Collaborate Disseminate
I’m working on configuring my suite of services (in different domains) so that they can all be accessed via Single Sign-On. I’m using AWS Cognito as a wrapper around a SAML Idp (Azure AD).
What I would like to figure out is: how can I make… Continue reading OAuth2 System Design for Single Sign-On | Auto-Detect Session?
I am building a web-based software as a service (SaaS) platform for engineering simulations that run on the cloud, and wish to prevent my access to user data by design. The user designs a 3D geometry (I have a simple CAD interface) along s… Continue reading Prevention of access to user data running on the cloud
I want to have users upload data, but need to ensure it stays secure and cannot be mixed up with or touch other users’ data. How do I do this with AWS?
Continue reading How do I create a site with secure user data upload on AWS? [closed]
I’m building a public HTTP JSON API using API Gateway with ID token authentication.
I now need a server that acts on behalf of users. Users message that server using a third party (think Signal or WhatsApp) and the server calls some API me… Continue reading OAuth2/Cognito: Let trusted server act on behalf of user
while fuzzing a public APK file for a bug bounty I came across a file awsconfiguration.json with some pretty promising data. However after reading here https://docs.aws.amazon.com/pdfs/appsync/latest/APIReference/appsync-api.pdf#Welcome a… Continue reading AWS AppSync awsconfiguration.json file found in prod apk, is it a security issue and how to verify api key
I have a requirement to offer an Open ID Connect Identity Provider server.
(That is, i have some users with their credentials checked against some data store under my control, and users are using those to access applications offered by oth… Continue reading Can I Use AWS Cognito to protect external service, not AWS hosted service
I am designing the authentication and authorization flow of my mobile and web applications. I plan to use the AWS Cognito identity provider.
Use AWS Amplify and signup the user from the front-end.
Question: The signup will happen totally … Continue reading Rest Services Aunthentication and Authorization with AWS Cognito
My colleague told me that ISO 27001 require physical server running in the office to store user password. Therefore, using AWS Cognito or Firebase Auth can save us the physical server since they have ISO 27001.
Is my colleague correct? If … Continue reading Using AWS Cognito or Firebase Auth can help to certify my app with ISO 27001?
I’m in need of an authentication & authorization service that can manage our app’s pool of users. I stumbled upon Keycloak and have been checking it for the past few days, but I’m wondering why Keycloak doesn’t provide an API for a cli… Continue reading Why doesn’t Keycloak allow user sign-up and sign-in through a client?
After a user logons to cognito, he receives access and ID tokens. the ID token contains sensitive info like phone number, email, etc..
From all standards – ID token should not be used to gain access to an API: https://auth0.com/docs/tokens… Continue reading Why is ID token used instead of Access token to get temporary credentials in AWS?