Function defineAuth

Parameters

• props: {
      access?: AuthAccessGenerator;
      accountRecovery?:
          | "EMAIL_AND_PHONE_WITHOUT_MFA"
          | "PHONE_WITHOUT_MFA_AND_EMAIL"
          | "EMAIL_ONLY"
          | "PHONE_ONLY_WITHOUT_MFA"
          | "PHONE_AND_EMAIL"
          | "NONE";
      groups?: string[];
      loginWith: {
          email?: EmailLogin;
          externalProviders?: ExternalProviderSpecificFactoryProps;
          phone?: PhoneNumberLogin;
      };
      multifactor?: MFA;
      name?: string;
      senders?: {
          email?: | CustomEmailSender
          | Pick<UserPoolSESOptions, "fromEmail" | "fromName" | "replyTo">;
          sms?: CustomSmsSender | UserPoolSnsOptions;
      };
      triggers?: Partial<
          Record<
              | "createAuthChallenge"
              | "customMessage"
              | "defineAuthChallenge"
              | "postAuthentication"
              | "postConfirmation"
              | "preAuthentication"
              | "preSignUp"
              | "preTokenGeneration"
              | "userMigration"
              | "verifyAuthChallengeResponse",
              ConstructFactory<ResourceProvider<FunctionResources>>,
          >,
      >;
      userAttributes?: UserAttributes;
  }

  • Optionalaccess?: AuthAccessGenerator

    Configure access to auth for other Amplify resources

    See

    https://docs.amplify.aws/react/build-a-backend/auth/grant-access-to-auth-resources/

    Example

    access: (allow) => [allow.resource(postConfirmation).to(["addUserToGroup"])]
    Copy

    Example

    access: (allow) => [allow.resource(groupManager).to(["manageGroups"])]
    Copy

  • OptionalaccountRecovery?:
        | "EMAIL_AND_PHONE_WITHOUT_MFA"
        | "PHONE_WITHOUT_MFA_AND_EMAIL"
        | "EMAIL_ONLY"
        | "PHONE_ONLY_WITHOUT_MFA"
        | "PHONE_AND_EMAIL"
        | "NONE"

    Determined how a user is able to recover their account by setting the account recovery setting.

    If no setting is provided, a default will be set based on the enabled login methods. When email and phone login methods are both enabled, email will be the default recovery method. If only email or phone are enabled, they will be the default recovery methods.

    Example

    "EMAIL_ONLY"
    
    For details about each option, see below.
    
    'EMAIL_AND_PHONE_WITHOUT_MFA' - Email if available, otherwise phone, but does not allow a user to reset their password via phone if they are also using it for MFA
    
    'PHONE_WITHOUT_MFA_AND_EMAIL' - Phone if available, otherwise email, but does not allow a user to reset their password via phone if they are also using it for MFA
    
    'EMAIL_ONLY' - Email only
    
    'PHONE_ONLY_WITHOUT_MFA' - Phone only, but does not allow a user to reset their password via phone if they are also using it for MFA
    
    'PHONE_AND_EMAIL' - (Not Recommended) Phone if available, otherwise email, and do allow a user to reset their password via phone if they are also using it for MFA.
    
    'NONE' - None – users will have to contact an administrator to reset their passwords
    Copy

  • Optionalgroups?: string[]

    Provide a list of user group names to create UserPoolGroups.

    Group precedence is determined by the ordering of the groups in the list.

    Example

    ['admins']
    
    Group roles will be generated without any permissions, but you can configure permissions by accessing the generated roles and attaching policies to them.
    
    auth.resources.groups['admins'].role.addToPrincipalPolicy(new PolicyStatement({...}))
    Copy

  • loginWith: {
        email?: EmailLogin;
        externalProviders?: ExternalProviderSpecificFactoryProps;
        phone?: PhoneNumberLogin;
    }

    Specify how you would like users to log in. You can choose from email, phone, and even external providers such as LoginWithAmazon.

    • Optionalemail?: EmailLogin

      Email login options.

      If true, email login will be enabled with default settings. If settings are provided, email login will be enabled with the specified settings.

    • OptionalexternalProviders?: ExternalProviderSpecificFactoryProps

      Configure OAuth, OIDC, and SAML login providers

    • Optionalphone?: PhoneNumberLogin

      Phone number login options.

      If true, phone number login will be enabled with default settings. If settings are provided, phone number login will be enabled with the specified settings.

  • Optionalmultifactor?: MFA

    Configure whether users can or are required to use multifactor (MFA) to sign in.

  • Optionalname?: string

    Specify a name which will aid in generating resource names.

  • Optionalsenders?: {
        email?:
            | CustomEmailSender
            | Pick<UserPoolSESOptions, "fromEmail" | "fromName" | "replyTo">;
        sms?: CustomSmsSender | UserPoolSnsOptions;
    }

    Configure email sender options

  • Optionaltriggers?: Partial<
        Record<
            | "createAuthChallenge"
            | "customMessage"
            | "defineAuthChallenge"
            | "postAuthentication"
            | "postConfirmation"
            | "preAuthentication"
            | "preSignUp"
            | "preTokenGeneration"
            | "userMigration"
            | "verifyAuthChallengeResponse",
            ConstructFactory<ResourceProvider<FunctionResources>>,
        >,
    >

    Configure custom auth triggers

    See

    https://docs.amplify.aws/react/build-a-backend/auth/customize-auth-lifecycle/triggers/

  • OptionaluserAttributes?: UserAttributes

    The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

    Default

    - email/phone will be added as required user attributes if they are included as login methods
    Copy