## SignUp Creates a new user in your User Pool: ```java final String username = getInput(R.id.signUpUsername); final String password = getInput(R.id.signUpPassword); final Map attributes = new HashMap<>(); attributes.put("email", "name@email.com"); AWSMobileClient.getInstance().signUp(username, password, attributes, null, new Callback() { @Override public void onResult(final SignUpResult signUpResult) { runOnUiThread(new Runnable() { @Override public void run() { Log.d(TAG, "Sign-up callback state: " + signUpResult.getConfirmationState()); if (!signUpResult.getConfirmationState()) { final UserCodeDeliveryDetails details = signUpResult.getUserCodeDeliveryDetails(); makeToast("Confirm sign-up with: " + details.getDestination()); } else { makeToast("Sign-up done."); } } }); } @Override public void onError(Exception e) { Log.e(TAG, "Sign-up error", e); } }); ``` ## Confirm SignUp Confirms a new user after signing up in a User Pool: ```java final String username = getInput(R.id.confirmSignUpUsername); final String code = getInput(R.id.confirmSignUpCode); AWSMobileClient.getInstance().confirmSignUp(username, code, new Callback() { @Override public void onResult(final SignUpResult signUpResult) { runOnUiThread(new Runnable() { @Override public void run() { Log.d(TAG, "Sign-up callback state: " + signUpResult.getConfirmationState()); if (!signUpResult.getConfirmationState()) { final UserCodeDeliveryDetails details = signUpResult.getUserCodeDeliveryDetails(); makeToast("Confirm sign-up with: " + details.getDestination()); } else { makeToast("Sign-up done."); } } }); } @Override public void onError(Exception e) { Log.e(TAG, "Confirm sign-up error", e); } }); ``` ## Re-send Confirmation Code ```java AWSMobileClient.getInstance().resendSignUp("your_username", new Callback() { @Override public void onResult(SignUpResult signUpResult) { Log.i(TAG, "A verification code has been sent via" + signUpResult.getUserCodeDeliveryDetails().getDeliveryMedium() + " at " + signUpResult.getUserCodeDeliveryDetails().getDestination()); } @Override public void onError(Exception e) { Log.e(TAG, e); } }); ``` ## SignIn Sign in with user credentials: ```java AWSMobileClient.getInstance().signIn(username, password, null, new Callback() { @Override public void onResult(final SignInResult signInResult) { runOnUiThread(new Runnable() { @Override public void run() { Log.d(TAG, "Sign-in callback state: " + signInResult.getSignInState()); switch (signInResult.getSignInState()) { case DONE: makeToast("Sign-in done."); break; case SMS_MFA: makeToast("Please confirm sign-in with SMS."); break; case NEW_PASSWORD_REQUIRED: makeToast("Please confirm sign-in with new password."); break; default: makeToast("Unsupported sign-in confirmation: " + signInResult.getSignInState()); break; } } }); } @Override public void onError(Exception e) { Log.e(TAG, "Sign-in error", e); } }); ``` ## Confirm SignIn (MFA) In order to setup multifactor authentication, choose `Manual configuration` while setting up auth in the CLI. When you get to the `Multifactor authentication` step, choose these values: ```console Multifactor authentication (MFA) user login options: ON (Required for all logins, can not be enabled later) For user login, select the MFA types: SMS Text Message Please specify an SMS authentication message: Your authentication code is {####} Email based user registration/forgot password: Enabled (Requires per-user email entry at registration) Please specify an email verification subject: Your verification code Please specify an email verification message: Your verification code is {####} Do you want to override the default password policy for this User Pool? No Warning: you will not be able to edit these selections. What attributes are required for signing up? Email, Phone Number (This attribute is not supported by Facebook, Login With Amazon.) ``` Note in the example above that for the `What attributes are required for signing up?` prompt, you need to use the arrow keys to scroll down in the list and select `Phone Number`. Otherwise you will not be able to add a phone number to the user and thus will not be able to sign in since SMS MFA is required. When signing up a user, be sure to pass an attributes map including both `email` (in the case above where email is used for password recovery) and `phone_number`. After you call sign in and get the `SMS_MFA` response back, you can send your user's input of the SMS code they received with the following command: ```java AWSMobileClient.getInstance().confirmSignIn(signInChallengeResponse, new Callback() { @Override public void onResult(SignInResult signInResult) { Log.d(TAG, "Sign-in callback state: " + signInResult.getSignInState()); switch (signInResult.getSignInState()) { case DONE: makeToast("Sign-in done."); break; case SMS_MFA: makeToast("Please confirm sign-in with SMS."); break; case NEW_PASSWORD_REQUIRED: makeToast("Please confirm sign-in with new password."); break; default: makeToast("Unsupported sign-in confirmation: " + signInResult.getSignInState()); break; } } @Override public void onError(Exception e) { Log.e(TAG, "Sign-in error", e); } }); ``` ## Force Change Password If a user is required to change their password on first login, there is a `NEW_PASSWORD_REQUIRED` state returned when `signIn` is called. You need to provide a new password given by the user in that case. It can be done using `confirmSignIn` with the new password. ```java AWSMobileClient.getInstance().signIn("username", "password", null, new Callback() { @Override public void onResult(final SignInResult signInResult) { runOnUiThread(new Runnable() { @Override public void run() { Log.d(TAG, "Sign-in callback state: " + signInResult.getSignInState()); switch (signInResult.getSignInState()) { case DONE: makeToast("Sign-in done."); break; case NEW_PASSWORD_REQUIRED: makeToast("Please confirm sign-in with new password."); break; default: makeToast("Unsupported sign-in confirmation: " + signInResult.getSignInState()); break; } } }); } @Override public void onError(Exception e) { Log.e(TAG, "Sign-in error", e); } }); AWSMobileClient.getInstance().confirmSignIn("NEW_PASSWORD_HERE", new Callback() { @Override public void onResult(SignInResult signInResult) { Log.d(TAG, "Sign-in callback state: " + signInResult.getSignInState()); switch (signInResult.getSignInState()) { case DONE: makeToast("Sign-in done."); break; case SMS_MFA: makeToast("Please confirm sign-in with SMS."); break; default: makeToast("Unsupported sign-in confirmation: " + signInResult.getSignInState()); break; } } @Override public void onError(Exception e) { Log.e(TAG, "Sign-in error", e); } }); ``` ## Forgot Password Forgot password is a 2 step process. You need to first call `forgotPassword()` method which would send a confirmation code to user via email or phone number. The details of how the code was sent are included in the response of `forgotPassword()`. Once the code is given by the user, you need to call `confirmForgotPassword()` with the confirmation code to confirm the change of password. ```java AWSMobileClient.getInstance().forgotPassword("username", new Callback() { @Override public void onResult(final ForgotPasswordResult result) { runOnUiThread(new Runnable() { @Override public void run() { Log.d(TAG, "forgot password state: " + result.getState()); switch (result.getState()) { case CONFIRMATION_CODE: makeToast("Confirmation code is sent to reset password"); break; default: Log.e(TAG, "un-supported forgot password state"); break; } } }); } @Override public void onError(Exception e) { Log.e(TAG, "forgot password error", e); } }); AWSMobileClient.getInstance().confirmForgotPassword("username", "NEW_PASSWORD_HERE", "CONFIRMATION_CODE", new Callback() { @Override public void onResult(final ForgotPasswordResult result) { runOnUiThread(new Runnable() { @Override public void run() { Log.d(TAG, "forgot password state: " + result.getState()); switch (result.getState()) { case DONE: makeToast("Password changed successfully"); break; default: Log.e(TAG, "un-supported forgot password state"); break; } } }); } @Override public void onError(Exception e) { Log.e(TAG, "forgot password error", e); } }); ``` ## SignOut ```java AWSMobileClient.getInstance().signOut(SignOutOptions.builder().invalidateTokens(true).build(), new Callback() { @Override public void onResult(Void result) { Log.d(TAG, "onResult: "); } @Override public void onError(Exception e) { Log.e(TAG, "onError: ", e); } }); ``` If you want to sign out locally by just deleting tokens, you can call `signOut` method: ```java AWSMobileClient.getInstance().signOut(); ``` ## Global SignOut Using global signout, you can signout a user from all active login sessions. By doing this, you are revoking all the OIDC tokens(id token, access token and refresh token) which means the user is signed out from all the devices. However, although the tokens are revoked, the AWS credentials will remain valid until they expire (which by default is 1 hour). ```java AWSMobileClient.getInstance().signOut(SignOutOptions.builder().signOutGlobally(true).build(), new Callback() { @Override public void onResult(final Void result) { Log.d(TAG, "signed-out"); } @Override public void onError(Exception e) { Log.e(TAG, "sign-out error", e); } }); ``` ## Utility Properties The `AWSMobileClient` provides several property "helpers" that are automatically cached locally for you to use in your application. ```java AWSMobileClient.getInstance().getUsername() //String AWSMobileClient.getInstance().isSignedIn() //Boolean AWSMobileClient.getInstance().getIdentityId() //String ``` ## Managing Security Tokens **When using Authentication with `AWSMobileClient`, you don’t need to refresh Amazon Cognito tokens manually. The tokens are automatically refreshed by the library when necessary.** ### OIDC Tokens ```java AWSMobileClient.getInstance().getTokens(); AWSMobileClient.getInstance().getTokens().getIdToken().getTokenString(); ``` ### AWS Credentials ```java AWSMobileClient.getInstance().getCredentials(); ```