Tag: OpenID Connect

Some web applications need to protect their authentication tokens or session IDs from cross-site scripting (XSS). It’s an Open Web Application Security Project (OWASP) best practice for session management to store secrets in the browsers’ cookie store with the HttpOnly attribute enabled. When cookies have the HttpOnly attribute set, the browser will prevent client-side JavaScript […]

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Today, AWS introduced AWS IAM Identity Center (AWS IAM Identity Center), a service that makes it easy for you to centrally manage IAM Identity […]

January 11, 2023: This blog post has been updated to reflect the correct OAuth 2.0 endpoint for the Identity Provider (IdP) used and to use an updated version of the AWS SDK for JavaScript. This post has also been refreshed with updated steps to configure an Amazon Cognito Identity Pool and creating a Connected App […]