使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Is there a way to implement "remember this device" with a CUSTOM_AUTH flow?

0

We use a CUSTOM_AUTH flow, in order to do an email-based MFA code. All of that works fine, users can enter their code and login.

We want to implement "remember this device", and it appears that this behavior is not supported unless you use SMS or TOTP MFA. If I call setRememberDevice(), it does seem to write cookies to my browser.

Is there a solution that allows me to detect if a user has set their RememberMe true, maybe something I can add to the DefineAuthChallenge Lambda that could detect this?

  • Andy Makely
    10 個月前

    I can see that the UserPool stores the user's device properties with Remembered: Yes, can a Lambda access that setting on subsequent logins?

  • Andy Makely
    10 個月前

    I can get the user's devices list from Cognito during the DefineAuthChallenge Lambda, but I cannot figure out how to get the current user's device key, in order to compare it with the remembered device stored on the Cognito user. If they match, I could choose to skip the email OTP code and just authenticate them.

主題
安全性、身分識別與合規
標籤
多重身分驗證Amazon Cognito User Pools
語言
English
Andy Makely
已提問 10 個月前檢視次數 398 次
1 個回答
0

Hi,

Yes, you can follow this knowledge center document: https://repost.aws/knowledge-center/cognito-user-pool-remembered-devices

Jeff

AWS
Jeff Lombardo-AWS
已回答 10 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容