Working with User Devices in Your User Pool > 자유게시판

When you sign up local user pool users with the Amazon Cognito person swimming pools API, you'll be able to affiliate your users’ activity logs from risk protection with each of their gadgets and, optionally, iTagPro website permit your customers to skip multi-issue authentication (MFA) if they’re on a trusted machine. Amazon Cognito features a gadget key in the response to any signal-in that doesn’t already embrace machine data. UUID. With a device key, a Secure Remote Password (SRP) library, and a person pool that permits gadget authentication, you can prompt users in your app to belief the present machine and no longer prompt for an MFA code at signal-in. With Amazon Cognito user pools, you possibly can affiliate every of your customers' units with a novel device identifier: a machine key. If you current the device key and perform gadget authentication at sign-in, you can configure your utility with a trusted device authentication circulate. On this stream, your utility can present a choice to customers to sign up with out MFA until a later time, as decided by the security requirements of your app or the preferences of your customers.

At the top of that point period, your software should change the gadget status to not remembered and ItagPro the user must check in with MFA until they confirm that they want to remember a device. For instance, your software would possibly prompt your users to belief a gadget for 30, 60, or 90 days. You'll be able to retailer this date in a custom attribute and on that date, change the remembered status of their machine. It's essential to then re-immediate your person to submit an MFA code and set the system to be remembered once more after profitable authentication. 1. Remembered gadgets can override MFA solely in consumer pools with MFA active. When your consumer indicators in with a remembered system, you need to perform a further device authentication during their authentication stream. For extra information, see Signing in with a device. Configure your user pool to recollect units in the Sign-in menu of your consumer pool, beneath Device tracking. Your consumer pool does not immediate customers to remember devices when they register.

When your app confirms a consumer's device, your consumer pool always remembers the device and iTagPro website would not return MFA challenges on future profitable system sign-ins. When your app confirms a consumer's machine, your person pool doesn't mechanically suppress MFA challenges. You need to prompt your consumer to choose whether or iTagPro website not they need to recollect the device. When you choose Always remember or User Opt-In, Amazon Cognito generates a machine-identifier key and secret every time a consumer signs in from an unidentified device. The system key is the initial identifier that your app sends to your person pool when your person performs system authentication. With each confirmed person gadget, whether or not remembered routinely or opted-in, you can use the gadget-identifier key and iTagPro website secret to authenticate a device on every person signal-in. You may also configure remembered-device settings for your consumer pool in a CreateUserPool or UpdateUserPool API request. For iTagPro device extra information, see the DeviceConfiguration property. The Amazon Cognito user pools API has additional operations for remembered gadgets.

1. ListDevices and AdminListDevices return an inventory of the gadget keys and iTagPro shop their metadata for a user. 2. GetDevice and AdminGetDevice return the device key and metadata for a single system. 3. UpdateDeviceStatus and AdminUpdateDeviceStatus set a user's system as remembered or not remembered. 4. ForgetDevice and AdminForgetDevice take away a person's confirmed machine from their profile. API operations with names that begin with Admin are for use in server-aspect apps and must be authorized with IAM credentials. For extra info, see Understanding API, OIDC, and managed login pages authentication. KEY, iTagPro website Amazon Cognito returns a brand ItagPro new system key within the response. In your public client-facet app, place the gadget key in app storage as a way to embrace it in future requests. In your confidential server-side app, set a browser cookie or another consumer-aspect token with your user’s device key. Before your consumer can sign in with their trusted device, your app should affirm the gadget key and supply additional info. Generate a ConfirmDevice request to Amazon Cognito that confirms your user’s gadget with the device key, iTagPro website a pleasant title, password verifier, and iTagPro website a salt.

For those who configured your user pool for choose-in system authentication, Amazon Cognito responds to your ConfirmDevice request with a immediate that your person must choose whether or not to remember the current machine. Respond with your user’s selection in an UpdateDeviceStatus request. While you affirm your user’s system however don’t set it as remembered, Amazon Cognito shops the affiliation but proceeds with non-gadget signal-in whenever you present the system key. Devices can generate logs that are helpful for user safety and troubleshooting. A confirmed but unremembered system doesn’t benefit from the sign-in feature, but does benefit from the safety monitoring logs characteristic. Whenever you activate threat protection in your app consumer and encode a machine fingerprint into your request, Amazon Cognito associates person events with the confirmed device. 1. Start your user’s signal-in session with an InitiateAuth API request. 2. Reply to all authentication challenges with RespondToAuthChallenge till you receive JSON net tokens (JWTs) that mark your user’s signal-in session full.