使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Cognito Security notification

0

We recently received Cognito Security notification: any assertions sent to Cognito in response to an authentication request with an assertion ID that has been used in the past, or without an assertion ID, will be rejected, which may cause disruption to your application.

We understand this is a bad practice and are working towards to fix the issue (it's a third party IdP).

I'm wondering if there is a way on Cognito side to allow re-using of the assertions IDs for a couple of extra months?

主题
安全、身份和合规性
标签
亚马逊 Cognito 用户池
语言
English
Yuri
已提问 10 个月前189 查看次数
1 回答
0

Hi, As you noted this a bad practice and therefore it would be a security issue to allow it. Unfortunately we cannot make this exception as it would not respect our part of the shared responsibility model. Jeff

AWS
Jeff Lombardo-AWS
已回答 10 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容