We ran into a problem with the current passport-cognito package and its use of the amazon-cognito-identity-js fork that's specifically for node. It's a really old fork, and it actually logs the access tokens to the console log, which we consider a security issue.
We tested passport-cognito using the basic amazon-cognito-identity-js package (the current version runs fine on a node server, it just uses an in-memory store for the storage), and it works fine. So this pull request just switched passport-cognito to use the core amazon-cognito-identity-js package instead of the node fork.
kndt84
commented
6 years ago
We ran into a problem with the current passport-cognito package and its use of the amazon-cognito-identity-js fork that's specifically for node. It's a really old fork, and it actually logs the access tokens to the console log, which we consider a security issue.
We tested passport-cognito using the basic amazon-cognito-identity-js package (the current version runs fine on a node server, it just uses an in-memory store for the storage), and it works fine. So this pull request just switched passport-cognito to use the core amazon-cognito-identity-js package instead of the node fork.