floydjones1
commented
3 years ago @lakmal-gentem Hi I am so sorry for the late response. With this repo your client needs to not have any secrets related to cognito. That will be all saved on the server so you won't need to worry about managing that. Throttling and temp lockouts will be something you will need to implement, I don't think cognito provides that mechanis,
Hi. We are also trying to move our cognito authentication from ui layer to server side. We also want to have the cognito security features like throttling and temp lockouts to avoid brute force attacks. Do u have any knowledge what browser or client info we need to pass to cognito calls to achieve same with this mechanism?