Cognito passwordless support

[ataylorme]

On which framework/platform would you like to see this feature implemented?

React

Which UI component is this feature-request for?

Authenticator

Please describe your feature-request in detail.

Support Cognito managed passwordless login as described in this doc

Related issues:

• Cognito: Passwordless authentication support aws/aws-cdk#32265
• AWS::Cognito::UserPool - Policies - SignInPolicy aws-cloudformation/cloudformation-coverage-roadmap#2200

Please describe a solution you'd like.

Support for passwordless account creation and sign-in with AWS Cognito and Amplify via Amplify configuration of Cognito and the Authenticator component. All auth storage options, session, cookie, etc. should be supported.

I recognize full support requires CDK support of these features. I am hoping the AWS teams can work collaboratively to expand these new Cognito features to Amplify

We love contributors! Is this something you'd be interested in working on?

• 👋 I may be able to implement this feature request.
• ⚠️ This feature might incur a breaking change.

[cwomack]

Hello, @ataylorme and thanks for opening this issue. We just released support for passwordless auth flows on the amplify-js repo (now available in v6.10.0), and will incorporate support Cognito managed passwordless logins on the UI side as soon as we can.

[ataylorme]

Thank you! One thing that hasn’t been clear to me so far is if there can be passwordless sign up as well as passwordless sign in. Basically Cognito configured for magic links and/or passkeys only

[cwomack]

@ataylorme, both passwordless sign up and sign in are supported using OTP codes. Passkeys are not supported during sign up, you must already be authenticated to create one, then it can be used in subsequent sign-ins. Hope that clears things up!

[BwL1289]

Commenting for interest

[ataylorme]

While waiting for first party Amplify UI support are there any examples or documentation for integrating amplify-js support into an Amplify project without Amplify UI?

[jordanvn]

Hi @ataylorme. The documentation within the main docs does not always assume the use of Amplify UI, but most specifically you might find the Manual Installation section useful for scenarios of integrating amplify-js with the intention of not using Amplify UI. If you can provide more information about the application you are looking to develop, we can also direct you towards more specific documentation or examples. Hope that helps!

[ataylorme]

Thank you! The application I am currently building is NextJS server side rendered. Amplify Auth/UI handles the login/auth callback, setting a server side cookie, methods to check if the user is authenticated and a React Provider.

If there is a guide to follow for the login/callback I would be comfortable managing the session myself. Next has APIs for session/cookie management

Another alternative I’ve considered but not explored yet is using the new Cognito hosted UI. I’m not sure if that would be compatible with Amplify UI sign in with redirect or need to be managed manually.

[cwomack]

@ataylorme, wanted to follow up with your questions/comments about the Cognito Hosted UI piece. Just to be clear, the Cognito Hosted UI is only used in conjunction with the Authenticator connected component when the auth flows include federation through Google, Facebook, etc. If you're only using Cognito, the Hosted UI won't be a part of the authentication flow.

So as far as compatibility, it is definitely compatible and just depends on the auth implementation. We do have some docs that cover how handle user sessions, but those will cover the usage of Auth API's such as fetchAuthSession and getCurrentUser.