AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-12-10 · Documentation medium

File: cli/latest/reference/ivs-realtime/list-participant-events.md

Summary

Added documentation for TOKEN_EXCHANGED event type and detailed structure definitions for token exchange functionality

Security assessment

The change documents security-relevant token exchange mechanics including capabilities, attributes with sensitivity warnings, and expiration times. While it adds security feature documentation, there's no evidence of addressing an existing vulnerability.

Diff

diff --git a/cli/latest/reference/ivs-realtime/list-participant-events.md b/cli/latest/reference/ivs-realtime/list-participant-events.md
index 5666375a8..942ad489f 100644
--- a//cli/latest/reference/ivs-realtime/list-participant-events.md
+++ b//cli/latest/reference/ivs-realtime/list-participant-events.md
@@ -15 +15 @@
-  * [AWS CLI 2.32.11 Command Reference](../../index.html) »
+  * [AWS CLI 2.32.13 Command Reference](../../index.html) »
@@ -385,0 +386 @@ events -> (list)
+>>>   * `TOKEN_EXCHANGED`
@@ -483,0 +485,94 @@ events -> (list)
+>> 
+>> previousToken -> (structure)
+>>
+>>> Source participant token for `TOKEN_EXCHANGED` event.
+>>> 
+>>> capabilities -> (list)
+>>>
+>>>> Set of capabilities that the user is allowed to perform in the stage.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `0`
+>>>>   * max: `2`
+>>>> 
+
+>>>> 
+>>>> (string)
+>>>>
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `PUBLISH`
+>>>>>   * `SUBSCRIBE`
+>>>>> 
+
+>>> 
+>>> attributes -> (map)
+>>>
+>>>> Application-provided attributes to encode into the token and attach to a stage. Map keys and values can contain UTF-8 encoded text. The maximum length of this field is 1 KB total. _This field is exposed to all stage participants and should not be used for personally identifying, confidential, or sensitive information._
+>>>> 
+>>>> key -> (string)
+>>>> 
+>>>> value -> (string)
+>>> 
+>>> userId -> (string)
+>>>
+>>>> Customer-assigned name to help identify the token; this can be used to link a participant to a user in the customer’s own systems. This can be any UTF-8 encoded text. _This field is exposed to all stage participants and should not be used for personally identifying, confidential, or sensitive information._
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `0`
+>>>>   * max: `128`
+>>>> 
+
+>>> 
+>>> expirationTime -> (timestamp)
+>>>
+>>>> ISO 8601 timestamp (returned as a string) for when this token expires.
+>> 
+>> newToken -> (structure)
+>>
+>>> Participant token created during `TOKEN_EXCHANGED` event.
+>>> 
+>>> capabilities -> (list)
+>>>
+>>>> Set of capabilities that the user is allowed to perform in the stage.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `0`
+>>>>   * max: `2`
+>>>> 
+
+>>>> 
+>>>> (string)
+>>>>
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `PUBLISH`
+>>>>>   * `SUBSCRIBE`
+>>>>> 
+
+>>> 
+>>> attributes -> (map)
+>>>
+>>>> Application-provided attributes to encode into the token and attach to a stage. Map keys and values can contain UTF-8 encoded text. The maximum length of this field is 1 KB total. _This field is exposed to all stage participants and should not be used for personally identifying, confidential, or sensitive information._
+>>>> 
+>>>> key -> (string)
+>>>> 
+>>>> value -> (string)
+>>> 
+>>> userId -> (string)
+>>>
+>>>> Customer-assigned name to help identify the token; this can be used to link a participant to a user in the customer’s own systems. This can be any UTF-8 encoded text. _This field is exposed to all stage participants and should not be used for personally identifying, confidential, or sensitive information._
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `0`
+>>>>   * max: `128`
+>>>> 
+
+>>> 
+>>> expirationTime -> (timestamp)
+>>>
+>>>> ISO 8601 timestamp (returned as a string) for when this token expires.
@@ -507 +602 @@ nextToken -> (string)
-  * [AWS CLI 2.32.11 Command Reference](../../index.html) »
+  * [AWS CLI 2.32.13 Command Reference](../../index.html) »