AWS cli high security documentation change
Summary
Added session tracking and CSRF protection via custom-state parameter
Security assessment
Explicitly addresses CSRF protection through state parameter validation, directly mitigating a known web security vulnerability
Diff
diff --git a/cli/latest/reference/bedrock-agentcore/get-resource-oauth2-token.md b/cli/latest/reference/bedrock-agentcore/get-resource-oauth2-token.md index 2f7f42aaa..c38516d62 100644 --- a//cli/latest/reference/bedrock-agentcore/get-resource-oauth2-token.md +++ b//cli/latest/reference/bedrock-agentcore/get-resource-oauth2-token.md @@ -15 +15 @@ - * [AWS CLI 2.31.13 Command Reference](../../index.html) » + * [AWS CLI 2.31.16 Command Reference](../../index.html) » @@ -70,0 +71 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc + [--session-uri <value>] @@ -73,0 +75 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc + [--custom-state <value>] @@ -150,0 +153,12 @@ Syntax: +`--session-uri` (string) + +> Unique identifier for the user’s authentication session for retrieving OAuth2 tokens. This ID tracks the authorization flow state across multiple requests and responses during the OAuth2 authentication process. +> +> Constraints: +> +> * min: `1` +> * max: `1024` +> * pattern: `urn:ietf:params:oauth:request_uri:[a-zA-Z0-9-._~]+` +> + + @@ -202,0 +217,11 @@ JSON Syntax: +`--custom-state` (string) + +> An opaque string that will be sent back to the callback URL provided in resourceOauth2ReturnUrl. This state should be used to protect the callback URL of your application against CSRF attacks by ensuring the response corresponds to the original request. +> +> Constraints: +> +> * min: `1` +> * max: `4096` +> + + @@ -304,0 +330,6 @@ authorizationUrl -> (string) +> +> Constraints: +> +> * min: `1` +> + @@ -316,0 +348,23 @@ accessToken -> (string) +sessionUri -> (string) + +> Unique identifier for the user’s authorization session for retrieving OAuth2 tokens. This matches the sessionId from the request and can be used to track the session state. +> +> Constraints: +> +> * min: `1` +> * max: `1024` +> * pattern: `urn:ietf:params:oauth:request_uri:[a-zA-Z0-9-._~]+` +> + + +sessionStatus -> (string) + +> Status indicating whether the user’s authorization session is in progress or has failed. This helps determine the next steps in the OAuth2 authentication flow. +> +> Possible values: +> +> * `IN_PROGRESS` +> * `FAILED` +> + + @@ -327 +381 @@ accessToken -> (string) - * [AWS CLI 2.31.13 Command Reference](../../index.html) » + * [AWS CLI 2.31.16 Command Reference](../../index.html) »