchAuthSession AuthSession { tokens?: { idToken?: JWT; accessToken: JWT; }; credentials?: { accessKeyId: string; secretAccessKey: string; sessionToken?: string; expiration?: Date; }; identityId?: string; userSub?: string; }
1// getCurrentUser
2GetCurrentUserOutput: {
3 username: string;
4 userId: string;
5 signInDetails?: {
6 loginId?: string;
7 authFlowType?:
8 | 'USER_SRP_AUTH'
9 | 'CUSTOM_WITH_SRP'
10 | 'CUSTOM_WITHOUT_SRP'
11 | 'USER_PASSWORD_AUTH';;
12 };
13}
14
15// fetchAuthSession
16AuthSession {
17 tokens?: {
18 idToken?: JWT;
19 accessToken: JWT;
20 };
21 credentials?: {
22 accessKeyId: string;
23 secretAccessKey: string;
24 sessionToken?: string;
25 expiration?: Date;
26 };
27 identityId?: string;
28 userSub?: string;
29}
import { fetchAuthSession, getCurrentUser } from 'aws-amplify/auth'; const getAuthenticatedUser = async () => { const { username, authFlowType: authenticationFlowType } = await getCurrentUser(); // Note that session will no longer contain refreshToken and clockDrift const { tokens: session } = await fetchAuthSession(); }
1import {
2 fetchAuthSession,
3 getCurrentUser
4} from 'aws-amplify/auth';
5
6const getAuthenticatedUser = async () => {
7 const {
8 username,
9 authFlowType: authenticationFlowType
10 } = await getCurrentUser();
11
12 // Note that session will no longer contain refreshToken and clockDrift
13 const {
14 tokens: session
15 } = await fetchAuthSession();
16}
import { Auth } from 'aws-amplify'; const getAuthenticatedUser = async () => { const { username, signInUserSession: session, authenticationFlowType } = await Auth.currentUserPoolUser(); }
1import { Auth } from 'aws-amplify';
2
3const getAuthenticatedUser = async () => {
4 const {
5 username,
6 signInUserSession: session,
7 authenticationFlowType
8 } = await Auth.currentUserPoolUser();
9}

Auth.currentSession

Auth.currentSession has become fetchAuthSession in v6. You can now optionally send an object with a forceRefresh flag as input.

Note that we no longer return refreshToken or clockDrift with the AuthSession. These values are used under the hood to refresh/validate the user session.

Input

V5

No input in v5

V6

options?: FetchAuthSessionOptions { forceRefresh?: boolean; }
1options?: FetchAuthSessionOptions {
2 forceRefresh?: boolean;
3}
Output

V5

CognitoUserSession { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; }
1CognitoUserSession {
2 idToken: string;
3 refreshToken: string;
4 accessToken: string;
5 clockDrift: number;
6}

V6

AuthSession { tokens?: { idToken?: JWT; accessToken: JWT; }; credentials?: { accessKeyId: string; secretAccessKey: string; sessionToken?: string; expiration?: Date; }; identityId?: string; userSub?: string; }
1AuthSession {
2 tokens?: {
3 idToken?: JWT;
4 accessToken: JWT;
5 };
6 credentials?: {
7 accessKeyId: string;
8 secretAccessKey: string;
9 sessionToken?: string;
10 expiration?: Date;
11 };
12 identityId?: string;
13 userSub?: string;
14}
import { fetchAuthSession } from 'aws-amplify/auth'; const getSession = async () => { const { tokens, credentials, identityId, userSub } = await fetchAuthSession(); const { idToken, accessToken } = tokens; }
1import { fetchAuthSession } from 'aws-amplify/auth';
2
3const getSession = async () => {
4 const {
5 tokens,
6 credentials,
7 identityId,
8 userSub
9 } = await fetchAuthSession();
10
11 const {
12 idToken,
13 accessToken
14 } = tokens;
15}
import { Auth } from 'aws-amplify'; const getSession = async () => { const { idToken, refreshToken, accessToken, clockDrift } = await Auth.currentSession(); }
1import { Auth } from 'aws-amplify';
2
3const getSession = async () => {
4 const {
5 idToken,
6 refreshToken,
7 accessToken,
8 clockDrift
9 } = await Auth.currentSession();
10}

Auth.userSession (DEPRECATED)

Note: we no longer return refreshToken or clockDrift with the AuthSession. These values are used under the hood to refresh/validate the user session

Auth.userSession is deprecated in favor of fetchUserSession as all Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Input

V5

user: CognitoUser
1user: CognitoUser

V6

options?: FetchAuthSessionOptions { forceRefresh?: boolean; }
1options?: FetchAuthSessionOptions {
2 forceRefresh?: boolean;
3}
Output

V5

CognitoUserSession { idToken: string; refreshToken: string; accessToken: string; clockDrift: number; }
1CognitoUserSession {
2 idToken: string;
3 refreshToken: string;
4 accessToken: string;
5 clockDrift: number;
6}

V6

AuthSession { tokens?: { idToken?: JWT; accessToken: JWT; }; credentials?: { accessKeyId: string; secretAccessKey: string; sessionToken?: string; expiration?: Date; }; identityId?: string; userSub?: string; }
1AuthSession {
2 tokens?: {
3 idToken?: JWT;
4 accessToken: JWT;
5 };
6 credentials?: {
7 accessKeyId: string;
8 secretAccessKey: string;
9 sessionToken?: string;
10 expiration?: Date;
11 };
12 identityId?: string;
13 userSub?: string;
14}
import { fetchAuthSession } from 'aws-amplify/auth'; const getSession = async () => { const { tokens, credentials, identityId, userSub } = await fetchAuthSession(); const { idToken, accessToken } = tokens; }
1import { fetchAuthSession } from 'aws-amplify/auth';
2
3const getSession = async () => {
4 const {
5 tokens,
6 credentials,
7 identityId,
8 userSub
9 } = await fetchAuthSession();
10
11 const {
12 idToken,
13 accessToken
14 } = tokens;
15}
import { Auth } from 'aws-amplify'; const getSession = async ({ user }) => { const { idToken, refreshToken, accessToken, clockDrift } = await Auth.userSession(user); }
1import { Auth } from 'aws-amplify';
2
3const getSession = async ({ user }) => {
4 const {
5 idToken,
6 refreshToken,
7 accessToken,
8 clockDrift
9 } = await Auth.userSession(user);
10}

Auth.userAttributes

Auth.userAttributes has become fetchUserAttributes in v6. This API no longer accepts a CognitoUser as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

The output has also changed: instead of an array of objects containing Name and Value, the return value is an object with generic key-value pairs (ie { email: 'email@email.com', phone_number: '+15555555555'})

Input

V5

user: CognitoUser
1user: CognitoUser

V6

No input in v6

Output

V5

CognitoUserAttribute[]: { Name: string; Value: string; }[]
1CognitoUserAttribute[]: {
2 Name: string;
3 Value: string;
4}[]

V6

FetchUserAttributesOutput { [key: string]?: string; }
1FetchUserAttributesOutput {
2 [key: string]?: string;
3}
import { fetchUserAttributes } from 'aws-amplify/auth'; const getUserAttributes = async ({ userAttributes }) => { // Note that return type has changed from array to object const attributes = await fetchUserAttributes(); }
1import { fetchUserAttributes } from 'aws-amplify/auth';
2
3const getUserAttributes = async ({ userAttributes }) => {
4 // Note that return type has changed from array to object
5 const attributes = await fetchUserAttributes();
6}
import { Auth } from 'aws-amplify'; const getUserAttributes = async ({ user }) => { // Note that return type has changed from array to object const attributes = await Auth.userAttributes(user); return attributes; }
1import { Auth } from 'aws-amplify';
2
3const getUserAttributes = async ({
4 user
5}) => {
6 // Note that return type has changed from array to object
7 const attributes = await Auth.userAttributes(user);
8 return attributes;
9}

Auth.updateUserAttributes

In v6, the updateUserAttributes API accepts named parameters instead of positional parameters. The input is now an object with the properties userAttributes and options (where you will send clientMetadata if required).

Note that this API no longer accepts a CognitoUser as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Input

V5

user: CognitoUser attributes: object clientMetadata?: ClientMetaData { [key: string]: string; }
1user: CognitoUser
2attributes: object
3clientMetadata?: ClientMetaData {
4 [key: string]: string;
5}

V6

input: UpdateUserAttributesInput { userAttributes: { [key: string]?: string; }; options?: { clientMetadata?: ClientMetaData { [key: string]: string; } }; }
1input: UpdateUserAttributesInput {
2 userAttributes: {
3 [key: string]?: string;
4 };
5 options?: {
6 clientMetadata?: ClientMetaData {
7 [key: string]: string;
8 }
9 };
10}
Output

V5

'SUCCESS'
1'SUCCESS'

V6

UpdateUserAttributesOutput { [authKey in UserAttributeKey]: { isUpdated: boolean; nextStep: { updateAttributeStep: | 'CONFIRM_ATTRIBUTE_WITH_CODE' | 'DONE'; codeDeliveryDetails?: { destination?: string; deliveryMedium?: | 'EMAIL' | 'SMS' | 'PHONE' | 'UNKNOWN'; attributeName?: UserAttributeKey; }; }; }; }
1UpdateUserAttributesOutput {
2 [authKey in UserAttributeKey]: {
3 isUpdated: boolean;
4 nextStep: {
5 updateAttributeStep:
6 | 'CONFIRM_ATTRIBUTE_WITH_CODE'
7 | 'DONE';
8 codeDeliveryDetails?: {
9 destination?: string;
10 deliveryMedium?:
11 | 'EMAIL'
12 | 'SMS'
13 | 'PHONE'
14 | 'UNKNOWN';
15 attributeName?: UserAttributeKey;
16 };
17 };
18 };
19}
import { updateUserAttributes } from 'aws-amplify/auth'; const handleUpdateProfile = async ({ userAttributes }) => { // Results will now contain next steps for updated attributes const updateResults = await updateUserAttributes({ userAttributes }); }
1import { updateUserAttributes } from 'aws-amplify/auth';
2
3const handleUpdateProfile = async ({ userAttributes }) => {
4 // Results will now contain next steps for updated attributes
5 const updateResults = await updateUserAttributes({
6 userAttributes
7 });
8}
import { Auth } from 'aws-amplify'; const handleUpdateProfile = async ({ user, attributes }) => { await Auth.updateUserAttributes(user, attributes); }
1import { Auth } from 'aws-amplify';
2
3const handleUpdateProfile = async ({
4 user,
5 attributes
6}) => {
7 await Auth.updateUserAttributes(user, attributes);
8}

Auth.deleteUserAttributes

In v6, the deleteUserAttributes API accepts named parameters instead of positional parameters. The input is now an object with the property userAttributeKeys (in place of attributeNames).

Note that this API no longer accepts a CognitoUser as input. All Auth API’s now use the current signed in user information to perform operations, so sending and receiving CognitoUser through every API is no longer required.

Input

V5

user: CognitoUser attributeNames: string[]
1user: CognitoUser
2attributeNames: string[]

V6

input: DeleteUserAttributesInput { userAttributeKeys: [UserAttributeKey, ...UserAttributeKey[]]; }
1input: DeleteUserAttributesInput {
2 userAttributeKeys: [UserAttributeKey, ...UserAttributeKey[]];
3}
Output

V5

'SUCCESS'
1'SUCCESS'

V6

No output in v6

import { deleteUserAttributes } from 'aws-amplify/auth'; const handleDeleteAttributes = async ({ attributes }) => { await deleteUserAttributes({ userAttributeKeys: attributes }); }
1import { deleteUserAttributes } from 'aws-amplify/auth';
2
3const handleDeleteAttributes = async ({ attributes }) => {
4 await deleteUserAttributes({
5 userAttributeKeys: attributes
6 });
7}
import { Auth } from 'aws-amplify'; const handleDeleteAttributes = async ({ user, attributes }) => { await Auth.deleteUserAttributes( user, attributes ); }
1import { Auth } from 'aws-amplify';
2
3const handleDeleteAttributes = async ({ user, attributes }) => {
4 await Auth.deleteUserAttributes(
5 user,
6 attributes
7 );
8}

Auth.verifyCurrentUserAttribute

In v6, Auth.verifyCurrentUserAttribute becomes sendUserAttributeVerificationCode, which uses named parameters instead of the positional parameter attr. This parameter is an object containing userAttributeKey (either email or phone_number) and options (where you will send clientMetadata if required).

sendUserAttributeVerificationCode also now returns an object with delivery information. See Output for details.

Input

V5

attr: string
1attr: string

V6

input: SendUserAttributeVerificationCodeInput { userAttributeKey: 'email' | 'phone_number'; options?: { clientMetadata?: { [key: string]: string; }; }; }
1input: SendUserAttributeVerificationCodeInput {
2 userAttributeKey: 'email' | 'phone_number';
3 options?: {
4 clientMetadata?: {
5 [key: string]: string;
6 };
7 };
8}
Output

V5

No output in v5

V6

SendUserAttributeVerificationCodeOutput { destination?: string; deliveryMedium?: | 'EMAIL' | 'SMS' | 'PHONE' | 'UNKNOWN'; attributeName?: 'email' | 'phone_number'; }
1SendUserAttributeVerificationCodeOutput {
2 destination?: string;
3 deliveryMedium?:
4 | 'EMAIL'
5 | 'SMS'
6 | 'PHONE'
7 | 'UNKNOWN';
8 attributeName?: 'email' | 'phone_number';
9}
import { sendUserAttributeVerificationCode } from 'aws-amplify/auth'; const handleVerifyAttribute = async ({ userAttributeKey }) => { const result = await sendUserAttributeVerificationCode({ userAttributeKey }); }
1import { sendUserAttributeVerificationCode } from 'aws-amplify/auth';
2
3const handleVerifyAttribute = async ({
4 userAttributeKey
5}) => {
6 const result = await sendUserAttributeVerificationCode({
7 userAttributeKey
8 });
9}
import { Auth } from 'aws-amplify'; const handleVerifyAttribute = async ({ attr }) => { await Auth.verifyCurrentUserAttribute(attr); }
1import { Auth } from 'aws-amplify';
2
3const handleVerifyAttribute = async ({
4 attr
5})