AWS solutions documentation change
Summary
Enhanced authorization code token documentation with security context, added request body schema, and made several fields required
Security assessment
Added explanations about token security mechanisms and authentication requirements. Changed data types (e.g., expiresIn to number) and field requirements to better reflect security practices, but no specific vulnerability addressed.
Diff
diff --git a/solutions/latest/dea-api/auth-authcode-token.md b/solutions/latest/dea-api/auth-authcode-token.md index 01c231bb9..247cc0bb4 100644 --- a//solutions/latest/dea-api/auth-authcode-token.md +++ b//solutions/latest/dea-api/auth-authcode-token.md @@ -7 +7,3 @@ URIHTTP methodsSchemasProperties -# Auth authCode Token +# Auth – Token + +The authorization code token secures access to DEA by ensuring that only authorized users can access its resources. When a user or application wants to access DEA, they first authenticate themselves by providing their credentials. After successful authentication, the application requests an authorization code token from the API. This token acts as proof that the user has been authenticated and is authorized to access DEA. This token is a string of characters unique to the requester and has a limited lifespan. After the token expires, the user or application must authenticate again to obtain a new token. @@ -19,2 +20,0 @@ URIHTTP methodsSchemasProperties -Returns ID Token and sets Oauth Cookie - @@ -32 +32 @@ ResponsesStatus code| Response model| Description -`200`| `getTokenResult`| Successfully revoked token. +`200`| `getTokenResult`| Id Token and Cognito information for fetching credentials @@ -35,0 +36,7 @@ ResponsesStatus code| Response model| Description +### Request bodies + + + { + "codeVerifier": "string" + } + @@ -43 +50 @@ ResponsesStatus code| Response model| Description - "expiresIn": "string" + "expiresIn": number @@ -47,0 +55,6 @@ ResponsesStatus code| Response model| Description +### codeVerifier + +Property| Type| Required| Description +---|---|---|--- +`codeVerifier`| string| False| + @@ -52,4 +65,4 @@ Property| Type| Required| Description -`expiresIn`| string| False| -`identityPoolId`| string| False| -`idToken`| string| False| -`userPoolId`| string| False| +`expiresIn`| number| True| +`identityPoolId`| string| True| +`idToken`| string| True| +`userPoolId`| string| True| @@ -63 +76 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Resources +Auth – Revoke token @@ -65 +78 @@ Resources -Auth LoginUrl +Available endpoints