Add a method to retrieve the device key for the currently logged-in device.

[sungwonshinn]

Is your feature request related to a problem? Please describe.

Currently, there seems no way to get the device key for the currently logged-in device. I believe this was available from the

Describe the solution you'd like

Under Auth, implement currentDeviceId or currentDeviceKey property to return the current device id or key.

Describe alternatives you've considered

If there is a way to retrieve this via Cognito API, but I wasn't able to find this. Amplify Auth.fetchDevices seems to fetch only the trusted devices. The non-trusted tracked devices do not get listed.
Also, Hub sign-in event's payload doesn't seem to have event data attached.

Is the feature request related to any of the existing Amplify categories?

Auth

Additional context

We use InitiateAuth from the app extension and Siri to login like this:

The refresh token and device key is shared via app group registry by the main iPhone app.

InitiateAuthInput(
  authFlow: .refreshTokenAuth,
  authParameters: [
      "REFRESH_TOKEN": "xxxx",
      "DEVICE_KEY": "xxxx"
  ],
  clientId: clientId)

[5d]

Hi @sungwonshinn, thanks for opening this issue. The team will take a look and post here once we have an update.

[github-actions]

This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you!

[harsh62]

@sungwonshinn This is something that is not supported in Amplify and is an internal implementation detail. Could you share a more detailed example of how Amplify and InitateAuthAPI is being used in your use case? I am looking to understand how you are passing the refresh token to your extension? And in the extension how are you creating the request to the SDK directly?
Amplify also has an open feature request that will allow sharing of sessions with extensions in the future using App Groups. #2508

[sungwonshinn]

@harsh62 We use app group with shared keychain items to pass user name and password. Then our app extension and Siri extension use the user credential to log in with InitiateAuth.

This works fairly well, but when MFA is enabled, app extension and Siri extension can't respond to the MFA auth challenge during signin with user name and password.
But, with InitiateAuth with the refresh token auth method with the refresh token and the device key passed from the main app will work and we use the access token for our REST API access.

[harsh62]

As I said earlier, device key is something that is not exposed using any of the Amplify API's. If #2508 ends up getting implemented, you should then just be able to do Amplify.fetchAuthSession to refresh the token. Please keep watching the issue for more udpates.

[sungwonshinn]

@harsh62 I'm not sure #2508 will help my use case fully. Also, device key was available via AwsMobileClient.deviceOperations.get() in the previous releases. I think the device key info should not be encapsulated from the API users because the current AuthDevice in Amplify does not expose enough information such as device attributes. To get that, Cognito GetDevice API with device key via the escape hatch has to be used to get the device attributes. So, #2508 won't help in that scenario.

[harsh62]

I'm not sure #2508 will help my use case fully.

If Amplify starts supporting App Groups, it will allow session sharing between extensions. Thereby not needing to call InitAuth to refresh tht token. Amplify will just pick up the cached credentials from the app group and refresh credentials. Hence, not needing the device details.

Also, device key was available via AwsMobileClient.deviceOperations.get() in the previous releases

Since this was something that was available with escape hatch in Amplify V1, I will talk internally with the team to possibly add this capability in Amplify V2.

The current AuthDevice in Amplify does not expose enough information such as device attributes

To get more details about Cognito devices, you would need to cast AuthDevice to AWSAuthDevice to get more details such as attributes, and more (It still doesn't have the device key, which we can add if it solves your use case).

To get that, Cognito GetDevice API with device key via the escape hatch has to be used to get the device attributes

When you use GetDevice, how do you get the key which is passed as an input to the API?

---

I hope my answers provide more clarity.

[sungwonshinn]

@harsh62 Thank you for the detailed answer. I really appreciate that you are looking into this.

Since this was something that was available with escape hatch in Amplify V1, I will talk internally with the team to possibly add this capability in Amplify V2.

Thank you. I hope this gets implemented.

To get more details about Cognito devices, you would need to cast AuthDevice to AWSAuthDevice to get more details such as attributes, and more (It still doesn't have the device key, which we can add if it solves your use case).

I didn't know about AWSAuthDevice. It's more useful than AuthDevice. The Auth.fetchDevices seems to return only the remembered devices but tracked and not-remembered devices are not included. So, I wouldn't necessarily find which one is the current device even if I have the device key when I'm going to iterate the devices.

When you use GetDevice, how do you get the key which is passed as an input to the API?

No I don't have the key. That's why I requested for making the device key available.