By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito Security notification

0

We recently received Cognito Security notification: any assertions sent to Cognito in response to an authentication request with an assertion ID that has been used in the past, or without an assertion ID, will be rejected, which may cause disruption to your application.

We understand this is a bad practice and are working towards to fix the issue (it's a third party IdP).

I'm wondering if there is a way on Cognito side to allow re-using of the assertions IDs for a couple of extra months?

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito User Pools
Language
English
Yuri
asked 10 months ago181 views
1 Answer
0

Hi, As you noted this a bad practice and therefore it would be a security issue to allow it. Unfortunately we cannot make this exception as it would not respect our part of the shared responsibility model. Jeff

AWS
Jeff Lombardo-AWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content