505 provides an appropriately ambiguous "Username or password incorrect." error.
But the underlying error messages from Cognito are not similarly ambiguous. Cognito has updated with a capability to not provide any error message that would reveal an account. We should enable that and then review handling of error scenarios.
505 provides an appropriately ambiguous "Username or password incorrect." error.
But the underlying error messages from Cognito are not similarly ambiguous. Cognito has updated with a capability to not provide any error message that would reveal an account. We should enable that and then review handling of error scenarios.