AWS – Amazon Cognito now supports OIDC prompt parameter

Amazon Cognito announces support for the OpenID Connect (OIDC) prompt parameter in Cognito Managed Login. Managed Login provides a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding. This new capability enables customers to control authentication flows more precisely by supporting two commonly requested prompt values: ‘login’ for re-authentication scenarios and ‘none’ for silent authentication state check. These prompt parameters respectively allow applications to specify whether users should be prompted to authenticate again or leverage existing sessions, enhancing both security and user experience. With this launch, Cognito can also pass through select_account and consent prompts to third-party OIDC providers when the user pool is configured for federated sign-in.

With the ‘login’ prompt, applications can now require users to re-authenticate explicitly while maintaining their existing authenticated sessions. This is particularly useful for scenarios requiring additional and more recent authentication verification, such as right before accessing sensitive information or performing transactions. The ‘none’ prompt enables a silent check on authentication state, allowing applications to check if users have an existing active authentication session without having to re-authenticate. This prompt can be valuable for implementing seamless single sign-on experiences across multiple applications sharing the same user pool.

This enhancement is available in Amazon Cognito Managed Login to customers on the Essentials or Plus tiers in all AWS Regions where Amazon Cognito is available. To learn more about implementing these authentication flows, visit the Amazon Cognito documentation.
 

Read More for the details.