1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
RFC 9068 was published in October 2021 with these snippets in the Introduction setting the stage for standardization.
The original OAuth 2.0 Authorization Framework [RFC6749] specification does not mandate any specific format for access tokens. [...] This specification aims to provide a standardized and interoperable profile as an alternative to the proprietary JWT access token layouts going forward.
If you need to determine if a token is an access token, Amazon Cognito issued JWTs include a token_use
claim as part of the payload with the value access
or id
(see Using the access token ).
respondido hace 2 meses
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
Is there a plan for Cognito to adhere to the JWT spec or will it continue with it's proprietary implementation? It is currently incompatible with tooling that adheres to RFC9068
Jon - please contact your AWS account team about Cognito feature roadmap. Share this link and let them know to contact me for additional background.