Skip to content

AWS Cognito Client Secret

Service Name: Amazon Web Services Cognito

Service Description: AWS Cognito is a user identity and data synchronization service that helps manage user authentication and access control for web and mobile applications.

Service Address: https://aws.amazon.com/cognito/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to authenticate users with AWS Cognito user pools and identity providers.

Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Secret Example: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t1u2v

Suspicious Activity Investigation Instructions:

  • Review AWS CloudTrail logs for unusual authentication attempts or API calls related to Cognito.
  • Check for unexpected user registrations or authentication patterns in the Cognito user pool.
  • Monitor for unusual token issuance or refresh activities.
  • Examine access patterns to resources secured by Cognito.

Mitigation Instructions:

  • Go to the AWS Cognito console.
  • Select the user pool associated with the compromised client secret.
  • Go to App integration > App client settings.
  • Find the app client with the compromised secret.
  • Generate a new client secret by selecting Generate client secret.
  • Update all applications using this client secret with the new value.
  • Consider implementing additional security measures such as resource server scopes and OAuth flows.