aws-amplify · josefaidt · Nov 15, 2024 · Nov 19, 2024 · Nov 21, 2024
@@ -1613,7 +1613,8 @@
     "voteField",
     "ampx",
     "autodetection",
-    "jamba"
+    "jamba",
+    "webauthn"
   ],
   "flagWords": ["hte", "full-stack", "Full-stack", "Full-Stack", "sudo"],
   "patterns": [

@@ -73,6 +73,9 @@ export const directory = {
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/concepts/phone/index.mdx'
                     },
+                    {
+                      path: 'src/pages/[platform]/build-a-backend/auth/concepts/passwordless/index.mdx'
+                    },
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/concepts/user-attributes/index.mdx'
                     },
@@ -137,6 +140,9 @@ export const directory = {
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/manage-users/manage-passwords/index.mdx'
                     },
+                    {
+                      path: 'src/pages/[platform]/build-a-backend/auth/manage-users/manage-webauthn-credentials/index.mdx'
+                    },
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/manage-users/manage-devices/index.mdx'
                     },

@@ -0,0 +1,167 @@
+import { getCustomStaticPath } from '@/utils/getCustomStaticPath';
+
+export const meta = {
+  title: 'Passwordless',
+  description: 'Learn how to configure passwordless sign-in flows',
+  platforms: [
+    'android',
+    'angular',
+    'flutter',
+    'javascript',
+    'nextjs',
+    'react',
+    'react-native',
+    'swift',
+    'vue'
+  ]
+};
+
+export function getStaticPaths() {
+  return getCustomStaticPath(meta.platforms);
+}
+
+export function getStaticProps() {
+  return {
+    props: {
+      meta
+    }
+  };
+}
+
+Amplify supports the use of passwordless authentication flows using the following methods:
+
+- [SMS-based one-time password (SMS OTP)](#sms-otp)
+- [Email-based one-time password (Email OTP)](#email-otp)
+- [WebAuthn passkey](#webauthn-passkey)
+
+Passwordless authentication removes the security risks and user friction associated with traditional passwords.
+{/* add more color */}
+
+<Callout warning>
+
+**Warning:** Passwordless configuration is currently not available in `defineAuth`. We are currently working towards enabling support for passwordless configurations. [Visit the GitHub issue to track the progress](https://link-to-backend-issue)
+
+{/* @TODO file issue */}
+
+</Callout>
+
+{/* need a section about what a "preferred" factor is */}
+
+## SMS OTP
+
+SMS-based authentication uses phone numbers as the identifier and text messages as the verification channel. At a high level end users will perform the following steps to authenticate:
+
+1. User enters their phone number to sign up/sign in
+2. They receive a text message with a time-limited 6-digit code
+3. After the user enters their code they are authenticated
+
+{/* quick blurb of basic usage */}
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+<Callout info>
+
+SMS-based one-time password requires your Amazon Cognito user pool to be configured to use Amazon Simple Notification Service (SNS) to send text messages. [Learn how to configure your auth resource with SNS](/[platform]/build-a-backend/auth/moving-to-production/#sms).
+
+{/* NOTE the linked page will need to be updated with sns instructions */}
+
+</Callout>
+
+[Learn more about using SMS OTP in your application code](/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/#sms-otp).
+
+## Email OTP
+
+Email-based authentication uses email addresses for identification and verification. At a high level end users will perform the following steps to authenticate:
+
+1. User enters their email address to sign up/sign in
+2. They receive an email message with a time-limited 6-digit code
+3. After the users enters their code they are authenticated
+
+{/* quick blurb of basic usage */}
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+<Callout info>
+
+Email-based one-time password requires your Amazon Cognito user pool to be configured to use Amazon Simple Email Service (SES) to send email messages. [Learn how to configure your auth resource with SES](/[platform]/build-a-backend/auth/moving-to-production/#email).
+
+</Callout>
+
+[Learn more about using email OTP in your application code](/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/#email-otp).
+
+## WebAuthn Passkey
+
+WebAuthn uses biometrics or security keys for authentication, leveraging device-specific security features. At a high level end users will perform the following steps to authenticate:
+
+1. User chooses to register a passkey
+2. Their device prompts for biometric/security key verification
+3. For future logins, they'll authenticate using the same method
+
+{/* quick blurb of basic usage */}
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+[Learn more about using WebAuthn passkeys in your application code](/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/#webauthn-passkeys).
+
+### Managing credentials
+
+{/* quick blurb then segue over to "manage WebAuthn credentials" page */}
+
+[Learn more about managing WebAuthn credentials](/[platform]/build-a-backend/auth/manage-users/manage-webauthn-credentials).
+
+{/* ?? */}
+{/* ## Adding passwords later */}
@@ -1099,4 +1099,81 @@ func socialSignInWithWebUI() -> AnyCancellable {
 
 </InlineFilter>
 
-{/* sign-in with web UI (this is a very limited alternative to the Authenticator) */}
+## Sign in with passwordless methods
+
+Your application's users can also sign in using passwordless methods. To learn more, visit the [concepts page for passwordless](/[platform]/build-a-backend/auth/concepts/passwordless/)
+
+### SMS OTP
+
+{/* blurb with supplemental information about handling sign-in, events, etc. */}
+
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+### Email OTP
+
+{/* blurb with supplemental information about handling sign-in, events, etc. */}
+
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+### WebAuthn Passkeys
+
+{/* blurb with supplemental information about handling sign-in, events, etc. */}
+
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
@@ -527,3 +527,83 @@ export default function App() {
 
 </InlineFilter>
 </InlineFilter>
+
+## Sign up with passwordless methods
+
+Your application's users can also sign up using passwordless methods. To learn more, visit the [concepts page for passwordless](/[platform]/build-a-backend/auth/concepts/passwordless/)
+
+### SMS OTP
+
+{/* blurb with supplemental information about handling sign-up, events, etc. */}
+
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+### Email OTP
+
+{/* blurb with supplemental information about handling sign-up, events, etc. */}
+
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+### WebAuthn Passkeys
+
+{/* blurb with supplemental information about handling sign-up, events, etc. */}
+
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["flutter"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
@@ -544,3 +544,6 @@ cfnUserPool.policies = {
   },
 };
 ```
+
+## Add passwords to passwordless users
+