Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Apr 29, 2024

Remember a device

Amplify Android v1 is deprecated as of June 1st, 2024. No new features or bug fixes will be added. Dependencies may become outdated and potentially introduce compatibility issues.

Please use the latest version (v2) of Amplify Library for Android to get started. Refer to the upgrade guide for instructions on upgrading your application to the latest version.

Amplify libraries should be used for all new cloud connected applications. If you are currently using the AWS Mobile SDK for Android, you can access the documentation here.

Remembering a device is useful in conjunction with Multi-Factor Authentication (MFA). If MFA is enabled for an Amazon Cognito user pool, end users have to type in a security code received via e-mail or SMS each time they want to sign in. This increases security but comes at the expense of the user's experience.

Remembering a device allows the second factor requirement to be automatically met when the user signs in on that device, thereby reducing friction in the user experience.

Configure Auth Category

Device remembering functionality does not work if you use one of the web UI sign in methods.

To enable remembered device functionality, open the Cognito User Pool console. To do this, go to your project directory and issue the command:

amplify auth console

Select the following option to open the Cognito User Pool console:

? Which Console
User Pool

When the console opens, click on Devices from the left navigation menu, which will render the following page allowing you to configure your preference for remembering a user's device.

auth

Choose either Always or User Opt in depending on whether you want to remember a user's device by default or give the user the ability to choose.

If MFA is enabled for the Cognito user pool, you will have the option to suppress the second factor during multi-factor authentication. Choose Yes if you want a remembered device to be used as a second factor mechanism or No otherwise.

auth

When you have made your selection(s), click "Save changes". You are now ready to start updating your code to manage your remembered devices.

APIs

Remember Device

You can mark your device as remembered:

Amplify.Auth.rememberDevice(
() -> Log.i("AuthQuickStart", "Remember device succeeded"),
error -> Log.e("AuthQuickStart", "Remember device failed with error " + error.toString())
);
Amplify.Auth.rememberDevice(
{ Log.i("AuthQuickStart", "Remember device succeeded") },
{ Log.e("AuthQuickStart", "Remember device failed with error", it) }
)
try {
Amplify.Auth.rememberDevice()
Log.i("AuthQuickStart", "Remember device succeeded")
} catch (error: AuthException) {
Log.e("AuthQuickStart", "Remember device failed with error", error)
}
RxAmplify.Auth.rememberDevice()
.subscribe(
() -> Log.i("AuthQuickStart", "Remember device succeeded"),
error -> Log.e("AuthQuickStart", "Remember device failed with error " + error.toString())
);

Forget Device

You can forget your device by using the following API. Note that forgotten devices are neither remembered nor tracked. See below for the difference between remembered, forgotten and tracked.

Amplify.Auth.forgetDevice(
() -> Log.i("AuthQuickStart", "Forget device succeeded"),
error -> Log.e("AuthQuickStart", "Forget device failed with error " + error.toString())
);
Amplify.Auth.forgetDevice(
{ Log.i("AuthQuickStart", "Forget device succeeded") },
{ Log.e("AuthQuickStart", "Forget device failed with error", it) }
)
try {
Amplify.Auth.forgetDevice()
Log.i("AuthQuickStart", "Forget device succeeded")
} catch (error: AuthException) {
Log.e("AuthQuickStart", "Forget device failed with error", error)
}
RxAmplify.Auth.forgetDevice()
.subscribe(
() -> Log.i("AuthQuickStart", "Forget device succeeded"),
error -> Log.e("AuthQuickStart", "Forget device failed with error " + error.toString())
);

Fetch Devices

You can fetch a list of remembered devices by using the following:

Amplify.Auth.fetchDevices(
devices -> {
for (AuthDevice device : devices) {
Log.i("AuthQuickStart", "Device: " + device);
}
},
error -> Log.e("AuthQuickStart", "Fetch devices failed with error: " + error.toString()));
Amplify.Auth.fetchDevices(
{ devices ->
devices.forEach { Log.i("AuthQuickStart", "Device: " + it) }
},
{ Log.e("AuthQuickStart", "Fetch devices failed with error", it) }
)
try {
Amplify.Auth.fetchDevices().forEach { device ->
Log.i("AuthQuickStart", "Device: $device")
}
} catch (error: AuthException) {
Log.e("AuthQuickStart", "Fetch devices failed with error", error)
}
RxAmplify.Auth.fetchDevices()
.subscribe(
device -> Log.i("AuthQuickStart", "Device: " + device);
error -> Log.e("AuthQuickStart", "Fetch devices failed with error: " + error.toString())
);

Terminology

  • Tracked
    • Every time the user signs in with a new device, the client is given the device key at the end of a successful authentication event. We use this device key to generate a salt and password verifier which is used to call the ConfirmDevice API. At this point, the device is considered to be tracked. Once the device is in a tracked state, you can use the Amazon Cognito console to see the time it started to be tracked, last authentication time, and other information about that device.
  • Remembered
    • Remembered devices are also tracked. During user authentication, the device key and secret pair assigned to a remembered device is used to authenticate the device to verify that it is the same device that the user previously used to sign in.
  • Not Remembered
    • A not-remembered device is a tracked device where Cognito has been configured to require users to "Opt-in" to remember a device, but the user has not opt-ed in to having the device remembered. This use case is used for users signing into their application from a device that they don't own.
  • Forgotten
    • In the event that you no longer want to remember or track a device, you can use the Amplify.Auth.forgetDevice() API to remove this device from being both remembered and tracked.

Known Limitations

When using the federated OAuth flow with Cognito User Pools, the device tracking and remembering features are currently not available within the library.