Home - Advanced Web Machinery

Java

JVM

A categorized list of all Java and JVM features since JDK 8 to 17

Last updated on 2021/09/16 to include changes up to JDK 17.

Continue reading →

Author's image

Dávid Csákvári

16 September 2021

AWS

Cognito

How to use the refresh token with Cognito

When a client logs in to a Cognito user pool they get 3 tokens: a refresh_token, an id_token, and an access_token. Later, when the client makes requests to the backend it attaches the access_token to the request. The backend API then checks the token and verify that it’s valid, it’s not tampered with, and it’s generated by the expected Cognito app client.

Continue reading →

Author's image

Tamás Sallai

14 September 2021

AWS

Cognito

Security

How to secure the Cognito login flow with a state nonce and PKCE

Prevent CSRF and redirect interception attacks against an OAuth 2.0 login flow

Continue reading →

Author's image

Tamás Sallai

07 September 2021

AWS

Security

AWS security case study: Vulnerable roles

In this case study, we’ll look into a security problem that can totally wreak havoc to resources in an AWS account and uses an obscure functionality that most newcomers to the AWS ecosystem do not know about.

Continue reading →

Author's image

Tamás Sallai

31 August 2021