AWS Cognito : Is using App client secret safe?

Asked Feb 10 '20 at 09:32

Active Feb 10 '20 at 09:32

Viewed 1,743 times

We are using AWS Cognito and have multiple client applications - mobile apps and CLI.

We are using AWS API Gateway and the AWS Cognito user pools are used for authenticating REST APIs.

We also need to provide Google and GitHub authentication.

My understanding is, storing the Cognito app client secrets in the apps and CLI is not a good idea.

Instead of this, I am thinking to re-create a user pool app client, without the client secret. Since my app client doesn't have client secrets, I don't need to use app client secrets from my clients - CLI and mobile apps.

Is this understanding correct?

Is it safe to use the app clients, without the app client secrets?

asked Feb 10 '20 at 09:32

Dattatray

1,745
1
21
49

1

Doesn't this question help? https://stackoverflow.com/q/47916034/4636715 – vahdet Feb 10 '20 at 09:38
The link which you have mentioned, answers the questions partially. My main worry is, if I don't use App client secrets, does it make my application less secure? – Dattatray Feb 10 '20 at 10:23

AWS Cognito : Is using App client secret safe?

0 Answers0