feat(auth): add custom headers support for Cognito Auth requests

[piotrekwitkowski]

Summary

• Adds optional headers async function to LibraryAuthOptions, enabling custom headers on all Auth requests to Cognito
• Follows the existing pattern used by REST (libraryOptions.API.REST.headers) and GraphQL (libraryOptions.API.GraphQL.headers)
• Enables integration with AWS WAF intelligent threat protection (CAPTCHA, Challenge, Bot Control) and other custom header use cases

Usage

Amplify.configure(resourcesConfig, {
  Auth: {
    headers: async () => ({
      'x-aws-waf-token': await window.AwsWafIntegration.getToken(),
    }),
  },
});

Changes

• packages/core/src/singleton/Auth/types.ts — Added headers to LibraryAuthOptions
• packages/auth/.../cognitoUserPoolTransferHandler.ts — Read and apply custom headers from Amplify.libraryOptions.Auth.headers in the existing middleware
• packages/auth/.../__tests__/.../cognitoUserPoolTransferHandler.test.ts — Added tests for custom headers

Closes #12308
Closes #13197

Test plan

• Existing tests pass (96/101 suites, 5 pre-existing failures unrelated to this change)
• New test: custom headers are attached when headers function is configured
• New test: no-op when headers is not configured
• Verified no regressions across 1118 passing tests

🤖 Generated with Claude Code

[changeset-bot]

🦋 Changeset detected

Latest commit: 821ec0a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages

Name	Type
@aws-amplify/auth	Minor
@aws-amplify/core	Patch
@aws-amplify/pubsub	Patch
aws-amplify	Patch
@aws-amplify/api-graphql	Patch
@aws-amplify/api	Patch
@aws-amplify/datastore	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR