Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Blog
/
Current article

How to integrate AWS Cognito with Authsignal to implement passkeys in a native mobile app.

Last Updated:
March 18, 2025
Chris Fisher
How to pair AWS Cognito with Authsignal to implement passkeys in a native mobile app.
AWS Partner
Authsignal is an AWS-certified partner and has passed the Well-Architected Review Framework (WAFR) for its Cognito integration.
AWS Marketplace

This blog post is part 3 in a series of blog posts.

In previous blog posts we outlined how to pair AWS Cognito with Authsignal to implement passwordless login and MFA and then how to expand this example to add passkeys. Both blog posts used a simple web app as an example.

This blog post will cover the integration steps required to add passkey sign-in to a native mobile app. The example app is built with React Native and uses the Authsignal React Native SDK but a similar approach can also be achieved using our iOS SDK, **Android SDK,** or  Flutter SDK.

Signing in with a passkey in a native iOS app

Full example code

You can find the full code example for using AWS Cognito with passkeys in a React Native app on Github. This example uses the Authsignal pre-built UI for email verification. You can also find an alternate version which uses the Authsignal Client API for email verification in this branch if you prefer a fully native UI.

Configuring passkeys for native mobile apps

In the previous example for a web app, we detailed how to enable passkeys as an authenticator in the Authsignal Portal. For a native mobile app, you will also need to follow some additional steps by setting up an associated domain and hosting an apple-app-site-association file (iOS) and an assetlinks.json file (Android) on your web domain. For example, if your web domain was simplify.io then you would need to host two files to prove that your app owns that domain:

This domain should match the value for the Relying Party that you configure in the Authsignal Portal.

The app code

When the user presses the sign-in button, we will call the Authsignal SDK’s passkey.signIn method.

const { data } = await authsignal.passkey.signIn({
  action: "cognitoAuth",
});

This will display the passkeys available on the device and let the user authenticate with Face ID, then return the username associated with the passkey along with an Authsignal validation token. We then call the Amplify signIn and confirmSignIn methods one after another, passing the username and the validation token.

await signIn({
  username: data.userName,
  options: {
    authFlowType: "CUSTOM_WITHOUT_SRP",
  },
});

const { isSignedIn } = await confirmSignIn({
  challengeResponse: data.token,
});

A full example of the sign-in code can be viewed here.

Optimizing passkey UX

We have designed our app’s landing screen to just show a “Sign in” button and not initially require the user to input their email. This optimizes for the happy path where a user has a passkey available on their device. But it can also handle the scenario where a registered user doesn’t have a passkey available - for example, if they have deleted their existing passkey or if they’ve switched to a new device on a different platform where their existing passkey can’t be synced. In this case, we can check the errorCode returned by the Authsignal SDK.

const { data, errorCode } = await authsignal.passkey.signIn({
  action: "cognitoAuth",
});

if (
  errorCode === ErrorCode.passkeySignInCanceled ||
  errorCode === ErrorCode.noPasskeyCredentialAvailable
) {
  return navigation.navigate("SignInEmail");
}

If the user dismisses the passkey sign-in prompt or doesn’t have any passkeys available on their device, we can fall back to signing in with email OTP—either by launching the Authsignal pre-built UI and using ASWebAuthenticationSession (iOS) or Custom Tabs (Android) or by building our own native UI and using the Authsignal Client API.

Summary

In this final blog post in our series on pairing AWS Cognito with Authsignal, we’ve demonstrated how Authsignal’s mobile SDKs can be used to implement passkeys in a native mobile app. We’ve also shown how to design and build an optimal UX that puts the seamless passkey sign-in experience front and center while also accommodating scenarios where users may not have access to a passkey they’ve previously created.

Resources

Authsignal docs on AWS Cognito

Try out our passkey demo
Passkey Demo
Have a question?
Talk to an expert
Related Resources
Authsignal docs on using passkeys in a web apparrow right
Authsignal docs on AWS Cognitoarrow right
NewsletterDemo PasskeysView docs
Passkeys
AWS
Cognito
React native
SDKs
Implementation
Guides
AWS Cognito
You might also like
How to add MFA to Duende IdentityServer with Authsignal
March 24, 2025
Learn how to implement multi-factor authentication (MFA) in your Duende IdentityServer using Authsignal. Secure your ASP.NET Core login flow with step-by-step instructions, complete code examples, and GitHub resources.
Duende IdentityServer
Multi-factor authentication
Guides
How to add passkeys to Keycloak with Authsignal: A Step-by-Step Guide
March 21, 2025
Learn how to enhance your Keycloak authentication flow by adding passkeys with Authsignal. This step-by-step guide covers setup, passkey enrollment, autofill implementation, and custom Keycloak configurations for a seamless and secure user experience.
Keycloak
Passkeys
Passkeys implementation
Passwordless authentication
Beyond Standard Authentication: When to Augment AWS Cognito with Authsignal
March 14, 2025
Modernize authentication effortlessly with Authsignal. While Cognito covers the basics, Authsignal adds the extra security and flexibility your app needs—seamlessly enhancing authentication without heavy engineering work.
AWS Cognito
Multi-factor authentication
Implementation
AWS

Secure your customers’ accounts today with Authsignal.

Passkey demoCreate free account

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOC
LinkedInTwitter
Passwordless / Multi-factor Authentication (MFA)
Pre-built UI (Low code)UI Components (Customizable)Custom UI (Flexible)
Why Authsignal?
Drop-in Authentication
PasskeysBiometric AuthenticationWhatsApp OTPSMS OTPEmail OTPMagic LinksAuthenticator Apps (TOTP)Push NotificationsPalm Biometrics
Rules and Policies Engine
User Observability
Industries
Financial Services
Marketplace
e-Commerce
FinTech
Crypto
View all Industries
Use Cases
Account Takeovers (ATO)
Go Passwordless
SMS Cost Optimization
Compliance
Existing Apps
View all Use Cases
Identity Providers (IDPs)
AWS Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
C#
Java
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Supabase
Compare
Twilio vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
BlogDeveloper DocsSolutions MarketplaceKnowledge BaseFree Figma Mobile Passkeys TemplateFree Figma Desktop Passkeys TemplateFree Figma WebApp Passkeys TemplatePress ReleasesAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies