AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-05-16 · Documentation low

File: cognito/latest/developerguide/federation-endpoints-oauth-grants.md

Summary

Added 'Example:' prefix to authorization code grant documentation and updated implicit grant example reference

Security assessment

Changes improve documentation clarity but maintain existing security-related content about OAuth grants and PKCE. No new security features or vulnerability fixes introduced.

Diff

diff --git a/cognito/latest/developerguide/federation-endpoints-oauth-grants.md b/cognito/latest/developerguide/federation-endpoints-oauth-grants.md
index fe4e92e03..97bb6e062 100644
--- a//cognito/latest/developerguide/federation-endpoints-oauth-grants.md
+++ b//cognito/latest/developerguide/federation-endpoints-oauth-grants.md
@@ -12 +12 @@ The Amazon Cognito user pool OAuth 2.0 authorization server issues tokens in res
-In response to your successful authentication request, the authorization server appends an authorization code in a `code` parameter to your callback URL. You must then exchange the code for ID, access, and refresh tokens with the [Token endpoint](./token-endpoint.html). To request an authorization code grant, set `response_type` to `code` in your request. For an example request, see [Authorization code grant](./authorization-endpoint.html#sample-authorization-code-grant). Amazon Cognito supports [Proof Key for Code Exchange (PKCE)](./using-pkce-in-authorization-code.html) in authorization code grants.
+In response to your successful authentication request, the authorization server appends an authorization code in a `code` parameter to your callback URL. You must then exchange the code for ID, access, and refresh tokens with the [Token endpoint](./token-endpoint.html). To request an authorization code grant, set `response_type` to `code` in your request. For an example request, see [Example: authorization code grant](./authorization-endpoint.html#sample-authorization-code-grant). Amazon Cognito supports [Proof Key for Code Exchange (PKCE)](./using-pkce-in-authorization-code.html) in authorization code grants.
@@ -19 +19 @@ The authorization code grant is the most secure form of authorization grant. It
-In response to your successful authentication request, the authorization server appends an access token in an `access_token` parameter, and an ID token in an `id_token` parameter, to your callback URL. An implicit grant requires no additional interaction with the [Token endpoint](./token-endpoint.html). To request an implicit grant, set `response_type` to `token` in your request. The implicit grant only generates an ID and access token. For an example request, see [Token grant without openid scope](./authorization-endpoint.html#sample-token-grant-without-openid-scope).
+In response to your successful authentication request, the authorization server appends an access token in an `access_token` parameter, and an ID token in an `id_token` parameter, to your callback URL. An implicit grant requires no additional interaction with the [Token endpoint](./token-endpoint.html). To request an implicit grant, set `response_type` to `token` in your request. The implicit grant only generates an ID and access token. For an example request, see [Example: Token (implicit) grant without openid scope](./authorization-endpoint.html#sample-token-grant-without-openid-scope).