One of the challenges in building applications has been around user authentication and management.
Authentication and authorization is a tedious job and implementing a custom solution is error prone and usually, take big effort. So it’s better to go for some inbuild solutions which are already available. Few of the solutions provided for authentication and user management and provided as a service are Cognitive, Auth0, Azure AD, AWS Cognito etc.
AWS Cognito promises to provide a complete solution to manage users which include user registration, confirmation, login, session management etc.
Why we choose Cognito
Our aim was to implement create the user ( sign up and from the back end ), authenticate and authorize AWS resources based on user role.
After some trial and error, we managed to have a functional sign in and sign up with email verification and we were able to retrieve JWT-tokens to communicate with the API gateway to authorize AWS resources ( Lambda, S3, SNS etc ).
On successful login we retrieve JWT tokens for the authenticated user and flow them among APIs to access AWS resources.
Cognito is scalable, customizable and supports hundreds of millions of users.
Initially, we found using AWS services time consuming and difficult to implement especially custom auth part for API gateway but after some efforts, we were able to go through.