AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-04-25 · Documentation medium

File: singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md

Summary

Added note about AWS Signature Version 4 usage and updated identity context description

Security assessment

Documentation update emphasizes secure API authentication methods (SigV4) and clarifies token usage with IAM Identity Center. Improves security documentation but doesn't fix a vulnerability.

Diff

diff --git a/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md b/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md
index fcec114d3..a659c181f 100644
--- a//singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md
+++ b//singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md
@@ -9 +9,5 @@ Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse Elements
-Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-lived credentials for the assigned AWS accounts or to access application APIs using `bearer` authentication.
+Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. An IAM entity can be any IAM entity like a service role or user. The access token can be used to fetch short-lived credentials for the assigned AWS accounts or to access application APIs using `bearer` authentication.
+
+###### Note
+
+This API is used with Signature Version 4. For more information, see [AWS Signature Version 4 for API Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html).
@@ -189 +193 @@ Type: String
-A structure containing information from the `idToken`. This structure provides access to identity context without requiring JWT parsing.
+A structure containing information from AWS IAM Identity Center managed user and group information.