Hacker News new | past | comments | ask | show | jobs | submit login

Too much marketing, not enough content. Glossing over the dumpster fire of Cognito is enough for me to not trust the rest of the content.

There is so much custom code to essentially fling data between services. I imagine only a small percent of the code and dev time is spent on business logic. These Rube Goldberg machines are my least favourite part of AWS, especially when dealing with at-least-once delivery.




I only used Cognito via Amplify and it was a rather pleasant experience.

What's wrong with it?


Try finding a cognito user from a cognito identity, you can't.

Visit the amplify-js and amplify-cli github repos and search for cognito issues.

Try using the cognito console, it is a litter box of warning messages and exceptions. Try connecting Cognito and Pinpoint if you are in Europe, 2 years and it still doesn't work, but no indication.

See its cloudformation configuration and how many field changes cause a Replace. Yes, replace Cognito and goodbye users.

Until recently user names were case sensitive, and they didn't have basic account enumeration protections.

Its UX is exactly how DynamoDB can do damage to a product.


I recently built a new app on AWS and Lambda. I really wanted to use Cognito to keep everything in AWS. I fought with getting it working for a day or so before giving up and trying out Auth0. I was up and running with Auth0 in a couple hours. I found the Cognito documentation to be insufficient for my needs. Others may have better experiences.


Are you familiar with Firebase's write rules? DynamoDB has something similar with Cognito, but it's _very_ limited.

That's when I figured that I'm not gaining anything by using Cognito.


No, I was not aware of that Firebase functionality as I have never used it. Interesting. Yes, it would be ideal if I could just let another layer do all of the authentication and authorization. That would have worked for the bits of code that use the database. I still would need a way to use the authentication token for things like the Stripe integration.


I see.

I understand the wish to keep everything in AWS.

Especially after I read many times thaz Auth0 is pretty expensive. Is this true?


Auth0 is only $23 per month to start with. That's not a lot for my use case.

I would have preferred to keep everything in AWS just to make it easier to use one set of credentials (IAM) to manage permissions.


Cognito has an awful API and worse documentation. It's also super limited in terms of how user metadata is represented, is hard to query efficiently for users meeting certain criteria, and produces super cryptic errors when integrations aren't set up correctly. As a whole the Cognito product feels like some weird bolted-on POC that AWS decided to charge money for. Compare that to a real _product_ like Auth0 and it just falls to pieces.

If the appeal is about free usage under 40k monthly active users, you probably don't need an external complex managed auth solution in the first place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: