Amazon Cognito vs Spring Security

Overview

Amazon Cognito

Stacks616

Followers917

Votes34

Spring Security

Stacks559

Followers589

Votes6

GitHub Stars9.4K

Forks6.2K

Amazon Cognito vs Spring Security: What are the differences?

Introduction

This markdown code provides a comparison between Amazon Cognito and Spring Security, highlighting the key differences between the two.

Data Storage: A significant difference between Amazon Cognito and Spring Security is their approach to data storage. Amazon Cognito utilizes the Amazon Web Services (AWS) stack to store user data securely in the cloud, providing scale and resilience for managing user accounts and data. On the other hand, Spring Security does not provide a dedicated data storage solution but rather integrates with existing databases or user repositories through its flexible architecture.
Authentication and Authorization: Amazon Cognito offers built-in authentication and authorization mechanisms, supporting popular social identity providers, such as Facebook, Google, and Amazon. It provides a fully managed user directory, enabling features like user sign-up, sign-in, and multi-factor authentication. Spring Security, on the other hand, is primarily focused on providing security capabilities for Java applications and can integrate with various authentication mechanisms, such as LDAP, JDBC, and OAuth. It provides a comprehensive framework for role-based authorization through its security configuration.
Scalability and Serverless Computing: With Amazon Cognito, developers can take advantage of the scalability and serverless computing capabilities provided by AWS. It can handle millions of users and automatically scales to accommodate varying user loads. Spring Security, on the other hand, relies on the underlying application infrastructure for scalability and may require additional configuration or resources to handle large user bases effectively.
Integration with AWS Services: Amazon Cognito seamlessly integrates with other AWS services, such as Amazon API Gateway, AWS Lambda, and Amazon S3, allowing developers to build secure and scalable serverless applications. It can provide access to AWS resources based on user roles and permissions. Spring Security, while not directly integrated with AWS services, can be used in conjunction with them through appropriate configurations and libraries.
Vendor Lock-in: Amazon Cognito, being an AWS service, may introduce some level of vendor lock-in as it is tightly coupled with the AWS ecosystem. While it offers a wide range of functionality and convenience for AWS-based applications, migrating to a different cloud provider may require significant effort. Spring Security, being an open-source framework, provides more flexibility and can be used with various cloud platforms or self-hosted environments without significant vendor lock-in concerns.
Pricing Model: Another key difference between Amazon Cognito and Spring Security is their pricing models. Amazon Cognito follows a pay-as-you-go pricing model, charging for active users and the amount of data stored. The pricing includes both authentication and authorization services. Spring Security, on the other hand, is an open-source framework and does not have any direct costs associated with it, making it a cost-effective option for applications that do not require the additional features provided by Amazon Cognito.

In summary, Amazon Cognito and Spring Security differ in their approach to data storage, authentication and authorization mechanisms, scalability, integration with AWS services, vendor lock-in, and pricing models.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs

CLI (Node.js)

Manual

Advice on Amazon Cognito, Spring Security

sindhujasrivastava

Jan 16, 2020

Needs advice

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server.

Keycloak
Okta
Auth0 Please advise which one to use.

258k views258k

Comments

Brent

CEO at DEFY Labs

Mar 7, 2020

Decided

I started our team on Amazon Cognito because I was a Solutions Architect at AWS and found it really easy to follow the tutorials and get a basic app up and running with it.

When our team started working with it, they very quickly became frustrated because of the poor documentation. After 4 days of trying to get all the basic passwordless auth working, our lead engineer made the decision to abandon it and try Auth0... and managed to get everything implemented in 4 hours.

The consensus was that Cognito just isn't mature enough or well-documented, and that the implementation does not cater for real world use cases the way that it should. I believe Amplify has made some of this simpler, but I would still recommend Auth0 as it's been bulletproof for us, and is a sensible price.

297k views297k

Comments

Detailed Comparison

Amazon Cognito	Spring Security
You can create unique identities for your users through a number of public login providers (Amazon, Facebook, and Google) and also support unauthenticated guests. You can save app data locally on users’ devices allowing your applications to work even when the devices are offline.	It is a framework that focuses on providing both authentication and authorization to Java applications. The real power of Spring Security is found in how easily it can be extended to meet custom requirements.
Manage Unique Identities;Work Offline;Store and Sync across Devices;Seamless Guest Access;Safeguard AWS Credentials;Control Access to AWS Resources	Comprehensive; Servlet API integration; Protection against attacks
Statistics
GitHub Stars -	GitHub Stars 9.4K
GitHub Forks -	GitHub Forks 6.2K
Stacks 616	Stacks 559
Followers 917	Followers 589
Votes 34	Votes 6
Pros & Cons
Pros 14 Backed by Amazon 7 Manage Unique Identities 4 Work Offline 3 MFA 2 Store and Sync Cons 4 Massive Pain to get working 3 Documentation often out of date 2 Login-UI sparsely customizable (e.g. no translation) 1 Docs are vast but mostly useless 1 Only paid support	Pros 3 Java integration 3 Easy to use
Integrations
No integrations available	Spring Boot Spring MVC

What are some alternatives to Amazon Cognito, Spring Security?

Auth0

A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications.

Stormpath

Stormpath is an authentication and user management service that helps development teams quickly and securely build web and mobile applications and services.

Keycloak

It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

Devise

Devise is a flexible authentication solution for Rails based on Warden

Firebase Authentication

It provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google,

WorkOS

Start selling to enterprise customers with just a few lines of code.

OAuth.io

OAuth is a protocol that aimed to provide a single secure recipe to manage authorizations. It is now used by almost every web application. However, 30+ different implementations coexist. OAuth.io fixes this massive problem by acting as a universal adapter, thanks to a robust API. With OAuth.io integrating OAuth takes minutes instead of hours or days.

OmniAuth

OmniAuth is a Ruby authentication framework aimed to abstract away the difficulties of working with various types of authentication providers. It is meant to be hooked up to just about any system, from social networks to enterprise systems to simple username and password authentication.

ORY Hydra

It is a self-managed server that secures access to your applications and APIs with OAuth 2.0 and OpenID Connect. It is OpenID Connect Certified and optimized for latency, high throughput, and low resource consumption.

Kinde

Simple, powerful authentication that you can integrate in minutes. Free your users from passwords with secure and frictionless one click sign up and sign in. Built from the ground up using the best in class security protocols available today.

Related Comparisons

Amazon Cognito vs Spring Security: What are the differences?

Introduction

This markdown code provides a comparison between Amazon Cognito and Spring Security, highlighting the key differences between the two.

Data Storage: A significant difference between Amazon Cognito and Spring Security is their approach to data storage. Amazon Cognito utilizes the Amazon Web Services (AWS) stack to store user data securely in the cloud, providing scale and resilience for managing user accounts and data. On the other hand, Spring Security does not provide a dedicated data storage solution but rather integrates with existing databases or user repositories through its flexible architecture.
Authentication and Authorization: Amazon Cognito offers built-in authentication and authorization mechanisms, supporting popular social identity providers, such as Facebook, Google, and Amazon. It provides a fully managed user directory, enabling features like user sign-up, sign-in, and multi-factor authentication. Spring Security, on the other hand, is primarily focused on providing security capabilities for Java applications and can integrate with various authentication mechanisms, such as LDAP, JDBC, and OAuth. It provides a comprehensive framework for role-based authorization through its security configuration.
Scalability and Serverless Computing: With Amazon Cognito, developers can take advantage of the scalability and serverless computing capabilities provided by AWS. It can handle millions of users and automatically scales to accommodate varying user loads. Spring Security, on the other hand, relies on the underlying application infrastructure for scalability and may require additional configuration or resources to handle large user bases effectively.
Integration with AWS Services: Amazon Cognito seamlessly integrates with other AWS services, such as Amazon API Gateway, AWS Lambda, and Amazon S3, allowing developers to build secure and scalable serverless applications. It can provide access to AWS resources based on user roles and permissions. Spring Security, while not directly integrated with AWS services, can be used in conjunction with them through appropriate configurations and libraries.
Vendor Lock-in: Amazon Cognito, being an AWS service, may introduce some level of vendor lock-in as it is tightly coupled with the AWS ecosystem. While it offers a wide range of functionality and convenience for AWS-based applications, migrating to a different cloud provider may require significant effort. Spring Security, being an open-source framework, provides more flexibility and can be used with various cloud platforms or self-hosted environments without significant vendor lock-in concerns.
Pricing Model: Another key difference between Amazon Cognito and Spring Security is their pricing models. Amazon Cognito follows a pay-as-you-go pricing model, charging for active users and the amount of data stored. The pricing includes both authentication and authorization services. Spring Security, on the other hand, is an open-source framework and does not have any direct costs associated with it, making it a cost-effective option for applications that do not require the additional features provided by Amazon Cognito.

Amazon Cognito vs Spring Security

Overview

Amazon Cognito vs Spring Security: What are the differences?