AWS Security ChangesHomeSearch

AWS amazonq medium security documentation change

Service: amazonq · 2025-06-25 · Security-related medium

File: amazonq/latest/qbusiness-ug/salesforce-overview.md

Summary

Added explicit note that PKCE (Proof Key for Code Exchange) is not supported and must be disabled for Salesforce OAuth 2.0 authentication.

Security assessment

PKCE is a security enhancement for OAuth 2.0. Explicitly disabling it introduces a security consideration for authentication flows. This documents a security-related configuration limitation.

Diff

diff --git a/amazonq/latest/qbusiness-ug/salesforce-overview.md b/amazonq/latest/qbusiness-ug/salesforce-overview.md
index d6bfcf7d5..8743f34f3 100644
--- a//amazonq/latest/qbusiness-ug/salesforce-overview.md
+++ b//amazonq/latest/qbusiness-ug/salesforce-overview.md
@@ -11 +11 @@ Category | Feature | Support
-**Security** | **Authentication type** | OAuth 2.0 with Resource Owner Password Flow   
+**Security** | **Authentication type** | OAuth 2.0 with Resource Owner Password Flow Note that Require Proof Key for Code Exchange (PKCE) is not supported and must be disabled.