Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(auth): add passwordless support #3920

Merged
merged 36 commits into from
Nov 25, 2024
Merged

feat(auth): add passwordless support #3920

merged 36 commits into from
Nov 25, 2024

Conversation

harsh62
Copy link
Member

@harsh62 harsh62 commented Nov 22, 2024

Issue #

Description

This PR adds support for Cognito's new Passwordless Sign In Flows.

This includes the following new functionality for the Auth category:

Passwordless Sign-Up using a One Time Passcode (OTP) sent to a user's email address or SMS number

  • Auto-Sign In feature to sign in directly after signing up, without needing to re-enter the user's information

New USER_AUTH flow that can be used to sign in with any of the following mechanisms

  • Password & Password SRP
  • Email OTP
  • SMS OTP
  • WebAuthn

WebAuthn credential management APIs

  • Register device as a WebAuthn credential, allowing user to sign in with biometrics
  • List the registered WebAuthn credentials for the current user
  • Remove a registered WebAuthn credential

Integration Tests (Except DataStore & API)

Integration Tests | API - All

Integration Tests | DataStore - All

General Checklist

  • Added new tests to cover change, if needed
  • Build succeeds with all target using Swift Package Manager
  • All unit tests pass
  • All integration tests pass
  • Security oriented best practices and standards are followed (e.g. using input sanitization, principle of least privilege, etc)
  • Documentation update for the change if required
  • PR title conforms to conventional commit style
  • New or updated tests include Given When Then inline code documentation and are named accordingly testThing_condition_expectation()
  • If breaking change, documentation/changelog update with migration instructions

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

harsh62 and others added 27 commits November 3, 2024 14:18
* feat(auth): adding support for email mfa

* fix swift lint warning

* worked on a review comment

* adding integration tests wave 1

* integration tests wave 2

* integration tests wave 3

* Add test setup instructions wave 4

* Add edge case

* update readme to include graphQL details
* feat(Auth): Adding List WebAuthn API

* feat(Auth): Adding associate and delete WebAuthn credentials APIs

* Addding missing transports array in the credentials payload

* Adding friendlyName to AuthWebAuthnCredential

* Adding excludedCredentials to avoid multiple PassKeys for the same device

* Adding pagination support in the list API

* Renaming CredentialPayload to CredentialRegistrationPayload

* Addressing PR comments
* feat(auth): add passwordless OTP implementation

* add fallback password and password srp flows

* add web auth n states

* modifying states
…155)

* feat(auth): add passwordless OTP implementation

* add fallback password and password srp flows

* add web auth n states

* modifying states

* feat(Auth): Implementing signIn with WebAuthn

* Adding support for a presentation anchor in sign in and confirm sign in options

* Fixing errors

* Addressing PR comments

* fix build error

---------

Co-authored-by: Harshdeep Singh <6162866+harsh62@users.noreply.github.com>
* add autoSignIn() category API definitions (#152)

* add autoSignIn() category API definitions

* add sign up step for auto sign in

* add state machine changes for autoSignIn() and signUp() (#154)

* add autoSignIn() category API definitions

* add sign up step for auto sign in

* add state machine changes

* add events and update resolvers

* update sign up events and resolvers

* add updates to resolver for auto sign in

* update confirm sign up flow and debug code

* Address review comments

---------

Co-authored-by: Harsh <6162866+harsh62@users.noreply.github.com>

* update auto sign state machine events and resolver (#157)

* update auto sign state machine events and resolver

* Address review comments

* update sign up and auto sign in unit tests (#159)

* update sign up and auto sign in unit tests

* add auto sign in tests and refactor existing tests

* Add more service error tests

* Address review changes

---------

Co-authored-by: Harsh <6162866+harsh62@users.noreply.github.com>
* feat(auth): add passwordless preferred flow

* adding confirm device and device srp flows to user auth

* update message

* worked on review comments

* update
… tests (#161)

* chore(auth): add more auto sign in and sign up state machine/e2e unit tests

* Address review comments
* chore: Updating to the renamed WebAuthn APIs

* Fixing unit tests
* test: Adding AssociateWebAuthn unit tests

* test: Adding ListWebAuthnCredentials unit tests

* test: Adding DeleteWebAuthnCredential unit tests

* chore: simplifying how webauthn errors are handled

* adressing PR comments
…ign in (#166)

* chore(auth): add integration tests for passwordless signup and auto sign in

* remove unused code

* refactor code
* chore: add integration tests for sign in flows

* Update AuthSignInWithPasswordUsingUserAuthTests.swift

* Add more integration tests

* update
* test: Adding integration tests for WebAuthn APIs

* chore: Adding webauthn integration workflow

* Refactoring the code to remove unnecesary waits and make it more easy to read
…ils (#170)

* fix: Fixing service errors being reported as .unknown when sign in fails. Also adding proper WebAuthn cases to the AWSCognitoAuthError enum.

* addressing PR comment
…e is in signing in state (#172)

* fix(auth): fix resolvers and tasks for auto sign in when state machine is in signin in state

* fix indentation
@harsh62 harsh62 requested a review from a team as a code owner November 22, 2024 18:42
@harsh62 harsh62 changed the title feat(auth): add passwrodless support feat(auth): add passwordless support Nov 22, 2024
@harsh62 harsh62 merged commit edd2aa7 into main Nov 25, 2024
117 of 118 checks passed
@harsh62 harsh62 deleted the passwordless branch November 25, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants