Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Dec 2, 2024

Manage WebAuthn credentials

Amplify Auth enables your users to associate, keep track of, and delete passkeys.

Associate WebAuthN credentials

Note that users must be authenticated to register a passkey. That also means users cannot create a passkey during sign up; consequently, they must have at least one other first factor authentication mechanism associated with their account to use WebAuthn.

You can associate a passkey using the following API:

func associateWebAuthNCredentials() async {
do {
try await Amplify.Auth.associateWebAuthnCredential()
print("WebAuthn credential was associated")
} catch {
print("Associate WebAuthn Credential failed: \(error)")
}
}
func associateWebAuthNCredentials() -> AnyCancellable {
Amplify.Publisher.create {
try await Amplify.Auth.associateWebAuthnCredential()
}.sink {
print("Associate WebAuthn Credential failed: \($0)")
}
receiveValue: { _ in
print("WebAuthn credential was associated")
}
}

The user will be prompted to register a passkey using their local authenticator. Amplify will then associate that passkey with Cognito.

List WebAuthN credentials

You can list registered passkeys using the following API:

func listWebAuthNCredentials() async {
do {
let result = try await Amplify.Auth.listWebAuthnCredentials(
options: .init(pageSize: 5))
for credential in result.credentials {
print("Credential ID: \(credential.credentialId)")
print("Created At: \(credential.createdAt)")
print("Relying Party Id: \(credential.relyingPartyId)")
if let friendlyName = credential.friendlyName {
print("Friendly name: \(friendlyName)")
}
}
// Fetch the next page
if let nextToken = result.nextToken {
let nextResult = try await Amplify.Auth.listWebAuthnCredentials(
options: .init(
pageSize: 5,
nextToken: nextToken))
}
} catch {
print("Associate WebAuthn Credential failed: \(error)")
}
}
func listWebAuthNCredentials() -> AnyCancellable {
Amplify.Publisher.create {
try await Amplify.Auth.listWebAuthnCredentials(
options: .init(pageSize: 5))
}.sink {
print("List WebAuthn Credential failed: \($0)")
}
receiveValue: { result in
for credential in result.credentials {
print("Credential ID: \(credential.credentialId)")
print("Created At: \(credential.createdAt)")
print("Relying Party Id: \(credential.relyingPartyId)")
if let friendlyName = credential.friendlyName {
print("Friendly name: \(friendlyName)")
}
}
if let nextToken = result.nextToken {
// Fetch the next page
}
}
}

Delete WebAuthN credentials

You can delete a passkey with the following API:

func deleteWebAuthNCredentials(credentialId: String) async {
do {
try await Amplify.Auth.deleteWebAuthnCredential(credentialId: credentialId)
print("WebAuthn credential was deleted")
} catch {
print("Delete WebAuthn Credential failed: \(error)")
}
}
func deleteWebAuthNCredentials(credentialId: String) -> AnyCancellable {
Amplify.Publisher.create {
try await Amplify.Auth.deleteWebAuthnCredential(credentialId: credentialId)
}.sink {
print("Delete WebAuthn Credential failed: \($0)")
}
receiveValue: { _ in
print("WebAuthn credential was deleted")
}
}