aws-amplify · harsh62 · Nov 25, 2024 · Oct 4, 2024 · Sep 30, 2024 · Oct 10, 2024
@@ -58,3 +58,9 @@ jobs:
       resource_subfolder: auth
       timeout-minutes: 30
     secrets: inherit
+
+  # Disabling the integration test because the job is not able to connect to the local server
+  # auth-webauthn-integration-test-iOS:
+  #   name: Auth WebAuthn Integration Tests (iOS)
+  #   uses: ./.github/workflows/integ_test_auth_webauthn.yml
+  #   secrets: inherit
@@ -0,0 +1,101 @@
+name: Integration Tests | Auth - WebAuthn
+on:
+  workflow_dispatch:
+  workflow_call:
+
+permissions:
+    id-token: write
+    contents: read
+
+jobs:
+  auth-webauthn-integration-tests:
+    name: iOS Tests | AuthWebAuthnApp
+    runs-on: macos-15
+    timeout-minutes: 30
+    environment: IntegrationTest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: Get build parameters for iOS
+        id: platform
+        uses: ./.github/composite_actions/get_platform_parameters
+        with:
+          platform: iOS
+
+      - name: Create the test configuration directory
+        run: mkdir -p ~/.aws-amplify/amplify-ios/testconfiguration/
+
+      - name: Download the Integration Test configurations
+        uses: ./.github/composite_actions/download_test_configuration
+        with:
+          resource_subfolder: auth
+          aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws_region: ${{ secrets.AWS_REGION }}
+          aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET_INTEG_V2 }}
+          destination: ~/.aws-amplify/amplify-ios/testconfiguration/
+
+      - name: Set up node
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        with:
+          node-version: 16.x
+
+      - name: Attempt to use the dependencies cache
+        id: dependencies-cache
+        timeout-minutes: 4
+        continue-on-error: true
+        uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          path: ~/Library/Developer/Xcode/DerivedData/Amplify
+          key: amplify-packages-${{ hashFiles('Package.resolved') }}
+          restore-keys: |
+            amplify-packages-
+
+      - name: Attempt to restore the build cache
+        id: build-cache
+        timeout-minutes: 4
+        continue-on-error: true
+        uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          path: ${{ github.workspace }}/Build
+          key: Amplify-iOS-build-cache
+
+      - name: Run Local Server
+        run: |
+          cd ./AmplifyPlugins/Auth/Tests/AuthWebAuthnApp/LocalServer
+          npm install
+          npm start &
+        shell: bash
+
+      - name: Run iOS Integration Tests
+        id: run-tests
+        continue-on-error: true
+        uses: ./.github/composite_actions/run_xcodebuild_test
+        with:
+          scheme: AuthWebAuthnApp
+          destination: ${{ steps.platform.outputs.destination }}
+          sdk: ${{ steps.platform.outputs.sdk }}
+          xcode_path: /Applications/Xcode_${{ steps.platform.outputs.xcode-version }}.app
+          project_path: ./AmplifyPlugins/Auth/Tests/AuthWebAuthnApp
+          generate_coverage: false
+          cloned_source_packages_path: ~/Library/Developer/Xcode/DerivedData/Amplify
+          derived_data_path: ${{ github.workspace }}/Build
+          disable_package_resolution: ${{ steps.dependencies-cache.outputs.cache-hit }}
+
+      - name: Retry iOS Integration Tests
+        if: steps.run-tests.outcome=='failure'
+        id: retry-tests
+        uses: ./.github/composite_actions/run_xcodebuild_test
+        with:
+          scheme: AuthWebAuthnApp
+          destination: ${{ steps.platform.outputs.destination }}
+          sdk: ${{ steps.platform.outputs.sdk }}
+          xcode_path: /Applications/Xcode_${{ steps.platform.outputs.xcode-version }}.app
+          project_path: ./AmplifyPlugins/Auth/Tests/AuthWebAuthnApp
+          generate_coverage: false
+          cloned_source_packages_path: ~/Library/Developer/Xcode/DerivedData/Amplify
+          derived_data_path: ${{ github.workspace }}/Build
+          disable_package_resolution: true
@@ -64,6 +64,10 @@ extension AuthCategory: AuthCategoryBehavior {
         return await plugin.signOut(options: options)
     }
 
+    public func autoSignIn() async throws -> AuthSignInResult {
+        try await plugin.autoSignIn()
+    }
+
     public func deleteUser() async throws {
         try await plugin.deleteUser()
     }

@@ -0,0 +1,51 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Foundation
+
+extension AuthCategory: AuthCategoryWebAuthnBehaviour {
+#if os(iOS) || os(macOS)
+    @available(iOS 17.4, macOS 13.5, *)
+    public func associateWebAuthnCredential(
+        presentationAnchor: AuthUIPresentationAnchor? = nil,
+        options: AuthAssociateWebAuthnCredentialRequest.Options? = nil
+    ) async throws {
+        try await plugin.associateWebAuthnCredential(
+            presentationAnchor: presentationAnchor,
+            options: options
+        )
+    }
+#elseif os(visionOS)
+    public func associateWebAuthnCredential(
+        presentationAnchor: AuthUIPresentationAnchor,
+        options: AuthAssociateWebAuthnCredentialRequest.Options? = nil
+    ) async throws {
+        try await plugin.associateWebAuthnCredential(
+            presentationAnchor: presentationAnchor,
+            options: options
+        )
+    }
+#endif
+
+    public func listWebAuthnCredentials(
+        options: AuthListWebAuthnCredentialsRequest.Options? = nil
+    ) async throws -> AuthListWebAuthnCredentialsResult {
+        return try await plugin.listWebAuthnCredentials(
+            options: options
+        )
+    }
+
+    public func deleteWebAuthnCredential(
+        credentialId: String,
+        options: AuthDeleteWebAuthnCredentialRequest.Options? = nil
+    ) async throws {
+        try await plugin.deleteWebAuthnCredential(
+            credentialId: credentialId,
+            options: options
+        )
+    }
+}
@@ -12,7 +12,7 @@
 #endif
 
 /// Behavior of the Auth category that clients will use
-public protocol AuthCategoryBehavior: AuthCategoryUserBehavior, AuthCategoryDeviceBehavior {
+public protocol AuthCategoryBehavior: AuthCategoryUserBehavior, AuthCategoryDeviceBehavior, AuthCategoryWebAuthnBehaviour {
 
     /// SignUp a user with the authentication provider.
     ///
@@ -102,6 +102,10 @@
         options: AuthConfirmSignInRequest.Options?
     ) async throws -> AuthSignInResult
 
+
+    /// Auto signs in the user for passwordless sign up
+    func autoSignIn() async throws -> AuthSignInResult
+
     /// Sign out the currently logged-in user.
     ///
     /// - Parameters:

@@ -0,0 +1,35 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Foundation
+
+public protocol AuthCategoryWebAuthnBehaviour: AnyObject {
+#if os(iOS) || os(macOS)
+    /// - Tag: AuthCategoryWebAuthnBehaviour.associate
+    @available(iOS 17.4, macOS 13.5, *)
+    func associateWebAuthnCredential(
+        presentationAnchor: AuthUIPresentationAnchor?,
+        options: AuthAssociateWebAuthnCredentialRequest.Options?
+    ) async throws
+#elseif os(visionOS)
+    func associateWebAuthnCredential(
+        presentationAnchor: AuthUIPresentationAnchor,
+        options: AuthAssociateWebAuthnCredentialRequest.Options?
+    ) async throws
+#endif
+
+    /// - Tag: AuthCategoryWebAuthnBehaviour.list
+    func listWebAuthnCredentials(
+        options: AuthListWebAuthnCredentialsRequest.Options?
+    ) async throws -> AuthListWebAuthnCredentialsResult
+
+    /// - Tag: AuthCategoryWebAuthnBehaviour.delete
+    func deleteWebAuthnCredential(
+        credentialId: String,
+        options: AuthDeleteWebAuthnCredentialRequest.Options?
+    ) async throws
+}
@@ -0,0 +1,27 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+public enum AuthFactorType: String {
+
+    /// An auth factor that uses password
+    case password
+
+    /// An auth factor that uses SRP protocol
+    case passwordSRP
+
+    /// An auth factor that uses SMS OTP
+    case smsOTP
+
+    /// An auth factor that uses Email OTP
+    case emailOTP
+
+#if os(iOS) || os(macOS) || os(visionOS)
+    /// An auth factor that uses WebAuthn
+    @available(iOS 17.4, macOS 13.5, visionOS 1.0, *)
+    case webAuthn
+#endif
+}
@@ -8,6 +8,9 @@
 /// Set of allowed MFA types that would be used for continuing sign in during MFA selection step
 public typealias AllowedMFATypes = Set<MFAType>
 
+/// Set of available factors that would be used for continuing/confirming sign in
+public typealias AvailableAuthFactorTypes = Set<AuthFactorType>
+
 /// Auth SignIn flow steps
 ///
 ///
@@ -26,6 +29,10 @@ public enum AuthSignInStep {
     ///
     case confirmSignInWithNewPassword(AdditionalInfo?)
 
+    /// Auth step required the user to give a password.
+    ///
+    case confirmSignInWithPassword
+
     /// Auth step is TOTP multi factor authentication.
     ///
     /// Confirmation code for the MFA will be retrieved from the associated Authenticator app
@@ -52,6 +59,10 @@ public enum AuthSignInStep {
     /// OTP for the factor will be sent to the delivery medium.
     case confirmSignInWithOTP(AuthCodeDeliveryDetails)
 
+    /// Auth step is for continuing sign in by selecting the first factor that would be used for signing in
+    ///
+    case continueSignInWithFirstFactorSelection(AvailableAuthFactorTypes)
+
     /// Auth step required the user to change their password.
     ///
     case resetPassword(AdditionalInfo?)

@@ -6,6 +6,7 @@
 //
 
 public typealias UserId = String
+public typealias Session = String
 
 /// SignUp step to be followed.
 public enum AuthSignUpStep {
@@ -16,6 +17,10 @@ public enum AuthSignUpStep {
         AdditionalInfo? = nil,
         UserId? = nil)
 
+    /// Sign Up successfully completed  
+    /// The customers can use this step to determine if they want to complete sign in
+    case completeAutoSignIn(Session)
+
     /// Sign up is complete
     case done
 }
@@ -0,0 +1,52 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Foundation
+
+/// Represents the output of a call to
+/// [`AuthCategoryWebAuthnBehaviour.listWebAuthnCredentials(options:)`](x-source-tag://AuthCategoryWebAuthnBehaviour.list)
+///
+/// - Tag: AuthListWebAuthnCredentialsResult
+public struct AuthListWebAuthnCredentialsResult {
+    /// The list of WebAuthn credentials
+    ///
+    /// - Tag: AuthListWebAuthnCredentialsResult.credentials
+    public var credentials: [AuthWebAuthnCredential]
+
+    /// String indicating the page offset at which to resume a listing.
+    ///
+    /// This value is usually copied to
+    /// [AuthListWebAuthnCredentialsRequest.Options.nextToken](x-source-tag://AuthListWebAuthnCredentialsRequestOptions.nextToken).
+    ///
+    /// - Tag: AuthListWebAuthnCredentialsResult.nextToken
+    public let nextToken: String?
+
+    /// - Tag: AuthListWebAuthnCredentialsResult.init
+    public init(
+        credentials: [AuthWebAuthnCredential],
+        nextToken: String?
+    ) {
+        self.credentials = credentials
+        self.nextToken = nextToken
+    }
+}
+
+/// Defines a WebAuthn credential
+/// - Tag: AuthWebAuthnCredential
+public protocol AuthWebAuthnCredential {
+    /// The credential's ID
+    var credentialId: String { get }
+
+    /// The credential's creation date
+    var createdAt: Date { get }
+
+    /// The credential's relying party ID
+    var relyingPartyId: String { get }
+
+    /// The credential's friendly name
+    var friendlyName: String? { get }
+}