Hi, my Cognito "User pool" is configured with: ALLOW_USER_SRP_AUTH+ALLOW_REFRESH_TOKEN_AUTH and Device tracking=always remember (+MFA enabled). However, during sign-in, whether through local Cognito users or federated Facebook users, the devices for the users are not getting registered. Running the CLI command "aws cognito-idp admin-list-devices --user-pool-id eu-myPoolID --username facebook_myFBuser" consistently returns "Devices":[]".
When I attempt to manually add a device from the CLI using the command: "aws cognito-idp update-device-status --access-token eyJra[….]xyz --device-key exampleWord_1a2b3c-4d", I encounter the following error: "An error occurred (NotAuthorizedException) when calling the UpdateDeviceStatus operation: Access Token does not have required scopes".
I'm uncertain about which "scope" is required for the command: "aws cognito-idp update-device-status". Currently, in the "OpenID connect scopes" section, I have email, OpenID, and Phone activated. I also tried adding "Profile" and "aws.cognito.signin.user.admin", but this hasn't addressed the issue.
Can anyone advise on the additional steps needed to successfully add a user's device to my Cognito User Pool?
Thank you,
Alessandro
AWS OFFICIALUpdated 9 months ago
