Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

AWS Cognito and empty device list

0

Hello,

I am using Cognito with TOTP. I have registered devices, TOTP functionality works, I get the TOTP popup with registered device which is linked to the user account, but I can't list devices registered during activation process. When I execute command to list devices, command returns empty list. Can You advise how this information can be collect ?

... $ aws cognito-idp list-devices --access-token e...2g { "Devices": [] }

https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/list-devices.html

br Jacko

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon Cognito
Idioma
English
Jacko
preguntada hace 2 años410 visualizaciones
3 Respuestas
0

Does your CLI user have sufficient IAM access to view the needed Cognito resources?

profile picture
kyager
respondido hace 2 años
0

Hello,

I don't' get any errors regarding permissions issue, so I didn't considered it may be the problem. Just in case which IAM access should be valid for these operations ?

br Jacko

Jacko
respondido hace 2 años
  • kyager
    hace 2 años

    AWS is pretty bad at giving permission errorsand sometimes doesn't even tell you you're missing them. I don't know if thats the actual issue in question, but it's usually the first place I check when troubleshooting things like this.

    I would check to see if you have cognito-idp:ListDevices there may be other permissions that are needed, that may require some research on your end, such as cognito-idp:AdminListDevices.

0

Please confirm if you have device tracking enabled in your user pool. YOu can use it to suppress MFA on remembered. This is not enabled by default. Please see below:

https://aws.amazon.com/blogs/mobile/tracking-and-remembering-devices-using-amazon-cognito-your-user-pools/

AWS
Pravo
respondido hace 2 años
  • Jacko
    hace 2 años

    Yes I do have user's devices set Always remember, but device list is not updated either after successful TOTP device registration or after TOTP successfull authentication. I just wonder at this point if this feature is actually limited only to track devices from the MFA using SMS option ? Has anyone got an example of the User pool setup where devices list is working and device key is saved under devices .

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante