Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS Cognito and empty device list

0

Hello,

I am using Cognito with TOTP. I have registered devices, TOTP functionality works, I get the TOTP popup with registered device which is linked to the user account, but I can't list devices registered during activation process. When I execute command to list devices, command returns empty list. Can You advise how this information can be collect ?

... $ aws cognito-idp list-devices --access-token e...2g { "Devices": [] }

https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/list-devices.html

br Jacko

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
Jacko
gefragt vor 2 Jahren410 Aufrufe
3 Antworten
0

Does your CLI user have sufficient IAM access to view the needed Cognito resources?

profile picture
kyager
beantwortet vor 2 Jahren
0

Hello,

I don't' get any errors regarding permissions issue, so I didn't considered it may be the problem. Just in case which IAM access should be valid for these operations ?

br Jacko

Jacko
beantwortet vor 2 Jahren
  • kyager
    vor 2 Jahren

    AWS is pretty bad at giving permission errorsand sometimes doesn't even tell you you're missing them. I don't know if thats the actual issue in question, but it's usually the first place I check when troubleshooting things like this.

    I would check to see if you have cognito-idp:ListDevices there may be other permissions that are needed, that may require some research on your end, such as cognito-idp:AdminListDevices.

0

Please confirm if you have device tracking enabled in your user pool. YOu can use it to suppress MFA on remembered. This is not enabled by default. Please see below:

https://aws.amazon.com/blogs/mobile/tracking-and-remembering-devices-using-amazon-cognito-your-user-pools/

AWS
Pravo
beantwortet vor 2 Jahren
  • Jacko
    vor 2 Jahren

    Yes I do have user's devices set Always remember, but device list is not updated either after successful TOTP device registration or after TOTP successfull authentication. I just wonder at this point if this feature is actually limited only to track devices from the MFA using SMS option ? Has anyone got an example of the User pool setup where devices list is working and device key is saved under devices .

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt