AWS cognito documentation change
Summary
Updated trigger event documentation for token generation and refresh scenarios
Security assessment
The change clarifies that the Pre token generation trigger now applies to both authentication and token refresh operations, improving documentation around security-sensitive token management processes. This enhances understanding of security controls but does not fix a vulnerability.
Diff
diff --git a/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md b/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md index 6d90b074e..07613243a 100644 --- a//cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md +++ b//cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md @@ -290,0 +291 @@ Custom SMS sender | `CustomSMSSender_VerifyUserAttribute` +[GetTokensFromRefreshToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetTokensFromRefreshToken.html) | Pre token generation | `TokenGeneration_Authentication` @@ -361 +362 @@ Pre token generation | `TokenGeneration_HostedAuth` | Amazon Cognito authentica -Pre token generation | `TokenGeneration_Authentication` | User authentication flows complete. +Pre token generation | `TokenGeneration_Authentication` | User authentication or token refresh complete.