Skip to content

Persist and restore in-progress custom auth challenge session across app termination on iOS #4205

Description

@AnnaAlexandra-Trove

Is your feature request related to a problem? Please describe.

When using Amplify Auth for Swift with a Cognito custom auth flow, a user may start sign-in, receive a OTP by email, leave the app to retrieve the OTP, and then return to complete sign-in with confirmSignIn.

This works while the app process remains alive. However, if iOS terminates the app before the user returns, Amplify loses the in-progress custom challenge state. After relaunch, confirmSignIn can no longer continue the existing Cognito challenge because the internal session/challenge state is gone, even though the OTP is still valid server-side. This causes sign-in to fail and forces the user to restart the auth flow and send a new OTP.

Describe the solution you'd like

It would be great if the Amplify library could persist and restore in-progress session/state for Cognito custom auth flows.

When a signIn response returns .confirmSignInWithCustomChallenge, Amplify should securely persist the required pending session/state in the keychain. Then on app relaunch, Amplify should be able to restore that pending state so a subsequent call to confirmSignIn can continue the same Cognito session instead of failing due to missing in-memory state.

Describe alternatives you've considered

Alternatively, Amplify could expose an API that allows apps to retrieve and later restore the current custom auth session/challenge state. This would let us securely persist the required state ourselves, and restore it after app relaunch before calling confirmSignIn.

Is the feature request related to any of the existing Amplify categories?

Auth

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions