I am developing a react native mobile app. I want my user to login in one device with one account. If a user tries to login to another mobile device with same account, he should be logout from the first mobile device. but official docs of AWS cognito provide two options either logout or global logout. In global logout it logs user out from device 1 and 2 both. what is expected If a user logs in second mobile device it should automatically be logout from the other one.
2
Answers
When a user goes to log in in a device, you could globally sign them out before attempting to sign them in on that specific device. You’d have to wait for the admin-user-global-sign-out request to complete before attempting to sign them in or you might encounter some bugs, but that should work. AWS doesn’t keep any server-side identifiers for devices that allow you to sign out of a single specific device, so this would be your only option. In other words, there isn’t an out-of-the-box solution to do what you want with Cognito. If you didn’t want to globally sign a user out on every login attempt, you could add a custom attribute to the User Pool when a user signs in, and on login check if this attribute is set. If yes, force logout all devices.
You can achieve through AdminUserGlobalSignOutAPI. By calling AdminUserGlobalSignOutAPI, it’s signed out from all devices. It revokes all refresh tokens issued from AWS cognito.
The pre-authentication lambda trigger is triggered by Cognito when the client tries to log in. When Cognito calls the trigger, Cognito sends a JSON record containing information about the client trying to log in. Specifically, Cognito sends the client pool ID and username for the Lambda trigger. These two pieces of data are required to call the AdminUserGlobalSignOutAPI.
you can try this code on your pre-authentication lambda trigger