AWS m2 documentation change
Summary
Added explanation of hierarchical scope-to-role mapping with JWT tokens and removed localhost whitelisting configuration
Security assessment
The change adds documentation about security role mapping but removes a security configuration line without explicit vulnerability context. No concrete evidence of addressing a specific security issue.
Diff
diff --git a/m2/latest/userguide/ba-runtime-auth-cognito.md b/m2/latest/userguide/ba-runtime-auth-cognito.md index 77cef0f54..e78f5edf9 100644 --- a//m2/latest/userguide/ba-runtime-auth-cognito.md +++ b//m2/latest/userguide/ba-runtime-auth-cognito.md @@ -132,0 +133,2 @@ In the **Groups** tab, create 3 groups (SUPER_ADMIN, ADMIN, and USER), and assoc +The application implements hierarchical scope-to-role mapping that works with multiple OAuth2 identity providers. When JWT tokens issued by Cognito are used for resource server authorization, scopes defined in the token are automatically mapped to corresponding roles. + @@ -142 +143,0 @@ Now that your Amazon Cognito user pool and users are ready, go the `application- - gapwalk-application.security.localhostWhitelistingEnabled: false