or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

authentication-lifecycle.mddevice-management.mdindex.mdmulti-factor-authentication.mdoauth-social-authentication.mdpassword-management.mdserver-side-apis.mdsession-management.mduser-management.mdwebauthn-credentials.md
tile.json

tessl/npm-aws-amplify--auth

Authentication category of AWS Amplify providing APIs and building blocks for creating authentication experiences with Amazon Cognito

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/@aws-amplify/auth@6.15.x

To install, run

npx @tessl/cli install tessl/npm-aws-amplify--auth@6.15.0

index.mddocs/

AWS Amplify Auth

AWS Amplify Auth is a comprehensive authentication library providing APIs and building blocks for creating authentication experiences with Amazon Cognito. It offers complete user lifecycle management including sign-up, sign-in, password management, multi-factor authentication (MFA), user attribute management, device management, and OAuth/OIDC integration.

Package Information

  • Package Name: @aws-amplify/auth
  • Package Type: npm
  • Language: TypeScript
  • Installation: npm install @aws-amplify/auth

Core Imports

import { signUp, signIn, signOut, getCurrentUser } from "@aws-amplify/auth";

For Cognito-specific APIs:

import { signUp, signIn, signOut } from "@aws-amplify/auth/cognito";

For server-side usage:

import { getCurrentUser, fetchUserAttributes } from "@aws-amplify/auth/server";

For CommonJS:

const { signUp, signIn, signOut, getCurrentUser } = require("@aws-amplify/auth");

Basic Usage

import { signUp, signIn, signOut, getCurrentUser } from "@aws-amplify/auth";

// Sign up a new user
const { isSignUpComplete, nextStep } = await signUp({
  username: "user@example.com",
  password: "TempPassword123!",
  options: {
    userAttributes: {
      email: "user@example.com",
      name: "John Doe"
    }
  }
});

// Sign in
const { isSignedIn, nextStep } = await signIn({
  username: "user@example.com",
  password: "TempPassword123!"
});

// Get current user
const currentUser = await getCurrentUser();

// Sign out
await signOut();

Architecture

AWS Amplify Auth is built around several key components:

  • Cognito Provider: Core authentication provider using Amazon Cognito User Pools and Identity Pools
  • Token Management: Automatic token refresh, secure storage, and session handling
  • Multi-Factor Authentication: Support for SMS, Email, TOTP, and WebAuthn
  • OAuth Integration: Social and enterprise identity provider support
  • Device Management: Trusted device tracking and management
  • Server-Side Rendering: Dedicated server-side API variants for SSR applications

Capabilities

Authentication Lifecycle

Core authentication operations including user registration, sign-in, and sign-out. These functions handle the complete user authentication flow with Amazon Cognito.

function signUp(input: SignUpInput): Promise<SignUpOutput>;
function signIn(input: SignInInput): Promise<SignInOutput>;
function signOut(input?: SignOutInput): Promise<void>;
function autoSignIn(): Promise<SignInOutput>;

Authentication Lifecycle

Password Management

Password reset, confirmation, and update operations for user account security.

function resetPassword(input: ResetPasswordInput): Promise<ResetPasswordOutput>;
function confirmResetPassword(input: ConfirmResetPasswordInput): Promise<void>;
function updatePassword(input: UpdatePasswordInput): Promise<void>;

Password Management

Multi-Factor Authentication

Complete MFA setup, management, and verification including TOTP, SMS, and email-based authentication.

function setUpTOTP(): Promise<SetUpTOTPOutput>;
function verifyTOTPSetup(input: VerifyTOTPSetupInput): Promise<void>;
function updateMFAPreference(input: UpdateMFAPreferenceInput): Promise<void>;
function fetchMFAPreference(): Promise<FetchMFAPreferenceOutput>;

Multi-Factor Authentication

User Management

User profile operations including attribute management, verification, and account operations.

function getCurrentUser(): Promise<AuthUser>;
function fetchUserAttributes(): Promise<FetchUserAttributesOutput>;
function updateUserAttributes(input: UpdateUserAttributesInput): Promise<UpdateUserAttributesOutput>;
function updateUserAttribute(input: UpdateUserAttributeInput): Promise<UpdateUserAttributeOutput>;
function deleteUser(): Promise<void>;

User Management

Device Management

Trusted device tracking and management for enhanced security.

function fetchDevices(): Promise<FetchDevicesOutput>;
function rememberDevice(): Promise<void>;
function forgetDevice(input?: ForgetDeviceInput): Promise<void>;

Device Management

OAuth & Social Authentication

OAuth/OIDC integration for social and enterprise identity providers. Includes automatic callback handling and redirect-based sign-in flows.

function signInWithRedirect(input?: SignInWithRedirectInput): Promise<void>;

// Side-effect import for OAuth callback handling
import "@aws-amplify/auth/enable-oauth-listener";

OAuth & Social Authentication

WebAuthn Credentials

Passwordless authentication using WebAuthn for biometric and security key authentication.

function associateWebAuthnCredential(): Promise<void>;
function listWebAuthnCredentials(input?: ListWebAuthnCredentialsInput): Promise<ListWebAuthnCredentialsOutput>;
function deleteWebAuthnCredential(input: DeleteWebAuthnCredentialInput): Promise<void>;

WebAuthn Credentials

Session Management

Authentication session and token management including automatic refresh and secure storage.

function fetchAuthSession(options?: FetchAuthSessionOptions): Promise<AuthSession>;
function decodeJWT(token: string): JWT;

Session Management

Server-Side APIs

Dedicated server-side authentication APIs for SSR applications and backend services.

// Server-side variants
function getCurrentUser(): Promise<AuthUser>;
function fetchUserAttributes(): Promise<FetchUserAttributesOutput>;

Server-Side APIs

Types

Core Types

interface AuthUser {
  username: string;
  userId: string;
  signInDetails?: AuthSignInDetails;
}

interface AuthSession {
  tokens?: AuthTokens;
  credentials?: AWSCredentials;
  identityId?: string;
  userSub?: string;
}

interface AuthTokens {
  accessToken: JWT;
  idToken?: JWT;
  refreshToken?: string;
}

interface JWT {
  payload: Record<string, any>;
  toString(): string;
}

type UserAttributeKey = 
  | 'address'
  | 'birthdate'
  | 'email'
  | 'family_name'
  | 'gender'
  | 'given_name'
  | 'locale'
  | 'middle_name'
  | 'name'
  | 'nickname'
  | 'phone_number'
  | 'picture'
  | 'preferred_username'
  | 'profile'
  | 'sub'
  | 'updated_at'
  | 'website'
  | 'zoneinfo'
  | (string & {});

type VerifiableUserAttributeKey = 'email' | 'phone_number';

interface CodeDeliveryDetails {
  destination?: string;
  deliveryMedium?: 'EMAIL' | 'SMS';
  attributeName?: string;
}

Error Types

class AuthError extends Error {
  constructor(params: {
    name: string;
    message: string;
    underlyingError?: Error;
    recoverySuggestion?: string;
  });
}