问题
Is it recommended to authenticate with Cognito directly from mobile device vs going through your own server? I was thinking that it would be preferable for server to authenticate with cognito allowing single end point that is handled by server team to handle authentications from android, ios version of the app vs handling it separately and then have to deal with potential changes-replacement of the cognito as authentication end point. Why add the extra logic on the mobile app vs keeping it in one place in the server API?
回答1:
In my company, we have written all cognito stuff at server side. It has following benefits
- We do not need to read the sdk document for android and iOS.
- We do not need to update android and iOS sdk for compatibilities of every API (ex API 27, 28 ) release.
- We will reduce developer's time by avoiding integration sdk for each platform
- In future, we can create managed service on top of aws congnito to invite external service. Like one microservice will communicate with another; just consuming API.
I highly recommend you to do that backend. Time is money. There is no point to learn an sdk will change every 2 months. Ya, change is constant in software development. If so, we have to prefer which framework change in less frequent.
来源:https://stackoverflow.com/questions/57308245/mobile-app-website-amd-server-api-and-cognito