Mobile App Website Amd Server Api And Cognito

Is it recommended to authenticate with Cognito directly from mobile device vs going through your own server? I was thinking that it would be preferable for server to authenticate w

Solution 1:

In my company, we have written all cognito stuff at server side. It has following benefits

1. We do not need to read the sdk document for android and iOS.
2. We do not need to update android and iOS sdk for compatibilities of every API (ex API 27, 28 ) release.
3. We will reduce developer's time by avoiding integration sdk for each platform
4. In future, we can create managed service on top of aws congnito to invite external service. Like one microservice will communicate with another; just consuming API.

I highly recommend you to do that backend. Time is money. There is no point to learn an sdk will change every 2 months. Ya, change is constant in software development. If so, we have to prefer which framework change in less frequent.