AWS cognito documentation change
Summary
Reworded explanation of refresh tokens functionality, removing 'Remember me' checkbox reference
Security assessment
The change is a clarification of refresh tokens functionality but doesn't introduce or modify any security-related information.
Diff
diff --git a/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.md index 32bc93002..04b835f3a 100644 --- a/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.md +++ b/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.md @@ -525 +525 @@ You can set up users who complete sign-in with a username-password flow to be pr -When you want to permit users to select a _Remember me_ checkbox, _refresh tokens_ are the tool that your application has to persist a user's session. Applications can present refresh tokens to your user pool and exchange them for new ID and access tokens. With token refresh, you can ensure that a signed-in user is still active, get updated attribute information, and update access-control entitlements without user intervention. +When you want to keep users signed in without re-entering their credentials, _refresh tokens_ are the tool that your application has to persist a user's session. Applications can present refresh tokens to your user pool and exchange them for new ID and access tokens. With token refresh, you can ensure that a signed-in user is still active, get updated attribute information, and update access-control entitlements without user intervention.