AWS Amplify Auth is a comprehensive authentication library providing APIs and building blocks for creating authentication experiences with Amazon Cognito. It offers complete user lifecycle management including sign-up, sign-in, password management, multi-factor authentication (MFA), user attribute management, device management, and OAuth/OIDC integration.
npm install @aws-amplify/authimport { signUp, signIn, signOut, getCurrentUser } from "@aws-amplify/auth";For Cognito-specific APIs:
import { signUp, signIn, signOut } from "@aws-amplify/auth/cognito";For server-side usage:
import { getCurrentUser, fetchUserAttributes } from "@aws-amplify/auth/server";For CommonJS:
const { signUp, signIn, signOut, getCurrentUser } = require("@aws-amplify/auth");import { signUp, signIn, signOut, getCurrentUser } from "@aws-amplify/auth";
// Sign up a new user
const { isSignUpComplete, nextStep } = await signUp({
username: "user@example.com",
password: "TempPassword123!",
options: {
userAttributes: {
email: "user@example.com",
name: "John Doe"
}
}
});
// Sign in
const { isSignedIn, nextStep } = await signIn({
username: "user@example.com",
password: "TempPassword123!"
});
// Get current user
const currentUser = await getCurrentUser();
// Sign out
await signOut();AWS Amplify Auth is built around several key components:
Core authentication operations including user registration, sign-in, and sign-out. These functions handle the complete user authentication flow with Amazon Cognito.
function signUp(input: SignUpInput): Promise<SignUpOutput>;
function signIn(input: SignInInput): Promise<SignInOutput>;
function signOut(input?: SignOutInput): Promise<void>;
function autoSignIn(): Promise<SignInOutput>;Password reset, confirmation, and update operations for user account security.
function resetPassword(input: ResetPasswordInput): Promise<ResetPasswordOutput>;
function confirmResetPassword(input: ConfirmResetPasswordInput): Promise<void>;
function updatePassword(input: UpdatePasswordInput): Promise<void>;Complete MFA setup, management, and verification including TOTP, SMS, and email-based authentication.
function setUpTOTP(): Promise<SetUpTOTPOutput>;
function verifyTOTPSetup(input: VerifyTOTPSetupInput): Promise<void>;
function updateMFAPreference(input: UpdateMFAPreferenceInput): Promise<void>;
function fetchMFAPreference(): Promise<FetchMFAPreferenceOutput>;User profile operations including attribute management, verification, and account operations.
function getCurrentUser(): Promise<AuthUser>;
function fetchUserAttributes(): Promise<FetchUserAttributesOutput>;
function updateUserAttributes(input: UpdateUserAttributesInput): Promise<UpdateUserAttributesOutput>;
function updateUserAttribute(input: UpdateUserAttributeInput): Promise<UpdateUserAttributeOutput>;
function deleteUser(): Promise<void>;Trusted device tracking and management for enhanced security.
function fetchDevices(): Promise<FetchDevicesOutput>;
function rememberDevice(): Promise<void>;
function forgetDevice(input?: ForgetDeviceInput): Promise<void>;OAuth/OIDC integration for social and enterprise identity providers. Includes automatic callback handling and redirect-based sign-in flows.
function signInWithRedirect(input?: SignInWithRedirectInput): Promise<void>;
// Side-effect import for OAuth callback handling
import "@aws-amplify/auth/enable-oauth-listener";Passwordless authentication using WebAuthn for biometric and security key authentication.
function associateWebAuthnCredential(): Promise<void>;
function listWebAuthnCredentials(input?: ListWebAuthnCredentialsInput): Promise<ListWebAuthnCredentialsOutput>;
function deleteWebAuthnCredential(input: DeleteWebAuthnCredentialInput): Promise<void>;Authentication session and token management including automatic refresh and secure storage.
function fetchAuthSession(options?: FetchAuthSessionOptions): Promise<AuthSession>;
function decodeJWT(token: string): JWT;Dedicated server-side authentication APIs for SSR applications and backend services.
// Server-side variants
function getCurrentUser(): Promise<AuthUser>;
function fetchUserAttributes(): Promise<FetchUserAttributesOutput>;interface AuthUser {
username: string;
userId: string;
signInDetails?: AuthSignInDetails;
}
interface AuthSession {
tokens?: AuthTokens;
credentials?: AWSCredentials;
identityId?: string;
userSub?: string;
}
interface AuthTokens {
accessToken: JWT;
idToken?: JWT;
refreshToken?: string;
}
interface JWT {
payload: Record<string, any>;
toString(): string;
}
type UserAttributeKey =
| 'address'
| 'birthdate'
| 'email'
| 'family_name'
| 'gender'
| 'given_name'
| 'locale'
| 'middle_name'
| 'name'
| 'nickname'
| 'phone_number'
| 'picture'
| 'preferred_username'
| 'profile'
| 'sub'
| 'updated_at'
| 'website'
| 'zoneinfo'
| (string & {});
type VerifiableUserAttributeKey = 'email' | 'phone_number';
interface CodeDeliveryDetails {
destination?: string;
deliveryMedium?: 'EMAIL' | 'SMS';
attributeName?: string;
}class AuthError extends Error {
constructor(params: {
name: string;
message: string;
underlyingError?: Error;
recoverySuggestion?: string;
});
}