- execute the command:
amplify add auth - Upon completion, amplifyconfiguration.json should be updated to reference provisioned backend auth resources.
- Add the following dependency to your app's build.gradle:
implementation 'com.amplifyframework:aws-auth-cognito:1.24.0' - Add this line, to include the Auth plugin.
Amplify.addPlugin(new AWSCognitoAuthPlugin());
Amplify.configure(getApplicationContext());- Add the following activity and queries tag to your app's
AndroidManifest.xmlfile, replacingmyappwith your redirect URI prefix if necessary:
<queries>
<intent>
<action android:name=
"android.support.customtabs.action.CustomTabsService" />
</intent>
</queries>
<application ...>
...
<activity
android:name="com.amplifyframework.auth.cognito.activities.HostedUIRedirectActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="myapp" />
</intent-filter>
</activity>
...
</application>- Add the following result handler to whichever Activity you are calling HostedUI from:
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == AWSCognitoAuthPlugin.WEB_UI_SIGN_IN_ACTIVITY_CODE) {
Amplify.Auth.handleWebUISignInResponse(data);
}
}- The AWS Cognito Auth Plugin can be configured to automatically obtain guest credentials once the device is online so that you are able to use other categories "anonymously" without the need to sign in.
AWS Cognito Auth Plugin sends important events through Amplify Hub.
Fetch the current user's attributes
Amplify.Auth.fetchUserAttributes(
attributes -> Log.i("AuthDemo", "User attributes = " + attributes.toString()),
error -> Log.e("AuthDemo", "Failed to fetch user attributes.", error)
);Some attributes require confirmation for the attribute update to complete. If the attribute need to be confirmed, the result of the above api will be CONFIRM_ATTRIBUTE_WITH_CODE. A confirmation code will be sent to the delivery medium mentioned in the delivery details. When the user gets the confirmation code, you can present a UI to the user to enter the code and invoke the confirm attribute api with their input
If the code has expired or the user needs to resend the confirmation code, invoke the resend api as shown below:
Amplify.Auth.resendUserAttributeConfirmationCode(AuthUserAttributeKey.email(),
result -> Log.i("AuthDemo", "Code was sent again: " + result.toString()),
error -> Log.e("AuthDemo", "Failed to resend code.", error)
);- Remembering a device is useful in conjunction with Multi-Factor Authentication (MFA). If MFA is enabled for an Amazon Cognito user pool, end users have to type in a security code received via e-mail or SMS each time they want to sign in.
- Remembering a device allows the second factor requirement to be automatically met when the user signs in on that device, thereby reducing friction in the user experience.
- In order to reset your password, use the resetPassword api - this will send a code to the user attribute configured to receive such a reset code (e.g. email or SMS):
- To complete the password reset process, invoke the confirmResetPassword api with the code you were sent and the new password you want.
- Invoke the signOut api to sign out a user from the Auth category. You can only have one user signed in at a given time.
- Calling signOut without any options will just delete the local cache and keychain of the user. If you would like to sign out of all devices, invoke the signOut api with advanced options.
An intentional decision with Amplify Auth was to avoid any public methods exposing credentials or manipulating them.
With Auth, you simply sign in and it handles everything else needed to keep the credentials up to date and vend them to the other categories.
However, if you need to access them in relation to working with an API outside Amplify or want access to AWS specific identifying information (e.g. IdentityId), you can access these implementation details by casting the result of fetchAuthSession