Working with User Devices in Your User Pool > 자유게시판

• 목록
• 답변
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

When you check in local person pool customers with the Amazon Cognito person swimming pools API, you can associate your users’ exercise logs from menace safety with each of their devices and, optionally, permit your users to skip multi-factor authentication (MFA) if they’re on a trusted system. Amazon Cognito includes a machine key in the response to any sign-in that doesn’t already embody machine info. UUID. With a gadget key, a Secure Remote Password (SRP) library, and a consumer pool that permits gadget authentication, you possibly can immediate customers in your app to belief the current machine and no longer immediate for an MFA code at sign-in. With Amazon Cognito user swimming pools, you possibly can associate each of your customers' gadgets with a singular device identifier: a gadget key. If you present the system key and perform system authentication at sign-in, iTagPro tracker you can configure your application with a trusted device authentication circulation. In this circulate, your utility can present a alternative to customers to sign up with out MFA until a later time, as determined by the security requirements of your app or the preferences of your customers.

At the end of that time interval, itagpro tracker your utility must change the system standing to not remembered and the consumer should sign up with MFA till they verify that they want to recollect a gadget. For instance, your application might prompt your customers to belief a system for 30, ItagPro 60, or 90 days. You may store this date in a customized attribute and iTagPro tracker on that date, change the remembered standing of their system. You must then re-immediate your user to submit an MFA code and iTagPro tracker set the system to be remembered again after profitable authentication. 1. Remembered devices can override MFA only in user swimming pools with MFA energetic. When your user indicators in with a remembered device, you should carry out a further system authentication during their authentication circulate. For more data, see Signing in with a device. Configure your user pool to remember units within the Sign-in menu of your person pool, under Device monitoring. Your user pool does not immediate customers to recollect units once they check in.

When your app confirms a user's device, your person pool at all times remembers the gadget and would not return MFA challenges on future successful device sign-ins. When your app confirms a person's machine, your consumer pool does not routinely suppress MFA challenges. You need to prompt your consumer to choose whether they want to remember the gadget. Whenever you choose Always remember or wireless tag finder User Opt-In, Amazon Cognito generates a machine-identifier key and secret each time a person indicators in from an unidentified system. The system key is the preliminary identifier that your app sends to your person pool when your consumer performs gadget authentication. With each confirmed person gadget, whether or not remembered mechanically or opted-in, you should utilize the gadget-identifier key and secret to authenticate a device on every consumer sign-in. You may also configure remembered-device settings for your consumer pool in a CreateUserPool or UpdateUserPool API request. For more data, see the DeviceConfiguration property. The Amazon Cognito user swimming pools API has further operations for iTagPro tracker remembered devices.

1. ListDevices and AdminListDevices return a list of the machine keys and their metadata for a consumer. 2. GetDevice and AdminGetDevice return the gadget key and metadata for a single system. 3. UpdateDeviceStatus and AdminUpdateDeviceStatus set a consumer's machine as remembered or not remembered. 4. ForgetDevice and AdminForgetDevice remove a user's confirmed device from their profile. API operations with names that begin with Admin are for use in server-facet apps and should be authorized with IAM credentials. For more data, pet gps alternative see Understanding API, ItagPro OIDC, and managed login pages authentication. KEY, Amazon Cognito returns a brand iTagPro tracker new system key within the response. In your public client-aspect app, place the gadget key in app storage so as to embody it in future requests. In your confidential server-facet app, set a browser cookie or another consumer-side token with your user’s system key. Before your consumer can check in with their trusted gadget, iTagPro smart device your app should confirm the machine key and provide additional data. Generate a ConfirmDevice request to Amazon Cognito that confirms your user’s device with the machine key, a pleasant title, password verifier, and a salt.

If you happen to configured your consumer pool for choose-in machine authentication, Amazon Cognito responds to your ConfirmDevice request with a immediate that your consumer should select whether to recollect the current system. Respond along with your user’s choice in an UpdateDeviceStatus request. When you verify your user’s machine but don’t set it as remembered, Amazon Cognito shops the affiliation however proceeds with non-machine signal-in if you present the system key. Devices can generate logs that are useful for person safety and troubleshooting. A confirmed however unremembered gadget doesn’t reap the benefits of the signal-in characteristic, but does reap the benefits of the safety monitoring logs feature. While you activate risk protection on your app consumer and encode a system fingerprint into your request, Amazon Cognito associates person occasions with the confirmed gadget. 1. Start your user’s sign-in session with an InitiateAuth API request. 2. Respond to all authentication challenges with RespondToAuthChallenge until you obtain JSON internet tokens (JWTs) that mark your user’s signal-in session complete.