AWS cognito documentation change
Summary
Updated trigger activation conditions related to PreventUserExistenceErrors, simplified section titles, clarified response handling
Security assessment
Clarifies operational behavior of authentication triggers but doesn't address security vulnerabilities or add security-specific documentation
Diff
diff --git a/cognito/latest/developerguide/user-pool-lambda-pre-authentication.md b/cognito/latest/developerguide/user-pool-lambda-pre-authentication.md index 2107c86c5..522c7fe18 100644 --- a//cognito/latest/developerguide/user-pool-lambda-pre-authentication.md +++ b//cognito/latest/developerguide/user-pool-lambda-pre-authentication.md @@ -5 +5 @@ -Authentication flow overviewPre authentication Lambda trigger parametersPre authentication example +Flow overviewParametersExample: block an app client @@ -13 +13 @@ Amazon Cognito invokes this trigger when a user attempts to sign in so that you -This Lambda trigger doesn't activate when a user doesn't exist, or already has an existing session in your user pool. If the `PreventUserExistenceErrors` setting of a user pool app client is set to `ENABLED`, then the Lambda trigger will activate. +This Lambda trigger doesn't activate when a user doesn't exist unless the `PreventUserExistenceErrors` setting of a user pool app client is set to `ENABLED`. Renewal of an existing authentication session also doesn't activate this trigger. @@ -17 +17 @@ This Lambda trigger doesn't activate when a user doesn't exist, or already has a - * Authentication flow overview + * Flow overview @@ -26 +26 @@ This Lambda trigger doesn't activate when a user doesn't exist, or already has a -## Authentication flow overview +## Flow overview @@ -76 +76 @@ One or more key-value pairs that contain the validation data in the user's sign- -Amazon Cognito does not expect any additional return information in the response. Your function can return an error to reject the sign-in attempt, or use API operations to query and modify your resources. +Amazon Cognito doesn't process any added information that your function returns in the response. Your function can return an error to reject the sign-in attempt, or use API operations to query and modify your resources. @@ -129 +129 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Post confirmation Lambda trigger +Post confirmation @@ -131 +131 @@ Post confirmation Lambda trigger -Post authentication Lambda trigger +Post authentication