fbpx

Some web applications need to protect their authentication tokens or session IDs from cross-site scripting (XSS). It’s an Open Web Application Security Project (OWASP) best practice for session management to store secrets in the browsers’ cookie store with the HttpOnly attribute enabled. When cookies have the HttpOnly attribute set, the browser will prevent client-side JavaScript […]

Read more

In this article, I’ll be displaying you how exactly to configure Amazon Cognito being an OpenID service provider (OP) with a single-web page web application. This use case describes using Amazon Cognito to integrate having an existing authorization system following a OpenID Connect (OIDC) specification. OIDC can be an identity layer along with the OAuth […]

Read more