Cognito-LogIn

TL;DR

You started your cloud journey with AWS and you need to authenticate your first customers, partners. You don’t want to build your own authentication service - you want to use a managed service. AWS Cognito is a great solution for you. It is easy to start with, cheap, and easy to integrate with the frontend and backend. You can start with a sample solution from AWS and workshop.

Solution Overview

It is my first attempt in around three years without AWS Cognito. My last playground, https://github.com/mjendza/aws-sandbox, was connected with Event Driven Design, and in the ‘background’, I used AWS Cognito. I wanted to refresh the code and play around with Identity Management.

But after a while and a couple of npm packages update, I noticed:

  • My old repo based on CDK v1 with is deprecated.
  • A lot of logic connected with Event Driven Design - will be not needed with new sandbox.

I needed to make a decision:

  • When I decided to test AWS Cognito one more time - my code-base is too old :(.
  • Need to start from scratch, with fresh code base.

Code

There is amazing code sample from AWS: amazon-cognito-passwordless-auth and also workshop.

I work on Windows - and for me the frontend deployment and backend read configuration from file doesn’t work. Maybe there are issues connected with my Windows workstation, or perhaps I have spent too much time in the last years with C# :).

But with the sample solution from aws-samples - with the knowledge how CDK works and how to work with TypeScript is really one day to start.

A summary:

  • Easy to start with sample and workshop.
  • Cheap solution - first 50k users are free. Next 0.0025 per user (Monthly Active User).
  • Easy to integrate with the frontend - with the backend - with the other AWS services.
  • I started with local and password-less solutions.
  • AWS CDK is amazing - you can build your infrastructure as a code, test it, with the same language. I decided to use TypeScript, but can be Java or C#.
  • Sample solution shows only log in method - you need to extend the user journals with sign up, account recovery, etc.
  • Please remember - with the custom UI you can’t use OpenID Connect - check decision tree from AWS: Decision criteria matrix.
  • Also, an excellent video from AWS about identity challenges: Identity on the Front Line

What next?

  • I will try to integrate a custom domain to the Custom UI.
  • Extend the flow with the sign-up, and then maybe with account recovery.