I have been making a web app. (Angular 2 on S3 and APIs in lambda through API gateway). For authentication I played both with cognito and custom authorizer (I configured my authentication to work with Google and Facebook bith via a custom authorizer and cognito). In case of custom authorizer I am passing a token via authroization header and my custom authorizer validates it.
I am looking for advice on which should I go forward with and what are their pros and cons. Ones that I could think of are:
AWS cognito:
Pros
- AWS SDK handles everything for you and you cannot make much mistake in your authentication process.
- Fine grained access control for AWS resources via IAM.
- An extra lambda function in front of every API is not required for authentication.
Cons
- Need to use AWS SDK specifically on client side. Programmers have to add this into their toolchain and make use if it during development. Adds extra complexity.
- Fine grained access control for resources is not really required since the only access that is required is for API gateway.
Custom authorizer
Pros
- You can have your authentication mechanism the way you want it. Ultimate control over authentication and authorization.
- You can have the UI call the APIs with a standard token (JWT) and the flow for developers remains same. No extra consideration of AWS SDK.
Cons
- Authentication requires a lot of thinking and effort to build.
- Chances of missing some crucial aspects are always there.
- Its like reinventing the wheel. Why do it when Amazon has already done it for you.
All that being said, I am leaning towards custom authorizer for now. Need advice here on the topic.
PS: I know there cannot be a definite answer to the question I have posted but it would be of great help to people trying to decide on authentication for their applications.
