Working with User Devices in Your User Pool > 자유게시판

• 목록
• 답변
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

While you check in native user pool users with the Amazon Cognito consumer pools API, you may affiliate your users’ exercise logs from menace safety with each of their devices and, optionally, enable your customers to skip multi-issue authentication (MFA) if they’re on a trusted system. Amazon Cognito includes a device key in the response to any sign-in that doesn’t already embody system info. UUID. With a device key, a Secure Remote Password (SRP) library, and a user pool that permits machine authentication, you can immediate users in your app to belief the present gadget and now not immediate for an MFA code at signal-in. With Amazon Cognito consumer swimming pools, you can affiliate each of your users' units with a unique gadget identifier: a device key. When you present the system key and perform machine authentication at signal-in, you can configure your software with a trusted system authentication circulate. On this movement, your application can present a selection to users to sign up with out MFA until a later time, as determined by the safety necessities of your app or the preferences of your customers.

At the end of that time period, your software must change the system status to not remembered and the user should sign up with MFA till they verify that they need to recollect a gadget. For instance, your utility may immediate your users to belief a gadget for 30, 60, or 90 days. You can retailer this date in a custom attribute and on that date, change the remembered status of their device. You must then re-prompt your user to submit an MFA code and set the system to be remembered once more after successful authentication. 1. Remembered devices can override MFA only in person swimming pools with MFA energetic. When your consumer signs in with a remembered system, you need to perform an extra gadget authentication during their authentication flow. For iTagPro bluetooth tracker extra info, see Signing in with a device. Configure your consumer pool to remember devices in the Sign-in menu of your person pool, under Device monitoring. Your person pool does not prompt users to remember devices once they register.

When your app confirms a user's system, your consumer pool always remembers the system and does not return MFA challenges on future profitable gadget signal-ins. When your app confirms a person's system, your person pool would not routinely suppress MFA challenges. You will need to prompt your consumer to choose whether they want to recollect the machine. While you select Always remember or User Opt-In, Amazon Cognito generates a machine-identifier key and secret each time a person signs in from an unidentified machine. The device key is the preliminary identifier that your app sends to your user pool when your consumer performs machine authentication. With every confirmed consumer gadget, whether remembered robotically or ItagPro opted-in, you should use the device-identifier key and secret to authenticate a gadget on every user sign-in. You may as well configure remembered-device settings to your consumer pool in a CreateUserPool or iTagPro smart tracker UpdateUserPool API request. For more info, see the DeviceConfiguration property. The Amazon Cognito consumer pools API has additional operations for remembered units.

1. ListDevices and AdminListDevices return a listing of the gadget keys and their metadata for a person. 2. GetDevice and AdminGetDevice return the device key and metadata for a single gadget. 3. UpdateDeviceStatus and AdminUpdateDeviceStatus set a consumer's machine as remembered or not remembered. 4. ForgetDevice and AdminForgetDevice remove a person's confirmed machine from their profile. API operations with names that begin with Admin are for use in server-side apps and must be authorized with IAM credentials. For extra info, see Understanding API, OIDC, and managed login pages authentication. KEY, Amazon Cognito returns a brand new gadget key in the response. In your public consumer-aspect app, place the system key in app storage to be able to embody it in future requests. In your confidential server-facet app, iTagPro smart tracker set a browser cookie or another consumer-side token with your user’s system key. Before your user can sign in with their trusted machine, your app should confirm the machine key and provide additional info. Generate a ConfirmDevice request to Amazon Cognito that confirms your user’s system with the gadget key, a pleasant title, password verifier, and a salt.

If you configured your consumer pool for choose-in gadget authentication, Amazon Cognito responds to your ConfirmDevice request with a prompt that your consumer should select whether to recollect the current system. Respond along with your user’s choice in an UpdateDeviceStatus request. If you confirm your user’s machine but don’t set it as remembered, Amazon Cognito shops the affiliation however proceeds with non-system sign-in whenever you present the device key. Devices can generate logs which can be helpful for person safety and troubleshooting. A confirmed however unremembered gadget doesn’t take advantage of the signal-in feature, iTagPro smart tracker however does take advantage of the safety monitoring logs function. If you activate risk safety for your app shopper and encode a machine fingerprint into your request, Amazon Cognito associates user occasions with the confirmed system. 1. Start your user’s signal-in session with an InitiateAuth API request. 2. Reply to all authentication challenges with RespondToAuthChallenge till you receive JSON internet tokens (JWTs) that mark your user’s sign-in session complete.