AWS cognito documentation change
Summary
Added documentation for passing client metadata in M2M requests
Security assessment
Documents security-related feature allowing client metadata in machine-to-machine authentication flows for Lambda triggers, enabling enhanced security controls.
Diff
diff --git a/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.md b/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.md index 6b1c600b1..8f79d99d0 100644 --- a//cognito/latest/developerguide/cognito-user-pools-define-resource-servers.md +++ b//cognito/latest/developerguide/cognito-user-pools-define-resource-servers.md @@ -63,0 +64,2 @@ The access token from a client credentials grant is a verifiable statement of th +You can pass [client metadata](./cognito-user-pools-working-with-lambda-triggers.html#working-with-lambda-trigger-client-metadata) in M2M requests. Client metadata is additional information from a user or application environment that can contribute to the outcomes of a [Pre token generation Lambda trigger](./user-pool-lambda-pre-token-generation.html). Instead of in the body of an API request like with other Lambda triggers, you pass client metadata in `x-www-form-urlencoded` in the POST body of a request to the [Token endpoint](./token-endpoint.html). For an example request, see [Client credentials with basic authorization](./token-endpoint.html#exchanging-client-credentials-for-an-access-token-in-request-body). +