Working with User Devices in Your User Pool > 자유게시판

• 목록
• 답변
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

Whenever you register local person pool users with the Amazon Cognito person pools API, you possibly can affiliate your users’ exercise logs from risk protection with every of their units and, optionally, permit your users to skip multi-factor authentication (MFA) if they’re on a trusted system. Amazon Cognito features a device key within the response to any sign-in that doesn’t already embrace gadget data. UUID. With a gadget key, a Secure Remote Password (SRP) library, and a person pool that permits device authentication, you'll be able to immediate customers in your app to belief the current device and now not immediate for an MFA code at signal-in. With Amazon Cognito consumer swimming pools, you possibly can affiliate every of your users' units with a singular system identifier: a device key. Whenever you current the gadget key and perform gadget authentication at signal-in, you possibly can configure your application with a trusted system authentication stream. In this move, your software can present a alternative to customers to sign up with out MFA until a later time, as determined by the safety necessities of your app or the preferences of your customers.

At the tip of that point interval, iTagPro smart tracker your utility should change the machine status to not remembered and the user should register with MFA until they affirm that they need to recollect a gadget. For example, your application would possibly immediate your users to belief a system for 30, 60, or ninety days. You possibly can retailer this date in a custom attribute and on that date, change the remembered status of their system. You should then re-immediate your person to submit an MFA code and set the device to be remembered again after successful authentication. 1. Remembered gadgets can override MFA solely in consumer pools with MFA lively. When your person indicators in with a remembered system, it's essential to perform an extra device authentication throughout their authentication movement. For iTagPro extra data, see Signing in with a device. Configure your user pool to recollect gadgets in the Sign-in menu of your consumer pool, iTagPro smart tracker underneath Device monitoring. Your person pool does not prompt users to recollect devices once they register.

When your app confirms a person's device, your user pool at all times remembers the system and doesn't return MFA challenges on future successful device signal-ins. When your app confirms a person's device, your consumer pool does not robotically suppress MFA challenges. You should prompt your person to choose whether they want to remember the system. When you select Always remember or User Opt-In, Amazon Cognito generates a device-identifier key and secret every time a user signs in from an unidentified system. The gadget key is the initial identifier that your app sends to your consumer pool when your consumer performs device authentication. With each confirmed user machine, whether or iTagPro bluetooth tracker not remembered routinely or iTagPro features opted-in, you can use the system-identifier key and secret to authenticate a gadget on every consumer signal-in. You can also configure remembered-device settings in your person pool in a CreateUserPool or UpdateUserPool API request. For more information, see the DeviceConfiguration property. The Amazon Cognito person pools API has additional operations for remembered gadgets.

1. ListDevices and AdminListDevices return an inventory of the machine keys and their metadata for a person. 2. GetDevice and iTagPro geofencing AdminGetDevice return the system key and metadata for a single gadget. 3. UpdateDeviceStatus and AdminUpdateDeviceStatus set a user's system as remembered or not remembered. 4. ForgetDevice and AdminForgetDevice remove a user's confirmed machine from their profile. API operations with names that start with Admin are to be used in server-aspect apps and must be authorized with IAM credentials. For more info, see Understanding API, OIDC, and managed login pages authentication. KEY, iTagPro smart tracker Amazon Cognito returns a new system key in the response. In your public shopper-facet app, place the machine key in app storage so as to embrace it in future requests. In your confidential server-facet app, set a browser cookie or another consumer-side token with your user’s device key. Before your person can sign in with their trusted system, your app should affirm the system key and supply additional data. Generate a ConfirmDevice request to Amazon Cognito that confirms your user’s device with the machine key, a pleasant identify, affordable item tracker password verifier, and a salt.

In case you configured your person pool for decide-in gadget authentication, Amazon Cognito responds to your ConfirmDevice request with a immediate that your consumer should choose whether to recollect the current gadget. Respond with your user’s selection in an UpdateDeviceStatus request. Once you confirm your user’s gadget but don’t set it as remembered, Amazon Cognito shops the affiliation but proceeds with non-system sign-in whenever you provide the machine key. Devices can generate logs that are useful for user safety and troubleshooting. A confirmed however unremembered gadget doesn’t make the most of the sign-in feature, but does take advantage of the security monitoring logs feature. Once you activate threat protection to your app shopper and encode a machine fingerprint into your request, Amazon Cognito associates user events with the confirmed machine. 1. Start your user’s sign-in session with an InitiateAuth API request. 2. Reply to all authentication challenges with RespondToAuthChallenge until you receive JSON net tokens (JWTs) that mark your user’s sign-in session complete.