Page updated Nov 17, 2023

Set up Amplify Auth

The Amplify Auth category provides an interface for authenticating a user. Behind the scenes, it provides the necessary authorization to the other Amplify categories. It comes with default, built-in support for Amazon Cognito User Pool and Identity Pool. The Amplify CLI helps you create and configure the auth category with an authentication provider.

New: The Authenticator UI component for SwiftUI is now generally available!

Once you've gone through the steps below, you can use it to automatically add authentication capabilities to your application.

Goal

To setup and configure your application with Amplify Auth and go through a simple api to check the current auth session.

Prerequisites

An application with Amplify libraries integrated and a minimum target of any of the following:

  • iOS 13.0, using Xcode 14.1 or later.
  • macOS 10.15, using Xcode 14.1 or later.
  • tvOS 13.0, using Xcode 14.3 or later.
  • watchOS 7.0, using Xcode 14.3 or later.
  • visionOS 1.0, using Xcode 15 beta 2 or later. (Preview support - see below for more details.)

For a full example, please follow the project setup walkthrough.

visionOS support is currently in preview and can be used by targeting the visionos-preview branch. As new Xcode 15 beta versions are released, the branch will be updated with any necessary fixes on a best effort basis.

For more information on how to use the visionos-preview branch, see Platform Support.

To use Auth in a macOS project, you'll need to enable the Keychain Sharing capability. In Xcode, navigate to your application target > Signing & Capabilities > + Capability, then select Keychain Sharing.

This capability is required because Auth uses the Data Protection Keychain on macOS as a platform best practice. See TN3137: macOS keychain APIs and implementations for more information on how Keychain works on macOS and the Keychain Sharing entitlement.

For more information on adding capabilities to your application, see Xcode Capabilities.

Install Amplify Libraries

  1. To install Amplify Libraries in your application, open your project in Xcode and select File > Add Packages....

  2. Enter the Amplify Library for Swift GitHub repo URL (https://github.com/aws-amplify/amplify-swift) into the search bar and click Add Package.

Note: Up to Next Major Version should be selected from the Dependency Rule dropdown.

  1. Lastly, choose AWSCognitoAuthPlugin and Amplify. Then click Add Package.

Set Up Backend Resources

The most common way to use Authentication with Amplify is via the Amplify CLI, which allows you to create new Amazon Cognito resources or import existing ones. However, you can also use the Amplify Studio console to configure authentication or use the Amplify.configure() method to set up authentication with existing resources.

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

To start provisioning auth resources in the backend, go to your project directory and execute the command:

amplify add auth
1amplify add auth

Enter the following when prompted:

? Do you want to use the default authentication and security configuration? `Default configuration` ? How do you want users to be able to sign in? `Username` ? Do you want to configure advanced settings? `No, I am done.`
1? Do you want to use the default authentication and security configuration?
2 `Default configuration`
3? How do you want users to be able to sign in?
4 `Username`
5? Do you want to configure advanced settings?
6 `No, I am done.`

If you have previously enabled an Amplify category that uses Auth behind the scenes (e.g. API category), you can run the amplify update auth command to edit your configuration if needed.

To push your changes to the cloud, execute the command:

amplify push
1amplify push

Upon completion, amplifyconfiguration.json should be updated to reference provisioned backend auth resources. Note that these files should already be a part of your project if you followed the Project setup walkthrough.

Initialize Amplify Auth

To initialize the Amplify Auth category, pass in the AWSCognitoAuthPlugin to Amplify.add(). When you are done calling add() on each category that you need, you finish configuring Amplify by calling Amplify.configure().

Add the following imports:

import Amplify import AWSCognitoAuthPlugin
1import Amplify
2import AWSCognitoAuthPlugin

Configure Amplify at app launch

Configure Amplify in the App init

@main struct MyAmplifyApp: App { var body: some Scene { WindowGroup { ContentView() } } init() { do { try Amplify.add(plugin: AWSCognitoAuthPlugin()) try Amplify.configure() print("Amplify configured with auth plugin") } catch { print("Failed to initialize Amplify with \(error)") } } }
1@main
2struct MyAmplifyApp: App {
3
4 var body: some Scene {
5 WindowGroup {
6 ContentView()
7 }
8 }
9
10 init() {
11 do {
12 try Amplify.add(plugin: AWSCognitoAuthPlugin())
13 try Amplify.configure()
14 print("Amplify configured with auth plugin")
15 } catch {
16 print("Failed to initialize Amplify with \(error)")
17 }
18 }
19}

Upon building and running this application you should see the following in your console window:

Amplify configured with auth plugin
1Amplify configured with auth plugin

Check the current auth session

You can now check the current auth session.

func fetchCurrentAuthSession() async { do { let session = try await Amplify.Auth.fetchAuthSession() print("Is user signed in - \(session.isSignedIn)") } catch let error as AuthError { print("Fetch session failed with error \(error)") } catch { print("Unexpected error: \(error)") } }
1func fetchCurrentAuthSession() async {
2 do {
3 let session = try await Amplify.Auth.fetchAuthSession()
4 print("Is user signed in - \(session.isSignedIn)")
5 } catch let error as AuthError {
6 print("Fetch session failed with error \(error)")
7 } catch {
8 print("Unexpected error: \(error)")
9 }
10}

The isSignedIn property of the authSession will be false since you haven't signed in to the category yet.

Authentication with Amplify

There are two ways to add authentication capabilities to your application.

Option 1: Use the Authenticator UI component

Note: The Authenticator UI component is only available for SwiftUI.

The Authenticator is a UI component that automatically integrates with your existing Amplify configuration and allows you to easily add the entire authentication flow to your application.

Visit Authenticator | Amplify UI for Swift to get started.

Option 2: Manually call the Authentication APIs

Follow the instructions in Sign In to learn about how to integrate the registration and authentication flows in your application with the Auth APIs.

Next Steps

Congratulations! You've successfully setup AWS Cognito Auth plugin. Check out the following links to see other Amplify Auth use cases: