issue with device management

Before opening, please confirm:

[X] I have searched for duplicate or closed issues and discussions.
[X] I have read the guide for submitting bug reports.
[X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Version

Amplify Categories

No response

Backend

None

Environment information

``` npx envinfo --system --binaries --browsers --npmPackages "{amazon-cognito-identity-js,aws-sdk,react,react-dom}" ```

Describe the bug

Hi,

I'm trying to understand if this is a bug or if the "Remember my device" feature is not supported with the amazon-cognito-identity-js library.

After implementing the "Remember my device" logic following MFA, I can see that my device is marked as "Remembered" in the "Device tracking log" section on the AWS platform.

However, the issue arises when I log out and attempt to log in again. I'm required to complete MFA once more, even though I expected the user.authenticateUser function to skip the MFA step because the device was remembered.

Here’s the code snippet I’m using to authenticate the user:

const authenticate = async (Username, Password) => {
  return new Promise((resolve, reject) => {
    const user = new CognitoUser({ Username, Pool });

    const authDetailsOptions = {
      Username,
      Password,
    };
    const deviceKey = localStorage.getItem(localStorageDeviceKey);
    if (deviceKey) {
      authDetailsOptions.AuthParameters = {
        DEVICE_KEY: deviceKey,
      };
    }
    // getCachedDeviceKeyAndPassword
    const authDetails = new AuthenticationDetails(authDetailsOptions);
    currentUser = user;
    user.authenticateUser(authDetails, authCB(resolve, reject));
  });
};

Despite setting the DEVICE_KEY parameter, I'm still prompted to complete MFA upon logging back in. I expected the user.authenticateUser function to recognize the device and bypass the MFA step if the device is remembered.

We have a large application with a significant amount of code that relies on the amazon-cognito-identity-js library, and we prefer not to switch to the aws-amplify library at this time.

Thank you!

Expected behavior

After the initial login with MFA and selecting the "Remember my device" option, I expect that when I log in again using the same device, the MFA step will be skipped. The user.authenticateUser function should recognize the device (using the DEVICE_KEY stored in localStorage) and proceed with authentication without prompting for MFA, as the device is marked as remembered in the AWS Cognito "Device tracking log."

Reproduction steps

Set up an AWS Cognito User Pool with MFA and device tracking enabled.
Implement the "Remember my device" feature in the login flow using amazon-cognito-identity-js.
Authenticate a user with MFA, ensuring the device is marked as remembered (as seen in the AWS "Device tracking log").
Log out the user. 5.Attempt to log in again using the same credentials, with the DEVICE_KEY retrieved from localStorage and passed in the authentication details as shown in the code snippet provided earlier.
Observe that the MFA step is still required, despite the device being remembered

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

israx / hello-world