AWS cognito documentation change
Summary
Added 'aud' claim documentation for access tokens and resource binding
Security assessment
Documents new security feature for audience restriction via resource binding (RFC 8707). Enhances token validation security but doesn't address a specific vulnerability.
Diff
diff --git a/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md b/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md index 6a66d018c..8b4197bfb 100644 --- a//cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md +++ b//cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md @@ -63,0 +64 @@ This is a sample payload from an access token. For more information, see [JWT cl + "aud": "https://api.example.com", @@ -97,0 +99,5 @@ The user pool app client that authenticated your user. Amazon Cognito renders th +**aud** + + +The URL of the API that the access token is intended to authorize for. Present only if your application requested a [resource binding](./cognito-user-pools-define-resource-servers.html#cognito-user-pools-resource-binding) from your authorization server. +