Today, we’re releasing an enhanced mobile client in the AWS Mobile SDKs for iOS and Android, which are part of the Amplify Framework. This client is designed to help native developers perform common authentication workflows with a simple, declarative programming model. The Amplify Framework is an open-source client project that you can use to build sophisticated cloud-powered mobile and web apps. This new release adds to the existing framework components that include a JavaScript library, UI components, and a command line interface (CLI) toolchain.

The new client ( AWSMobileClient ) includes automatic credentials management and refresh routines when it uses either Amazon Cognito user pools or identity pools. This functionality allows you to seamlessly interact with services such as AWS AppSync, Amazon S3, Amazon Pinpoint and more.

The client has a built-in state management and notification system for developers to hook into and perform custom UI flows or screen transitions. It’s also aware of the network state, which allows developers to build offline apps and protect against failures when an app is making requests to AWS services. The client provides a simple “drop-in UI” that you can use to add sign-up and sign-in capabilities to your app in a couple lines of code, including usage with social providers. Alternatively, you can also use the client API to build your own custom login screen.

Along with this release, all iOS and Android documentation has been rewritten and centralized along with the AWS Amplify JavaScript documentation at https://aws-amplify.github.io/. Mobile and web developers now have a central location for JavaScript, iOS, and Android documentation when they’re building apps on AWS.

State tracking

Many workflows in mobile apps are determined by what state the user is in. Usually this is a complex task to pass around in different activities or view controllers. What’s the current user name? Did they log in with a specific provider or only as a guest? With the new AWSMobileClient , you can query on demand for this state, or register for notifications to dynamically perform actions when state changes have been triggered.

AWSMobileClient.sharedInstance().addUserStateListener(self) { (userState, info) in switch (userState) { case .guest: print("user is in guest mode.") case .signedOut: print("user signed out") case .signedIn: print("user is signed in.") case .signedOutUserPoolsTokenInvalid: print("need to login again.") case .signedOutFederatedTokensInvalid: print("user logged in via federation, but currently needs new tokens") default: print("unsupported") } }

Refreshing credentials

Credentials management often becomes complex when you’re using multiple AWS services. AWS offers Amazon Cognito user pools and identity pools to simplify credentials management. However, depending on your apps’s features, you might need a combination of JWT tokens and AWS credentials.

For instance, it might be enough for some apps to use JWT tokens from a user pool when they’re sending REST requests to Amazon API Gateway. But if you want to also have images in your app, then you need to sign requests to Amazon S3 with short-term AWS credentials that are vended by identity pools. Both sets of credentials have independent expiration and refresh cycles, so coordination can become cumbersome.

The AWSMobileClient automatically handles all these scenarios and combinations for you, even when you federate your user pool or social providers with an identity pool. This functionality also integrates with the state notification system that we mentioned earlier. It lets you know at the appropriate point if credentials can’t be refreshed and you must take action, such as in the case of a refresh token expiring. Additionally, valid token information is cached locally with utility methods for you to use in your app.

AWSMobileClient.sharedInstance().getTokens { (tokens, error) in if let error = error { print("Error getting token \(error.localizedDescription)") } else if let tokens = tokens { print(tokens.accessToken!.tokenString!) } }

Offline operations

Finally, the AWSMobileClient now provides awareness of the app connectivity state. We heard from many customers that their apps regularly run into authentication issues in production deployment when users go offline, because the apps don’t account for this, despite having coordinated credentials refresh properly. This indicated that, in most cases, network errors were causing their apps to time out and trigger a user logout.

The new client prevents this and dispatches state notifications, so that you can account for the connectivity state in your business logic. If you’re using AWS AppSync along with the new client, you can also enqueue your offline writes to take place when connectivity is restored, and they will sync with the service and databases. If the credentials have expired while you were offline, the new client automatically refreshes the credentials (either JWT tokens or AWS credentials, as appropriate) before performing that synchronization routine.

Feedback

We’re excited about these new features—and centralizing all documentation for creating mobile and web apps on AWS in one place! We have plenty more work to do in this space, as we continue to improve authentication routines for client applications, and enhance AWS Amplify’s categories. Take a look at the new site and leave us comments in our GitHub repos on how we can improve more.