Skip to content

feat: add passwordless authentication support #3053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add passwordless authentication support #3053

wants to merge 2 commits into from
+1,280 −11

Conversation

@ahmedhamouda78
Copy link
Member

@ahmedhamouda78 ahmedhamouda78 commented Nov 17, 2025
edited
Loading

Problem

Adds first-class support for passwordless authentication in Amplify Gen 2 backend, enabling developers to configure Email OTP, SMS OTP, and WebAuthn (passkeys) without requiring CDK overrides.

Issue number, if available:

#2276

Changes

Public API Changes:

  • Added otpLogin?: boolean property to email and phone login configurations in defineAuth
  • Added webAuthn?: WebAuthnLogin property to loginWith configuration
  • Added WebAuthnOptions type with relyingPartyId and userVerification settings

Implementation:

  • Extended auth-construct to translate passwordless configurations to Cognito User Pool settings
  • Added validation logic to prevent invalid configurations (e.g., WebAuthn-only without sign-up method, passwordless + MFA REQUIRED)
  • Implemented automatic relying party ID resolution ('AUTO' resolves to localhost in sandbox, Amplify domain in branch mode)
  • Added runtime warnings for immutable configuration changes

Testing:

  • Added tests to verify correct Cognito User Pool and User Pool Client configuration

Corresponding docs PR, if applicable: N/A

Validation

  • Unit tests added for validation logic and configuration translation
  • Tests verify:
    • Correct AllowedFirstAuthFactors configuration in User Pool (EMAIL_OTP, SMS_OTP, WEB_AUTHN)
    • ALLOW_USER_AUTH flow enabled in User Pool Client
    • WebAuthn configuration (RelyingPartyId, UserVerification) when applicable
  • Manual testing with sample app verified end-to-end passwordless flows

Checklist

  • If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
  • If this PR requires a change to the Project Architecture README, I have included that update in this PR.
  • If this PR requires a docs update, I have linked to that docs PR above.
  • If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ahmedhamouda78 ahmedhamouda78 requested review from a team as code owners November 17, 2025 22:30
@changeset-bot
Copy link

changeset-bot bot commented Nov 17, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 9fc12a8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@aws-amplify/auth-construct Minor
@aws-amplify/backend-auth Minor
@aws-amplify/backend Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@ahmedhamouda78 ahmedhamouda78 force-pushed the feat/add-passwordless-auth-support branch from 3e4ced8 to c99c4d2 Compare November 17, 2025 22:57
@ahmedhamouda78 ahmedhamouda78 added the run-e2e Label that will include e2e tests in PR checks workflow label Nov 17, 2025
@ahmedhamouda78 ahmedhamouda78 added run-e2e Label that will include e2e tests in PR checks workflow and removed run-e2e Label that will include e2e tests in PR checks workflow labels Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

run-e2e Label that will include e2e tests in PR checks workflow

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ahmedhamouda78