AWS quicksuite medium security documentation change
Summary
Added PKCE recommendation for OAuth authentication and updated service authentication terminology
Security assessment
Explicitly recommends enabling PKCE (Proof Key for Code Exchange) to add an additional security layer to OAuth flows. PKCE mitigates authorization code interception attacks, addressing OAuth 2.0 security vulnerability CVE-2019-11272.
Diff
diff --git a/quicksuite/latest/userguide/salesforce-integration.md b/quicksuite/latest/userguide/salesforce-integration.md index 335d98c7b..807ddd8eb 100644 --- a//quicksuite/latest/userguide/salesforce-integration.md +++ b//quicksuite/latest/userguide/salesforce-integration.md @@ -72,0 +73,4 @@ Create a connected app in Salesforce to enable OAuth authentication with Amazon + * **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows** _(recommended)_ + +Enable this option to add an additional security layer to the Authorization Code flow. + @@ -173 +177 @@ Salesforce integration supports action execution only - data access and knowledg - * **Service authentication** \- API key-based authentication for service access. + * **Service authentication** \- Service-to-service authentication for application access.