I've been pouring countless hours into AWS Cognito for authentication, but I've hit a wall. I'm facing issues with sign-out triggers redirecting on social sign-in, and it's just too frustrating with many simple yet crucial problems hanging around on GitHub, unresolved for years. Now, I'm looking for recommendations on the best authentication provider to migrate to, considering my entire tech stack is on AWS, which includes API Gateway (for both WebSocket and REST), Lambda, S3, CloudFront, Rekognition, and DynamoDB. I need something that easily integrates with API Gateway Authorizer. Any suggestions?
5 Answers
You can go with lambda or JWT authorizers, which means any identity provider could fit your needs. If you're looking for a smoother experience, Auth0 could be a good option, although keep in mind that costs can add up if you have a large user base. Alternatives like Supabase and Keycloak are viable too, but you'll need to manage their setup yourself. Cognito can be frustrating, but if you’re far down the road with it, it may be worth sticking with—just work around some of its quirks using lambda events. Doing authentication right is always a bit of a time investment, no matter what platform you choose.
Honestly, AWS needs to step up their game with Cognito. It’s supposed to be a core service, so it's frustrating when basic stuff doesn't even work properly. If I have to implement a lot of stuff myself with Lambda, I might as well go for open-source alternatives, you know?
Totally agree. It's like they need a dedicated team to sort these issues out.
If you're after a free solution, Keycloak is a solid option. For something more advanced, Okta is well-regarded but does come with a cost. It's a trade-off between what you’re willing to spend and the functionality you need.
Stytch is great if you haven’t checked it out yet. We switched from Cognito and have had a much better experience with solid documentation and support. If you find a painless solution, do share your findings with us!
I totally get your frustration with Cognito; it's a pain to deal with. If you're open to exploring other options, Firebase might be worth looking into. It’s not perfect, but it should work for you without a ton of hassle.
So, the logout functionality in Cognito isn't straightforward? That's surprising, isn't it?