Fork me on GitHub
#aws
<
2019-10-18
>
dotemacs11:10:24

Hi, any of you have any experience with AWS’ Cognito? Any pros/cons that you’d like to share? Thanks in advance

dangercoder11:10:08

Hi @dotemacs, I've used AWS Cognito for a side project of mine. It was not a great fit since I wanted a single page login/registration flow. I ended up building my own UI and back-end which communicated with the aws cognito endpoints, it took longer than expected. I looked for other providers and ended up using Auth0 instead. Auth0's documentation is a lot nicer imo and the integration took a lot less time, less custom code. I am using their "Lock"-library through Clojurescript.

dotemacs11:10:19

Thanks for the reply @UBN9SNVB4! Let me ask you some, maybe obvious questions, that I’m not getting, these OAuth aggregate providers like Cognito, Auth0 and others, they just provide a single point where you initially authenticate. But then for any further interaction, are you speaking to their APIs and they “proxy” the data for that third party or do you have an individual auth token for every service your user authenticates with and you use that auth token to talk directly to that third party service, say Google or Facebook … ? Thanks

dangercoder11:10:21

my pros/cons Pros of Cognito: • Cheap • Works together with AWS Gateway etc. Cons: • Docs weren't great (imo) • If you wan to do something custom it can get troublesome.

dangercoder12:10:56

access_token will be returned and it's only for the chosen provider. So if your user logs in with Facebook you'll get a facebook_access_token which you can use to call some of their api-endpoints to fetch user information. the result also contains an id_token which contains the requested user data. (at least for open id connect). 🙂 @dotemacs

bskinny14:10:43

Late reply @dotemacs, I use Cognito Identity Pools for S3 access control allowing cljs web app users to interact directly to S3. It is important to understand the difference between the User and Identity Pools and also to get your User Pool attribute mapping configured correctly before production use as any configuration changes are not allowed after user pool creation. While Auth0 has a much more mature developer experience, they deprecated their SAML-based approach to integrating with AWS services such as S3 (in short, the ability to reference a OIDC ‘sub’ value in the IAM role, such as ’“arn:aws:s3:::bucket-name/${http://cognito-identity.amazonaws.com:sub}/*“’). If you don’t plan to have your web app interact directly with AWS services then Auth0 may be a better choice.

dotemacs16:10:01

@U0NRHH607 thanks for the answer :)

danielstockton12:10:06

Non-clojure question: Anyone using a firehose to send data to redshift? I added a column to redshift and the firehose COPY command (json formatted files on S3), but the column isn't receiving the data.

danielstockton12:10:02

Nevermind, they started appearing ^^