From e6fad5d4ed9379d43c1de94e973119fea3057be2 Mon Sep 17 00:00:00 2001 From: josefaidt Date: Fri, 10 Jan 2025 10:23:15 -0800 Subject: [PATCH 1/5] separate web and mobile examples for redirect uri's --- .../external-identity-providers/index.mdx | 159 +++++++++++++++++- 1 file changed, 155 insertions(+), 4 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx index 4dcd1a58e68..441fc25a192 100644 --- a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx @@ -116,6 +116,8 @@ Secrets must be created manually with [`ampx sandbox secret`](/[platform]/refere + + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -150,6 +152,42 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth, secret } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + externalProviders: { + google: { + clientId: secret('GOOGLE_CLIENT_ID'), + clientSecret: secret('GOOGLE_CLIENT_SECRET') + }, + signInWithApple: { + clientId: secret('SIWA_CLIENT_ID'), + keyId: secret('SIWA_KEY_ID'), + privateKey: secret('SIWA_PRIVATE_KEY'), + teamId: secret('SIWA_TEAM_ID') + }, + loginWithAmazon: { + clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), + clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET') + }, + facebook: { + clientId: secret('FACEBOOK_CLIENT_ID'), + clientSecret: secret('FACEBOOK_CLIENT_SECRET') + }, + callbackUrls: ['myapp://'], + logoutUrls: ['myapp://'], + } + } +}); +``` + + + You need to now inform your external provider of the newly configured authentication resource and its OAuth redirect URI: @@ -220,6 +258,8 @@ You need to now inform your external provider of the newly configured authentica You can determine the pieces of data you want to retrieve from each external provider when setting them up in the `amplify/auth/resource.ts` file using `scopes`. + + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -242,6 +282,30 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + externalProviders: { + loginWithAmazon: { + clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), + clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'), + // highlight-next-line + scopes: ['email'] + }, + callbackUrls: ['myapp://'], + logoutUrls: ['myapp://'], + } + } +}); +``` + + + ### Attribute mapping You can map which attributes are mapped between your external identity provider and your users created in Cognito. We will be able to have the best level of protection for developers if we ensure that attribute mappings that would not work are called out by the type system. @@ -252,6 +316,8 @@ If you specify an attribute in your authentication resource as required, and it + + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -276,6 +342,35 @@ export const auth = defineAuth({ } }); ``` + + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + externalAuthProviders: { + loginWithAmazon: { + clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), + clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'), + // highlight-start + attributeMapping: { + email: 'email' + } + // highlight-end + }, + callbackUrls: ['myapp://'], + logoutUrls: ['myapp://'], + } + } +}); +``` + + + + - [Learn more about configuring the React Authenticator component for external providers](https://ui.docs.amplify.aws/react/connected-components/authenticator/configuration#external-providers) @@ -284,6 +379,8 @@ export const auth = defineAuth({ To setup a OIDC provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: + + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -309,6 +406,34 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth, secret } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + email: true, + externalProviders: { + oidc: [ + { + name: 'MicrosoftEntraID', + clientId: secret('MICROSOFT_ENTRA_ID_CLIENT_ID'), + clientSecret: secret('MICROSOFT_ENTRA_ID_CLIENT_SECRET'), + issuerUrl: '', + }, + ], + callbackUrls: ['myapp://'], + logoutUrls: ['myapp://'], + }, + }, +}); +``` + + + + Use the `signInWithRedirect` API to initiate sign-in with an OIDC identity provider. @@ -328,6 +453,8 @@ await signInWithRedirect({ To setup a SAML provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: + + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -352,6 +479,33 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + email: true, + externalProviders: { + saml: { + name: 'MicrosoftEntraIDSAML', + metadata: { + metadataContent: '', // or content of the metadata file + metadataType: 'URL', // or 'FILE' + }, + }, + callbackUrls: ['myapp://'], + logoutUrls: ['myapp://'], + }, + }, +}); +``` + + + + Use the `signInWithRedirect` API to initiate sign-in with a SAML identity provider. @@ -472,7 +626,6 @@ import { signInWithRedirect } from 'aws-amplify/auth'; signInWithRedirect({ provider: 'Apple' }); - ``` ### Redirect URLs @@ -483,7 +636,6 @@ _Sign in_ & _Sign out_ redirect URL(s) are used to redirect end users after the If you have multiple sign out redirect URLs configured, you may choose to override the default behavior of selecting a redirect URL and provide the one of your choosing when calling `signOut`. The provided redirect URL should match at least one of the configured redirect URLs. If no redirect URL is provided to `signOut`, the first item from the the configured redirect URLs list that does not contain a HTTP nor HTTPS prefix will be picked. ```ts -import { Amplify } from 'aws-amplify'; import { signOut } from 'aws-amplify/auth'; // Assuming the following URLS were provided manually or via the Amplify configuration file, @@ -492,10 +644,9 @@ import { signOut } from 'aws-amplify/auth'; signOut({ global: false, oauth: { - redirectUrl: 'https://authProvider/logout?logout_uri=myDevApp://' + redirectUrl: 'https://authProvider/logout?logout_uri=myapp://' } }); - ``` Irrespective of whether a `redirectUrl` is provided to `signOut`, a URL that does not contain http or https is expected to be present in the configured redirect URL list. This is because iOS requires an appScheme when creating the web session. From badfebda08cab27cc6496460ec0cacda137607a9 Mon Sep 17 00:00:00 2001 From: josefaidt Date: Fri, 10 Jan 2025 10:24:20 -0800 Subject: [PATCH 2/5] Revert "separate web and mobile examples for redirect uri's" This reverts commit e6fad5d4ed9379d43c1de94e973119fea3057be2. --- .../external-identity-providers/index.mdx | 159 +----------------- 1 file changed, 4 insertions(+), 155 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx index 441fc25a192..4dcd1a58e68 100644 --- a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx @@ -116,8 +116,6 @@ Secrets must be created manually with [`ampx sandbox secret`](/[platform]/refere - - ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -152,42 +150,6 @@ export const auth = defineAuth({ }); ``` - - - -```ts title="amplify/auth/resource.ts" -import { defineAuth, secret } from '@aws-amplify/backend'; - -export const auth = defineAuth({ - loginWith: { - externalProviders: { - google: { - clientId: secret('GOOGLE_CLIENT_ID'), - clientSecret: secret('GOOGLE_CLIENT_SECRET') - }, - signInWithApple: { - clientId: secret('SIWA_CLIENT_ID'), - keyId: secret('SIWA_KEY_ID'), - privateKey: secret('SIWA_PRIVATE_KEY'), - teamId: secret('SIWA_TEAM_ID') - }, - loginWithAmazon: { - clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), - clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET') - }, - facebook: { - clientId: secret('FACEBOOK_CLIENT_ID'), - clientSecret: secret('FACEBOOK_CLIENT_SECRET') - }, - callbackUrls: ['myapp://'], - logoutUrls: ['myapp://'], - } - } -}); -``` - - - You need to now inform your external provider of the newly configured authentication resource and its OAuth redirect URI: @@ -258,8 +220,6 @@ You need to now inform your external provider of the newly configured authentica You can determine the pieces of data you want to retrieve from each external provider when setting them up in the `amplify/auth/resource.ts` file using `scopes`. - - ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -282,30 +242,6 @@ export const auth = defineAuth({ }); ``` - - - -```ts title="amplify/auth/resource.ts" -import { defineAuth } from '@aws-amplify/backend'; - -export const auth = defineAuth({ - loginWith: { - externalProviders: { - loginWithAmazon: { - clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), - clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'), - // highlight-next-line - scopes: ['email'] - }, - callbackUrls: ['myapp://'], - logoutUrls: ['myapp://'], - } - } -}); -``` - - - ### Attribute mapping You can map which attributes are mapped between your external identity provider and your users created in Cognito. We will be able to have the best level of protection for developers if we ensure that attribute mappings that would not work are called out by the type system. @@ -316,8 +252,6 @@ If you specify an attribute in your authentication resource as required, and it - - ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -342,35 +276,6 @@ export const auth = defineAuth({ } }); ``` - - - - -```ts title="amplify/auth/resource.ts" -import { defineAuth } from '@aws-amplify/backend'; - -export const auth = defineAuth({ - loginWith: { - externalAuthProviders: { - loginWithAmazon: { - clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), - clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'), - // highlight-start - attributeMapping: { - email: 'email' - } - // highlight-end - }, - callbackUrls: ['myapp://'], - logoutUrls: ['myapp://'], - } - } -}); -``` - - - - - [Learn more about configuring the React Authenticator component for external providers](https://ui.docs.amplify.aws/react/connected-components/authenticator/configuration#external-providers) @@ -379,8 +284,6 @@ export const auth = defineAuth({ To setup a OIDC provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: - - ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -406,34 +309,6 @@ export const auth = defineAuth({ }); ``` - - - -```ts title="amplify/auth/resource.ts" -import { defineAuth, secret } from '@aws-amplify/backend'; - -export const auth = defineAuth({ - loginWith: { - email: true, - externalProviders: { - oidc: [ - { - name: 'MicrosoftEntraID', - clientId: secret('MICROSOFT_ENTRA_ID_CLIENT_ID'), - clientSecret: secret('MICROSOFT_ENTRA_ID_CLIENT_SECRET'), - issuerUrl: '', - }, - ], - callbackUrls: ['myapp://'], - logoutUrls: ['myapp://'], - }, - }, -}); -``` - - - - Use the `signInWithRedirect` API to initiate sign-in with an OIDC identity provider. @@ -453,8 +328,6 @@ await signInWithRedirect({ To setup a SAML provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: - - ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -479,33 +352,6 @@ export const auth = defineAuth({ }); ``` - - - -```ts title="amplify/auth/resource.ts" -import { defineAuth } from '@aws-amplify/backend'; - -export const auth = defineAuth({ - loginWith: { - email: true, - externalProviders: { - saml: { - name: 'MicrosoftEntraIDSAML', - metadata: { - metadataContent: '', // or content of the metadata file - metadataType: 'URL', // or 'FILE' - }, - }, - callbackUrls: ['myapp://'], - logoutUrls: ['myapp://'], - }, - }, -}); -``` - - - - Use the `signInWithRedirect` API to initiate sign-in with a SAML identity provider. @@ -626,6 +472,7 @@ import { signInWithRedirect } from 'aws-amplify/auth'; signInWithRedirect({ provider: 'Apple' }); + ``` ### Redirect URLs @@ -636,6 +483,7 @@ _Sign in_ & _Sign out_ redirect URL(s) are used to redirect end users after the If you have multiple sign out redirect URLs configured, you may choose to override the default behavior of selecting a redirect URL and provide the one of your choosing when calling `signOut`. The provided redirect URL should match at least one of the configured redirect URLs. If no redirect URL is provided to `signOut`, the first item from the the configured redirect URLs list that does not contain a HTTP nor HTTPS prefix will be picked. ```ts +import { Amplify } from 'aws-amplify'; import { signOut } from 'aws-amplify/auth'; // Assuming the following URLS were provided manually or via the Amplify configuration file, @@ -644,9 +492,10 @@ import { signOut } from 'aws-amplify/auth'; signOut({ global: false, oauth: { - redirectUrl: 'https://authProvider/logout?logout_uri=myapp://' + redirectUrl: 'https://authProvider/logout?logout_uri=myDevApp://' } }); + ``` Irrespective of whether a `redirectUrl` is provided to `signOut`, a URL that does not contain http or https is expected to be present in the configured redirect URL list. This is because iOS requires an appScheme when creating the web session. From 66a9d5fbcf594aa601a87888403e5e87c6465a33 Mon Sep 17 00:00:00 2001 From: josefaidt Date: Fri, 10 Jan 2025 10:27:09 -0800 Subject: [PATCH 3/5] separate web and mobile examples for redirect uri's --- .../external-identity-providers/index.mdx | 159 +++++++++++++++++- 1 file changed, 155 insertions(+), 4 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx index 4dcd1a58e68..e938c8711f6 100644 --- a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx @@ -116,6 +116,8 @@ Secrets must be created manually with [`ampx sandbox secret`](/[platform]/refere + + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -150,6 +152,42 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth, secret } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + externalProviders: { + google: { + clientId: secret('GOOGLE_CLIENT_ID'), + clientSecret: secret('GOOGLE_CLIENT_SECRET') + }, + signInWithApple: { + clientId: secret('SIWA_CLIENT_ID'), + keyId: secret('SIWA_KEY_ID'), + privateKey: secret('SIWA_PRIVATE_KEY'), + teamId: secret('SIWA_TEAM_ID') + }, + loginWithAmazon: { + clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), + clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET') + }, + facebook: { + clientId: secret('FACEBOOK_CLIENT_ID'), + clientSecret: secret('FACEBOOK_CLIENT_SECRET') + }, + callbackUrls: ["myapp://callback/"], + logoutUrls: ["myapp://signout/"], + } + } +}); +``` + + + You need to now inform your external provider of the newly configured authentication resource and its OAuth redirect URI: @@ -220,6 +258,8 @@ You need to now inform your external provider of the newly configured authentica You can determine the pieces of data you want to retrieve from each external provider when setting them up in the `amplify/auth/resource.ts` file using `scopes`. + + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -242,6 +282,30 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + externalProviders: { + loginWithAmazon: { + clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), + clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'), + // highlight-next-line + scopes: ['email'] + }, + callbackUrls: ["myapp://callback/"], + logoutUrls: ["myapp://signout/"], + } + } +}); +``` + + + ### Attribute mapping You can map which attributes are mapped between your external identity provider and your users created in Cognito. We will be able to have the best level of protection for developers if we ensure that attribute mappings that would not work are called out by the type system. @@ -252,6 +316,8 @@ If you specify an attribute in your authentication resource as required, and it + + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -276,6 +342,35 @@ export const auth = defineAuth({ } }); ``` + + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + externalAuthProviders: { + loginWithAmazon: { + clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), + clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'), + // highlight-start + attributeMapping: { + email: 'email' + } + // highlight-end + }, + callbackUrls: ["myapp://callback/"], + logoutUrls: ["myapp://signout/"], + } + } +}); +``` + + + + - [Learn more about configuring the React Authenticator component for external providers](https://ui.docs.amplify.aws/react/connected-components/authenticator/configuration#external-providers) @@ -284,6 +379,8 @@ export const auth = defineAuth({ To setup a OIDC provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: + + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -309,6 +406,34 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth, secret } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + email: true, + externalProviders: { + oidc: [ + { + name: 'MicrosoftEntraID', + clientId: secret('MICROSOFT_ENTRA_ID_CLIENT_ID'), + clientSecret: secret('MICROSOFT_ENTRA_ID_CLIENT_SECRET'), + issuerUrl: '', + }, + ], + callbackUrls: ["myapp://callback/"], + logoutUrls: ["myapp://signout/"], + }, + }, +}); +``` + + + + Use the `signInWithRedirect` API to initiate sign-in with an OIDC identity provider. @@ -328,6 +453,8 @@ await signInWithRedirect({ To setup a SAML provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: + + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -352,6 +479,33 @@ export const auth = defineAuth({ }); ``` + + + +```ts title="amplify/auth/resource.ts" +import { defineAuth } from '@aws-amplify/backend'; + +export const auth = defineAuth({ + loginWith: { + email: true, + externalProviders: { + saml: { + name: 'MicrosoftEntraIDSAML', + metadata: { + metadataContent: '', // or content of the metadata file + metadataType: 'URL', // or 'FILE' + }, + }, + callbackUrls: ["myapp://callback/"], + logoutUrls: ["myapp://signout/"], + }, + }, +}); +``` + + + + Use the `signInWithRedirect` API to initiate sign-in with a SAML identity provider. @@ -472,7 +626,6 @@ import { signInWithRedirect } from 'aws-amplify/auth'; signInWithRedirect({ provider: 'Apple' }); - ``` ### Redirect URLs @@ -483,7 +636,6 @@ _Sign in_ & _Sign out_ redirect URL(s) are used to redirect end users after the If you have multiple sign out redirect URLs configured, you may choose to override the default behavior of selecting a redirect URL and provide the one of your choosing when calling `signOut`. The provided redirect URL should match at least one of the configured redirect URLs. If no redirect URL is provided to `signOut`, the first item from the the configured redirect URLs list that does not contain a HTTP nor HTTPS prefix will be picked. ```ts -import { Amplify } from 'aws-amplify'; import { signOut } from 'aws-amplify/auth'; // Assuming the following URLS were provided manually or via the Amplify configuration file, @@ -492,10 +644,9 @@ import { signOut } from 'aws-amplify/auth'; signOut({ global: false, oauth: { - redirectUrl: 'https://authProvider/logout?logout_uri=myDevApp://' + redirectUrl: 'https://authProvider/logout?logout_uri=myapp://' } }); - ``` Irrespective of whether a `redirectUrl` is provided to `signOut`, a URL that does not contain http or https is expected to be present in the configured redirect URL list. This is because iOS requires an appScheme when creating the web session. From f154e9ff432f1292ded3f380b35505f667923c78 Mon Sep 17 00:00:00 2001 From: josefaidt Date: Thu, 23 Jan 2025 10:12:32 -0800 Subject: [PATCH 4/5] fix snippets, add email: true --- .../auth/concepts/external-identity-providers/index.mdx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx index e938c8711f6..d6255a02dc8 100644 --- a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx @@ -123,6 +123,7 @@ import { defineAuth, secret } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { + email: true, externalProviders: { google: { clientId: secret('GOOGLE_CLIENT_ID'), @@ -160,6 +161,7 @@ import { defineAuth, secret } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { + email: true, externalProviders: { google: { clientId: secret('GOOGLE_CLIENT_ID'), @@ -265,6 +267,7 @@ import { defineAuth } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { + email: true, externalProviders: { loginWithAmazon: { clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), @@ -290,6 +293,7 @@ import { defineAuth } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { + email: true, externalProviders: { loginWithAmazon: { clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), @@ -323,6 +327,7 @@ import { defineAuth } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { + email: true, externalAuthProviders: { loginWithAmazon: { clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), @@ -351,6 +356,7 @@ import { defineAuth } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { + email: true, externalAuthProviders: { loginWithAmazon: { clientId: secret('LOGINWITHAMAZON_CLIENT_ID'), From 2cffca1650e33a082c03f6f52ff781c020dc1381 Mon Sep 17 00:00:00 2001 From: josefaidt Date: Thu, 23 Jan 2025 15:11:20 -0800 Subject: [PATCH 5/5] move rn filter to mobile examples --- .../external-identity-providers/index.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx index d6255a02dc8..d3e9b7460f0 100644 --- a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx @@ -116,7 +116,7 @@ Secrets must be created manually with [`ampx sandbox secret`](/[platform]/refere - + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -154,7 +154,7 @@ export const auth = defineAuth({ ``` - + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -260,7 +260,7 @@ You need to now inform your external provider of the newly configured authentica You can determine the pieces of data you want to retrieve from each external provider when setting them up in the `amplify/auth/resource.ts` file using `scopes`. - + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -286,7 +286,7 @@ export const auth = defineAuth({ ``` - + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -320,7 +320,7 @@ If you specify an attribute in your authentication resource as required, and it - + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -349,7 +349,7 @@ export const auth = defineAuth({ ``` - + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -385,7 +385,7 @@ export const auth = defineAuth({ To setup a OIDC provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: - + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -413,7 +413,7 @@ export const auth = defineAuth({ ``` - + ```ts title="amplify/auth/resource.ts" import { defineAuth, secret } from '@aws-amplify/backend'; @@ -459,7 +459,7 @@ await signInWithRedirect({ To setup a SAML provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows: - + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend'; @@ -486,7 +486,7 @@ export const auth = defineAuth({ ``` - + ```ts title="amplify/auth/resource.ts" import { defineAuth } from '@aws-amplify/backend';