Is your feature request related to a problem? Please describe.
When using Amplify Auth for Swift with a Cognito custom auth flow, a user may start sign-in, receive a OTP by email, leave the app to retrieve the OTP, and then return to complete sign-in with confirmSignIn.
This works while the app process remains alive. However, if iOS terminates the app before the user returns, Amplify loses the in-progress custom challenge state. After relaunch, confirmSignIn can no longer continue the existing Cognito challenge because the internal session/challenge state is gone, even though the OTP is still valid server-side. This causes sign-in to fail and forces the user to restart the auth flow and send a new OTP.
Describe the solution you'd like
It would be great if the Amplify library could persist and restore in-progress session/state for Cognito custom auth flows.
When a signIn response returns .confirmSignInWithCustomChallenge, Amplify should securely persist the required pending session/state in the keychain. Then on app relaunch, Amplify should be able to restore that pending state so a subsequent call to confirmSignIn can continue the same Cognito session instead of failing due to missing in-memory state.
Describe alternatives you've considered
Alternatively, Amplify could expose an API that allows apps to retrieve and later restore the current custom auth session/challenge state. This would let us securely persist the required state ourselves, and restore it after app relaunch before calling confirmSignIn.
Is the feature request related to any of the existing Amplify categories?
Auth
Additional context
No response
Is your feature request related to a problem? Please describe.
When using Amplify Auth for Swift with a Cognito custom auth flow, a user may start sign-in, receive a OTP by email, leave the app to retrieve the OTP, and then return to complete sign-in with confirmSignIn.
This works while the app process remains alive. However, if iOS terminates the app before the user returns, Amplify loses the in-progress custom challenge state. After relaunch, confirmSignIn can no longer continue the existing Cognito challenge because the internal session/challenge state is gone, even though the OTP is still valid server-side. This causes sign-in to fail and forces the user to restart the auth flow and send a new OTP.
Describe the solution you'd like
It would be great if the Amplify library could persist and restore in-progress session/state for Cognito custom auth flows.
When a signIn response returns .confirmSignInWithCustomChallenge, Amplify should securely persist the required pending session/state in the keychain. Then on app relaunch, Amplify should be able to restore that pending state so a subsequent call to confirmSignIn can continue the same Cognito session instead of failing due to missing in-memory state.
Describe alternatives you've considered
Alternatively, Amplify could expose an API that allows apps to retrieve and later restore the current custom auth session/challenge state. This would let us securely persist the required state ourselves, and restore it after app relaunch before calling confirmSignIn.
Is the feature request related to any of the existing Amplify categories?
Auth
Additional context
No response