Amplify-js: Is it secure to write userPoolId or others in js file?
Hi,
I'm checking how to create login system with using react, and AWS cognito.
I just care about security risk which is caused by publish cognito userPoolId, userPoolWebClientId, identityPoolId on aws_exports.js file.
We can check it with developer tool on browsers.
But I think we can't do any admin operation like delete user or change settings
with only these information.
Is my recognition correct?
If you know any way to hide these Id informations on browser,
would you tell me about that?
Thanks in advance.
szkkeny
>All comments
These are standard configuration parameters that do not expose extra security risks, and are in line with technologies that Cognito uses such as SRP, OAuth, etc. They help the clients construct endpoint URLs during these processes that are unique to your account, and do not give access to administrative commands or access to other user accounts.
undefobj
on 10 Jan 2019
Related issues
leantide
路
3Comments
cosmosof
路
3Comments
karlmosenbacher
路
3Comments
callmekatootie
路
3Comments
guanzo
路
3Comments
Most helpful comment
These are standard configuration parameters that do not expose extra security risks, and are in line with technologies that Cognito uses such as SRP, OAuth, etc. They help the clients construct endpoint URLs during these processes that are unique to your account, and do not give access to administrative commands or access to other user accounts.