AWS cognito documentation change
Summary
Clarified managed login requirements by specifying 'OIDC authorization server' terminology
Security assessment
Change improves technical accuracy of OIDC server references but does not introduce new security documentation or address vulnerabilities
Diff
diff --git a/cognito/latest/developerguide/cognito-how-to-authenticate.md b/cognito/latest/developerguide/cognito-how-to-authenticate.md index ef487da05..cda0b8ff6 100644 --- a//cognito/latest/developerguide/cognito-how-to-authenticate.md +++ b//cognito/latest/developerguide/cognito-how-to-authenticate.md @@ -36 +36 @@ Applications collect users' JWTs with a web or app redirect location. Applicatio -Managed login authentication fits the model where applications need an authorization server, but don't need features like custom authentication, identity pools integration, or user attribute self-service. When you want to use some of these advanced options, you can implement them with a user pools component for an SDK. +Managed login fits the model where applications require the authentication services of an OIDC authorization server, but don't immediately require features like custom authentication, identity pools integration, or user attribute self-service. When you want to use some of these advanced options, you can implement them with a user pools component for an SDK.