AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-10-28 · Documentation medium

File: cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md

Summary

Added 'aud' claim documentation for access tokens and resource binding

Security assessment

Documents new security feature for audience restriction via resource binding (RFC 8707). Enhances token validation security but doesn't address a specific vulnerability.

Diff

diff --git a/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md b/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md
index 6a66d018c..8b4197bfb 100644
--- a//cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md
+++ b//cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.md
@@ -63,0 +64 @@ This is a sample payload from an access token. For more information, see [JWT cl
+       "aud": "https://api.example.com",
@@ -97,0 +99,5 @@ The user pool app client that authenticated your user. Amazon Cognito renders th
+**aud**
+    
+
+The URL of the API that the access token is intended to authorize for. Present only if your application requested a [resource binding](./cognito-user-pools-define-resource-servers.html#cognito-user-pools-resource-binding) from your authorization server.
+