Amazon Verified Permissions improves support for Cognito tokens
Amazon Verified Permissions now enables customers using Cognito tokens for authorization, to write Cedar policies based on Cognito group memberships. The service has also added an additional API that enables developers to submit multiple token-based authorization requests, in a single API call.
Verified Permissions provides fine-grained authorization for the applications that you build, allowing you to implement permissions as Cedar policies rather than application code. You can call Verified Permissions to authorize access to application APIs and resources, based on OIDC tokens generated by Amazon Cognito. Verified Permissions will evaluate Cedar policies using the claims in the token. Customers using the IsAuthorizedWithToken API, can now reference Cognito groups in their policies.
Additionally, to help reduce latency and cost, Verified Permissions now supports a new API called batchIsAuthorizedWithToken. Using batch authorization, developers can modify the user experience based on permissions, for example, by making a single API request to determine which action buttons should be enabled on a page, or which resources to display in a list. More information on the batchIsAuthorizedWithToken API can be found in the API reference guide.
These features are available in all AWS regions supported by Amazon Verified Permissions. Pricing is based on the number of API calls made, regardless of the number of authorization requests that are batched within each call. For more information on pricing visit Amazon Verified Permissions Pricing – AWS - Amazon Web Services. For more information on the service visit Fine-Grained Authorization - Amazon Verified Permissions - AWS