AWS cognito documentation change
Summary
Updated example to include CAPTCHA and security question challenges in authentication flow. Added implementation guidance for custom challenge sequences.
Security assessment
Enhanced documentation for multi-factor authentication through custom challenges improves security posture, but doesn't address a specific disclosed vulnerability.
Diff
diff --git a/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.md b/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.md index 74f8ab5be..f7147b18e 100644 --- a//cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.md +++ b//cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.md @@ -5 +5 @@ -Define Auth challenge Lambda trigger parametersDefine Auth challenge example +ParametersExample: set up a challenge sequence @@ -157 +157,3 @@ If you want to end the current authentication process, set to `true`. To continu -This example defines a series of challenges for authentication and issues tokens only if the user has completed all of the challenges successfully. +This example defines a series of challenges for authentication and issues tokens only if the user has completed all of the challenges successfully. When users complete SRP authentication with the `SRP_A` and `PASSWORD_VERIFIER` challenges, this function passes them a `CUSTOM_CHALLENGE` that invokes the create auth challenge trigger. In combination with our [create auth challenge example](./user-pool-lambda-create-auth-challenge.html#aws-lambda-triggers-create-auth-challenge-example), this sequence delivers a CAPTCHA challenge for challenge three and a security question for challenge four. + +After the user solves the CAPTCHA and answers the security question, this function confirms that your user pool can issue tokens. SRP authentication isn't required; you can also set the CAPTCHA and security question as challenges one & two. In the case where your define auth challenge function doesn't declare SRP challenges, your users' success is determined entirely by their responses to your custom prompts. @@ -211 +213 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Challenge Lambda triggers +Custom challenge @@ -213 +215 @@ Challenge Lambda triggers -Create auth challenge Lambda trigger +Create auth challenge