I'm currently investigating which auth provider I should use for my new web-api project. The requirements are:
- We need an OIDC solution with Authorization Code Flow with PKCE as we will have third party client applications (SPA/Mobile) developed by external vendors.
- We need to give users options to login using an existing external OIDC provider.
These are quite a generic set of requirements that are commonly available in most OIDC providers. It was also quite easy to set-up in AWS Cognito as I expected. After everything is configured my login page looks like below:
The only problem is... you can't customize the UI. You can change some aspects, but only a handful of styles and colours (see here). But what if you want to change the text "Sign in with your corporate ID". As it stands today, you can't.
The screenshot above is what AWS calls the "Hosted UI". If you are doing a Authorization Code Flow with PKCE then you need a hosted UI where the client application can redirect to. And if you're using a hosted UI 90% of the time you'd like to theme it to suite your brand needs. In fact, other than some demo application, I think any hosted UI by the OIDC providers should be themable.
Azure B2C is superior in this regard, they allow ways to fully customize your hosted pages. See here for more information.information.
So if you're considering AWS Cognito for an identity solution and plan to use standard OIDC flows for public apps, keep that in mind.
Top comments (0)