What is the use case of request signing in this mobile app?
The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it possible to re-sign all requests to thei… Continue reading What is the use case of request signing in this mobile app?