diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx
index 441fc25a192..4dcd1a58e68 100644
--- a/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx
+++ b/src/pages/[platform]/build-a-backend/auth/concepts/external-identity-providers/index.mdx
@@ -116,8 +116,6 @@ Secrets must be created manually with [`ampx sandbox secret`](/[platform]/refere
-
-
```ts title="amplify/auth/resource.ts"
import { defineAuth, secret } from '@aws-amplify/backend';
@@ -152,42 +150,6 @@ export const auth = defineAuth({
});
```
-
-
-
-```ts title="amplify/auth/resource.ts"
-import { defineAuth, secret } from '@aws-amplify/backend';
-
-export const auth = defineAuth({
- loginWith: {
- externalProviders: {
- google: {
- clientId: secret('GOOGLE_CLIENT_ID'),
- clientSecret: secret('GOOGLE_CLIENT_SECRET')
- },
- signInWithApple: {
- clientId: secret('SIWA_CLIENT_ID'),
- keyId: secret('SIWA_KEY_ID'),
- privateKey: secret('SIWA_PRIVATE_KEY'),
- teamId: secret('SIWA_TEAM_ID')
- },
- loginWithAmazon: {
- clientId: secret('LOGINWITHAMAZON_CLIENT_ID'),
- clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET')
- },
- facebook: {
- clientId: secret('FACEBOOK_CLIENT_ID'),
- clientSecret: secret('FACEBOOK_CLIENT_SECRET')
- },
- callbackUrls: ['myapp://'],
- logoutUrls: ['myapp://'],
- }
- }
-});
-```
-
-
-
You need to now inform your external provider of the newly configured authentication resource and its OAuth redirect URI:
@@ -258,8 +220,6 @@ You need to now inform your external provider of the newly configured authentica
You can determine the pieces of data you want to retrieve from each external provider when setting them up in the `amplify/auth/resource.ts` file using `scopes`.
-
-
```ts title="amplify/auth/resource.ts"
import { defineAuth } from '@aws-amplify/backend';
@@ -282,30 +242,6 @@ export const auth = defineAuth({
});
```
-
-
-
-```ts title="amplify/auth/resource.ts"
-import { defineAuth } from '@aws-amplify/backend';
-
-export const auth = defineAuth({
- loginWith: {
- externalProviders: {
- loginWithAmazon: {
- clientId: secret('LOGINWITHAMAZON_CLIENT_ID'),
- clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'),
- // highlight-next-line
- scopes: ['email']
- },
- callbackUrls: ['myapp://'],
- logoutUrls: ['myapp://'],
- }
- }
-});
-```
-
-
-
### Attribute mapping
You can map which attributes are mapped between your external identity provider and your users created in Cognito. We will be able to have the best level of protection for developers if we ensure that attribute mappings that would not work are called out by the type system.
@@ -316,8 +252,6 @@ If you specify an attribute in your authentication resource as required, and it
-
-
```ts title="amplify/auth/resource.ts"
import { defineAuth } from '@aws-amplify/backend';
@@ -342,35 +276,6 @@ export const auth = defineAuth({
}
});
```
-
-
-
-
-```ts title="amplify/auth/resource.ts"
-import { defineAuth } from '@aws-amplify/backend';
-
-export const auth = defineAuth({
- loginWith: {
- externalAuthProviders: {
- loginWithAmazon: {
- clientId: secret('LOGINWITHAMAZON_CLIENT_ID'),
- clientSecret: secret('LOGINWITHAMAZON_CLIENT_SECRET'),
- // highlight-start
- attributeMapping: {
- email: 'email'
- }
- // highlight-end
- },
- callbackUrls: ['myapp://'],
- logoutUrls: ['myapp://'],
- }
- }
-});
-```
-
-
-
-
- [Learn more about configuring the React Authenticator component for external providers](https://ui.docs.amplify.aws/react/connected-components/authenticator/configuration#external-providers)
@@ -379,8 +284,6 @@ export const auth = defineAuth({
To setup a OIDC provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows:
-
-
```ts title="amplify/auth/resource.ts"
import { defineAuth, secret } from '@aws-amplify/backend';
@@ -406,34 +309,6 @@ export const auth = defineAuth({
});
```
-
-
-
-```ts title="amplify/auth/resource.ts"
-import { defineAuth, secret } from '@aws-amplify/backend';
-
-export const auth = defineAuth({
- loginWith: {
- email: true,
- externalProviders: {
- oidc: [
- {
- name: 'MicrosoftEntraID',
- clientId: secret('MICROSOFT_ENTRA_ID_CLIENT_ID'),
- clientSecret: secret('MICROSOFT_ENTRA_ID_CLIENT_SECRET'),
- issuerUrl: '',
- },
- ],
- callbackUrls: ['myapp://'],
- logoutUrls: ['myapp://'],
- },
- },
-});
-```
-
-
-
-
Use the `signInWithRedirect` API to initiate sign-in with an OIDC identity provider.
@@ -453,8 +328,6 @@ await signInWithRedirect({
To setup a SAML provider, you can configure them in your `amplify/auth/resource.ts` file. For example, if you would like to setup a Microsoft EntraID provider, you can do so as follows:
-
-
```ts title="amplify/auth/resource.ts"
import { defineAuth } from '@aws-amplify/backend';
@@ -479,33 +352,6 @@ export const auth = defineAuth({
});
```
-
-
-
-```ts title="amplify/auth/resource.ts"
-import { defineAuth } from '@aws-amplify/backend';
-
-export const auth = defineAuth({
- loginWith: {
- email: true,
- externalProviders: {
- saml: {
- name: 'MicrosoftEntraIDSAML',
- metadata: {
- metadataContent: '', // or content of the metadata file
- metadataType: 'URL', // or 'FILE'
- },
- },
- callbackUrls: ['myapp://'],
- logoutUrls: ['myapp://'],
- },
- },
-});
-```
-
-
-
-
Use the `signInWithRedirect` API to initiate sign-in with a SAML identity provider.
@@ -626,6 +472,7 @@ import { signInWithRedirect } from 'aws-amplify/auth';
signInWithRedirect({
provider: 'Apple'
});
+
```
### Redirect URLs
@@ -636,6 +483,7 @@ _Sign in_ & _Sign out_ redirect URL(s) are used to redirect end users after the
If you have multiple sign out redirect URLs configured, you may choose to override the default behavior of selecting a redirect URL and provide the one of your choosing when calling `signOut`. The provided redirect URL should match at least one of the configured redirect URLs. If no redirect URL is provided to `signOut`, the first item from the the configured redirect URLs list that does not contain a HTTP nor HTTPS prefix will be picked.
```ts
+import { Amplify } from 'aws-amplify';
import { signOut } from 'aws-amplify/auth';
// Assuming the following URLS were provided manually or via the Amplify configuration file,
@@ -644,9 +492,10 @@ import { signOut } from 'aws-amplify/auth';
signOut({
global: false,
oauth: {
- redirectUrl: 'https://authProvider/logout?logout_uri=myapp://'
+ redirectUrl: 'https://authProvider/logout?logout_uri=myDevApp://'
}
});
+
```
Irrespective of whether a `redirectUrl` is provided to `signOut`, a URL that does not contain http or https is expected to be present in the configured redirect URL list. This is because iOS requires an appScheme when creating the web session.