AWS cognito documentation change
Summary
Adjusted heading level and clarified steps for configuring caching parameters, including explicit 'Required' and 'Caching' settings for 'scope' and 'Authorization' headers
Security assessment
Clarifies secure configuration practices for caching tokens, including proper handling of the Authorization header. While not addressing a specific vulnerability, it improves documentation around security-relevant settings.
Diff
diff --git a/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-caching-tokens.md b/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-caching-tokens.md index 05761a6b7..d47dba0e4 100644 --- a//cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-caching-tokens.md +++ b//cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-caching-tokens.md @@ -50 +50 @@ Caching in API Gateway is subject to additional cost. [See pricing for more deta -## To set up a caching proxy with API Gateway +###### To set up a caching proxy with API Gateway @@ -68 +68 @@ Caching in API Gateway is subject to additional cost. [See pricing for more deta - 1. Add a query string to **URL query string parameters** and choose **Caching** for the `scope` string. + 1. Add a query string to **URL query string parameters**. Enter a query string **Name** of `scope` and select **Required** and **Caching**. @@ -70 +70 @@ Caching in API Gateway is subject to additional cost. [See pricing for more deta - 2. Add a header to **HTTP request headers** and choose **Caching** for the `Authorization` header. + 2. Add a header to **HTTP request headers**. Enter a request header **Name** of `Authorization` and select **Required** and **Caching**.