I would like to ask if there is any security misconfiguration in Amazon Cognito to store the UserPoolId and the ClientId hardcoded in the source code of a web page. Let's say that an unauthorized user can find these IDs in the source code and create a user. Is this a bad practice?
I am interesting to know if this is a security issue. I have tried to research this problem, but I did not find any exact responses.