Add passwordless (#8127)

* initial ia

* concept boilerplate

* add code snippet placeholders, cross links, warning for backend support

* chore(auth): add swift passwordless sign up/auto sign in changes (#8128)

* Apply suggestions from code review

* rm comments, stale sections

* chore: add new steps and new flow type

* chore(auth): add swift passwordless sign in/web authn changes (#8131)

* chore(auth): add swift passwordless sign in/web authn changes

* removed unused section

* remove flutter blocks

* fix spelling

* chore(auth): update swift passwordless autosignin Combine snippets (#8132)

* chore(auth): add js passwordless changes (#8129)

* chore(auth): add js passwordless changes

* chore(auth): add filters and a react-native callout; code spacing

* chore(auth): add sign in updates

* Update src/pages/[platform]/build-a-backend/auth/manage-users/manage-webauthn-credentials/index.mdx

Co-authored-by: James Jarvis <[email protected]>

* chore(auth): add associate api to the manage webauthn page

* Update src/pages/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/index.mdx

Co-authored-by: josef <[email protected]>

* chore(auth): use string literals

* chore(auth): add signin next step types

* add js sign up examples

* chore(auth): improve wording

* chore(auth): add first factor selection to confirm sign-in next steps

* Update src/pages/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/index.mdx

Co-authored-by: James Jarvis <[email protected]>

* Update src/pages/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/index.mdx

Co-authored-by: James Jarvis <[email protected]>

* chore(auth): review feedback - formatting and wording

* chore(auth): move user auth flow info into switching flows page

---------

Co-authored-by: James Jarvis <[email protected]>
Co-authored-by: josef <[email protected]>

* resolve structural issues

* fix extra closing tag

* filter passwordless blocks

* Update src/pages/[platform]/build-a-backend/auth/concepts/passwordless/index.mdx

* revert auth flow order change

* update user auth flow description

---------

Co-authored-by: Abhash Kumar Singh <[email protected]>
Co-authored-by: Harsh <[email protected]>
Co-authored-by: Parker Scanlon <[email protected]>
Co-authored-by: James Jarvis <[email protected]>

Author: 5 people

cspell.json

@@ -1614,6 +1614,7 @@
     "ampx",
     "autodetection",
     "jamba",
+    "webauthn",
     "knowledgebases",
     "rehype"
   ],

src/directory/directory.mjs

@@ -73,6 +73,9 @@ export const directory = {
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/concepts/phone/index.mdx'
                     },
+                    {
+                      path: 'src/pages/[platform]/build-a-backend/auth/concepts/passwordless/index.mdx'
+                    },
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/concepts/user-attributes/index.mdx'
                     },
@@ -137,6 +140,9 @@ export const directory = {
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/manage-users/manage-passwords/index.mdx'
                     },
+                    {
+                      path: 'src/pages/[platform]/build-a-backend/auth/manage-users/manage-webauthn-credentials/index.mdx'
+                    },
                     {
                       path: 'src/pages/[platform]/build-a-backend/auth/manage-users/manage-devices/index.mdx'
                     },

src/pages/[platform]/build-a-backend/auth/concepts/passwordless/index.mdx

@@ -0,0 +1,147 @@
+import { getCustomStaticPath } from '@/utils/getCustomStaticPath';
+
+export const meta = {
+  title: 'Passwordless',
+  description: 'Learn how to configure passwordless sign-in flows',
+  platforms: [
+    'android',
+    'angular',
+    'javascript',
+    'nextjs',
+    'react',
+    'react-native',
+    'swift',
+    'vue'
+  ]
+};
+
+export function getStaticPaths() {
+  return getCustomStaticPath(meta.platforms);
+}
+
+export function getStaticProps() {
+  return {
+    props: {
+      meta
+    }
+  };
+}
+
+Amplify supports the use of passwordless authentication flows using the following methods:
+
+- [SMS-based one-time password (SMS OTP)](#sms-otp)
+- [Email-based one-time password (Email OTP)](#email-otp)
+- [WebAuthn passkey](#webauthn-passkey)
+
+Passwordless authentication removes the security risks and user friction associated with traditional passwords.
+{/* add more color */}
+
+<Callout warning>
+
+**Warning:** Passwordless configuration is currently not available in `defineAuth`. We are currently working towards enabling support for passwordless configurations. [Visit the GitHub issue to track the progress](https://github.com/aws-amplify/amplify-backend/issues/2276)
+
+</Callout>
+
+{/* need a section about what a "preferred" factor is */}
+
+## SMS OTP
+
+SMS-based authentication uses phone numbers as the identifier and text messages as the verification channel. At a high level end users will perform the following steps to authenticate:
+
+1. User enters their phone number to sign up/sign in
+2. They receive a text message with a time-limited code
+3. After the user enters their code they are authenticated
+
+{/* quick blurb of basic usage */}
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+<Callout info>
+
+SMS-based one-time password requires your Amazon Cognito user pool to be configured to use Amazon Simple Notification Service (SNS) to send text messages. [Learn how to configure your auth resource with SNS](/[platform]/build-a-backend/auth/moving-to-production/#sms).
+
+{/* NOTE the linked page will need to be updated with sns instructions */}
+
+</Callout>
+
+[Learn more about using SMS OTP in your application code](/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/#sms-otp).
+
+## Email OTP
+
+Email-based authentication uses email addresses for identification and verification. At a high level end users will perform the following steps to authenticate:
+
+1. User enters their email address to sign up/sign in
+2. They receive an email message with a time-limited code
+3. After the users enters their code they are authenticated
+
+{/* quick blurb of basic usage */}
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+<Callout info>
+
+Email-based one-time password requires your Amazon Cognito user pool to be configured to use Amazon Simple Email Service (SES) to send email messages. [Learn how to configure your auth resource with SES](/[platform]/build-a-backend/auth/moving-to-production/#email).
+
+</Callout>
+
+[Learn more about using email OTP in your application code](/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/#email-otp).
+
+## WebAuthn Passkey
+
+WebAuthn uses biometrics or security keys for authentication, leveraging device-specific security features. At a high level end users will perform the following steps to authenticate:
+
+1. User chooses to register a passkey
+2. Their device prompts for biometric/security key verification
+3. For future logins, they'll authenticate using the same method
+
+{/* quick blurb of basic usage */}
+<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["android"]}>
+
+{/*  */}
+
+</InlineFilter>
+<InlineFilter filters={["swift"]}>
+
+{/*  */}
+
+</InlineFilter>
+
+[Learn more about using WebAuthn passkeys in your application code](/[platform]/build-a-backend/auth/connect-your-frontend/sign-in/#webauthn-passkeys).
+
+### Managing credentials
+
+{/* quick blurb then segue over to "manage WebAuthn credentials" page */}
+
+[Learn more about managing WebAuthn credentials](/[platform]/build-a-backend/auth/manage-users/manage-webauthn-credentials).

src/pages/[platform]/build-a-backend/auth/connect-your-frontend/multi-step-sign-in/index.mdx

@@ -2030,6 +2030,19 @@ func signIn(username: String, password: String) async {
 
             // Prompt the user to enter the Email MFA code they received
             // Then invoke `confirmSignIn` api with the code
+
+        case .continueSignInWithFirstFactorSelection(let allowedFactors):
+            print("Received next step as continue sign in by selecting first factor")
+            print("Allowed factors \(allowedFactors)")
+
+            // Prompt the user to select the first factor they want to use
+            // Then invoke `confirmSignIn` api with the factor
+
+        case .confirmSignInWithPassword:
+            print("Received next step as confirm sign in with password")
+
+            // Prompt the user to enter the password
+            // Then invoke `confirmSignIn` api with the password
         
         case .continueSignInWithTOTPSetup(let setUpDetails):
             print("Received next step as continue sign in by setting up TOTP")