AWS Cognito and Why it Missed the Mark
AWS Cognito is great, at least in theory. Traditionally developers spend many days working with a large amount of details around user authentication. For simple authentications you check the password strength, length and special characters, and check whether the email entered by user has “@” in it, and so on. As you can imagine, none of these is a rocket science, however more requirements to these rules will make them complex and can consume large amount of development time. So in theory, AWS was clever in coming up with a solution to provide a service which took care of all these details.
There is aspect of AWS Cognito: you don’t keep your user’s sensitive data on your servers. This can be appealing from the security point of view as you simply delegate the risk to an experienced provider called AWS. For this reason, I went into details to see whether I can use it with an Angular 4 app.
Price: You get 50K ‘monthly active users’ for free, and then you pay ~$275 for the next 50K and it decreases a bit with higher volumes. 50K ‘active users’ is a good indicator that your app has taken off, and subsequent pricing is comparable to other providers like OAuth.io .
But why it didn’t cut it for me?
There are implementation examples provided for Android, IOS and Angular (4), however the architect who designed the process flow with Cognito must have forgotten that it must make developer’s life easier. Here are the reasons why it didn’t cut it for me:
- As of writing this, you cannot export data out of Cognito: Yes, you are stuck with Cognito, and you cannot easily perform any analytics on user attributes that you may have saved in your Cognito user pools, For example, if you wish to perform analysis of your user’s Date of Birth field to see what are their age like, there is no straight forward way.
- If you use Emails as an alias to authenticate user, you cannot omit sending the username from verification email message or sms code. This is unforgivable. I may have a user id as UUID, but I want to make it convenient to the user to login with Email. Why I have to tell my user that their user id is418a557d-33f6-4e28-a144-317a234b7a70?
- It consumes more time to implement authentication using AWS Cognito. As a developer I go “Are you kidding me?”. To be fair, if you are building android/IOS apps and want to quickly prototype — aws mobile hub will generate a sample app for you based on some questions. Sounds great, but I haven’t evaluated how convenient it is to use that app. I have reviewed the angular quick start app provided by AWS to demonstrate client implementation, and I wasted hours trying to figure out how to modify it to my requirements. The documentation is scares. For example, I could not find a way to authenticate the users with email and password instead of username and password — this is authentication 101!
I am big fan of AWS and have used aws sdk in numerous projects, but here I am writing this and thinking that I spent 2 days of my life which I am never going to get back. I could have been 2 days ahead on my time critical project. I took me 4 hours to implement my own jwt based authentication with email verification using aws ses.
