Cover

June 04, 2024

Cognito Alternatives: Access Services That Pair With Any Set-Up

In this blog, we evaluate Amazon Cognito and compare it with five leading alternatives: SuperTokens, Clerk, Auth0, Stytch, and Frontegg. We'll cover pricing, setup complexity, data migration, and security features. Additionally, we discuss the benefits of open-source authentication and the choice between customized and out-of-the-box solutions. This guide helps you find the best user management solution for your needs.

By Dejan Lukic

Table of Contents

Introduction

Authentication as a Service (AaaS) providers have steadily risen to prominence in the tech landscape, offering digital identity and access management solutions, while heavily improving developer experience and reducing cost.

As the adoption of AaaS is becoming mainstream, businesses of all sizes recognize the value of outsourcing their authentication needs to a trusted third party.

In the deep sea of AaaS providers, Amazon Cognito is a well-known and well-trusted identity and access management (CIAM) platform. Cognito provides both authentication and authorization features for web and mobile apps, but it comes with its set of limitations that we will cover in this article.

Cognito Pros & Cons

Cognito is part of the already huge ecosystem of Amazon Web Services. While it is neat to have it with your existing AWS stack, keeping all of your eggs in one basket isn’t something you’d do for auth.

Cognito offers common features like guest logins, MFA, SSO, and such, but they are common - not differentiating.

Coming from a large name like Amazon, it would make sense that Cognito stands out in the crowd, but it seems it stands out as a black sheep, and you’ll learn more down the line. Let’s first cover Cognito’s pros and cons.

Cognito’s Pros

  • Generous Free Tier: Free 50,000 monthly active users (MAU), with $0.0055/MAU afterwards, making it cheaper than most providers.
  • Cross-Platform Consistency: Cognito handles multi-device authentication out-of-the-box, allowing you to log in on multiple devices & platforms at the same time with a single account.
  • Guest Logins: Cognito allows guest logins for users who might not complete the full sign-up cycle, providing access to restricted endpoints.
  • Easy Integration within AWS Ecosystem: As expected, as Cognito is an AWS service, it makes it very simple to bridge identities from the Cognito identity pool to the rest of the AWS ecosystem.

Cognito’s Cons

  • Vendor Lock-In: No real portability.
  • No Multi-region Availability: Cognito doesn’t support multi-region sync, fail-over, nor simple transfer to another region without writing custom lambda functions.
  • No Rolling Refresh Tokens: Not having rolling refresh tokens increases the risk of unauthorized access and security breaches by allowing tokens to remain valid for an extended period.
  • Lacking Documentation: Cognito’s documentation lacks clarity, is often confusing and misses most of the use cases/examples you’d expect.
  • Learning Curve: As with most AWS products, Cognito also has a steep learning curve, with many knobs and gears you’ll have to take some time to adapt to the not-so-common UI.
  • Security Flaws: Cognito can be easily misconfigured, which can be closely related to the learning curve and lacking documentation as mentioned above, exposing it to multiple attack vectors.

As some Cognito’s customers point out “it feels like strange alien technology and it takes some time to understand why it exists and what needs it serves”.

Where Does Cognito Work Best? (& Who Should Look For Alternatives)

If you’ve already based your product within the AWS ecosystem, Cognito might be a good choice due to its tight, deep-heart integration in the ecosystem.

Cognito is also affordable for small businesses or projects starting, with a generous tier of free 50k MAU included.

5 Cognito Alternatives For More Scalable User Access & Security Protocols

After we’ve covered Cognito’s pros & cons and features that are, considered the feature sets of similar tools, pretty fundamental and not a huge game changer.

Nowadays, what sets providers apart are not just their features but various factors like pricing, setup speed, customization options, and migration possibilities. These are the aspects this guide will focus on, giving a brief overview of each service.

Feature & Pricing Comparison: Cognito vs. SuperTokens

SuperTokens differs from the vast majority of authentication providers by being completely open-source and modular, meaning you take what you need, and leave unnecessary features behind, making it easier to implement just the things you need.

Pricing

Self-hosted version is completely free with no user limitations whatsoever.

The cloud version includes 5,000 MAU for free and is priced at $0.02 per MAU after 5,000 users.

SuperTokens offers paid add-ons like:

See detailed SuperTokens pricing.

Setup time & Complexity

SuperTokens can be set up in a few minutes, with automatic setup using CLI.

The self-hosted version can be deployed within 10 minutes.

There are plenty of [setup guides](https://supertokens.com/docs/guides\) for different use cases with SuperTokens that you might find useful.

Open-source & Licensing

As mentioned above, SuperTokens is completely open-source with over 12k stars on GitHub and 25+ contributors at the time of writing.

It’s licensed under Apache License 2.0. In short, Apache License 2.0 is a permissive open-source license that allows users to freely use, modify, and distribute software for any purpose, with the requirement that any modifications to the original code are documented. It also includes a patent grant, providing users with assurance against patent claims from contributors to the project.

Data Migration Options

SuperTokens supports user data migration, session migration, and MFA migration out of the box. See a detailed overview of SuperTokens migration support.

Hosting Options

Cloud & self-hosted.

Size of the Company

In the batch of summer 2020, SuperTokens got funding from Y Combinator and since then has managed to raise over $300M in investments.

It is also one of the fastest growing open-source startups as covered by ROSS Annual 2022 Index.

Security Features

SuperTokens is AICPA SOC 2 Type-II compliant, with extensive policy controls, with a 99.99% uptime covered by Instatus.

Overall, SuperTokens pretty much outshines Cognito as being a completely open-source platform, while having enterprise-grade security features & protocols, and also being cheaper, not only on an on-per-MAU basis but also considering development time, it is much easier to integrate than Cognito.

Feature & Pricing Comparison: Cognito vs. Clerk

As compared to Cognito, Clerk dominates in its focus on SaaS products, primarily B2B and B2C-oriented ones. Clerk also draws attention to its pre-built UI components (Clerk Elements) and hosted UI portals.

Clerk’s selling point is condensed in a one-liner - “First day free - means no charges for users who sign up but never return. Users are only counted as active when they come back after 24 hours.”

Pricing

Clerk’s free plan includes 10,000 MAU and a custom domain.

The Pro plan starts at $25 per month, with $0.02 per MAU after the included 10,000. It allows you to remove Clerk branding, create allowlists/blocklists, customize session duration, etc.

Setup time & Complexity

Clerk can be set up within a few minutes using pre-built components, or within a few hours with custom components.

Open-source & Licensing

The core is not open source (closed-source & proprietary), but its libraries are open-source. There is also no control over user data hosting, residency or regions.

Data Migration Options

Doesn’t support session migration; supports trickle integration; needs to provide password_hasher value - the hashing algorithm used to generate the password digest) and in some instances, Clerk will transparently upgrade your users’ password hashes to the more secure Bcrypt hashing algorithm

Hosting Options

Cloud only.

Size of the Company

Startup, with over $55.5M in funding, notably backed by Stripe and Madrona.

Security Features

Clerk is AICPA SOC 2 Type-II certified & HIPAA, and CCPA compliant.

As stated by multiple customer reviews, Clerk is well suited for improving conversions and user funnels. Clerk’s clear docs and pre-made components are keen on the DevEx side, making it a fast-to-integrate tool within your existing stack.

Feature & Pricing Comparison: Cognito vs. Auth0

Auth0 was previously known and loved as a preferred CIAM platform with a wide range of specific features that cater to different use cases and industries.

Nonetheless, following its acquisition by Okta in 2021, developers have noticed the usual pattern when startups get acquired when a surge for profit overweight the customer needs and since started exploring alternative solutions, citing concerns regarding pricing (a 300% increase), and a need for enhanced customization, and perceived support shortcomings.

Pricing

The free plan includes 7,500 MAU. Auth0 differentiates its plans as B2B and B2C.

B2C:

  • $35 - $240 per month for 500 MAU
  • $70 - $240 per month for 1,000 MAU
  • $175 - $545 per month for 2,500 MAU
  • and so on…

B2B:

  • $150 - $800 per month for 500 MAU
  • $300 - $800 per month for 1,000 MAU
  • $700 - $1,200 per month for 2,500 MAU
  • and so on…

Setup time & Complexity

Auth0 can be set up within a few minutes. It also features pretty comprehensive documentation.

Open-source & Licensing

The core is closed-source with the ability to connect to an external database

Data Migration Options

Extensive methods of user migration (provide links); automatic migrations; trickle migration support; user import/export extension

Hosting Options

Cloud & on isolated private deployment

Size of the Company

Enterprise, with the latest $120M funding, valuing the company at $1.92B.

Security Features

Auth0’s security, privacy & compliance:

  • Can provide HIPAA BAA & PCI compliance
  • SOC 2 Type-II compliant
  • ISO27001 certified
  • ISO27018 certified
  • Gold Star CSA Level 2 Audit certified
  • PCI DSS compliance
  • GDPR compliance

Auth0 is a great tool for specific or complex use cases that require multiple layers of abstraction. If you’re just starting out with, let’s say a simple SaaS, Auth0 might have unnecessary overhead for you.

Feature & Pricing Comparison: Cognito vs. Stytch

Stych comes as a feature-packed Swiss army knife covering both user management and fraud & risk prevention. Stytch focuses on B2B authentication, with superior documentation and support both from the company and the community.

Pricing

The free plan includes:

  • 25 organizations
  • 1,000 MAU
  • 1,000 machine-to-machine (M2M) tokens

Pricing ranges from $249 - $799 per month for the following:

  • 25 - 100 organizations
  • 1,000 - 7,500 MAU
  • 5,000 machine-to-machine (M2M) tokens

Additional pricing:

  • $0.50 per organization
  • $0.05 per MAU
  • $0.005 per M2M token

Setup time & Complexity

Stytch can be set up in less than an hour.

Open-source & Licensing

Closed-source; no control over data hosting.

Data Migration Options

Stytch has support for: static data migration strategy, dynamic data migration strategy Migrating authentication related logic

Hosting Options

Cloud-only.

Size of the Company

Startup, valued at over $1B

Security Features

Stytch’s security, privacy & compliance:

  • ISO27001 certified
  • ISO27018 certified
  • SOC 2 Type-II compliant
  • GDPR & CCPA compliance

Similar to Clerk, with a focus on passwordless authentication, Stytch is also favoured for increased customer conversions and simpler UI. It has a good balance between complexity and feature-rich set, so it may apply to a greater range of use cases.

Feature & Pricing Comparison: Cognito vs. Frontegg

At first, by reading the name you wouldn’t think this provider has anything to do with user authentication, but it very much does. Jokes aside, Frontegg is another B2B-centered user management platform featuring a straightforward, “step” based setup.

Pricing

The “Free forever’ plan includes:

  • 50 tenants
  • 7,500 MAU
  • 5 SSO

Other pricing plans require a sales call.

Setup time & Complexity

Less than an hour, Frontegg promises that it’s “operational in hours, not months”.

Open-source & Licensing

Closed-source, no control over data

Data Migration Options

Frontegg has support for data migration from other auth providers out-of-the-box, with additional support for:

  • Bcrypt passwords
  • Scrypt passwords
  • Firebase passwords
  • Pbkdf2 and Pbkdf2 from Keycloak
  • Bulk user migration

Hosting Options

Cloud-only. Enterprise can be self-hosted. No SLA.

Size of the Company

Startup, with over $70M in funding

Security Features

Frontegg’s security, privacy & compliance:

  • ISO27001 certified
  • ISO27018 certified
  • SOC 2 Type-II compliant
  • GDPR & CCPA compliance

Frontegg’s absolute best benefit is the “free forever” plan. With most of the tools in this list, Frontegg is also heavily B2B and enterprise-focused, but that shouldn’t stop other consumers from using Frontegg as its less laser-focused feature set is sufficient for other use cases.

The Advantages Of Open-Source User Authentication

Using open-source user authentication providers brings many benefits to the table. Transparency through code audits ensures trust, while the opportunity to contribute to the code base enhances functionality and enables quicker issue resolution.

With a cost-effective approach, it’s often cheaper than proprietary alternatives, aligning with the “it’s free, and when it’s not, it’s cheaper” ideology.

As a cherry on the top, developers are usually the end-users themselves, which ensures solutions cater to real-world problems, further improving longevity, reliability, and freedom from vendor lock-in.

Implementation Considerations: Customizing Access Solutions vs. Out-Of-The-Box Software

When considering user management solutions, the choice between customizing and using out-of-the-box software can be a direct fate determinator. Developing custom solutions brings significant pain points, including security and privacy risks, both technically and legally.

Complying with all necessary regulatory and certification bodies takes months, sometimes years, depending on your use case.

In contrast, out-of-the-box software offers convenience and potentially better adherence to security standards, although it may lack the flexibility of customization.

SuperTokens in this case is in a sweet spot between customization and an “out-of-the-box” piece of software. Being fully open-source allows you to change anything and everything, and with many features already present, you can customize them until you’ve reached your point of perfection.

Conclusion

The choice between using a custom auth solution or utilising a third party is a matter of budget, time and complexity of your project.

A third-party solution, like SuperTokens, is a no-brainer for a startup or larger organization. SuperTokens frees you from any vendor lock-in, is completely open-source and has features covering simple and complex authentication flows.

Written by the Folks at SuperTokens — hope you enjoyed!