Skip to content

Cognito Client Secret

Service Name: Amazon Cognito

Service Description: Amazon Cognito is an AWS service that provides authentication, authorization, and user management for web and mobile applications. It enables user sign-up, sign-in, and access control to your web and mobile apps.

Service Address: https://aws.amazon.com/cognito/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the AWS service level using Security Groups, WAF rules, or resource policies.

Secret Access Scope: Grants access to authenticate with Amazon Cognito User Pools and perform operations on behalf of the app client. Can be used to authenticate users, manage user attributes, and integrate with other AWS services.

Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Secret Example: 1example2cognito3client4secret5example6

Suspicious Activity Investigation Instructions:

  • Review AWS CloudTrail logs for unusual Cognito API calls
  • Check for unexpected authentication attempts or user creation events
  • Monitor for unusual token issuance patterns or volume
  • Examine user pool activity for signs of unauthorized access
  • Look for changes to app client settings or configurations

Mitigation Instructions:

  • Log into the AWS Management Console and navigate to Amazon Cognito
  • Select the affected User Pool
  • Go to the "App integration" tab and select "App client settings"
  • Find the compromised app client and click "Edit"
  • Generate a new client secret by checking "Generate a new client secret"
  • Save the changes and update the secret in all legitimate applications
  • Consider implementing additional security measures like OAuth scopes

restrictions

  • Update any application code or configuration that uses the old client secret
  • Rotate any other potentially compromised credentials