Hi everyone ! Which one do you use and recommend for auth stuff?
Hi everyone ! Which one do you use and recommend for auth stuff?
Really good topic.
Could anyone give the detail opinions or experiences, that why you vote Cogniot or why you vote Auth0?
+1 @bill I wanted to know the exact same thing. Which is why this poll surfaced. Basically, the scenarios is the same in every aspect. Do you want to use:
The list goes onto areas like committing code, continuous integration etc etc. But most important is the auth. If someone could tell us why one vs the other it would be of great help.
Food for thought. Auth workflow with graphql in the latest apollo conference
I use Auth0 because it’s easier to implement and they provide better docs, but I don’t like their pricing
Apart of the price which @xzx mentioned, currently the reasons I didn’t go with Auth0 are
The Auth0 itself’s community forum is not active at all, so when you ask some questions, just no reply. I don’t find out any other ways to get help for auth0 questions, such as slack channel, gitter, etc But with AWS, the support is much much better.
Secondly, when approach Auth0, they sent the salesman directly to you, ask for your business proposal details, more than help you to fix the problem. I asked 6 questions one months ago, but until now, only get 2 answered, and they ask me to go through their online document website (only the website url) to get the rest answers by myself . And they are more interesting on your business, try to get your customer name, your boss and manager’s name, try to get your idea.
I will deal with one of Auth0 sales this week, let’s see if anything goes better from them.
I hope Auth0 can see the votes and improve themselves. Their product is great, but the sales are just too aggressive and make me uncomfortable.
Some statements from the sales as these: “We are small company, not like AWS who can provide free support to community, our support engineers are very busy. So the support will be provided only if you are pay customers. Developer plan only need 13 dollars per month for the support. I can’t answer your questions, because I am not technical support . I need understand your business, because I need recommend what pay plan you can go with.”
lol. Ain’t that a bummer
I don’t think we should attack small businesses like Auth0 for focusing on paying customers. How may of you would continue working for your employer if they refused to pay you? You’d move on pretty quickly and ignore their requests for help.
When it comes to AWS you do get basic support for free (the AWS forums) but if you want anything more than that then even they ask you pay.
As for the product itself, Auth0 is a different product with support for a lot more providers than Cognito so it can be used in places Cognito can’t.
Auth0 is far, far easier to implement. But… it is way more expensive. We started on Auth0 and then switched to Cognito. Cognito has cost us a lot of development time. On the other hand all of our data is collected in a single place, AWS, making it easier to analyze (Cloudwatch alerts).
If Amazon had widgets comparable to the Auth0 widgets, there’d be no contest. The only support for Cognito is some demo code and low level libraries that do about 10% of what you need. I really wish that Mobile Hub would generate apps that implement support for both User Pools and Federated (Google/Facebook) login. I’ve been complaining to some Amazon employees for a couple of months now to implement this.
So my two cents is, start on Auth0. Learn about JWT tokens and how they work. Put your development effort into other parts of your app. Once you get the rest of your app working, develop a parallel Cognito implementation and switch for production use.
BTW, you can make Cognito work with all those other providers Auth0 supports. You’re just going to to have to do some research and write some code. That is advanced use of Cognito, get the basic stuff going first.
thanks a lot @jonsmirl .
AWS is making it much easier to use Cognito with their Amplify library. Still not up to Auth0 level, but it is a huge improvement.
It seems to me that the issue isn’t whether Auth0 expects to be paid, but rather how much. I just checked their pricing, and I was shocked. Currently, they want $745/month for 5000 users, and $1445/month for 10000. After that, you have to contact the company for pricing.
I’m having trouble understanding their target market. That’s not appealing for any startup aiming to scale. And I would think that most local or niche services would balk at those prices, if they develop their own code at all.
I think that @jonsmirl has a point that one might start with Auth0 and then switch over. I think that for less than 1000 users they are a viable option. But I’m concerned that switching would turn out to be easier said than done…
I would presume they want to go after B2B SaaS companies with that pricing, Anything consumer driven price asked is too much simply due lower expected lifetime value of the client.
That been said, I think they have business issue with the price. Extra pain of integrating something like Cognito doesn’t justify the price they asked. If alternative was to build whole auth system by hand they price would defendable, but today you have other alternatives. If you in a budget you could even separate your auth to firebase.
AWS Amplify has improved greatly since I first wrote this. It is easy now to start off on Amazon unless you need to integrate login providers not covered in Amplify.
I’d caution anyone against thinking they can save a few $$'s by using one authentication system now then replacing it with another later. Authentication systems tend to be central to any product. Trying to retro fit or replace your authentication is probably the single most expensive, time consuming and disruptive thing you will ever do.
As @jonsmirl pointed out Amplify and Cognito have improved a lot in recent months but they still suffer from a limited number of providers. His advice to start off with Amplify unless you need a provider they don’t support is spot on.
Heck you right. I forgot Amplify all-together. Makes it almost as easy as firebase or Auth0.
I’ve used auth0, and the documentation was OK, but hard to find what I was looking for. i.e. the JS boilerplate for logging in using the Lock. I ended up finding that in a random code sample. Contrast that with Firebase, which has clear step-by-step tutorials, and offers the complete configuration object and initialization code in the console.
But the deal breaker with auth0 is that yesterday I was unable to log in and password reset didn’t send any emails, so I was effectively locked out of my account. I posted on their community forum but there’s been no reply.
I still don’t understand how my password or email was changed without receiving any confirmation email. As I mentioned in that post, I’m not a security noob, neither a target of any sort, I used a strong password, so the likelihood of being hacked is infinitesimal. And again, when your password or email are changed, any serious service will send a notification to the (old) email address. I have received none.
I am using Auth0 to start off with. I might switch to Cognito/Amplify after reading the problems with Auth0 in this thread. For pricing, Auth0 only seems to make sense for B2B SaaS companies.
Read this first if you are thinking of building an SPA with cognito https://github.com/aws/amazon-cognito-auth-js/issues/92
Cognito user pool has a big security issue which could be a deal breaker if your app is for a financial institution.
some updates after years.
with cognito, you can’t backup and restore the user accounts. the ids (uuid) of each account were generated as unique and can’t be generated as same again.
This becomes an critical issue and block that we can’t migrate this service to other aws account any more.