Overview
The Security functional area covers authentication and authorization management for access to all platform resources and services, including firewalls and security groups.
Linear
Section titled “Linear”- Initiative: Product / System / Security
Identity & access
Section titled “Identity & access”- Cognito Service — AWS Cognito User Pool configuration, OAuth2 clients (M2M and Web), CloudFormation exports
- JWT Payload — Structure of Cognito Identity and Access tokens
- Realms, Scopes, Permissions — HTTP realm definitions, OAuth2 scope hierarchy, tenant and role-based access control
- Cognito Endpoints — Application endpoint parameters required for OAuth2 redirect flows
- OAuth2 API Endpoints — Cognito OAuth2 endpoint reference (authorize, token, userinfo, JWKS, logout)
Authentication flows
Section titled “Authentication flows”- Hybrid Auth — Demo202509 hybrid approach: Cognito JWT for FE/BFF, Bearer Token for backend
- OAuth2 UI Authentication — Simple Cognito authentication flow without custom claims server
- OAuth2 Drafts — Design notes on token limits, token exchange, and augmentation strategies
Related
Section titled “Related”- For mTLS configuration see Runtime: mTLS
- For secrets management see OAM: Secrets Vault
Copyright: © Arda Systems 2025-2026, All rights reserved