Interface CfnUserPool.IDeviceConfigurationProperty
The device-remembering configuration for a user pool.
Namespace: Amazon.CDK.AWS.Cognito
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IDeviceConfigurationProperty
Syntax (vb)
Public Interface IDeviceConfigurationProperty
Remarks
A DescribeUserPool request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a ConfirmDevice API request. Additionally. when the property DeviceOnlyRememberedOnUserPrompt
is true
, you must follow ConfirmDevice
with an UpdateDeviceStatus API request that sets the user's device to remembered
or not_remembered
.
To sign in with a remembered device, include DEVICE_KEY
in the authentication parameters in your user's InitiateAuth request. If your app doesn't include a DEVICE_KEY
parameter, the response from Amazon Cognito includes newly-generated DEVICE_KEY
and DEVICE_GROUP_KEY
values under NewDeviceMetadata
. Store these values to use in future device-authentication requests.
When you provide a value for any property of DeviceConfiguration
, you activate the device remembering for the user pool.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Cognito;
var deviceConfigurationProperty = new DeviceConfigurationProperty {
ChallengeRequiredOnNewDevice = false,
DeviceOnlyRememberedOnUserPrompt = false
};
Synopsis
Properties
ChallengeRequiredOnNewDevice | When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). |
DeviceOnlyRememberedOnUserPrompt | When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request. |
Properties
ChallengeRequiredOnNewDevice
When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
virtual object ChallengeRequiredOnNewDevice { get; }
Property Value
System.Object
Remarks
Whether or not ChallengeRequiredOnNewDevice
is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.
DeviceOnlyRememberedOnUserPrompt
When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.
virtual object DeviceOnlyRememberedOnUserPrompt { get; }
Property Value
System.Object
Remarks
When DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito immediately remembers devices that you register in a ConfirmDevice
API request.