Need to configure your backend?See Build a Backend →
マルチステップサインイン
ユーザーがサインアップを完了した後、サインインに進むことができます。Amplify Auth のサインインフローはマルチステップのプロセスになる場合があります。必要なステップは、MFA 設定の管理ページで説明されているように認証リソースを定義する際に提供した設定によって決まります。
設定によっては、ユーザーのサインインを完了するためにさまざまな API を呼び出す必要がある場合があります。サインインフローの次のステップを特定するには、サインイン結果の nextStep パラメータを確認してください。
成功した場合、サインイン API は AuthSignInResult を返します。結果の nextStep プロパティを確認して、追加のサインインステップが必要かどうかを確認してください。
nextStep プロパティは AuthSignInStep という enum 型です。その値に応じて、コードは以下のいずれかのアクションを実行する必要があります:
try { Amplify.Auth.signIn( "hello@example.com", "password", result -> { AuthNextSignInStep nextStep = result.getNextStep(); switch (nextStep.getSignInStep()) { case CONFIRM_SIGN_IN_WITH_TOTP_CODE: { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code"); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup"); Log.i("AuthQuickstart", "Allowed MFA types for setup" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA"); // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address break; } case CONTINUE_SIGN_IN_WITH_TOTP_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP"); Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app" + nextStep.getTotpSetupDetails().getSharedSecret()); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type"); Log.i("AuthQuickstart", "Allowed MFA type" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION: { Log.i("AuthQuickstart", "Available authentication factors for this user: " + result.getNextStep().getAvailableFactors()); // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection break; } case CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE: { Log.i("AuthQuickstart", "SMS code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_OTP: { Log.i("AuthQuickstart", "OTP code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_PASSWORD: { Log.i("AuthQuickstart", "Received next step as confirm sign in with password"); // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password break; } case CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE: { Log.i("AuthQuickstart", "Custom challenge, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer break; } case CONFIRM_SIGN_IN_WITH_NEW_PASSWORD: { Log.i("AuthQuickstart", "Sign in with new password, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password break; } case DONE: { Log.i("AuthQuickstart", "SignIn complete"); // User has successfully signed in to the app break; } } }, error -> { if (error instanceof UserNotConfirmedException) { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.i("AuthQuickstart", "Signup confirmation required" + error); } else if (error instanceof PasswordResetRequiredException) { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.i("AuthQuickstart", "Password reset required" + error); } else { Log.e("AuthQuickstart", "SignIn failed: " + error); } } );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error occurred: " + error);}try { Amplify.Auth.signIn( "hello@example.com", "password", { result -> val nextStep = result.nextStep when(nextStep.signInStep){ AuthSignInStep.CONFIRM_SIGN_IN_WITH_TOTP_CODE -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup") Log.i("AuthQuickstart", "Allowed MFA types for setup ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA") // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address } AuthSignInStep.CONTINUE_SIGN_IN_WITH_TOTP_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP") Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app ${nextStep.totpSetupDetails?.sharedSecret}") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type") Log.i("AuthQuickstart", "Allowed MFA types ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION -> { Log.i("AuthQuickstart", "Available authentication factors for this user: ${result.nextStep.availableFactors}") // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection } AuthSignInStep.CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE -> { Log.i("AuthQuickstart", "SMS code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP -> { Log.i("AuthQuickstart", "OTP code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_PASSWORD -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with password") // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password } AuthSignInStep.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE -> { Log.i("AuthQuickstart","Custom challenge, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer } AuthSignInStep.CONFIRM_SIGN_IN_WITH_NEW_PASSWORD -> { Log.i("AuthQuickstart", "Sign in with new password, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password } AuthSignInStep.DONE -> { Log.i("AuthQuickstart", "SignIn complete") // User has successfully signed in to the app } }
} ) { error -> when (error) { is UserNotConfirmedException -> { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.e("AuthQuickstart", "Signup confirmation required", error) } is PasswordResetRequiredException -> { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.e("AuthQuickstart", "Password reset required", error) } else -> { Log.e("AuthQuickstart", "Unexpected error occurred: $error") } } }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error occurred: $error")}try { val result = Amplify.Auth.signIn( "hello@example.com", "password" ) val nextStep = result.nextStep when (nextStep.signInStep) { AuthSignInStep.CONFIRM_SIGN_IN_WITH_TOTP_CODE -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup") Log.i("AuthQuickstart", "Allowed MFA types for setup ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA") // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address } AuthSignInStep.CONTINUE_SIGN_IN_WITH_TOTP_SETUP -> { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP") Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app ${nextStep.totpSetupDetails?.sharedSecret}") // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONTINUE_SIGN_IN_WITH_MFA_SELECTION -> { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type") Log.i("AuthQuickstart", "Allowed MFA types ${nextStep.allowedMFATypes}") // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type } AuthSignInStep.CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION -> { Log.i("AuthQuickstart", "Available authentication factors for this user: ${result.nextStep.availableFactors}") // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection } AuthSignInStep.CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE -> { Log.i("AuthQuickstart", "SMS code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_OTP -> { Log.i("AuthQuickstart", "OTP code sent to ${nextStep.codeDeliveryDetails?.destination}") Log.i("AuthQuickstart", "Additional Info ${nextStep.additionalInfo}") // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code } AuthSignInStep.CONFIRM_SIGN_IN_WITH_PASSWORD -> { Log.i("AuthQuickstart", "Received next step as confirm sign in with password") // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password } AuthSignInStep.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE -> { Log.i("AuthQuickstart","Custom challenge, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer } AuthSignInStep.CONFIRM_SIGN_IN_WITH_NEW_PASSWORD -> { Log.i("AuthQuickstart", "Sign in with new password, additional info: ${nextStep.additionalInfo}") // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password } AuthSignInStep.DONE -> { Log.i("AuthQuickstart", "SignIn complete") // User has successfully signed in to the app } }} catch (error: Exception) { when (error) { is UserNotConfirmedException -> { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.e("AuthQuickstart", "Signup confirmation required", error) } is PasswordResetRequiredException -> { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.e("AuthQuickstart", "Password reset required", error) } else -> { Log.e("AuthQuickstart", "Unexpected error occurred: $error") } }}RxAmplify.Auth.signIn("hello@example.com", "password").subscribe( result -> { AuthNextSignInStep nextStep = result.getNextStep(); switch (nextStep.getSignInStep()) { case CONFIRM_SIGN_IN_WITH_TOTP_CODE: { Log.i("AuthQuickstart", "Received next step as confirm sign in with TOTP code"); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting an MFA method to setup"); Log.i("AuthQuickstart", "Allowed MFA types for setup" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to setup // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up email MFA"); // Prompt the user to enter the email address they would like to use to receive OTPs // Then invoke `confirmSignIn` api with the email address break; } case CONTINUE_SIGN_IN_WITH_TOTP_SETUP: { Log.i("AuthQuickstart", "Received next step as continue sign in by setting up TOTP"); Log.i("AuthQuickstart", "Shared secret that will be used to set up TOTP in the authenticator app" + nextStep.getTotpSetupDetails().getSharedSecret()); // Prompt the user to enter the TOTP code generated in their authenticator app // Then invoke `confirmSignIn` api with the code break; } case CONTINUE_SIGN_IN_WITH_MFA_SELECTION: { Log.i("AuthQuickstart", "Received next step as continue sign in by selecting MFA type"); Log.i("AuthQuickstart", "Allowed MFA type" + nextStep.getAllowedMFATypes()); // Prompt the user to select the MFA type they want to use // Then invoke `confirmSignIn` api with the MFA type break; } case CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION: { Log.i("AuthQuickstart", "Available authentication factors for this user: " + result.getNextStep().getAvailableFactors()); // Prompt the user to select which authentication factor they want to use to sign-in // Then invoke `confirmSignIn` api with that selection break; } case CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE: { Log.i("AuthQuickstart", "SMS code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the SMS MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_OTP: { Log.i("AuthQuickstart", "OTP code sent to " + nextStep.getCodeDeliveryDetails().getDestination()); Log.i("AuthQuickstart", "Additional Info :" + nextStep.getAdditionalInfo()); // Prompt the user to enter the OTP MFA code they received // Then invoke `confirmSignIn` api with the code break; } case CONFIRM_SIGN_IN_WITH_PASSWORD: { Log.i("AuthQuickstart", "Received next step as confirm sign in with password"); // Prompt the user to enter their password // Then invoke `confirmSignIn` api with that password break; } case CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE: { Log.i("AuthQuickstart", "Custom challenge, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter custom challenge answer // Then invoke `confirmSignIn` api with the answer break; } case CONFIRM_SIGN_IN_WITH_NEW_PASSWORD: { Log.i("AuthQuickstart", "Sign in with new password, additional info: " + nextStep.getAdditionalInfo()); // Prompt the user to enter a new password // Then invoke `confirmSignIn` api with new password break; } case DONE: { Log.i("AuthQuickstart", "SignIn complete"); // User has successfully signed in to the app break; } } }, error -> { if (error instanceof UserNotConfirmedException) { // User was not confirmed during the signup process. // Invoke `confirmSignUp` api to confirm the user if // they have the confirmation code. If they do not have the // confirmation code, invoke `resendSignUpCode` to send the // code again. // After the user is confirmed, invoke the `signIn` api again. Log.i("AuthQuickstart", "Signup confirmation required" + error); } else if (error instanceof PasswordResetRequiredException) { // User needs to reset their password. // Invoke `resetPassword` api to start the reset password // flow, and once reset password flow completes, invoke // `signIn` api to trigger signIn flow again. Log.i("AuthQuickstart", "Password reset required" + error); } else { Log.e("AuthQuickstart", "SignIn failed: " + error); } });SMS MFA でサインインを確認する
次のステップが CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE の場合、Amplify Auth はユーザーに SMS でランダムなコードを送信し、ユーザーがそれを正常に受け取ったかどうかを確認するのを待っています。このステップを処理するには、アプリの UI でユーザーにコードの入力を促す必要があります。ユーザーがコードを入力したら、実装は Amplify Auth の confirmSignIn API にその値を渡す必要があります。
try { Amplify.Auth.confirmSignIn( "confirmation code", result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}try { Amplify.Auth.confirmSignIn( "confirmation code", { result -> if (result.isSignedIn) { Log.i("AuthQuickstart","Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } } ) { error -> Log.e("AuthQuickstart", "Confirm sign in failed: $error")}} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}try { val result = Amplify.Auth.confirmSignIn( "confirmation code" ) if (result.isSignedIn) { Log.i("AuthQuickstart", "Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}" ) // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}RxAmplify.Auth.confirmSignIn( "confirmation code").subscribe( result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );TOTP MFA でサインインを確認する
次のステップが CONFIRM_SIGN_IN_WITH_TOTP_CODE の場合、セットアップ時に関連付けられた認証アプリから TOTP コードを入力するようユーザーに促してください。コードは 30 秒ごとに変わる 6 桁の数字です。ユーザーは 30 秒のウィンドウが切れる前にコードを入力する必要があります。
ユーザーがコードを入力したら、実装は Amplify Auth の confirmSignIn API にその値を渡す必要があります。
メール MFA でサインインを確認する
次のステップが CONFIRM_SIGN_IN_WITH_EMAIL_MFA_CODE の場合、Amplify Auth はユーザーのメールアドレスにランダムなコードを送信し、ユーザーがそれを正常に受け取ったかどうかを確認するのを待っています。このステップを処理するには、アプリの UI でユーザーにコードの入力を促す必要があります。ユーザーがコードを入力したら、実装は Amplify Auth の confirmSignIn API にその値を渡す必要があります。
OTP でサインインを確認する
次のステップが CONFIRM_SIGN_IN_WITH_OTP の場合、Amplify Auth はユーザーが選択した手段(SMS やメールなど)でランダムなコードを送信し、ユーザーがそのコードを確認するのを待っています。このステップを処理するには、アプリの UI でユーザーにコードの入力を促す必要があります。ユーザーがコードを入力したら、その値を confirmSignIn API に渡してください。
MFA の選択でサインインを続行する
次のステップが CONTINUE_SIGN_IN_WITH_MFA_SELECTION の場合、ユーザーは使用する MFA メソッドを選択する必要があります。Amplify Auth は現在、SMS、TOTP、メールを MFA メソッドとしてサポートしています。ユーザーが MFA メソッドを選択したら、実装は confirmSignIn API を使用して選択した MFA メソッドを Amplify Auth に渡す必要があります。
メールセットアップでサインインを続行する
次のステップが CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP の場合、ユーザーはサインインプロセスを完了するためにメールアドレスを提供する必要があります。この値をユーザーから収集したら、confirmSignIn API を呼び出して続行してください。
TOTP セットアップでサインインを続行する
次のステップが CONTINUE_SIGN_IN_WITH_TOTP_SETUP の場合、ユーザーはサインインプロセスを完了するために TOTP コードを提供する必要があります。このステップは TOTPSetupDetails 型の関連値を返し、TOTP の生成に使用されます。TOTPSetupDetails は getSetupURI というヘルパーメソッドを提供しており、ネイティブパスワードマネージャーによる TOTP 関連付けに使用できる URI を生成できます。例えば、Apple プラットフォームで URI を使用すると、プラットフォームのネイティブパスワードマネージャーがアカウントと TOTP を関連付けるよう促します。より高度なユースケースでは、TOTPSetupDetails に含まれる sharedSecret を使って QR コードを生成したり、認証アプリに手動で入力したりすることもできます。
認証アプリがセットアップされると、ユーザーは TOTP コードを生成してライブラリに提供し、サインインプロセスを完了できます。
MFA セットアップ選択でサインインを続行する
次のステップが CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION の場合、ユーザーはセットアップする MFA メソッドを選択する必要があります。Amplify Auth は現在、SMS、TOTP、メールを MFA メソッドとしてサポートしています。ユーザーが MFA メソッドを選択したら、実装は confirmSignIn API を使用して選択した MFA メソッドを Amplify Auth に渡す必要があります。
第一要素の選択でサインインを続行する
次のステップが CONTINUE_SIGN_IN_WITH_FIRST_FACTOR_SELECTION の場合、ユーザーは認証要素を選択する必要があります(選択していなかったか、選択したものがサポートされていない場合など)。Amplify Auth は現在、SMS、メール、パスワード、WebAuthn を認証要素としてサポートしています。ユーザーが認証メソッドを選択したら、実装は confirmSignIn API を使用して選択した認証メソッドを Amplify Auth に渡す必要があります。
confirmSignIn API の呼び出し方の例については、サインインドキュメントをご覧ください。
カスタムチャレンジでサインインを確認する
次のステップが CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE の場合、Amplify Auth はカスタム認証チャレンジの完了を待っています。チャレンジは、カスタムサインインフローのセットアップ時に設定した Lambda トリガーに基づいています。このステップを完了するには、ユーザーにカスタムチャレンジの答えを入力するよう促し、その答えを confirmSignIn API に渡す必要があります。
try { Amplify.Auth.confirmSignIn( "challenge answer", result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}try { Amplify.Auth.confirmSignIn( "challenge answer", { result -> if (result.isSignedIn) { Log.i("AuthQuickstart","Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } } ) { error -> Log.e("AuthQuickstart", "Confirm sign in failed: $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}try { val result = Amplify.Auth.confirmSignIn( "challenge answer" ) if (result.isSignedIn) { Log.i("AuthQuickstart", "Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}RxAmplify.Auth.confirmSignIn( "challenge answer").subscribe( result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error));新しいパスワードでサインインを確認する
サインイン中に UserNotConfirmedException を受け取った場合、Amplify Auth は続行前にユーザーが新しいパスワードを選択する必要があります。ユーザーに新しいパスワードを求め、confirmSignIn API に渡してください。
try { Amplify.Auth.confirmSignIn( "confirmation code", result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); // Switch on the next step to take appropriate actions. // If `signInResult.isSignedIn` is true, the next step // is 'done', and the user is now signed in. } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}try { Amplify.Auth.confirmSignIn( "confirmation code", { result -> if (result.isSignedIn) { Log.i("AuthQuickstart","Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") } } ) { error -> Log.e("AuthQuickstart", "Confirm sign in failed: $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}}try { val result = Amplify.Auth.confirmSignIn( "confirmation code" ) if (result.isSignedIn) { Log.i("AuthQuickstart", "Confirm signIn succeeded") } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: ${result.nextStep}") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}RxAmplify.Auth.confirmSignIn( "confirmation code").subscribe( result -> { if (result.isSignedIn()) { Log.i("AuthQuickstart", "Confirm signIn succeeded"); } else { Log.i("AuthQuickstart", "Confirm sign in not complete. There might be additional steps: " + result.getNextStep()); } }, error -> Log.e("AuthQuickstart", "Confirm sign in failed: " + error) );パスワードのリセット
PasswordResetRequiredException を受け取った場合、パスワードをリセットしないと認証フローを続行できません。次のステップは resetPassword API を呼び出してパスワードリセットフローを開始することです。
try { Amplify.Auth.resetPassword( "username", result -> Log.i("AuthQuickstart", "Reset password succeeded"), error -> Log.e("AuthQuickstart", "Reset password failed : " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "Unexpected error: " + error);}try { Amplify.Auth.resetPassword( "username", { Log.i("AuthQuickstart", "Reset password succeeded") } ) { error -> Log.e("AuthQuickstart", "Reset password failed : $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}try { Amplify.Auth.resetPassword("username") Log.i("AuthQuickstart", "Reset password succeeded")} catch (error: Exception) { Log.e("AuthQuickstart", "Unexpected error: $error")}RxAmplify.Auth.resetPassword( "username").subscribe( result -> Log.i("AuthQuickstart", "Reset password succeeded"), error -> Log.e("AuthQuickstart", "Reset password failed : " + error));サインアップの確認
次のステップとして CONFIRM_SIGN_UP を受け取った場合、メールや電話番号などのユーザー情報を確認しないとサインアップを続行できません。次のステップは confirmSignUp API を呼び出してサインアップ確認フローを進めることです。
try { Amplify.Auth.confirmSignUp( "username", "confirmation code", result -> Log.i("AuthQuickstart", "Confirm signUp result completed: " + result.isSignUpComplete()), error -> Log.e("AuthQuickstart", "An error occurred while confirming sign up: " + error) );} catch (Exception error) { Log.e("AuthQuickstart", "unexpected error: " + error);}try { Amplify.Auth.confirmSignUp( "username", "confirmation code", { result -> Log.i("AuthQuickstart", "Confirm signUp result completed: ${result.isSignUpComplete}") } ) { error -> Log.e("AuthQuickstart", "An error occurred while confirming sign up: $error") }} catch (error: Exception) { Log.e("AuthQuickstart", "unexpected error: $error")}try { val result = Amplify.Auth.confirmSignUp( "username", "confirmation code" ) Log.i("AuthQuickstart", "Confirm signUp result completed: ${result.isSignUpComplete}")} catch (error: Exception) { Log.e("AuthQuickstart", "unexpected error: $error")}RxAmplify.Auth.confirmSignUp( "username", "confirmation code").subscribe( result -> Log.i("AuthQuickstart", "Confirm signUp result completed: " + result.isSignUpComplete()), error -> Log.e("AuthQuickstart", "An error occurred while confirming sign up: " + error));現在のユーザーを取得する
この呼び出しは現在ログインしているユーザーを取得し、ユーザーが正常にサインインした後に使用する必要があります。
ユーザーがサインインしている場合、現在の userId と username が返されます。
try { Amplify.Auth.getCurrentUser( result -> Log.i("AuthQuickstart", "Current user details are:" + result.toString(), error -> Log.e("AuthQuickstart", "getCurrentUser failed with an exception: " + error) ); } catch (Exception error) { Log.e("AuthQuickstart", "unexpected error: " + error); }Amplify.Auth.getCurrentUser({ Log.i("AuthQuickStart", "Current user details are: $it")},{ Log.e("AuthQuickStart", "getCurrentUser failed with an exception: $it")})try { val result = Amplify.Auth.getCurrentUser() Log.i("AuthQuickstart", "Current user details are: $result")} catch (error: Exception) { Log.e("AuthQuickstart", "getCurrentUser failed with an exception: $error")}RxAmplify.Auth.getCurrentUser().subscribe( result -> Log.i("AuthQuickStart getCurrentUser: " + result.toString()), error -> Log.e("AuthQuickStart", error.toString()) );完了
done が返された場合、サインインフローは完了し、ユーザーは正常に認証されています。便宜上、SignInResult には isSignedIn プロパティも提供されており、次のステップが done の場合は true になります。