Custom Authentication flow with aws amplify cognito

2
votes

I want to create a custom signup Authentication Flow in aws amplify cognito service

What i Have

1.Enter Username

2.Enter Password

3.Verify user with Otp (Phone Number)/Confirmation Code (email)

What i want

1.Enter Username

2.Enter Otp/Confirmation Code

3.Enter Password

How to achieve this SignUp flow using aws amplify cognito service,Else what is the best service or approach

1
react-nativeauthenticationamazon-cognitoaws-amplifyfederated-identity

1 Answers

1
votes

The scenario you want is possible to do with a custom auth flow but this has some caveats:

  • You can't use Cognito's MFA with a custom auth flow. It's just not possible. I have an enterprise account with AWS and have raised this with our rep and it was not even in their backlog. This means you need to implement your own SMS OTP or use twilio's API for it ($).
  • the cognito hosted UI does not support custom auth, you will need to redo ALL the UI yourself (think reset password links etc, not just login).
  • since you will be making API calls, not using the hosted UI, you will lose all oauth benefits, no code grant or oauth scopes. This means you need to do a heap of extra work to get it working securely in a mobile auth session, essentially you will need to reimplement code grant with PKCE somehow.

If you want to do this you can use the custom auth flow, it's pretty complex but here is an article that helped me out when I was doing it: https://dev.to/duarten/passwordless-authentication-with-cognito-13c

My advice would be to stick with the Hosted UI if possible, or don't use Cognito. The feature set of Cognito is a lot less than other auth providers (but it's cheaper).