Hidden Truth Why Identity Management Is Not Easy

/ Learnings / By

Identity management doesn’t seem like an engaging topic. What can be interesting in the sign-up and sign-in flow?

You see a simple page that asks you to provide the credentials in order to get access to your profile. Many web applications have that flow as an essential part of the product. You want to give an opportunity to your clients to have a personalized experience that is well-protected.

You need to persist the credentials in the database and verify them during the login process.

If you think that’s it, you are wrong; modern applications need more than just a sign-up flow.

What Identity Features Are Needed?

If you check a few web applications that you use daily, you will discover that identity management has become more complex. The reason for that is to enhance data security and data protection. Multibillion-dollar companies are operating their online businesses successfully, and nobody wants to risk data leakage.

Let’s look at a popular feature – multifactor authentication (MFA). It has become a standard for many websites. Especially if you have to add a credit card and make purchases.

How much time do you need to implement MFA support from scratch in your solution? Or let me ask it differently: do you want to invest time in building something instead of integrating an existing solution? On top of that, we can consider spending time on inevitable bugs and improvements.

What about account recovery? Personally, I use the functionality “Reset password” regularly. To protect the data even more, we need to have a recovery email address or phone number. That is a crucial part of financial products.

The other common issue many businesses face is spam. Automated scripts create new accounts and send irrelevant messages. The easiest way to beat it is to have an account verification mechanism, like confirming an email address. Another simple case that requires development work.

All of those features are a part of identity management.

It is the entire system that serves an essential part of almost any web solution. And in many situations, developing a system with common functionality is not worth spending resources. Especially when the resources are scarce and every penny counts.

Why not integrate an existing solution that takes care of the identity? Saved time can be dedicated to building user value that matters.

What Are the Options?

There are plenty of identity management solutions. Recently, I had the opportunity to dig into AWS Cognito and explore its capabilities.

It is a managed service for access management and identity. It offers two main features: User Pools and Identity Pools. What are those?

User Pools is a collection of users that are being managed by AWS. It takes care of the sign-up and sign-in process, account verification, multifactor authentication, and much more.

User entry in User Pools

That is a perfect example of identity management. You can create users via API as well as using the AWS Console. What caught my eye was the ability to customize the sign-up process with enhanced security requirements.

Creating a user in User Pools

The sign-up flow in the User Pools offers various configuration options. We can specify the rules for the password, account confirmation, or extra mandatory fields. Or we can use just a basic registration if you have a simple application.

Later, the user can authenticate themself to acquire the token that will be used to access the protected data.

aws cognito-idp initiate-auth \
 --region "$REGION" \
 --client-id "$CLIENT_ID" \
 --auth-flow USER_PASSWORD_AUTH \
 --auth-parameters USERNAME="$USERNAME",PASSWORD="$PASSWORD",SECRET_HASH="$SECRET_HASH" \
 --query 'AuthenticationResult.IdToken' \
 --output text

The other main feature of AWS Cognito is Identity Pools. The name can sound confusing and similar to User Pools. But the main purpose of it is to enable authentication methods through the providers.

For example, we can configure the access to the cloud application by authenticating users through Facebook, Google, or Apple. Identity Pools will generate credentials and define the permissions for those authentication methods.

Identity Pools

Your customers will be able to access the application and the resources in the cloud based on their identity.

With Identity Pools, you don’t need to integrate multiple authentication methods in your application. Everything is configured in a single place, offering a production-ready solution out of the box.

Identity management is not a straightforward task, as it may look at first glance. It is an important security piece of your application that consists of multiple components. And implementing it from scratch can take plenty of resources.

You should not be afraid to delegate this functionality to third-party providers like AWS Cognito. It will help to keep your application compliant and secure.

Do you want to know how to grow as a software developer?

Are you curious about how to achieve the next level in your career?
Looking how to succeed as an engineer?

My book Unlock the Code: The Ultimate Guide to Advancing from Junior to Senior Software Engineer in 7 Actionable Steps offers a comprehensive list to boost 
your professional life. Get your copy now!

Originally published on Medium.