Platform
Platform
Drop-In Authentication
Passkeys
Phishing-resistant, FIDO2/WebAuthn
Biometric authentication
Face and device-native biometrics
WhatsApp OTP
Global reach, lower cost than SMS
Email OTP
Universal second factor
App push authentication
Native device push notifications
Palm biometrics
Contactless identity verification
All authentication methods
KEY FEATURES
No-code rules engine
Step-up auth, risk policies, alerts
User observability
Audit trails, dynamic linking
Risk-based authentication
Adaptive MFA by context
Session management
Persistent sessions across channels
Digital credentials API
Verify sovereign digital IDs
Pre-built UI
Fastest deployment path
Passkeys
Deploy phishing-resistant passkeys across web and mobile in days
Solutions
Solutions
USE CASE
Account Takeover Prevention
Stop ATO without adding friction
Go Passwordless
Replace passwords with passkeys
Account Recovery
Secure self-service recovery flows
Call Centre Authentication
Verify callers without KBA
SMS Cost Optimisation
Cut OTP costs up to 90%
Existing Apps (Drop-In)
Add auth without re-architecting
Palm biometric payments
Contactless in-store payments
INDUSTRY
Financial Services & Banking
Secure high-value transactions
Healthcare
Authentication for ePHI access
Loyalty Programs
Protect points and member accounts
ROLE
Engineering
Fast integration, flexible SDKs
Product
No-code flows, conversion insights
Cybersecurity
Risk policies, compliance, audit trails
PricingCustomers
Resources
Resources
LEARN
Blog
Guides
Regulatory
Templates
Docs
COMPANY
About Us
Why Authsignal
Partners
Careers
Security
Contact
INTEGRATIONS
Amazon Cognito
Auth0
Azure AD B2C
Custom identity provider
Duende IdentityServer
All integrations
Docs
Start a trial
Book a callLogin
AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Right icon
Blog
/
Current article
Passkeys
AWS
Cognito
React native
SDKs
Implementation
Guides
AWS Cognito

How to integrate AWS Cognito with Authsignal to implement passkeys in a native mobile app.

Chris Fisher
⬤
June 24, 2025
Share
How to pair AWS Cognito with Authsignal to implement passkeys in a native mobile app.
AWS Partner
Authsignal is an AWS-certified partner and has passed the Well-Architected Review Framework (WAFR) for its Cognito integration.
AWS Marketplace

This blog post is part 3 in a series of blog posts.

  • Part 1: How to pair AWS Cognito with Authsignal to rapidly implement passwordless login and MFA.
  • Part 2: How to pair AWS Cognito with Authsignal to implement passkeys in a web app.
  • Part 3: How to pair AWS Cognito with Authsignal to implement passkeys in a native mobile app.

‍

In previous blog posts we outlined how to pair AWS Cognito with Authsignal to implement passwordless login and MFA and then how to expand this example to add passkeys. Both blog posts used a simple web app as an example.

‍

This blog post will cover the integration steps required to add passkey sign-in to a native mobile app. The example app is built with React Native and uses the Authsignal React Native SDK but a similar approach can also be achieved using our iOS SDK, **Android SDK,** or  Flutter SDK.

‍

Signing in with a passkey in a native iOS app

‍

Full example code

You can find the full code example for using AWS Cognito with passkeys in a React Native app on Github. This example uses the Authsignal pre-built UI for email verification. You can also find an alternate version which uses the Authsignal Client API for email verification in this branch if you prefer a fully native UI.

‍

Configuring passkeys for native mobile apps

In the previous example for a web app, we detailed how to enable passkeys as an authenticator in the Authsignal Portal. For a native mobile app, you will also need to follow some additional steps by setting up an associated domain and hosting an apple-app-site-association file (iOS) and an assetlinks.json file (Android) on your web domain. For example, if your web domain was simplify.io then you would need to host two files to prove that your app owns that domain:

  • https://simplify.io/.well-known/apple-app-site-association (iOS)
  • https://simplify.io/.well-known/assetlinks.json (Android)

This domain should match the value for the Relying Party that you configure in the Authsignal Portal.

‍

The app code

When the user presses the sign-in button, we will call the Authsignal SDK’s passkey.signIn method.

const { data } = await authsignal.passkey.signIn({
  action: "cognitoAuth",
});

This will display the passkeys available on the device and let the user authenticate with Face ID, then return the username associated with the passkey along with an Authsignal validation token. We then call the Amplify signIn and confirmSignIn methods one after another, passing the username and the validation token.

await signIn({
  username: data.userName,
  options: {
    authFlowType: "CUSTOM_WITHOUT_SRP",
  },
});

const { isSignedIn } = await confirmSignIn({
  challengeResponse: data.token,
});

A full example of the sign-in code can be viewed here.

‍

Optimizing passkey UX

We have designed our app’s landing screen to just show a “Sign in” button and not initially require the user to input their email. This optimizes for the happy path where a user has a passkey available on their device. But it can also handle the scenario where a registered user doesn’t have a passkey available - for example, if they have deleted their existing passkey or if they’ve switched to a new device on a different platform where their existing passkey can’t be synced. In this case, we can check the errorCode returned by the Authsignal SDK.

const { data, errorCode } = await authsignal.passkey.signIn({
  action: "cognitoAuth",
});

if (
  errorCode === ErrorCode.passkeySignInCanceled ||
  errorCode === ErrorCode.noPasskeyCredentialAvailable
) {
  return navigation.navigate("SignInEmail");
}

If the user dismisses the passkey sign-in prompt or doesn’t have any passkeys available on their device, we can fall back to signing in with email OTP—either by launching the Authsignal pre-built UI and using ASWebAuthenticationSession (iOS) or Custom Tabs (Android) or by building our own native UI and using the Authsignal Client API.

‍

Summary

In this final blog post in our series on pairing AWS Cognito with Authsignal, we’ve demonstrated how Authsignal’s mobile SDKs can be used to implement passkeys in a native mobile app. We’ve also shown how to design and build an optimal UX that puts the seamless passkey sign-in experience front and center while also accommodating scenarios where users may not have access to a passkey they’ve previously created.

‍

Resources

Authsignal docs on AWS Cognito

  • Authsignal docs on using passkeys in a native mobile app
Question icon
Have a question?
Talk to an expert
NewsletterDemo PasskeysView docs
Passkeys
AWS
Cognito
React native
SDKs
Implementation
Guides
AWS Cognito

You might also like

The passkey UX patterns that drive adoption in 2026
Passkeys
Passkeys implementation

The passkey UX patterns that drive adoption in 2026

July 2, 2026
What is silent network authentication, and how does it work?
Silent Network Authentication
SNA

What is silent network authentication, and how does it work?

June 26, 2026
HIPAA MFA requirements and what to do before the final rule lands
Passkeys
Step up authentication
Adaptive MFA
SMS Alternative

HIPAA MFA requirements and what to do before the final rule lands

July 4, 2026

Secure your customers’ accounts today with Authsignal

Passkey demoCreate free account
Authsignal Purple Logo

Authsignal is a drop-in authentication and orchestration layer for consumer-facing businesses. Passkeys, adaptive MFA, and omnichannel verification on top of your existing identity stack. Deployed in weeks, not quarters.

AICPA SOCFido Certified
LinkedInTwitter
Platform
Drop-In Authentication
PasskeysBiometric authenticationWhatsApp OTPEmail OTPApp push authenticationPalm biometricsSMS OTPEmail OTPMagic LinksAuthenticator apps (TOTP)
View all auth methods
KEY FEATURES
No-code rules engineUser observabilityRisk-based authenticationSession managementDigital credentials APIPre-built UI
All authentication methods
Pricing
Customers
Solutions
USE CASE
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
Palm biometric payments
View all use cases
industry
Financial services
Healthcare
Marketplace
View all use cases
ROLE
Engineering
ProductCybersecurityDocs
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
LEARN
BlogGuidesRegulatoryTemplatesDocs
COMPANY
About usWhy AuthsignalPartnersCareersSecurityContact
Integrations
Amazon Cognito
Azure AD B2C
Duende IdentityServer
Keycloak
Auth0
NextAuth.js
Custom identity provider
All integrations
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2026 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies