I'm coming at WorkOS (which, fwiw, I really want to use) from many years (unhappily) working with Amazon Cognito via AWS Amplify. Currently evaluating for use within a B2B SaaS company, specifically for the features around self-service SSO.
Cognito (mostly) (almost) works, but you really have to get your hands dirty and pray to the gods of Authentication that you don't want to change things after it is set up. By comparison, WorkOS seems like a breath of fresh air, and it gives me a lot of confidence to know you count Vercel as a customer.
Aside from superior ease of use, quality of design and feature-completeness (😆), one thing that is different between Cognito and WorkOS is the ability to have a "public" client (ie no client secret, so cookies are unencrypted and accessible from the browser).
I am finding that the use of HTTP-only cookies in WorkOS makes it significantly more expensive/slow to use an external API due to the need to make a request to the Next server to create a JWT that can be attached as a Bearer token (in the usual manner).
Is there a way to use WorkOS with a public (secretless) client and non-http-only cookies? Or is my best course here to use React Context to "cache" the JWT client side after requesting it? Naturally, the external backend will have to validate the JWT header that gets sent so it isn't less secure in that sense.
I'm coming at WorkOS (which, fwiw, I really want to use) from many years (unhappily) working with Amazon Cognito via AWS Amplify. Currently evaluating for use within a B2B SaaS company, specifically for the features around self-service SSO.
Cognito (mostly) (almost) works, but you really have to get your hands dirty and pray to the gods of Authentication that you don't want to change things after it is set up. By comparison, WorkOS seems like a breath of fresh air, and it gives me a lot of confidence to know you count Vercel as a customer.
Aside from superior ease of use, quality of design and feature-completeness (😆), one thing that is different between Cognito and WorkOS is the ability to have a "public" client (ie no client secret, so cookies are unencrypted and accessible from the browser).
I am finding that the use of HTTP-only cookies in WorkOS makes it significantly more expensive/slow to use an external API due to the need to make a request to the Next server to create a JWT that can be attached as a Bearer token (in the usual manner).
Is there a way to use WorkOS with a public (secretless) client and non-http-only cookies? Or is my best course here to use React Context to "cache" the JWT client side after requesting it? Naturally, the external backend will have to validate the JWT header that gets sent so it isn't less secure in that sense.