Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cognito Security notification

0

We recently received Cognito Security notification: any assertions sent to Cognito in response to an authentication request with an assertion ID that has been used in the past, or without an assertion ID, will be rejected, which may cause disruption to your application.

We understand this is a bad practice and are working towards to fix the issue (it's a third party IdP).

I'm wondering if there is a way on Cognito side to allow re-using of the assertions IDs for a couple of extra months?

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito User Pools
Language
English
asked 3 years ago322 views
1 Answer
0

Hi, As you noted this a bad practice and therefore it would be a security issue to allow it. Unfortunately we cannot make this exception as it would not respect our part of the shared responsibility model. Jeff

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content