Approved
Zhivko Angelov, Viktor Isaev, Kiril Stoilov
Security is one of the driving characteristics of ClearView. We need an authentication / authorization solution for our service, that is:
- Fully secure and conforms to the most recent security standards.
- Role-based access control to differentiate between clients, companies, and admins.
- Simple to work with (has minimal development costs).
- Simple to operate (has minimal operating costs).
- Scales well to support varying loads without compromising security or performance.
- Supports user federation and all popular authentication methods.
We choose to use AWS Cognito and OIDC protocol for authentication, because it matches all our criteria stated above. We use role-based authorization with JWT tokens.
We also considered Auth0 as an alternative, as it:
- Also matches the requirements
- Has seemingly better support
- Has reportedly better logging
However, we have decided to still use AWS Cognito, because Cognito has better pricing compared to Auth0.
Positive:
- We will be able to implement authentication / authorization easily and quickly and have simplified user management.
- Seamless integration with AWS: since Cognito integrates natively with other AWS services like API Gateway and Lambda, it simplifies securing API endpoints.
- Our authentication solution will have compliance with all required security regulations.
- We will have scalability and availability of our authentication solution out of the box.
Negative:
- We will be moderately vendor-locked.
- We will be limited in customizing our authentication solution.
This decision is reversible - we may be able to switch to another authentication service given that we use standard OIDC authentication protocol.