Amplify Framework adds authentication features and enhancements for iOS and Android Mobile SDKs
Article Summary
AWS Amplify just made mobile authentication dramatically simpler. Device tracking, OAuth 2.0, and SAML federation now work out of the box for iOS and Android developers.
The AWS Amplify team shipped major authentication upgrades for native mobile SDKs (iOS 2.9.3+ and Android 2.12.15+). These updates address developer feedback on authentication complexity, adding new APIs for device management, hosted web UI support, and streamlined federation flows.
Key Takeaways
- New device tracking APIs let users opt into 'remember me' functionality, reducing MFA friction
- Cognito hosted web UI now integrates directly into native iOS and Android apps
- OAuth 2.0 Authorization Code Grant flows eliminate need for third-party auth libraries
- Global sign-out API revokes all tokens across every device a user has logged into
- SAML federation simplified to single federatedSignIn() call via AWSMobileClient
AWS Amplify now handles complex authentication patterns (MFA device memory, OAuth, SAML, global sign-out) through simple SDK calls, eliminating custom authentication code for mobile developers.
About This Article
Mobile developers ran into problems when they used Amazon Cognito user pools with multi-factor authentication. Users had to enter MFA codes every time they authenticated on different devices, which drove up SMS and email costs.
AWS Amplify released new API operations in iOS 2.9.3 and Android 2.12.15 SDKs that let users opt into device memory. They can now mark devices as remembered or forgotten, and developers control whether this feature is available.
Fewer MFA code transmissions mean developers spend less on SMS and email delivery. Users get a smoother experience because they don't have to enter MFA codes repeatedly on devices they trust.