We are using the Cognito Auth SDK for Javascript with a SPA application. We are using this library out of a desire to use a standards-based approach to authentication against AWS Cognito--OpenID Connect support. We are using the OIDC Authorization Code Flow to authenticate users. Things are mostly working the way that we'd like. However, we'd like to be able to use device tracking to override the need for SMS Multi-Factor Authentication (MFA). This is all functionality supported by AWS Cognito User Pools, but per this issue device tracking has been added to the Auth SDK yet.
We need to add this functionality. I've been looking at the device tracking in the Identity SDK. The logic that obtains a deviceKey seems to be called when you call authenticateUser, which requires a username and password. If I authenticate the user with the Auth SDK and then call CognitoUser.getSession() using the Identity SDK, I can get a valid session object back, based on the cached tokens. So, there is some compatibility between the two libraries. However, it isn't clear how to use that library to get a new deviceKey after authenticating with the Auth SDK.
How might one go about making this work?
Or, if the functionality is going to be available in the near future as noted in issue #19, that is great and maybe we could wait for that.
Hello.
We are using the Cognito Auth SDK for Javascript with a SPA application. We are using this library out of a desire to use a standards-based approach to authentication against AWS Cognito--OpenID Connect support. We are using the OIDC Authorization Code Flow to authenticate users. Things are mostly working the way that we'd like. However, we'd like to be able to use device tracking to override the need for SMS Multi-Factor Authentication (MFA). This is all functionality supported by AWS Cognito User Pools, but per this issue device tracking has been added to the Auth SDK yet.
We need to add this functionality. I've been looking at the device tracking in the Identity SDK. The logic that obtains a deviceKey seems to be called when you call authenticateUser, which requires a username and password. If I authenticate the user with the Auth SDK and then call CognitoUser.getSession() using the Identity SDK, I can get a valid session object back, based on the cached tokens. So, there is some compatibility between the two libraries. However, it isn't clear how to use that library to get a new deviceKey after authenticating with the Auth SDK.
How might one go about making this work?
Or, if the functionality is going to be available in the near future as noted in issue #19, that is great and maybe we could wait for that.
Thank you for your time.
RCBJ