Skip to content

AWS Cognito Authentication with Escape

Description

The 'Cognito User Password' preset is designed for authentication using AWS Cognito with username and password credentials:

  • AWS Cognito Integration: Leverages AWS Cognito, a comprehensive user identity and data synchronization service, for authentication.
  • Regional Configuration: Allows specifying the AWS region where the Cognito service is hosted, ensuring proper routing and compliance with data residency requirements.
  • Client Credentials: Utilizes a client ID and client secret for secure OAuth requests within the Cognito framework.
  • User Authentication: Facilitates the creation and authentication of users with a username and password.

This preset is ideal for systems that use AWS Cognito for managing user authentication, providing a seamless integration with the AWS ecosystem.

Examples

presets:
-   type: cognito_userpass
    client_id: yourCognitoClientId
    client_secret: yourCognitoClientSecret
    region: us-west-1
    users:
    -   username: user1
        main_user: false
        password: pass1
        scopes:
        - create
        - delete
    -   username: user2
        main_user: false
        password: pass2

Extensive Configuration

Property Type Default Description
client_id * string The client ID to use for the OAuth requests
client_secret * string The client secret to use for the OAuth requests
region * AWSRegion The region of the Cognito Service.
type * Const[cognito_userpass] cognito_userpass
users * List[CognitoUserpassUserPreset] A list of users to create

Objects

CognitoUserpassUserPreset

Property Type Default Description
basic string null The basic to attach Reach the Login Page and attack to the HTTP requests sent for this user.
cookies Dict[string, string] null Optional cookies injected during the authentication process and in authentified requests.
digest string null The digest to attach Reach the Login Page and attack to the HTTP requests sent for this user.
headers Dict[string, string] null Optional headers injected during the authentication process and in authentified requests.
main_user boolean false When running a frontend DAST scan, this indicates that the scanner must use this user when crawling. There must be only one main user per scan. If none is provided, a random user will be selected.
password * string The password of the user.
query_parameters Dict[string, string] null Optional query parameters injected during the authentication process and in authentified requests.
scopes List[string] null A list of scopes to request for the user. If not specified, no scope will be requested.
username * string The username of the user.

Enums

AWSRegion

Value
us-east-2
us-east-1
us-west-1
us-west-2
af-south-1
ap-east-1
ap-south-1
ap-northeast-3
ap-northeast-2
ap-southeast-1
ap-southeast-2
ap-northeast-1
ca-central-1
cn-north-1
cn-northwest-1
eu-central-1
eu-west-1
eu-west-2
eu-south-1
eu-west-3
eu-north-1
me-south-1
sa-east-1