AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-04-20 · Documentation low

File: solutions/latest/dea-api/auth-authcode-token.md

Summary

Enhanced authorization code token documentation with security context, added request body schema, and made several fields required

Security assessment

Added explanations about token security mechanisms and authentication requirements. Changed data types (e.g., expiresIn to number) and field requirements to better reflect security practices, but no specific vulnerability addressed.

Diff

diff --git a/solutions/latest/dea-api/auth-authcode-token.md b/solutions/latest/dea-api/auth-authcode-token.md
index 01c231bb9..247cc0bb4 100644
--- a//solutions/latest/dea-api/auth-authcode-token.md
+++ b//solutions/latest/dea-api/auth-authcode-token.md
@@ -7 +7,3 @@ URIHTTP methodsSchemasProperties
-#  Auth authCode Token
+# Auth – Token
+
+The authorization code token secures access to DEA by ensuring that only authorized users can access its resources. When a user or application wants to access DEA, they first authenticate themselves by providing their credentials. After successful authentication, the application requests an authorization code token from the API. This token acts as proof that the user has been authenticated and is authorized to access DEA. This token is a string of characters unique to the requester and has a limited lifespan. After the token expires, the user or application must authenticate again to obtain a new token.
@@ -19,2 +20,0 @@ URIHTTP methodsSchemasProperties
-Returns ID Token and sets Oauth Cookie
-
@@ -32 +32 @@ ResponsesStatus code| Response model| Description
-`200`| `getTokenResult`| Successfully revoked token.  
+`200`| `getTokenResult`| Id Token and Cognito information for fetching credentials  
@@ -35,0 +36,7 @@ ResponsesStatus code| Response model| Description
+### Request bodies
+    
+    
+    {
+      "codeVerifier": "string"
+    }
+
@@ -43 +50 @@ ResponsesStatus code| Response model| Description
-      "expiresIn": "string"
+      "expiresIn": number
@@ -47,0 +55,6 @@ ResponsesStatus code| Response model| Description
+### codeVerifier
+
+Property| Type| Required| Description  
+---|---|---|---  
+`codeVerifier`| string| False|   
+  
@@ -52,4 +65,4 @@ Property| Type| Required| Description
-`expiresIn`| string| False|   
-`identityPoolId`| string| False|   
-`idToken`| string| False|   
-`userPoolId`| string| False|   
+`expiresIn`| number| True|   
+`identityPoolId`| string| True|   
+`idToken`| string| True|   
+`userPoolId`| string| True|   
@@ -63 +76 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Resources
+Auth – Revoke token
@@ -65 +78 @@ Resources
-Auth LoginUrl
+Available endpoints