Some time back as I remember, AWS was the biggest (and probably only leading) cloud provider. But with each gone day, Azure is increasing its product base in competition to AWS. Many of these products are inspired (don’t read as copy) originally from AWS. Also, in most of the Azure products, you will find a small asterisk hidden somewhere and cost is something which is more or less equal or expensive.
Despite all these facts, slowly and gradually with a pace approaching AWS and could takeover in a few years. Well, this seems to be a little too much from a developer without understanding of deeper market dynamics, but rather this is from the heart and trouble ship that I have faced, and probably many of the other developers facing. Alert, this post contains no code, but theory.
DISCLAIMER: Again this is all a personal perception in discussion with several other developers. This post is not comparing any of the product features, but rather other aspects.
In the following post are two of the major issues which me and many other developers face daily. I started analyzing on AWS Cognito which is my second major AWS product on which i had digged deep (very deep). Its not been easy, believe me, but AWS Cognito is a wonderful product and deserves a more then better consideration for managed auth. The thing i like most is the support for smooth PAKE. I shall be writing a short brief on managed auth in some time.
Documentation
Documentation is one of the key reason which I feel Microsoft is a clear winner. While AWS does provide that I needed in my study, however, the documentation is sparse and disappointing. All the documentation presented by AWS help pages, seems more of Java Doc or mechanical and automatically generated without feelings.
There are very less or Getting Started which could explain simple flows. You course can dig in to their git hub samples, which are not (or poorly) indexed. Also, SDKs, not so sure of others, but for .net its a disaster.
The particular flow that I was struggling was to
- Login a user with SRP flow and password verifier challange.
- Setup MFA for the user.
This might seemed a simple step, or atleast from their javadoc type documentation, but in fact it is not and that reflects the API which seemed fragmented and a similar problem i never get across Azure.
First Step was to fire up Postman (love it) set up auth and hit it. Bang. the header needs to be in a particular format. This might be standard to AWS, but for standard user, could be a bloody challenge. After some time, got around that, now, I could challenge and assign the MFA to user, but shit, on the self hosted page, it just would not show the MFA page. Again, the issue is lack of documentation or rather structured documentation. You need to read in every bit and byte before starting.
Next step was to integrate in my “Hello Vineet” app. Most of the online content, blogs, content, whitepapers which refers and use AWS Cognito just refers a client ‘without a client secret’. Yes, you read it right, more or less implicit flow. Atleast i could not find a single post mentioning how to integrate AWS Cognito with .net platform using client secret. Result is that i had to spend several hours figuring out how to provide in client secret.
The SDK provided, also takes in client secret in multiple overloads but is pretty much useless and doesn’t work unless you put it in a particular overload. Again could not find documentation to this. Altogether setting the MFA flow, with other challenges took a good amount of time.
Duplicate packages / codebase
Consider the following packages
Amazon.Extensions.CognitoAuthentication AWSSDK.Extensions.CognitoAuthentication
Two different nugets packages, pointing to same code, one being deprecated (from github) but still their dedication needs hatsoff. Both the libraries are still up. Ideally there should be a deprecation plan to outdate one. Reason being, many of the pages on AWS help / blog pages, that refers codebase still refers to older package and not being updated. There is no mention of the same on the nuget as well. You ‘just’ need to dig into the codebase in github to find if the package is valid any more or not.
With all its issues, I loved AWS Cognito especially for its pricing. A short series is on its way in the world for managed auth.
i believe the same problem is gcp as well. Although MS does mentions some of the common flows, but complex cases are not available there as well.
I am also stuck with cognito aws with MFA assigned the challenge but mfa page is not showing up
can you explain how to force mfa for all users. i am usin hosted login.