aws-amplify · jjarvisp · Nov 27, 2024 · Nov 27, 2024 · Nov 27, 2024 · Nov 27, 2024
@@ -543,7 +543,7 @@ Your application's users can also sign up using passwordless methods. To learn m
 ```typescript
 // Sign up using a phone number
 const { nextStep: signUpNextStep } = await signUp({
-	username: 'james',
+	username: 'hello',
 	options: {
 		userAttributes: {
 			phone_number: '+15555551234',
@@ -566,7 +566,7 @@ if (signUpNextStep.signUpStep === 'CONFIRM_SIGN_UP') {
 
 // Confirm sign up with the OTP received
 const { nextStep: confirmSignUpNextStep } = await confirmSignUp({
-	username: 'james',
+	username: 'hello',
 	confirmationCode: '123456',
 });
 
@@ -691,10 +691,10 @@ func confirmSignUp(for username: String, with confirmationCode: String) -> AnyCa
 ```typescript
 // Sign up using an email address
 const { nextStep: signUpNextStep } = await signUp({
-	username: 'james',
+	username: 'hello',
 	options: {
 		userAttributes: {
-			email: 'james@example.com',
+			email: 'hello@example.com',
 		},
 	},
 });
@@ -714,7 +714,7 @@ if (signUpNextStep.signUpStep === 'CONFIRM_SIGN_UP') {
 
 // Confirm sign up with the OTP received
 const { nextStep: confirmSignUpNextStep } = await confirmSignUp({
-	username: 'james',
+	username: 'hello',
 	confirmationCode: '123456',
 });
 
@@ -837,19 +837,44 @@ func confirmSignUp(for username: String, with confirmationCode: String) -> AnyCa
 <InlineFilter filters={["angular", "javascript", "nextjs", "react", "react-native", "vue"]}>
 
 ```typescript
-// Confirm sign up with the OTP received and auto sign in
+// Call `signUp` API with `USER_AUTH` as the authentication flow type for `autoSignIn`
+const { nextStep: signUpNextStep } = await signUp({
+	username: 'hello',
+	options: {
+		userAttributes: {
+			email: 'hello@example.com',
+			phone_number: '+15555551234',
+		},
+		autoSignIn: {
+			authFlowType: 'USER_AUTH',
+		},
+	},
+});
+
+if (signUpNextStep.signUpStep === 'CONFIRM_SIGN_UP') {
+	console.log(
+		`Code Delivery Medium: ${signUpNextStep.codeDeliveryDetails.deliveryMedium}`,
+	);
+	console.log(
+		`Code Delivery Destination: ${signUpNextStep.codeDeliveryDetails.destination}`,
+	);
+}
+
+// Call `confirmSignUp` API with the OTP received
 const { nextStep: confirmSignUpNextStep } = await confirmSignUp({
-	username: 'james',
+	username: 'hello',
 	confirmationCode: '123456',
 });
 
 if (confirmSignUpNextStep.signUpStep === 'COMPLETE_AUTO_SIGN_IN') {
+	// Call `autoSignIn` API to complete the flow
 	const { nextStep } = await autoSignIn();
 
 	if (nextStep.signInStep === 'DONE') {
 		console.log('Successfully signed in.');
 	}
 }
+
 ```
 </InlineFilter>
 <InlineFilter filters={["android"]}>

@@ -171,18 +171,9 @@ await signIn({
 
 ## USER_AUTH flow
 
-The `USER_AUTH` sign in flow will support the following methods of first factor authentication: `WEB_AUTHN`, `EMAIL_OTP`, `SMS_OTP`, `PASSWORD`, and `PASSWORD_SRP`.
+The `USER_AUTH` sign in flow supports the following methods as first factors for authentication: `WEB_AUTHN`, `EMAIL_OTP`, `SMS_OTP`, `PASSWORD`, and `PASSWORD_SRP`.
 
-```ts
-type AuthFactorType = 
-    | "WEB_AUTHN" 
-    | "EMAIL_OTP" 
-    | "SMS_OTP" 
-    | "PASSWORD" 
-    | "PASSWORD_SRP";
-```
-
-If the desired first factor is known before the sign in flow is initiated it can be passed to the initial sign in call.
+If the desired first factor is known when authentication is initiated it can be passed to the `signIn` API as the `preferredChallenge` to initiate the corresponding authentication flow.
 
 ```ts
 // PASSWORD_SRP / PASSWORD
@@ -199,19 +190,47 @@ const { nextStep } = await signIn({
 
 // WEB_AUTHN / EMAIL_OTP / SMS_OTP
 // sign in with preferred passwordless challenge
-// no user input required at this step 
+// no additional user input required at this step 
 const { nextStep } = await signIn({
-    username: "passwordless@mycompany.com",
+    username: "hello@example.com",
     options: {
         authFlowType: "USER_AUTH",
         preferredChallenge: "WEB_AUTHN" // or "EMAIL_OTP" or "SMS_OTP"
     },
 });
 ```
 
-If the desired first factor is not known, the flow will continue to select an available first factor. 
+If the desired first factor is not known or you would like to provide users with the available options, `preferredChallenge` can be omitted from the initial `signIn` API call. 
+
+This allows you to discover which authentication first factors are available for a user via the `CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION` step. You can then present the available options to the user and use the `confirmSignIn` API to respond with the user's selection.
+
+```ts
+const { nextStep: signInNextStep } = await signIn({
+	username: '+15551234567',
+	options: {
+		authFlowType: 'USER_AUTH',
+	},
+});
+
+if (
+	signInNextStep.signInStep === 'CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION'
+) {
+	// present user with list of available challenges
+	console.log(`Available Challenges: ${signInNextStep.availableChallenges}`);
 
-> For more information about determining a first factor, and signing in with passwordless authorization factors, please visit the [concepts page for passwordless](/[platform]/build-a-backend/auth/concepts/passwordless/)
+	// respond with user selection using `confirmSignIn` API
+	const { nextStep: nextConfirmSignInStep } = await confirmSignIn({
+		challengeResponse: 'SMS_OTP', // or 'EMAIL_OTP', 'WEB_AUTHN', 'PASSWORD', 'PASSWORD_SRP'
+	});
+}
+
+```
+Also, note that if the `preferredChallenge` passed to the initial `signIn` API call is unavailable for the user, Amplify will also respond with the `CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION` next step.
+
+
+<Callout>
+For more information about determining a first factor, and signing in with passwordless authentication factors, please visit the [Passwordless](/[platform]/build-a-backend/auth/concepts/passwordless/) concepts page.
+</Callout>
 
 ## USER_PASSWORD_AUTH flow