AWS singlesignon documentation change
Summary
Added note about AWS Signature Version 4 usage and updated identity context description
Security assessment
Documentation update emphasizes secure API authentication methods (SigV4) and clarifies token usage with IAM Identity Center. Improves security documentation but doesn't fix a vulnerability.
Diff
diff --git a/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md b/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md index fcec114d3..a659c181f 100644 --- a//singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md +++ b//singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.md @@ -9 +9,5 @@ Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse Elements -Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-lived credentials for the assigned AWS accounts or to access application APIs using `bearer` authentication. +Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. An IAM entity can be any IAM entity like a service role or user. The access token can be used to fetch short-lived credentials for the assigned AWS accounts or to access application APIs using `bearer` authentication. + +###### Note + +This API is used with Signature Version 4. For more information, see [AWS Signature Version 4 for API Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). @@ -189 +193 @@ Type: String -A structure containing information from the `idToken`. This structure provides access to identity context without requiring JWT parsing. +A structure containing information from AWS IAM Identity Center managed user and group information.