Working with User Devices in Your User Pool > 자유게시판

Once you register local consumer pool users with the Amazon Cognito consumer pools API, you'll be able to affiliate your users’ exercise logs from menace protection with each of their units and, optionally, permit your users to skip multi-issue authentication (MFA) if they’re on a trusted system. Amazon Cognito includes a system key in the response to any signal-in that doesn’t already embody system information. UUID. With a machine key, a Secure Remote Password (SRP) library, and a user pool that permits gadget authentication, you can prompt customers in your app to belief the current system and now not prompt for an MFA code at sign-in. With Amazon Cognito person swimming pools, you may associate each of your customers' gadgets with a singular gadget identifier: a machine key. When you present the gadget key and carry out system authentication at sign-in, you can configure your application with a trusted device authentication move. On this stream, your software can current a selection to customers to check in with out MFA until a later time, as determined by the safety requirements of your app or iTagPro geofencing the preferences of your customers.

At the tip of that time period, your utility should change the gadget status to not remembered and the consumer must sign up with MFA till they verify that they need to remember a gadget. For example, your software might prompt your customers to trust a device for 30, 60, or ninety days. You may store this date in a custom attribute and on that date, change the remembered standing of their machine. You could then re-immediate your consumer to submit an MFA code and set the system to be remembered again after profitable authentication. 1. Remembered units can override MFA solely in consumer pools with MFA energetic. When your consumer signs in with a remembered device, it's essential to carry out an additional device authentication during their authentication move. For extra data, see Signing in with a device. Configure your person pool to remember devices within the Sign-in menu of your person pool, underneath Device tracking. Your consumer pool does not prompt customers to recollect devices after they sign in.

When your app confirms a user's machine, your person pool all the time remembers the gadget and doesn't return MFA challenges on future profitable device signal-ins. When your app confirms a consumer's machine, your person pool does not robotically suppress MFA challenges. It's essential to immediate your consumer to choose whether or not they need to recollect the machine. If you choose Always remember or User Opt-In, Amazon Cognito generates a gadget-identifier key and secret every time a consumer signs in from an unidentified system. The system key is the preliminary identifier that your app sends to your user pool when your person performs gadget authentication. With every confirmed user gadget, whether remembered robotically or opted-in, you should utilize the machine-identifier key and secret to authenticate a device on each user sign-in. You may also configure remembered-gadget settings to your user pool in a CreateUserPool or UpdateUserPool API request. For extra data, see the DeviceConfiguration property. The Amazon Cognito person swimming pools API has additional operations for remembered units.

1. ListDevices and AdminListDevices return an inventory of the system keys and their metadata for a consumer. 2. GetDevice and AdminGetDevice return the device key and metadata for a single device. 3. UpdateDeviceStatus and AdminUpdateDeviceStatus set a person's gadget as remembered or not remembered. 4. ForgetDevice and AdminForgetDevice take away a consumer's confirmed device from their profile. API operations with names that start with Admin are to be used in server-aspect apps and must be authorized with IAM credentials. For more data, see Understanding API, iTagPro geofencing OIDC, and iTagPro geofencing managed login pages authentication. KEY, ItagPro Amazon Cognito returns a brand new device key in the response. In your public client-aspect app, place the system key in app storage so that you can include it in future requests. In your confidential server-side app, set a browser cookie or another shopper-aspect token with your user’s system key. Before your person can sign up with their trusted gadget, your app should confirm the gadget key and provide additional information. Generate a ConfirmDevice request to Amazon Cognito that confirms your user’s system with the device key, a pleasant identify, password verifier, and a salt.

If you happen to configured your person pool for opt-in gadget authentication, Amazon Cognito responds to your ConfirmDevice request with a immediate that your user should choose whether or not to remember the current machine. Respond along with your user’s selection in an UpdateDeviceStatus request. If you verify your user’s gadget but don’t set it as remembered, Amazon Cognito stores the association but proceeds with non-device sign-in if you provide the system key. Devices can generate logs which are useful for consumer security and troubleshooting. A confirmed however unremembered system doesn’t take advantage of the signal-in characteristic, however does reap the benefits of the security monitoring logs function. While you activate risk safety for your app consumer and encode a machine fingerprint into your request, Amazon Cognito associates user occasions with the confirmed device. 1. Start your user’s sign-in session with an InitiateAuth API request. 2. Respond to all authentication challenges with RespondToAuthChallenge until you obtain JSON net tokens (JWTs) that mark your user’s sign-in session complete.