Github example code
Enrolling more authenticators
Once the user has enrolled their first authentication method and has signed in, we want to give them the option to enroll more authentication methods. As an example, we’ll demonstrate how to let users enroll email OTP as a second authentication method - but the implementation approach will be similar for all authentications methods.While authentication methods can be enrolled in any sequence, it’s recommended to only let users
enroll passkeys after they’ve first enrolled a method like
email or SMS OTP, so users always have a fallback option in cases where their passkey [isn’t
available.
Lambda integration
- Custom UI
- Pre-built UI
To authorize binding the new authentication method to the user, we will create an authenticated API endpoint which our app can call once they’ve signed in.This endpoint will use a JWT Authorizer to authenticate using the Cognito access token.
It will return a short-lived Authsignal token which we’ll use in the following step.
App integration
- Custom UI
- Pre-built UI
- Call our endpoint to obtain the Authsignal token.
- Enroll the email OTP authenticator using a Client SDK.
Removing authenticators
- Custom UI
- Pre-built UI
The Authsignal Server SDK can be used within your authenticated API endpoint to get the user’s currently enrolled authenticators and to remove an authenticator by its ID.The example code below demonstrates how to remove the user’s email OTP authenticator by using the Authsignal Server SDK inside an API endpoint which is authenticated using a JWT authorizer.For more information refer to our Server SDK documentation.