Manage devices

Amplify Auth enables you to track devices your users use for auditing, MFA, and more. Before you begin it is important to understand the terminology for device statuses:

Tracked: Every time the user signs in with a new device, the client is given the device key at the end of a successful authentication event. We use this device key to generate a salt and password verifier which is used to call the ConfirmDevice API. At this point, the device is considered to be tracked. Once the device is in a tracked state, you can use the Amazon Cognito console to see the time it started to be tracked, last authentication time, and other information about that device.
Remembered: Remembered devices are also tracked. During user authentication, the device key and secret pair assigned to a remembered device is used to authenticate the device to verify that it is the same device that the user previously used to sign in.
Not Remembered: A not-remembered device is a tracked device where Cognito has been configured to require users to "Opt-in" to remember a device, but the user has not opt-ed in to having the device remembered. This use case is used for users signing into their application from a device that they don't own.
Forgotten: a forgotten device is one removed from being remembered

Note: device tracking and remembering features are not available when using federating sign-in with external providers as devices are tracked on the upstream identity provider. These features are also not available when using Cognito's Hosted UI.

Remember devices

You can remember devices using the following:

func rememberDevice() async {
        try await Amplify.Auth.rememberDevice()
        print("Remember device succeeded")
    } catch let error as AuthError {
        print("Remember device failed with error \(error)")
    } catch {
        print("Unexpected error: \(error)")

func rememberDevice() -> AnyCancellable {
    Amplify.Publisher.create {
        try await Amplify.Auth.rememberDevice()
    }.sink {
            if case let .failure(authError) = $0 {
                print("Remember device failed with error \(authError)")
        receiveValue: {
            print("Remember device succeeded")

Forget devices

You can also forget devices but note that forgotten devices are neither remembered nor tracked.

func forgetDevice() async {
        try await Amplify.Auth.forgetDevice()
        print("Forget device succeeded")
    } catch let error as AuthError {
        print("Forget device failed with error \(error)")
    } catch {
        print("Unexpected error: \(error)")

func forgetDevice() -> AnyCancellable {
    Amplify.Publisher.create {
        try await Amplify.Auth.forgetDevice()
    }.sink {
        if case let .failure(authError) = $0 {
            print("Forget device failed with error \(authError)")
    receiveValue: {
        print("Forget device succeeded")

Fetch devices

You can fetch a list of remembered devices by using the following:

func fetchDevices() async {
        let fetchDeviceResult = try await Amplify.Auth.fetchDevices()
        for device in fetchDeviceResult {
            print(device.id)
    } catch let error as AuthError {
        print("Fetch devices failed with error \(error)")
    } catch {
        print("Unexpected error: \(error)")

func fetchDevices() -> AnyCancellable {
    Amplify.Publisher.create {
        try await Amplify.Auth.fetchDevices()
    }.sink {
        if case let .failure(authError) = $0 {
            print("Fetch devices failed with error \(authError)")
    receiveValue: { fetchDeviceResult in
        for device in fetchDeviceResult {
            print(device.id)

You can now set up devices to be remembered, forgotten, and fetched.

Manage WebAuthn credentials

Manage users with Amplify console