CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-aws-amplify--auth

Authentication category of AWS Amplify providing APIs and building blocks for creating authentication experiences with Amazon Cognito

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

index.mddocs/

AWS Amplify Auth

AWS Amplify Auth is a comprehensive authentication library providing APIs and building blocks for creating authentication experiences with Amazon Cognito. It offers complete user lifecycle management including sign-up, sign-in, password management, multi-factor authentication (MFA), user attribute management, device management, and OAuth/OIDC integration.

Package Information

  • Package Name: @aws-amplify/auth
  • Package Type: npm
  • Language: TypeScript
  • Installation: npm install @aws-amplify/auth

Core Imports

import { signUp, signIn, signOut, getCurrentUser } from "@aws-amplify/auth";

For Cognito-specific APIs:

import { signUp, signIn, signOut } from "@aws-amplify/auth/cognito";

For server-side usage:

import { getCurrentUser, fetchUserAttributes } from "@aws-amplify/auth/server";

For CommonJS:

const { signUp, signIn, signOut, getCurrentUser } = require("@aws-amplify/auth");

Basic Usage

import { signUp, signIn, signOut, getCurrentUser } from "@aws-amplify/auth";

// Sign up a new user
const { isSignUpComplete, nextStep } = await signUp({
  username: "user@example.com",
  password: "TempPassword123!",
  options: {
    userAttributes: {
      email: "user@example.com",
      name: "John Doe"
    }
  }
});

// Sign in
const { isSignedIn, nextStep } = await signIn({
  username: "user@example.com",
  password: "TempPassword123!"
});

// Get current user
const currentUser = await getCurrentUser();

// Sign out
await signOut();

Architecture

AWS Amplify Auth is built around several key components:

  • Cognito Provider: Core authentication provider using Amazon Cognito User Pools and Identity Pools
  • Token Management: Automatic token refresh, secure storage, and session handling
  • Multi-Factor Authentication: Support for SMS, Email, TOTP, and WebAuthn
  • OAuth Integration: Social and enterprise identity provider support
  • Device Management: Trusted device tracking and management
  • Server-Side Rendering: Dedicated server-side API variants for SSR applications

Capabilities

Authentication Lifecycle

Core authentication operations including user registration, sign-in, and sign-out. These functions handle the complete user authentication flow with Amazon Cognito.

function signUp(input: SignUpInput): Promise<SignUpOutput>;
function signIn(input: SignInInput): Promise<SignInOutput>;
function signOut(input?: SignOutInput): Promise<void>;
function autoSignIn(): Promise<SignInOutput>;

Authentication Lifecycle

Password Management

Password reset, confirmation, and update operations for user account security.

function resetPassword(input: ResetPasswordInput): Promise<ResetPasswordOutput>;
function confirmResetPassword(input: ConfirmResetPasswordInput): Promise<void>;
function updatePassword(input: UpdatePasswordInput): Promise<void>;

Password Management

Multi-Factor Authentication

Complete MFA setup, management, and verification including TOTP, SMS, and email-based authentication.

function setUpTOTP(): Promise<SetUpTOTPOutput>;
function verifyTOTPSetup(input: VerifyTOTPSetupInput): Promise<void>;
function updateMFAPreference(input: UpdateMFAPreferenceInput): Promise<void>;
function fetchMFAPreference(): Promise<FetchMFAPreferenceOutput>;

Multi-Factor Authentication

User Management

User profile operations including attribute management, verification, and account operations.

function getCurrentUser(): Promise<AuthUser>;
function fetchUserAttributes(): Promise<FetchUserAttributesOutput>;
function updateUserAttributes(input: UpdateUserAttributesInput): Promise<UpdateUserAttributesOutput>;
function updateUserAttribute(input: UpdateUserAttributeInput): Promise<UpdateUserAttributeOutput>;
function deleteUser(): Promise<void>;

User Management

Device Management

Trusted device tracking and management for enhanced security.

function fetchDevices(): Promise<FetchDevicesOutput>;
function rememberDevice(): Promise<void>;
function forgetDevice(input?: ForgetDeviceInput): Promise<void>;

Device Management

OAuth & Social Authentication

OAuth/OIDC integration for social and enterprise identity providers. Includes automatic callback handling and redirect-based sign-in flows.

function signInWithRedirect(input?: SignInWithRedirectInput): Promise<void>;

// Side-effect import for OAuth callback handling
import "@aws-amplify/auth/enable-oauth-listener";

OAuth & Social Authentication

WebAuthn Credentials

Passwordless authentication using WebAuthn for biometric and security key authentication.

function associateWebAuthnCredential(): Promise<void>;
function listWebAuthnCredentials(input?: ListWebAuthnCredentialsInput): Promise<ListWebAuthnCredentialsOutput>;
function deleteWebAuthnCredential(input: DeleteWebAuthnCredentialInput): Promise<void>;

WebAuthn Credentials

Session Management

Authentication session and token management including automatic refresh and secure storage.

function fetchAuthSession(options?: FetchAuthSessionOptions): Promise<AuthSession>;
function decodeJWT(token: string): JWT;

Session Management

Server-Side APIs

Dedicated server-side authentication APIs for SSR applications and backend services.

// Server-side variants
function getCurrentUser(): Promise<AuthUser>;
function fetchUserAttributes(): Promise<FetchUserAttributesOutput>;

Server-Side APIs

Types

Core Types

interface AuthUser {
  username: string;
  userId: string;
  signInDetails?: AuthSignInDetails;
}

interface AuthSession {
  tokens?: AuthTokens;
  credentials?: AWSCredentials;
  identityId?: string;
  userSub?: string;
}

interface AuthTokens {
  accessToken: JWT;
  idToken?: JWT;
  refreshToken?: string;
}

interface JWT {
  payload: Record<string, any>;
  toString(): string;
}

type UserAttributeKey = 
  | 'address'
  | 'birthdate'
  | 'email'
  | 'family_name'
  | 'gender'
  | 'given_name'
  | 'locale'
  | 'middle_name'
  | 'name'
  | 'nickname'
  | 'phone_number'
  | 'picture'
  | 'preferred_username'
  | 'profile'
  | 'sub'
  | 'updated_at'
  | 'website'
  | 'zoneinfo'
  | (string & {});

type VerifiableUserAttributeKey = 'email' | 'phone_number';

interface CodeDeliveryDetails {
  destination?: string;
  deliveryMedium?: 'EMAIL' | 'SMS';
  attributeName?: string;
}

Error Types

class AuthError extends Error {
  constructor(params: {
    name: string;
    message: string;
    underlyingError?: Error;
    recoverySuggestion?: string;
  });
}

docs

authentication-lifecycle.md

device-management.md

index.md

multi-factor-authentication.md

oauth-social-authentication.md

password-management.md

server-side-apis.md

session-management.md

user-management.md

webauthn-credentials.md

tile.json