Trusted Devices
Production - DeviceController - trust, untrust, block endpoints
Trusted devices can bypass MFA challenges during login (when conditional MFA policies allow it). Users can manage their trusted device list, and administrators can block suspicious devices.
6.7.5Trust Management
List Trusted Devices
curl -X GET http://localhost:8081/api/v1/devices/trusted \
-H "Authorization: Bearer <access-token>"Trust a Device
curl -X POST http://localhost:8081/api/v1/devices/1/trust \
-H "Authorization: Bearer <access-token>"Returns 400 if the maximum trusted device limit is reached.
Untrust a Device
curl -X DELETE http://localhost:8081/api/v1/devices/1/trust \
-H "Authorization: Bearer <access-token>"Untrust All Devices
curl -X DELETE http://localhost:8081/api/v1/devices/trusted/all \
-H "Authorization: Bearer <access-token>"Response: { "untrusted": 3 }
6.7.6Device Blocking
Block a Device
Blocked devices are rejected during authentication:
curl -X POST http://localhost:8081/api/v1/devices/1/block \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <access-token>" \
-d '{ "reason": "Suspicious activity detected" }'Unblock a Device
curl -X DELETE http://localhost:8081/api/v1/devices/1/block \
-H "Authorization: Bearer <access-token>"MFA and Trusted Devices
When conditional MFA policies are configured with requireOnNewDevice: true:
- Known trusted devices skip the MFA challenge
- New or untrusted devices trigger MFA verification
- Blocked devices are rejected entirely before MFA
Error Codes
| Code | HTTP Status | Description |
|---|---|---|
DEVICE_NOT_FOUND | 404 | Device not found |
MAX_TRUSTED_DEVICES | 400 | Maximum trusted device limit reached |