Is there a sample of a login lambda that generates a JWT based on my cognito user pool? This is given that my frontend is outside of SST

you cannot generate a JWT for a user from backend code, one of my biggest reasons for not recommending cognito

You’re right. I’m using Cognito and want to use JWT

you need to have your frontend talk directly to cognito

I see. Thank you!

I heavily recommend Cognito, unless you have a very solid reason for not using it. Its about 1/10 the cost of alternatives, besides Firebase.

oh if you have the username/pw you can do that, thought you meant through your own mechanism

thats actually another one of the possibilities, its called “Custom_Auth”. I havent used it, but it does exist for when you need to work outside of the standard flow.

Ohh. This is cool! Was just wondering what other options I have besides Cognito. But this one looks good. I will definitely take a look! Thanks for pointing me in the right direction! I love this community! ❤️

Sure thing. One recommendation I learned the hard way: forget custom attributes exist. If you ever want to change them, you have to rebuild cognito from scratch, basically. Just store whatever they are yourself.

I actually have used that custom auth setup to do an email link login flow

lol, then why the shade? I got no love for Cognito, but in the right light, it looks like a mediocre authN service.

I have a flow for the perfect b2b auth system that's more or less how slack works. Per workspace logins can be configured independently with SSO or whatever, but also the ability to recover your account with just email if you forgot which workspace you were in

btw., what is the advantage of slack's system? Is it just so that no user data exists in a central place?

IMO it's the most correct for a b2b application. You have seperate user accounts per workspace and each workspace might have its own auth rules. Login with username/pw, login with Google, integrate with Okta SSO, etc. But then there's a bunch of UX questions where if a user only knows about slack.com and doesn't know their workspace, how do they "recover" their account

ah, yeah, I guess it makes sense when you consider different auth sources

No doubt cognito is at the bottom of any feature list, your opinion makes sense to me, Dax. Let me state more clearly: my opinion is based entirely around using Cognito for the absolute bare minimum in authN functionality, then building everything else around it. In this vein, I think it…works. I base a lot of this opinion on that things around auth tend to be pretty custom anyway, so the custom logic writing scenario fits that for me. If you have an exact requirement that another solution can do out of the box, paying for that can definitely make sense.

hey late to the discussion and I also kinda have this long hate/okish relationship with cognito and I think if it wasn't priced cheaply you wouldn't consider it. My personal issues with cognito is that it can be slow to login and then it also has a bunch of hidden options and then some options you can't change after creation - so that is the frustating parts. But as we all love open-source options I think that https://supertokens.com/ is the thing to check out for auth as an alternative. (even though some things are still in development)