Highest Voted 'cognito' Questions - IT Security Stack Exchange

4

votes

1 answer

Should JWT's be validated on every request?

I have been unable to find a definitive answer to the above question. We currently use JWTs from AWS Cognito for our Authentication. Currently the JWTs that are returned are too large to use in Cookies (over the 4KB limit) so we do not store the…

asked Jan 27 '20 at 09:29

StuartM

153
5

3

votes

3 answers

Pros vs Cons of Secure Remote Password

We are setting up an authentication system using Cognito and Amplify. We noticed that Amplify suggests Secure Remote Password as the default. I can understand the benefits of SRP for protecting against man-in-the-middle and such attacks. But it…

passwords cognito

asked Feb 18 '21 at 05:33

cbp

131
3

2

votes

1 answer

Using Cognito access token to pass claims

I am working on migrating all our users from our DB to a managed service, and we're considering AWS Cognito. We want to use Cognito for Authentication and Access Control. For access control, we're thinking about putting the user claims in the access…

oauth2 openid-connect cognito

asked Mar 26 '19 at 12:22

Tomer Amir

171
7

1

vote

0 answers

AWS Appsync authorization - why is IAM authorization safer than API Key based approach

We are currently evaluating which authorization type to use for our production AppSync APIs. As per AWS docs(https://docs.aws.amazon.com/appsync/latest/devguide/security.html,…

authorization aws token cognito

asked Jan 03 '20 at 10:38

nikel

111
2

1

vote

2 answers

Serverless Apps Authenticate Users After Page Load - Flaw?

Server-based apps check for a session cookie before returning any content to the user. If an authentication cookie isn't sent from the user's browser, the only content delivered to the user is a redirect/error message. I'm new to server-less apps. …

session-management aws amazon-s3 cognito

asked Sep 09 '19 at 20:12

David_Springfield

184
10

1

vote

1 answer

Is this the correct way to use AWS Cognito?

I am doing the following in my React/Node App: Using the User Pools for a Cognito App that I have created Calling the /login endpoint with response_type=token in my React App Once I receive the JWT token, I pass it to my node/express server in a…

authentication jwt aws cognito

asked Nov 04 '18 at 23:52

Amarsh

113
3

0

votes

1 answer

Is detecting if an email has an account considered a vulnerability with AWS cognito?

Am doing a pen test on a client system using AWS Cognito and userpools for authentication using the client side SDK provided by AWS. during the forget password flow, I noticed that Cognito request returns 400 with a payload of __type …

authentication email aws password-reset cognito

asked May 31 '19 at 05:25

jia chen

149
4

Questions tagged [cognito]

Should JWT's be validated on every request?

Pros vs Cons of Secure Remote Password

Using Cognito access token to pass claims

AWS Appsync authorization - why is IAM authorization safer than API Key based approach

Serverless Apps Authenticate Users After Page Load - Flaw?

Is this the correct way to use AWS Cognito?

Is detecting if an email has an account considered a vulnerability with AWS cognito?