Author: Edward Sun

OpenID Foundation’s AuthZEN Working Group is currently drafting a new specification (version 1.0, draft 03 at the time of publication) and associated standard mechanisms, protocols, and formats to communicate authorization-related information between components involved in access control and authorization. Today, we’re publishing an open-source reference implementation demonstrating seamless integration between an AuthZEN-compliant policy enforcement point […]

September 10, 2025: We’ve updated this post to reflect changes in suggested mitigation approaches. December 16, 2024: We’ve updated this post to reflect changes in suggested mitigation approaches. If you have a customer facing application, you might want to enable self-service sign-up, which allows potential customers on the internet to create an account and gain […]

January 28, 2025: The following blog post highlights how to customize access tokens in Amazon Cognito user pools. With the introduction of new Cognito user pool feature tiers, the access token customization feature is now available as part of the default feature set for Essentials and Plus feature tier customers, so customers don’t need to […]

Update: An earlier version of this post was published on September 14, 2017, on the Front-End Web and Mobile Blog. Amazon Cognito user pools offer a fully managed OpenID Connect (OIDC) identity provider so you can quickly add authentication and control access to your mobile app or web application. User pools scale to millions of […]