Manage WebAuthn credentials
Amplify Auth enables your users to associate, keep track of, and delete passkeys.
Associate WebAuthN credentials
Note that users must be authenticated to register a passkey. That also means users cannot create a passkey during sign up; consequently, they must have at least one other first factor authentication mechanism associated with their account to use WebAuthn.
You can associate a passkey using the following API:
func associateWebAuthNCredentials() async { do { try await Amplify.Auth.associateWebAuthnCredential() print("WebAuthn credential was associated") } catch { print("Associate WebAuthn Credential failed: \(error)") }}
func associateWebAuthNCredentials() -> AnyCancellable { Amplify.Publisher.create { try await Amplify.Auth.associateWebAuthnCredential() }.sink { print("Associate WebAuthn Credential failed: \($0)") } receiveValue: { _ in print("WebAuthn credential was associated") }}
The user will be prompted to register a passkey using their local authenticator. Amplify will then associate that passkey with Cognito.
List WebAuthN credentials
You can list registered passkeys using the following API:
func listWebAuthNCredentials() async { do { let result = try await Amplify.Auth.listWebAuthnCredentials( options: .init(pageSize: 5)) for credential in result.credentials { print("Credential ID: \(credential.credentialId)") print("Created At: \(credential.createdAt)") print("Relying Party Id: \(credential.relyingPartyId)") if let friendlyName = credential.friendlyName { print("Friendly name: \(friendlyName)") } } // Fetch the next page if let nextToken = result.nextToken { let nextResult = try await Amplify.Auth.listWebAuthnCredentials( options: .init( pageSize: 5, nextToken: nextToken)) } } catch { print("Associate WebAuthn Credential failed: \(error)") }}
func listWebAuthNCredentials() -> AnyCancellable { Amplify.Publisher.create { try await Amplify.Auth.listWebAuthnCredentials( options: .init(pageSize: 5)) }.sink { print("List WebAuthn Credential failed: \($0)") } receiveValue: { result in for credential in result.credentials { print("Credential ID: \(credential.credentialId)") print("Created At: \(credential.createdAt)") print("Relying Party Id: \(credential.relyingPartyId)") if let friendlyName = credential.friendlyName { print("Friendly name: \(friendlyName)") } } if let nextToken = result.nextToken { // Fetch the next page } }}
Delete WebAuthN credentials
You can delete a passkey with the following API:
func deleteWebAuthNCredentials(credentialId: String) async { do { try await Amplify.Auth.deleteWebAuthnCredential(credentialId: credentialId) print("WebAuthn credential was deleted") } catch { print("Delete WebAuthn Credential failed: \(error)") }}
func deleteWebAuthNCredentials(credentialId: String) -> AnyCancellable { Amplify.Publisher.create { try await Amplify.Auth.deleteWebAuthnCredential(credentialId: credentialId) }.sink { print("Delete WebAuthn Credential failed: \($0)") } receiveValue: { _ in print("WebAuthn credential was deleted") }}