Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rework "use existing cognito resources" prose, highlight configuring client libs directly #7806

Merged
merged 5 commits into from
Aug 7, 2024
Merged
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -29,21 +29,96 @@ export function getStaticProps(context) {
};
}

Amplify Auth can be configured to use an existing Amazon Cognito user pool and identity pool. If you are in a team setting or part of a company that has previously created auth resources, you have a few different options to configure your application to use existing auth resources.
Amplify Auth can be configured to use an existing Amazon Cognito user pool and identity pool. If you are in a team setting or part of a company that has previously created auth resources, you can [configure the client library directly](#use-auth-resources-without-an-amplify-backend), or maintain references with [AWS Cloud Development Kit (AWS CDK)](https://aws.amazon.com/cdk/) in your Amplify backend.

If you are using Amplify to build your backend, it is recommended to [add a reference to your auth resource using `backend.addOutput`](#use-auth-resources-with-an-amplify-backend).
<Callout info>

**Note:** when using existing auth resources, it may be necessary to add additional policies or permissions for your authenticated and unauthenticated IAM roles. These changes must be performed manually.

</Callout>

## Use auth resources without an Amplify backend

<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>

You can use existing resources without an Amplify backend by configuring the client library directly.

```ts title="src/main.ts"
import { Amplify } from "aws-amplify"

Amplify.configure({
Auth: {
Cognito: {
userPoolId: "<your-cognito-user-pool-id>",
userPoolClientId: "<your-cognito-user-pool-client-id>",
identityPoolId: "<your-cognito-identity-pool-id>",
loginWith: {
email: true,
},
signUpVerificationMethod: "code",
userAttributes: {
email: {
required: true,
},
},
allowGuestAccess: true,
passwordFormat: {
minLength: 8,
requireLowercase: true,
requireUppercase: true,
requireNumbers: true,
requireSpecialCharacters: true,
},
},
},
})
```

</InlineFilter>
<InlineFilter filters={["android", "flutter", "swift"]}>

If you do not use Amplify to build your backend, you can [configure the client library directly](#use-auth-resources-without-an-amplify-backend).
Configuring the mobile client libraries directly is not supported, however you can manually create `amplify_outputs.json` with the following schema:

<Callout info>

**Note:** when using existing auth resources, it may be necessary to add policies or permissions for your authenticated and unauthenticated IAM roles. These changes must be performed manually using the [AWS Cloud Development Kit (AWS CDK)](https://aws.amazon.com/cdk/)
**Note:** it is strongly recommended to use backend outputs to generate this file for each sandbox or branch deployment

</Callout>

```json title="amplify_outputs.json"
{
"version": "1",
"auth": {
"aws_region": "<your-cognito-aws-region>",
"user_pool_id": "<your-cognito-user-pool-id>",
"user_pool_client_id": "<your-cognito-user-pool-client-id>",
"identity_pool_id": "<your-cognito-identity-pool-id>",
"username_attributes": ["email"],
"standard_required_attributes": ["email"],
"user_verification_types": ["email"],
"unauthenticated_identities_enabled": true,
"password_policy": {
"min_length": 8,
"require_lowercase": true,
"require_uppercase": true,
"require_numbers": true,
"require_symbols": true
}
}
}
```

</InlineFilter>

## Use auth resources with an Amplify backend

The easiest way to get started with your existing resource is to use `backend.addOutput` to surface auth configuration to `amplify_outputs.json` automatically. In it's simplest form:
<Callout warning>

**Warning:** Amplify resources do not support including auth configurations by referencing with CDK. We are currently working to improve this experience by providing first-class support for referencing existing auth resources. [View the RFC for `referenceAuth` for more details](https://github.com/aws-amplify/amplify-backend/issues/1548)

</Callout>

To get started with your existing resource in your frontend application, to use `backend.addOutput` to surface auth configuration to `amplify_outputs.json` automatically. In it's simplest form:

```ts title="amplify/backend.ts"
import { defineBackend } from "@aws-amplify/backend"
Expand Down Expand Up @@ -130,80 +205,6 @@ backend.addOutput({
})
```

## Use auth resources without an Amplify backend

Alternatively, you can use existing resources without an Amplify backend.

<InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>

```ts title="src/main.ts"
import { Amplify } from "aws-amplify"

Amplify.configure({
Auth: {
Cognito: {
userPoolId: "<your-cognito-user-pool-id>",
userPoolClientId: "<your-cognito-user-pool-client-id>",
identityPoolId: "<your-cognito-identity-pool-id>",
loginWith: {
email: true,
},
signUpVerificationMethod: "code",
userAttributes: {
email: {
required: true,
},
},
allowGuestAccess: true,
passwordFormat: {
minLength: 8,
requireLowercase: true,
requireUppercase: true,
requireNumbers: true,
requireSpecialCharacters: true,
},
},
},
})
```

</InlineFilter>
<InlineFilter filters={["android", "flutter", "swift"]}>

Configuring the mobile client libraries directly is not supported, however you can manually create `amplify_outputs.json` with the following schema:

<Callout info>

**Note:** it is strongly recommended to use backend outputs to generate this file for each sandbox or branch deployment

</Callout>

{/* pending hosted outputs schema */}
```json title="amplify_outputs.json"
{
"version": "1",
"auth": {
"aws_region": "<your-cognito-aws-region>",
"user_pool_id": "<your-cognito-user-pool-id>",
"user_pool_client_id": "<your-cognito-user-pool-client-id>",
"identity_pool_id": "<your-cognito-identity-pool-id>",
"username_attributes": ["email"],
"standard_required_attributes": ["email"],
"user_verification_types": ["email"],
"unauthenticated_identities_enabled": true,
"password_policy": {
"min_length": 8,
"require_lowercase": true,
"require_uppercase": true,
"require_numbers": true,
"require_symbols": true
}
}
}
```

</InlineFilter>

## Next steps

- [Learn how to connect your frontend](/[platform]/build-a-backend/auth/connect-your-frontend/)