Amplify Toolbox
    Preparing search index...

    Type Alias AuthProps

    Input props for the AmplifyAuth construct

    type AuthProps = {
        accountRecovery?: keyof typeof cognito.AccountRecovery;
        groups?: string[];
        loginWith: {
            email?: EmailLogin;
            externalProviders?: ExternalProviderOptions;
            phone?: PhoneNumberLogin;
            webAuthn?: WebAuthnLogin;
        };
        multifactor?: MFA;
        name?: string;
        outputStorageStrategy?: BackendOutputStorageStrategy<AuthOutput>;
        senders?: {
            email?:
                | Pick<UserPoolSESOptions, "fromEmail" | "fromName" | "replyTo">
                | CustomEmailSender;
            sms?: UserPoolSnsOptions | CustomSmsSender;
        };
        userAttributes?: UserAttributes;
    }
    Index

    Properties

    accountRecovery? groups? loginWith multifactor? name? outputStorageStrategy? senders? userAttributes?

    Properties

    accountRecovery?: keyof typeof cognito.AccountRecovery

    Determined how a user is able to recover their account by setting the account recovery setting.

    If no setting is provided, a default will be set based on the enabled login methods. When email and phone login methods are both enabled, email will be the default recovery method. If only email or phone are enabled, they will be the default recovery methods.

    "EMAIL_ONLY"

    For details about each option, see below.

    'EMAIL_AND_PHONE_WITHOUT_MFA' - Email if available, otherwise phone, but does not allow a user to reset their password via phone if they are also using it for MFA

    'PHONE_WITHOUT_MFA_AND_EMAIL' - Phone if available, otherwise email, but does not allow a user to reset their password via phone if they are also using it for MFA

    'EMAIL_ONLY' - Email only

    'PHONE_ONLY_WITHOUT_MFA' - Phone only, but does not allow a user to reset their password via phone if they are also using it for MFA

    'PHONE_AND_EMAIL' - (Not Recommended) Phone if available, otherwise email, and do allow a user to reset their password via phone if they are also using it for MFA.

    'NONE' - Noneusers will have to contact an administrator to reset their passwords
    groups?: string[]

    Provide a list of user group names to create UserPoolGroups.

    Group precedence is determined by the ordering of the groups in the list.

    ['admins']

    Group roles will be generated without any permissions, but you can configure permissions by accessing the generated roles and attaching policies to them.

    auth.resources.groups['admins'].role.addToPrincipalPolicy(new PolicyStatement({...}))
    loginWith: {
        email?: EmailLogin;
        externalProviders?: ExternalProviderOptions;
        phone?: PhoneNumberLogin;
        webAuthn?: WebAuthnLogin;
    }

    Specify how you would like users to log in. You can choose from email, phone, and even external providers such as LoginWithAmazon.

    Type declaration

    • Optionalemail?: EmailLogin

      Email login options.

      If true, email login will be enabled with default settings. If settings are provided, email login will be enabled with the specified settings.

    • OptionalexternalProviders?: ExternalProviderOptions

      Configure OAuth, OIDC, and SAML login providers

    • Optionalphone?: PhoneNumberLogin

      Phone number login options.

      If true, phone number login will be enabled with default settings. If settings are provided, phone number login will be enabled with the specified settings.

    • OptionalwebAuthn?: WebAuthnLogin

      Enable WebAuthn (passkey) authentication for passwordless login.

      Note: Enabling passwordless login via webAuthn automatically enables the ALLOW_USER_AUTH authentication flow in your Cognito App Client

      undefined (WebAuthn not enabled)

      // Simple passwordless with email OTP and passkeys
      defineAuth({
        loginWith: {
          email: {
            otpLogin: true
          },
          webAuthn: true
        }
      })
    multifactor?: MFA

    Configure whether users can or are required to use multifactor (MFA) to sign in.

    name?: string

    Specify a name which will aid in generating resource names.

    outputStorageStrategy?: BackendOutputStorageStrategy<AuthOutput>
    senders?: {
        email?:
            | Pick<UserPoolSESOptions, "fromEmail" | "fromName" | "replyTo">
            | CustomEmailSender;
        sms?: UserPoolSnsOptions | CustomSmsSender;
    }

    Configure sending behaviors for Emails or SMS messages sent from your auth resource

    Type declaration

    https://docs.amplify.aws/react/build-a-backend/auth/customize-auth-lifecycle/email-customization/#custom-senders

    userAttributes?: UserAttributes

    The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

    - email/phone will be added as required user attributes if they are included as login methods

    Settings

    Member Visibility

    On This Page

    Properties