In this blog post, you’ll learn how to protect privileged business transactions that are exposed as APIs by using multi-factor authentication (MFA) or security challenges. These challenges have two components: what you know (such as passwords), and what you have (such as a one-time password token). By using these multi-factor security controls, you can implement step-up authentication to obtain a higher level of security when you perform critical transactions. By Salman Moghal, Mahmoud Matouk, and Ozair Sheikh.
The main points explained in the article:
- Solution architecture
- Identity provider
- Protected backend
- Data design
- Authorizer
- Initiate auth endpoint
- Respond to challenge endpoint
- Deploy and test the step-up authentication solution
- Step-up solution design details
This solution uses several Amazon Cognito API operations to provide step-up authentication functionality. Amazon Cognito applies rate limiting on all API operations categories, and rapid calls that exceed the assigned quota will be throttled. Nice one!
[Read More]