aws-cdk-lib.aws_cognito.CfnUserPool.DeviceConfigurationProperty

interface DeviceConfigurationProperty

LanguageType name
.NETAmazon.CDK.AWS.Cognito.CfnUserPool.DeviceConfigurationProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscognito#CfnUserPool_DeviceConfigurationProperty
Javasoftware.amazon.awscdk.services.cognito.CfnUserPool.DeviceConfigurationProperty
Pythonaws_cdk.aws_cognito.CfnUserPool.DeviceConfigurationProperty
TypeScript aws-cdk-lib » aws_cognito » CfnUserPool » DeviceConfigurationProperty

The device-remembering configuration for a user pool.

A DescribeUserPool request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a ConfirmDevice API request. Additionally. when the property DeviceOnlyRememberedOnUserPrompt is true , you must follow ConfirmDevice with an UpdateDeviceStatus API request that sets the user's device to remembered or not_remembered .

To sign in with a remembered device, include DEVICE_KEY in the authentication parameters in your user's InitiateAuth request. If your app doesn't include a DEVICE_KEY parameter, the response from Amazon Cognito includes newly-generated DEVICE_KEY and DEVICE_GROUP_KEY values under NewDeviceMetadata . Store these values to use in future device-authentication requests.

When you provide a value for any property of DeviceConfiguration , you activate the device remembering for the user pool.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_cognito as cognito } from 'aws-cdk-lib';
const deviceConfigurationProperty: cognito.CfnUserPool.DeviceConfigurationProperty = {
  challengeRequiredOnNewDevice: false,
  deviceOnlyRememberedOnUserPrompt: false,
};

Properties

NameTypeDescription
challengeRequiredOnNewDevice?boolean | IResolvableWhen true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
deviceOnlyRememberedOnUserPrompt?boolean | IResolvableWhen true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.

challengeRequiredOnNewDevice?

Type: boolean | IResolvable (optional)

When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).

Whether or not ChallengeRequiredOnNewDevice is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.


deviceOnlyRememberedOnUserPrompt?

Type: boolean | IResolvable (optional)

When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.

When DeviceOnlyRememberedOnUserPrompt is false , Amazon Cognito immediately remembers devices that you register in a ConfirmDevice API request.