Cognito - Amplify Auth Component


Auth is a sub-component (called a category) of the amplify library and is a wrapper around amazon-cognito-identity-js



  • If you only need to use Auth component of amplify
yarn add @aws-amplify/auth
# with npm
npm install @aws-amplify/auth
info All dependencies
├─ @aws-amplify/[email protected]
├─ @aws-amplify/[email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
└─ [email protected]
yarn add aws-amplify 


In the app (preferably at the root level), configure Amplify. More amplify configuration

With the Cli

amplify add auth
amplify push
import Amplify, { Auth } from 'aws-amplify';
import awsmobile from './aws-exports';


  • with Auth
import Auth from '@aws-amplify/auth';
    // Se below for a full list of properties
    identityPoolId: 'XX-XXXX-X:XXXXXXXX-XXXX-1234-abcd-1234567890ab',
    region: 'XX-XXXX-X',

// You can get the current config object
const currentConfig = Auth.configure();
  • or with the Amplify object
import Amplify from '@aws-amplify/core';
// or 
// import Amplify from 'aws-amplify';

    Auth: {

        // REQUIRED only for Federated Authentication - Amazon Cognito Identity Pool ID
        identityPoolId: 'XX-XXXX-X:XXXXXXXX-XXXX-1234-abcd-1234567890ab',
        // REQUIRED - Amazon Cognito Region
        region: 'XX-XXXX-X',

        // OPTIONAL - Amazon Cognito Federated Identity Pool Region 
        // Required only if it's different from Amazon Cognito Region
        identityPoolRegion: 'XX-XXXX-X',

        // OPTIONAL - Amazon Cognito User Pool ID
        userPoolId: 'XX-XXXX-X_abcd1234',

        // OPTIONAL - Amazon Cognito Web Client ID (26-char alphanumeric string)
        userPoolWebClientId: 'a1b2c3d4e5f6g7h8i9j0k1l2m3',

        // OPTIONAL - Enforce user authentication prior to accessing AWS resources or not
        mandatorySignIn: false,

        // OPTIONAL - Configuration for cookie storage
        // Note: if the secure flag is set to true, then the cookie transmission requires a secure protocol
        cookieStorage: {
        // REQUIRED - Cookie domain (only required if cookieStorage is provided)
            domain: '',
        // OPTIONAL - Cookie path
            path: '/',
        // OPTIONAL - Cookie expiration in days
            expires: 365,
        // OPTIONAL - Cookie secure flag
        // Either true or false, indicating if the cookie transmission requires a secure protocol (https).
            secure: true

        // OPTIONAL - customized storage object
        storage: new MyStorage(),
        // OPTIONAL - Manually set the authentication flow type. Default is 'USER_SRP_AUTH'
        authenticationFlowType: 'USER_PASSWORD_AUTH'

Use case


Add user sign up

import Auth from '@aws-amplify/auth';

  username: 'AmandaB',
  password: 'MyCoolPassword1!',
  attributes: {
    email: '[email protected]'



Cognito - Sign-out

// With only the auth module
import Auth from '@aws-amplify/auth';
// or by using the bundled amplify
// import { Auth } from 'aws-amplify';

    .then(data => console.log(data))
    .catch(err => console.log(err));

// By doing this, you are revoking all the auth tokens(id token, access token and refresh token)
// which means the user is signed out from all the devices
// Note: although the tokens are revoked, the AWS credentials will remain valid until they expire (which by default is 1 hour)
Auth.signOut({ global: true })
    .then(data => console.log(data))
    .catch(err => console.log(err));

Token Storage


Documentation / Reference

Powered by ComboStrap