Amplify-js: Cognito default authentication flow in Amplify

Created on 17 Jun 2019 · 2Comments · Source: aws-amplify/amplify-js

* Which Category is your question related to? *
Auth flows

* What AWS Services are you utilizing? *
Cognito

* Provide additional details e.g. code snippets *
When we do amplify add auth which authentication flow does it default to? I'm guessing "Implicit"? If correct, is there a way to change it to "Authorization Code" flow from the amplify cli?

Finally, does anyone have a recommendation on the best practices (and how to) for passing the access token from a back-channel to the client (if we're using Auth code flow of course)?

Auth question

Source

rawadrifai

All 2 comments

Default is code grant flow. Here's an overview of the setup:
https://aws-amplify.github.io/docs/js/authentication#social-provider-federation
https://aws-amplify.github.io/docs/js/authentication#oauth-and-hosted-ui

If you want to change to implicit you can change the responseType in the oauth key in your aws-exports file that the CLI generated to token as outlined here: https://aws-amplify.github.io/docs/js/authentication#oauth-and-hosted-ui

Once you go through this flow the client will have JWT tokens provided to it. You can retrieve them as outlined here: https://aws-amplify.github.io/docs/js/authentication#retrieve-current-session

undefobj on 17 Jun 2019

👍1

Thank you @undefobj for the info.
So I'm using withAuthenticator to see what's happening in the background. The following calls happen when I sign in:

AWSCognitoIdentityProviderService.InitiateAuth // AuthFlow: "USER_SRP_AUTH"
AWSCognitoIdentityProviderService.RespondToAuthChallenge

At this point we have id token. Then we get the user id and the credentials. Why do we need this step if all we need is the token to access resources?