Choose your framework/language

v1v2
Edit on GitHub

Page updated Mar 20, 2024

Set up Amplify Auth

Amplify iOS v1 is now in Maintenance Mode until May 31st, 2024. This means that we will continue to include updates to ensure compatibility with backend services and security. No new features will be introduced in v1.

Please use the latest version (v2) of Amplify Library for Swift to get started.

If you are currently using v1, follow these instructions to upgrade to v2.

Amplify libraries should be used for all new cloud connected applications. If you are currently using the AWS Mobile SDK for iOS, you can access the documentation here.

The Amplify Auth category provides an interface for authenticating a user. Behind the scenes, it provides the necessary authorization to the other Amplify categories. It comes with default, built-in support for Amazon Cognito User Pool and Identity Pool. The Amplify CLI helps you create and configure the auth category with an authentication provider.

Goal

To setup and configure your application with Amplify Auth and go through a simple api to check the current auth session.

Prerequisites

  • An iOS application targeting at least iOS 11.0 with Amplify libraries integrated

Install Amplify Libraries

  1. To install Amplify Libraries in your application, open your project in Xcode and select File > Add Packages....

  2. Enter the Amplify iOS GitHub repo URL (https://github.com/aws-amplify/amplify-swift) into the search bar and click Add Package.

Note: Up to Next Major Version should be selected from the Dependency Rule dropdown.

  1. Lastly, choose AWSCognitoAuthPlugin and Amplify. Then click Add Package.

To install Amplify Auth to your application, add AmplifyPlugins/AWSCognitoAuthPlugin to your Podfile. Your Podfile should look similar to:

1target 'MyAmplifyApp' do
2  use_frameworks!
3  pod 'Amplify'
4  pod 'AmplifyPlugins/AWSCognitoAuthPlugin'
5end

To install, download and resolve these pods, execute the command:

1pod install --repo-update

Now you can open your project by opening the .xcworkspace file using the following command:

1xed .

Set Up Backend Resources

The most common way to use Authentication with Amplify is via the Amplify CLI, which allows you to create new Amazon Cognito resources or import existing ones. However, you can also use the Amplify Studio console to configure authentication or use the Amplify.configure() method to set up authentication with existing resources.

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

To start provisioning auth resources in the backend, go to your project directory and execute the command:

1amplify add auth

Enter the following when prompted:

1? Do you want to use the default authentication and security configuration?
2    `Default configuration`
3? How do you want users to be able to sign in?
4    `Username`
5? Do you want to configure advanced settings?
6    `No, I am done.`

If you have previously enabled an Amplify category that uses Auth behind the scenes (e.g. API category), you can run the amplify update auth command to edit your configuration if needed.

To push your changes to the cloud, execute the command:

1amplify push

Upon completion, amplifyconfiguration.json should be updated to reference provisioned backend auth resources. Note that these files should already be a part of your project if you followed the Project setup walkthrough.

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

To import existing Amazon Cognito resources into your Amplify project, execute the command:

1amplify import auth
1? What type of auth resource do you want to import?
2   Cognito User Pool and Identity Pool
3   Cognito User Pool only

Once you've selected an option, you'll be able to search for and import an existing Cognito User Pool and Identity Pool (or User Pool only) within your AWS account. The amplify import auth command will also do the following:

  • Automatically populate your Amplify Library configuration file (awsconfiguration.json) with your chosen Amazon Cognito resource information
  • Provide your designated existing Cognito resource as the authentication & authorization mechanism for all auth-dependent categories (API, Storage and more)
  • Enable Lambda functions to access the chosen Cognito resource if you permit it

If you have previously enabled an Amplify category that uses Auth behind the scenes (e.g. API category), you can run the amplify update auth command to edit your configuration if needed.

After configuring your Authentication options, update your backend and deploy the service by running the push command:

1amplify push

Upon completion, amplifyconfiguration.json should be updated to reference provisioned backend auth resources.

Now, the authentication service has been deployed and you can start using it. To view the deployed services in your project at any time, go to Amplify Console by running the following command:

1amplify console

For more details, see how to Use an existing Cognito User Pool and Identity Pool.

Prerequisites: Install and configure the Amplify CLI in addition to the Amplify libraries and necessary dependencies.

Amplify Studio allows you create auth resources, set up authorization rules, implement Multi-factor authentication (MFA), and more via an intuitive UI. To set up Authentication through the Amplify Studio, take the following steps:

  1. Sign in to the AWS Management Console and open AWS Amplify.
  2. In the navigation pane, choose an application.
  3. On the application information page, choose the Backend environments tab, then choose Launch Studio.
  4. On the Set up menu, choose Authentication.
  5. In the Configure log in section, choose a login mechanism to add from the Add login mechanism list. Valid options are Username, Phone number, Facebook, Google, Amazon, and Sign in with Apple. If you choose one of the social sign-in mechanisms (i.e. Facebook, Google, Amazon, or Sign in with Apple), you will also need to enter your App ID, App Secret, and redirect URLs.
  6. (Optional) Add multi-factor authentication (MFA). MFA is set to Off by default. To turn on MFA, do the following in the Multi-factor authentication section:
  • Choose Enforced to require MFA for all users or choose Optional to allow individual users to enable MFA.
  • (Optional) Choose SMS, and enter your SMS message.
  • (Optional) Choose Authenticator Application if you want your app to load with an authentication flow that includes sign up and sign in.
  1. In the Configure sign up section, expand Password protection settings and customize the password policy settings to enforce. u6. Choose Save and Deploy. This starts a CloudFormation deployment with the progress displayed in the upper right corner of the page.
  2. After creating and configuring your auth resources, you'll need to pull them down from Amplify Studio. To do so, simply click on "Local setup instructions" in the upper right hand corner of the Studio console and execute the CLI command it provides at the root directory of your app.

You can also import existing Amazon Cognito resources and manage users and groups through the Amplify Studio UI.

If you are not using the Amplify CLI, existing Authentication resources from AWS (e.g. Amazon Cognito UserPools or Identity Pools) can be used with the Amplify Libraries by manually creating a configuration file (amplifyconfiguration.json) and then updating the associated Plugin within it:

1{
2  "auth": {
3    "plugins": {
4      "awsCognitoAuthPlugin": {
5        "IdentityManager": {
6          "Default": {}
7        },
8        "CredentialsProvider": {
9          "CognitoIdentity": {
10            "Default": {
11              "PoolId": "[COGNITO IDENTITY POOL ID]",
12              "Region": "[REGION]"
13            }
14          }
15        },
16        "CognitoUserPool": {
17          "Default": {
18            "PoolId": "[COGNITO USER POOL ID]",
19            "AppClientId": "[COGNITO USER POOL APP CLIENT ID]",
20            "Region": "[REGION]"
21          }
22        },
23        "Auth": {
24          "Default": {
25            "authenticationFlowType": "USER_SRP_AUTH",
26            "socialProviders": [],
27            "usernameAttributes": [],
28            "signupAttributes": [
29                "[SIGNUP MECHANISM]"
30            ],
31            "passwordProtectionSettings": {
32                "passwordPolicyMinLength": [PASSWORD LENGTH],
33                "passwordPolicyCharacters": []
34            },
35            "mfaConfiguration": "OFF",
36            "mfaTypes": [
37                "[MFA TYPE]"
38            ],
39            "verificationMechanisms": [
40                "[VERIFICATION MECHANISM]"
41            ],
42            "OAuth": {
43              "WebDomain": "[YOUR COGNITO DOMAIN ]",
44              "AppClientId": "[COGNITO USER POOL APP CLIENT ID]",
45              "SignInRedirectURI": "[CUSTOM REDIRECT SCHEME AFTER SIGN IN, e.g. myapp://]",
46              "SignOutRedirectURI": "[CUSTOM REDIRECT SCHEME AFTER SIGN OUT, e.g. myapp://]",
47              "Scopes": [
48                "phone",
49                "email",
50                "openid",
51                "profile",
52                "aws.cognito.signin.user.admin"
53              ]
54            }
55          }
56        }
57      }
58    }
59  }
60}

For more information on Plugins, see the instructions on installing Amplify Libraries.

  • CredentialsProvider:
    • Cognito Identity:
      • Default:
        • PoolID: ID of the Amazon Cognito Identity Pool (e.g. us-east-1:123e4567-e89b-12d3-a456-426614174000)
        • Region: AWS Region where the resources are provisioned (e.g. us-east-1)
  • CognitoUserPool:
    • Default:
      • PoolId: ID of the Amazon Cognito User Pool (e.g. us-east-1_abcdefghi)
      • AppClientId: ID for the client used to authenticate against the user pool
      • Region: AWS Region where the resources are provisioned (e.g. us-east-1)
  • Auth:
    • Default:
      • authenticationFlowType: The authentication flow type, takes values USER_SRP_AUTH, CUSTOM_AUTH, and USER_PASSWORD_AUTH. Default is USER_SRP_AUTH.
      • OAuth: Hosted UI Configuration (only include this if using the Hosted UI flow)
        • Scopes: Scopes should match the scopes enables in Cognito under "App client settings"

If you are using a Cognito User Pool without a Cognito Identity Pool, you can omit the CredentialsProvider section in the configuration.

Initialize Amplify Auth

To initialize the Amplify Auth category, pass in the AWSCognitoAuthPlugin to 'Amplify.add()'. When you are done calling add() on each category that you need, you finish configuring Amplify by calling Amplify.configure().

Add the following imports to the top of your AppDelegate.swift file:

1import Amplify
2import AWSCognitoAuthPlugin
1import Amplify
2import AmplifyPlugins

Add the following code

Create a custom AppDelegate, and add to your application:didFinishLaunchingWithOptions method

1class AppDelegate: NSObject, UIApplicationDelegate {
2    func application(
3        _ application: UIApplication,
4        didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
5    ) -> Bool {
6

7        do {
8            try Amplify.add(plugin: AWSCognitoAuthPlugin())
9            try Amplify.configure()
10            print("Amplify configured with auth plugin")
11        } catch {
12            print("Failed to initialize Amplify with \(error)")
13        }
14

15        return true
16    }
17}

Then in the App scene, use UIApplicationDelegateAdaptor property wrapper to use your custom AppDelegate

1@main
2struct MyAmplifyApp: App {
3    @UIApplicationDelegateAdaptor(AppDelegate.self) var appDelegate
4

5    var body: some Scene {
6        WindowGroup {
7            ContentView()
8        }
9    }
10}

Add to your AppDelegate's application:didFinishLaunchingWithOptions method

1func application(
2    _ application: UIApplication,
3    didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
4) -> Bool {
5

6    do {
7        try Amplify.add(plugin: AWSCognitoAuthPlugin())
8        try Amplify.configure()
9        print("Amplify configured with auth plugin")
10    } catch {
11        print("Failed to initialize Amplify with \(error)")
12    }
13

14    return true
15}

Upon building and running this application you should see the following in your console window:

1Amplify configured with auth plugin

Check the current auth session

You can now check the current auth session.

1func fetchCurrentAuthSession() {
2    _ = Amplify.Auth.fetchAuthSession { result in
3        switch result {
4        case .success(let session):
5            print("Is user signed in - \(session.isSignedIn)")
6        case .failure(let error):
7            print("Fetch session failed with error \(error)")
8        }
9    }
10}
1func fetchCurrentAuthSession() -> AnyCancellable {
2    Amplify.Auth.fetchAuthSession().resultPublisher
3        .sink {
4            if case let .failure(authError) = $0 {
5                print("Fetch session failed with error \(authError)")
6            }
7        }
8        receiveValue: { session in
9            print("Is user signed in - \(session.isSignedIn)")
10        }
11}

The isSignedIn property of the authSession will be false since you haven't signed in to the category yet.

Next Steps

Congratulations! You've successfully setup AWS Cognito Auth plugin. Check out the following links to see other Amplify Auth use cases:

NEXT
Accessing credentials
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.