Overview
The Security functional area covers authentication and authorization management for access to all platform resources and services, including firewalls and security groups.
Contents
Section titled “Contents”- Cognito Service — AWS Cognito User Pool configuration, OAuth2 clients (M2M and Web), CloudFormation exports
- JWT Payload — Structure of Cognito Identity and Access tokens
- Realms, Scopes, Permissions — HTTP realm definitions, OAuth2 scope hierarchy, tenant and role-based access control design
- Cognito Endpoints — Application endpoint parameters required for OAuth2 redirect flows
- OAuth2 API Endpoints — Cognito OAuth2 endpoint reference (authorize, token, userinfo, JWKS, logout)
Related
Section titled “Related”- For mTLS configuration see Runtime: mTLS
- For OAuth2 authentication flows in the frontend see Authentication: OAuth2 Drafts
- For secrets management see OAM: Secrets Vault
Copyright: © Arda Systems 2025-2026, All rights reserved