You could look at CognitoUser.initiateAuth -- it doesn't appear to kick off the SRP_A challenge though, so you might need to handle that bit in a lambda. I'm attempting to migrate from 1.31.0 to 2.0.2 and this is my current issue.

https://github.com/aws/aws-amplify/blob/master/packages/amazon-cognito-identity-js/src/CognitoUser.js#L141

Nevermind, I can't seem to get either CognitoUser.authenticateUser or CognitoUser.initiateAuth to handle SRP_A flow. initiateAuth expects auth details to be provided which could include SRP_A, but I don't think it's intended for users of the library to handle any of the SRP details (could be wrong on that).

It appears SRP_A flow is handled when using authenticateUser, but it won't let you use CUSTOM_AUTH as a the auth flow (only USER_PASSWORD_AUTH and USER_SRP_AUTH is accepted). If I modify the code to allow CUSTOM_AUTH it does work. I'm interested to know if that's a bug, and if not, how are we supposed to start the CUSTOM_AUTH flow.

I've been working patch to add passwordless login support but it's not ready yet. It makes the password parameter optional for Auth.signIn() and calls initiateAuth() instead of authenticateUser() when there is no password provided. You can respond to the custom challenge by using a new Auth.sendCustomChallengeAnswer(). A PR should be ready in the next few days.

We were having to extend the CognitoUser interface with our own to expose the authenticateUserDefaultAuth method which is commented as "PRIVATE ONLY", so obviously we don't want to do that. PR #594 fixes our issue of not being able to set the CUSTOM_AUTH flow type and then call the authenticateUser method. Hoping this is useful to others.

@abemusic _Use case 25. Authenticating a user with a passwordless custom flow_ on https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js shows how to initiate a custom auth flow. If you're using Javascript it works fine now. If you're using TypeScript you'll need to wait until #566 is finished and merged because the type definition for initiateAuth() is missing.

@apmontgomery @abemusic PR #566 has now been merged. Once it's released you will be able to call Auth.signIn(username) without a password which will use CognitoUser.initiateAuth() allowing passwordless authentication.

Happy to see custom authentication has been added!
The current documentation at https://aws.github.io/aws-amplify/ is mentioning the possibility to call Auth.signIn(username). However the npm package aws-amplify version 0.4.4 still provide only the 2-arity version requiring both username and password. Version 0.4.4 has been released 13 days ago and the PR merged 6 days ago, so this makes sense. But since the online documentation is mentioning the 1-arity I expected the current version to provide it. Did I miss a special bleeding-edge version?

@ggeoffrey I don't think you're missing anything. Development is using the master branch which is also used to generate the docs. This means the docs reflect the most recent development version rather than the most recent release version.

This makes sense but can be quite confusing :)

@ggeoffrey sorry for that. You can try the unstable version which will have this feature. npm install aws-amplify@unstable

We have a project that needs to implement our own sign form (not using built-in Cognito web UI), we have an ADFS to manage our user in an Active Directory. We will have a Cognito User Pool create and configure SMAL provider to integrate with our ADFS.

User access to our sign in page, enter their AD username/password, then clicks Sign In. Basically, it works for users are managed in Cognito User Pool, I am not sure whether we have any way to authenticate user with redirecting the user to ADFS login page? If so, what are resolutions?

Thanks in advance

@stormit-vn so you want to make the ADFS as one of the provider for your Cognito User Pool? If it is, you have to use the Cognito Hosted UI to do that for now.

@powerful23 po yeah, I think we'll have to use organization login page as it is SSO functionality. Some people suggest using cookie-based solution utilising passport.js and nuxt.js.

594 was closed but no reason was given. We have validated the change made in that PR in our local env, and it does have the effect that is sought. While this issue was originally opened against passwordless flows, the passwordful (is that a word?) version of getting into a CUSTOM flow requires the change from #594. Could someone reopen #594 and possibly accept the changes?

Closing this issue as it should have been implemented in the latest version: https://aws-amplify.github.io/docs/js/authentication#switching-authentication-flow-type