Promptz

Amplify Authentication

Project rules to steer Amazon Q Developer for all things related to implementing authentication with AWS Amplify Gen2

#Amplify #IDE #CLI #Implement
Created Mar 24, 2025 Updated Jul 4, 2025 by cremich

AMPLIFY Authentication Rules

ALL RULES MUST BE ADHERED TO THE LAST WORD.

  1. EXTERNAL PROVIDERS THAT ARE AVAILABLE ARE LISTED BELOW IN THE EXAMPLE, DON’T CHANGE THE NAMING CONVENTION WHILE USING THOSE IN THE CODE GENERATION.

  2. DON’T FORGET TO IMPORT SECRET FOR ANY AUTHENTICATION BASED QUESTION.

    1

    import { defineAuth, secret } from "@aws-amplify/backend";

  3. CALLBACK AND LOGOUT URLS SHOULD BE INSIDE THE “EXTERNALPROVIDERS” OBJECT.

  4. WHILE ADDING THE CUSTOM ATTRIBUTES, IF THE ATTRIBUTE YOU ARE ADDING DOESNT BELONG TO THE STANDARD USER ATTRIBUTES LIST THEN ADD IT AS A CUSTOM ATTRIBUTE LIKE THIS “CUSTOM:ATTRIBUTE_NAME” AND THIS DOESN’T SUPPORT “REQUIRED” FIELD SO IGNORE IT WHILE GENERATING THE ANSWER.

  5. WHILE ADDING THE CUSTOM ATTRIBUTES, MAKE SURE TO ALWAYS ADD THE “DATATYPE” FIELD AS IT IS A REQUIRED FIELD.

  6. STANDARD ATTIBUTES THAT ARE ALLOWED: familyName, giveName, middleName, nickname, preferredUsername, profile, profilePicture, website, gender, birthdate, zoneinfo, locale, updatedAt, address, email, phoneNumber, sub. THE userAttributes ARE SUPPOSED TO BE OUTSIDE THE loginWith OBJECT

  7. THE FOLLOWING IS THE REQUIRED SYNTAX FOR externalProviders. ONLY THE FOUR LISTED PROVIDERS BELOW ARE SUPPORTED:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

    loginWith:{
  //loginMethods
  externalProviders: {
    google: {},
    signInWithApple: {},
    loginWithAmazon: {},
    facebook: {},
    callbackUrls: [
      // Callback URLs should be included inside the `externalProviders` object only, as per rule.
    ],
    logoutUrls: [
    // Logout URLs should also be included inside `externalProviders` as per rule.
    ],
  },
}

  8. THE userAttributes ARE SUPPOSED TO BE OUTSIDE THE loginWith OBJECT

     1
 2
 3
 4
 5
 6
 7
 8
 9
10

    // Example configuration for user attributes and login methods
loginWith: {
    // Specify login methods separately from user attributes, ONLY MENTION THE LOGINMETHODS THAT ARE SUPPOSED TO BE TRUE
    email: true, // Enable login with email
    phone: false, // Disable login with phone number
  },userAttributes: {
    email: true, // Attribute set as required
    phoneNumber: false, // Attribute not required
    givenName: true, // Attribute set as required
}

  9. THIS IS THE WAY TO SETUP THE MULTIFACTOR AUTHENTHICATION

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

    export const auth = defineAuth({
  loginWith: {
    email: true,
    phone: true,
  },
  multifactor: {
    mode: "OPTIONAL",
    sms: true,
    totp: false,
  },
  // IMPORTANT! THE LOGIC TO RESOLVE THIS VALUE CANNOT DETERMINE WHETHER EMAIL MFA IS ENABLED WHEN OVERRIDING THE RESOURCE.
  // BE SURE TO PICK A RECOVERY OPTION APPROPRIATE FOR YOUR APPLICATION.
  accountRecovery: "EMAIL_AND_PHONE_WITHOUT_MFA",
  senders: {
    email: {
      fromEmail: "registrations@example.com",
    },
  },
});

  10. DON’T ADD THE passwordPolicy IN THE AUTH/RESOURCE.TS FILE.

  11. THE username SHOULD BE REPLACED WITH userAttributes WHEN REQUESTED TO SETUP USERNAME AS A LOGIN METHOD AS USERNAME IS NOT A VALID LOGIN METHOD ON DEFINEAUTH, FOR EXAMPLE:

    1
2
3
4
5
6

    userAttributes: {
    preferredUsername: {
      mutable: true,
      required: false
    }
  }

  12. loginWith SUPPORTS ONLY TWO METHODS THAT IS email and phone. THERE IS NO username attribute to that.

  13. THE callbackUrls AND logoutUrls SHOULD ONLY BE MENTIONED ONCE AS MENTIONED IN RULE #7 AND NOT FOR EACH EXTERNAL PROVIDER

Examples

BELOW ARE THE EXAMPLES TO USE TO GENERATE ANSWERS.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

import { defineAuth, secret } from "@aws-amplify/backend";

export const auth = defineAuth({
  // Login Methods Configuration
  loginWith: {
    // Only email and phone are supported as login methods
    email: true,
    phone: true,

    // External Providers Configuration - all providers shown with required fields
    externalProviders: {
      // Google Authentication
      google: {
        clientId: secret("GOOGLE_CLIENT_ID"),
        clientSecret: secret("GOOGLE_CLIENT_SECRET"),
      },
      // Sign in with Apple
      signInWithApple: {
        clientId: secret("SIWA_CLIENT_ID"),
        keyId: secret("SIWA_KEY_ID"),
        privateKey: secret("SIWA_PRIVATE_KEY"),
        teamId: secret("SIWA_TEAM_ID"),
      },
      // Login with Amazon
      loginWithAmazon: {
        clientId: secret("LOGINWITHAMAZON_CLIENT_ID"),
        clientSecret: secret("LOGINWITHAMAZON_CLIENT_SECRET"),
      },
      // Facebook Authentication
      facebook: {
        clientId: secret("FACEBOOK_CLIENT_ID"),
        clientSecret: secret("FACEBOOK_CLIENT_SECRET"),
      },
      // Callback and logout URLs must be inside externalProviders
      callbackUrls: [
        "http://localhost:3000/profile",
        "https://mywebsite.com/profile",
      ],
      logoutUrls: ["http://localhost:3000/", "https://mywebsite.com"],
    },
  },

  // User Attributes Configuration - outside loginWith
  userAttributes: {
    // Standard attributes examples
    email: {
      mutable: true,
      required: true,
    },
    phoneNumber: {
      mutable: true,
      required: false,
    },
    givenName: {
      mutable: true,
      required: true,
    },
    familyName: {
      mutable: true,
      required: false,
    },
    birthdate: {
      mutable: true,
      required: false,
    },
    // Username configuration using preferredUsername
    preferredUsername: {
      mutable: true,
      required: false,
    },
    // Additional standard attributes
    address: {
      mutable: true,
      required: false,
    },
    gender: {
      mutable: true,
      required: false,
    },
    locale: {
      mutable: true,
      required: false,
    },
    profilePicture: {
      mutable: true,
      required: false,
    },
    website: {
      mutable: true,
      required: false,
    },
    // Custom attributes examples - note the 'custom:' prefix and required dataType
    "custom:organization": {
      dataType: "String",
      mutable: true,
      minLen: 3,
      maxLen: 100,
    },
    "custom:employeeId": {
      dataType: "Number",
      mutable: false,
      min: 1000,
      max: 9999999,
    },
    "custom:isVerified": {
      dataType: "Boolean",
      mutable: true,
    },
  },

  // Multi-factor Authentication Configuration
  multifactor: {
    mode: "OPTIONAL", // Can be OPTIONAL or REQUIRED
    sms: true,
    totp: false,
  },

  // Account Recovery Configuration
  accountRecovery: "EMAIL_AND_PHONE_WITHOUT_MFA",

  // Email Sender Configuration
  senders: {
    email: {
      fromEmail: "registrations@example.com",
    },
  },
});

Related Content

Amplify Data Modeling

Project rules to tune Amazon Q Developer in all things related to data modeling and modeling relationships with AWS Amplify Gen2

#Amplify #IDE #CLI +1 more
by cremich

CDK Project Structure

This document outlines the recommended project structure for AWS CDK applications. A well-organized project structure is critical for maintainability, scalability, and developer onboarding. Following these guidelines will ensure consistency across the codebase and make navigation easier as the project grows.

#CDK #TypeScript #IDE +2 more
by cremich

CDK Security and Compliance

Outlines security and compliance best practices for AWS CDK applications. Security is a critical aspect of infrastructure as code, and following these guidelines will help ensure that your CDK applications are secure, compliant, and follow AWS best practices.

#CDK #TypeScript #IDE +3 more
by cremich

Find Prompts, Rules & Agents

Search through our comprehensive library for Amazon Q Developer