@aws-amplify/ui 6.13.0 → 6.14.0

package/dist/esm/machines/authenticator/index.mjs

@@ -10,21 +10,31 @@ import { signUpActor } from './actors/signUp.mjs';
 import { signOutActor } from './actors/signOut.mjs';
 import { verifyUserAttributesActor } from './actors/verifyUserAttributes.mjs';
 import { defaultServices } from './defaultServices.mjs';
+import { getAvailableAuthMethods } from './utils.mjs';
 
-const getActorContext = (context, defaultStep) => ({
-    ...context.actorDoneData,
-    step: context?.actorDoneData?.step ?? defaultStep,
-    // initialize empty objects on actor start
-    formValues: {},
-    touched: {},
-    validationError: {},
-    // values included on `context.config` that should be available in actors
-    formFields: context.config?.formFields,
-    loginMechanisms: context.config?.loginMechanisms,
-    passwordSettings: context.config?.passwordSettings,
-    signUpAttributes: context.config?.signUpAttributes,
-    socialProviders: context.config?.socialProviders,
-});
+const getActorContext = (context, defaultStep) => {
+    const availableAuthMethods = getAvailableAuthMethods(context.passwordlessCapabilities, context.config?.passwordless?.hiddenAuthMethods);
+    // Determine effective preferred challenge: component prop takes precedence over backend config
+    const preferredChallenge = context.config?.passwordless?.preferredAuthMethod ??
+        context.passwordlessCapabilities?.preferredChallenge;
+    return {
+        ...context.actorDoneData,
+        step: context?.actorDoneData?.step ?? defaultStep,
+        // initialize empty objects on actor start
+        formValues: {},
+        touched: {},
+        validationError: {},
+        // values included on `context.config` that should be available in actors
+        formFields: context.config?.formFields,
+        loginMechanisms: context.config?.loginMechanisms,
+        passwordSettings: context.config?.passwordSettings,
+        signUpAttributes: context.config?.signUpAttributes,
+        socialProviders: context.config?.socialProviders,
+        availableAuthMethods,
+        preferredChallenge,
+        passwordless: context.config?.passwordless,
+    };
+};
 const { choose, stop } = actions;
 const stopActor = (machineId) => stop(machineId);
 // setup step waits for ui to emit INIT action to proceed to configure
@@ -122,6 +132,8 @@ function createAuthenticatorMachine(options) {
                 },
                 on: {
                     FORGOT_PASSWORD: 'forgotPasswordActor',
+                    SELECT_METHOD: { actions: 'forwardToActor' },
+                    SHOW_AUTH_METHODS: { actions: 'forwardToActor' },
                     SIGN_IN: 'signInActor',
                     SIGN_UP: 'signUpActor',
                     'done.invoke.signInActor': [
@@ -288,10 +300,11 @@ function createAuthenticatorMachine(options) {
                 }),
             }),
             applyAmplifyConfig: assign({
+                passwordlessCapabilities: (_, { data: cliConfig }) => cliConfig.passwordlessCapabilities,
                 config(context, { data: cliConfig }) {
                     // Prefer explicitly configured settings over default CLI values\
                     const { loginMechanisms = cliConfig.loginMechanisms ?? [], signUpAttributes = cliConfig.signUpAttributes ?? [], socialProviders = cliConfig.socialProviders ?? [], initialState, formFields: _formFields, passwordSettings = cliConfig.passwordFormat ??
-                        {}, } = context.config;
+                        {}, passwordless, } = context.config;
                     // By default, Cognito assumes `username`, so there isn't a different username attribute like `email`.
                     // We explicitly add it as a login mechanism to be consistent with Admin UI's language.
                     if (loginMechanisms.length === 0) {
@@ -303,6 +316,7 @@ function createAuthenticatorMachine(options) {
                         initialState,
                         loginMechanisms,
                         passwordSettings,
+                        passwordless,
                         signUpAttributes,
                         socialProviders,
                     };

package/dist/esm/machines/authenticator/utils.mjs

@@ -46,21 +46,44 @@ const getUserAttributes = (formValues) => {
     }
     return userAttributes;
 };
-const getSignUpInput = (username, formValues, loginMechanism) => {
+const getSignUpInput = (username, formValues, loginMechanism, authMethod) => {
     const { password, ...values } = formValues;
     const attributes = getUserAttributes(values);
+    const isPasswordless = authMethod && authMethod !== 'PASSWORD';
+    // For SMS OTP, set the email channel to empty string if present to force account creation with phone number
+    let userAttributes = attributes;
+    if (authMethod === 'SMS_OTP' && attributes.email) {
+        userAttributes = { ...attributes, email: '' };
+    }
     const options = {
-        autoSignIn: DEFAULT_AUTO_SIGN_IN,
+        autoSignIn: isPasswordless
+            ? {
+                enabled: true,
+                authFlowType: 'USER_AUTH',
+                preferredChallenge: authMethod,
+            }
+            : DEFAULT_AUTO_SIGN_IN,
         userAttributes: {
             // use `username` value for `phone_number`
             ...(loginMechanism === 'phone_number'
-                ? { ...attributes, phone_number: username }
-                : attributes),
+                ? { ...userAttributes, phone_number: username }
+                : userAttributes),
         },
     };
-    return { username, password, options };
+    return { username, password: isPasswordless ? undefined : password, options };
 };
 const getUsernameSignUp = ({ formValues, loginMechanisms, }) => {
+    // Check if a specific auth method was selected via form data
+    const authMethod = formValues.__authMethod;
+    // For SMS_OTP, always use phone_number as username
+    if (authMethod === 'SMS_OTP') {
+        const { country_code, phone_number } = formValues;
+        return sanitizePhoneNumber(country_code, phone_number);
+    }
+    // For EMAIL_OTP, always use email as username
+    if (authMethod === 'EMAIL_OTP') {
+        return formValues.email;
+    }
     // When 'username' is in loginMechanisms, always use the username field for the Username parameter.
     // This handles both username-only mode and alias mode (username + email/phone as sign-in options).
     // See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases
@@ -75,5 +98,34 @@ const getUsernameSignUp = ({ formValues, loginMechanisms, }) => {
     // Otherwise, use the primary login mechanism (email as username)
     return formValues[loginMechanism];
 };
+/**
+ * Get available authentication methods based on backend capabilities and hidden methods
+ */
+const getAvailableAuthMethods = (passwordlessCapabilities, hiddenAuthMethods) => {
+    const allMethods = [];
+    // If hiddenAuthMethods is explicitly provided (even as empty array),
+    // assume all methods are available and let hiddenAuthMethods filter them
+    const assumeAllAvailable = hiddenAuthMethods !== undefined;
+    // PASSWORD is always available by default
+    allMethods.push('PASSWORD');
+    // Add passwordless methods if backend supports them OR if hiddenAuthMethods is explicitly set
+    if (assumeAllAvailable || passwordlessCapabilities?.emailOtpEnabled) {
+        allMethods.push('EMAIL_OTP');
+    }
+    if (assumeAllAvailable || passwordlessCapabilities?.smsOtpEnabled) {
+        allMethods.push('SMS_OTP');
+    }
+    if (assumeAllAvailable || passwordlessCapabilities?.webAuthnEnabled) {
+        allMethods.push('WEB_AUTHN');
+    }
+    // Filter out hidden methods
+    const hidden = hiddenAuthMethods ?? [];
+    const availableMethods = allMethods.filter((method) => !hidden.includes(method));
+    // Validate that at least one method remains
+    if (availableMethods.length === 0) {
+        throw new Error('InvalidPasswordlessSettings: All authentication methods are hidden');
+    }
+    return availableMethods;
+};
 
-export { getSignUpInput, getUserAttributes, getUsernameSignUp, sanitizePhoneNumber };
+export { getAvailableAuthMethods, getSignUpInput, getUserAttributes, getUsernameSignUp, sanitizePhoneNumber };