AWS cognito documentation change
Summary
Clarified that Amazon Cognito updates mapped attributes from an IdP only when their values change, not on every sign-in.
Security assessment
This change corrects a documentation inaccuracy about system behavior. It describes an optimization (reducing unnecessary writes) but does not address a security issue or add security documentation.
Diff
diff --git a/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md b/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md index f11d401c9..0211480f0 100644 --- a//cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md +++ b//cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md @@ -42 +42 @@ In case-insensitive user pools, your Lambda triggers that process the username m - * Amazon Cognito must be able to update your mapped user pool attributes when users sign in to your application. When a user signs in through an IdP, Amazon Cognito updates the mapped attributes with the latest information from the IdP. Amazon Cognito updates each mapped attribute, even if its current value already matches the latest information. To ensure that Amazon Cognito can update the attributes, check the following requirements: + * Amazon Cognito must be able to update your mapped user pool attributes when users sign in to your application. When a user signs in through an IdP, Amazon Cognito updates the mapped attributes with the latest information from the IdP. Amazon Cognito only updates mapped attributes when their values change. To ensure that Amazon Cognito can update the attributes, check the following requirements: