CognitoIdentityProvider / Client / confirm_device

confirm_device#

CognitoIdentityProvider.Client.confirm_device(**kwargs)#

Confirms a device that a user wants to remember. A remembered device is a “Remember me on this device” option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user’s access token. It must include the scope aws.cognito.signin.user.admin.

Note

Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

See also: AWS API Documentation

Request Syntax

response = client.confirm_device(
    AccessToken='string',
    DeviceKey='string',
    DeviceSecretVerifierConfig={
        'PasswordVerifier': 'string',
        'Salt': 'string'
    },
    DeviceName='string'
)
Parameters:
  • AccessToken (string) –

    [REQUIRED]

    A valid access token that Amazon Cognito issued to the user whose device you want to confirm.

  • DeviceKey (string) –

    [REQUIRED]

    The unique identifier, or device key, of the device that you want to update the status for.

  • DeviceSecretVerifierConfig (dict) –

    The configuration of the device secret verifier.

    • PasswordVerifier (string) –

      A password verifier for a user’s device. Used in SRP authentication.

    • Salt (string) –

      The salt that you want to use in SRP authentication with the user’s device.

  • DeviceName (string) – A friendly name for the device, for example MyMobilePhone.

Return type:

dict

Returns:

Response Syntax

{
    'UserConfirmationNecessary': True|False
}

Response Structure

  • (dict) –

    The confirm-device response.

    • UserConfirmationNecessary (boolean) –

      When true, your user must confirm that they want to remember the device. Prompt the user for an answer. You must then make an UpdateUserDevice request that sets the device to remembered or not_remembered.

      When false, immediately sets the device as remembered and eligible for device authentication.

      You can configure your user pool to always remember devices, in which case this response is false, or to allow users to opt in, in which case this response is true. Configure this option under Device tracking in the Sign-in menu of your user pool. You can also configure this option with the DeviceConfiguration parameter of a CreateUserPool or UpdateUserPool request.

Exceptions