AWS verified-access medium security documentation change
Summary
Added session duration clarification for OIDC trust providers and fixed date formatting
Security assessment
The change introduces a security control by specifying that session duration is limited to 1 day or access token expiration (whichever is shorter) for OIDC trust providers. This directly impacts authentication security by reducing session lifetimes compared to the previous 7-day default.
Diff
diff --git a/verified-access/latest/ug/user-trust.md b/verified-access/latest/ug/user-trust.md index 8afd10997..ef67267b0 100644 --- a//verified-access/latest/ug/user-trust.md +++ b//verified-access/latest/ug/user-trust.md @@ -103 +103,3 @@ The ID token claims from the OIDC trust provider are included in the `addition_u -With trust providers created on or before February 24 2025, Verified Access does not use trust data from the `ID token` sent by the OIDC provider. Only trust data from the `UserInfo Endpoint` is evaluated against the policy. +With trust providers created on or before February 24, 2025, Verified Access does not use trust data from the `ID token` sent by the OIDC provider. Only trust data from the `UserInfo Endpoint` is evaluated against the policy. + +The session duration for an OIDC trust provider is 1 day or the expiration time in the access token, whichever is shorter. With trust providers created before February 24, 2025, the session duration is 7 days.