Lukas LT's questions -server

Lukas LT

Asked: 2020-05-22 14:16:47 +0800 CST

Why AWS Cognito client secret is not "secret"

We are setting up SaaS server-to-server auth solution using AWS Cognito + API Gateway using oAuth2 Client credentials flow.

And one thing is totally bugging me - I can access App client secret in plain text.

Since we would be sharing these credentials with actual clients, having secrets in pain text does not look like a good idea. Just like storing passwords in pain text. At max I would expect to be able to access these credentials only during client creation process.

I'm I missing something?

Example with visible secrets

Why AWS Cognito client secret is not "secret"

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?