CognitoIdentityProvider / Client / list_web_authn_credentials

list_web_authn_credentials#

CognitoIdentityProvider.Client.list_web_authn_credentials(**kwargs)#

Generates a list of the currently signed-in user’s registered passkey, or WebAuthn, credentials.

Authorize this action with a signed-in user’s access token. It must include the scope aws.cognito.signin.user.admin.

Note

Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

See also: AWS API Documentation

Request Syntax

response = client.list_web_authn_credentials(
    AccessToken='string',
    NextToken='string',
    MaxResults=123
)
Parameters:

  • AccessToken (string) –

    [REQUIRED]

    A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

  • NextToken (string) – This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

  • MaxResults (integer) – The maximum number of the user’s passkey credentials that you want to return.

Return type:

dict

Returns:

Response Syntax

{
    'Credentials': [
        {
            'CredentialId': 'string',
            'FriendlyCredentialName': 'string',
            'RelyingPartyId': 'string',
            'AuthenticatorAttachment': 'string',
            'AuthenticatorTransports': [
                'string',
            ],
            'CreatedAt': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • Credentials (list) –

      A list of registered passkeys for a user.

      • (dict) –

        The details of a passkey, or webauthN, biometric or security-key authentication factor for a user.

        • CredentialId (string) –

          The unique identifier of the passkey credential.

        • FriendlyCredentialName (string) –

          An automatically-generated friendly name for the passkey credential.

        • RelyingPartyId (string) –

          The relying-party ID of the provider for the passkey credential.

        • AuthenticatorAttachment (string) –

          The general category of the passkey authenticator. Can be a platform, or on-device authenticator like a built-in fingerprint scanner, or a cross-platform device that’s not attached to the device like a Bluetooth security key.

        • AuthenticatorTransports (list) –

          Information about the transport methods of the passkey credential, for example USB or Bluetooth Low Energy.

          • (string) –

        • CreatedAt (datetime) –

          The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

    • NextToken (string) –

      The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

Exceptions