interface DeviceConfigurationProperty
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.Cognito.CfnUserPool.DeviceConfigurationProperty |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awscognito#CfnUserPool_DeviceConfigurationProperty |
Java | software.amazon.awscdk.services.cognito.CfnUserPool.DeviceConfigurationProperty |
Python | aws_cdk.aws_cognito.CfnUserPool.DeviceConfigurationProperty |
TypeScript | aws-cdk-lib » aws_cognito » CfnUserPool » DeviceConfigurationProperty |
The device-remembering configuration for a user pool.
A DescribeUserPool request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a ConfirmDevice API request. Additionally. when the property DeviceOnlyRememberedOnUserPrompt
is true
, you must follow ConfirmDevice
with an UpdateDeviceStatus API request that sets the user's device to remembered
or not_remembered
.
To sign in with a remembered device, include DEVICE_KEY
in the authentication parameters in your user's InitiateAuth request. If your app doesn't include a DEVICE_KEY
parameter, the response from Amazon Cognito includes newly-generated DEVICE_KEY
and DEVICE_GROUP_KEY
values under NewDeviceMetadata
. Store these values to use in future device-authentication requests.
When you provide a value for any property of
DeviceConfiguration
, you activate the device remembering for the user pool.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_cognito as cognito } from 'aws-cdk-lib';
const deviceConfigurationProperty: cognito.CfnUserPool.DeviceConfigurationProperty = {
challengeRequiredOnNewDevice: false,
deviceOnlyRememberedOnUserPrompt: false,
};
Properties
Name | Type | Description |
---|---|---|
challenge | boolean | IResolvable | When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). |
device | boolean | IResolvable | When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request. |
challengeRequiredOnNewDevice?
Type:
boolean |
IResolvable
(optional)
When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
Whether or not
ChallengeRequiredOnNewDevice
is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.
deviceOnlyRememberedOnUserPrompt?
Type:
boolean |
IResolvable
(optional)
When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.
When DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito immediately remembers devices that you register in a ConfirmDevice
API request.