Authentication is one of those things that seems simple until you actually have to build it.
You need to handle passwords securely. You need OAuth for Google and Apple sign-in. You need to track user data. You need to prevent account takeovers. You need to GDPR-comply with your data. You need to handle email verification. You need to manage sessions across multiple domains.
It's not simple. And if you get it wrong, everything else breaks.
When we started building Jottings, we knew we couldn't implement authentication ourselves. The security implications are too high. We needed a battle-tested solution with professional operations teams behind it.
So we evaluated three options: Auth0, Clerk, and AWS Cognito.
Here's what we learned—and why we chose Cognito.
The Contenders
Auth0
Auth0 is the market leader. Almost everyone uses it. There are thousands of tutorials online. The documentation is excellent.
Pros:
- Incredibly powerful and flexible
- Huge ecosystem of third-party integrations
- Mature, battle-tested, runs at massive scale
- Great documentation and community support
- Visual rule engine for custom logic
Cons:
- Expensive at scale ($980/month for 10,000 monthly active users, then $0.98 per additional user)
- You're locked into their pricing model and have no control over costs
- You own the integration code, but they own the system architecture
- Can be overkill for simple use cases
Clerk
Clerk is the new hotness. Developers love it. It's modern, beautiful, and well-designed.
Pros:
- Developer experience is fantastic (this matters)
- Beautiful pre-built UI components
- Modern tech stack, built for headless and edge computing
- Quick to get running (days, not weeks)
- Great documentation aimed at indie developers
- Reasonable pricing ($25/month for up to 10,000 users)
Cons:
- You're adding a third-party dependency to your entire authentication system
- If Clerk changes their pricing or goes down, you're affected
- Less battle-tested at massive scale compared to Auth0
- Relatively new company (could be acquired, could disappear)
- Still feels like you're paying for their growth story
AWS Cognito
Cognito is the boring option. It's not trendy. It doesn't have a beautiful UI. But it works.
Pros:
- Part of AWS ecosystem—you control the entire infrastructure
- No per-user pricing (pay only for active sessions and API calls, ~$0.15/10,000 requests)
- Integrates seamlessly with Lambda, API Gateway, and other AWS services
- You own the data (no vendor lock-in on your user information)
- No risk of company being acquired or going out of business
- Custom triggers for complete control (Pre-authentication, Post-confirmation, etc.)
- Supports OAuth directly without additional dependencies
Cons:
- UI/UX is dated and requires customization for decent user experience
- Documentation can be sparse or outdated in places
- Steeper learning curve than Clerk
- You're responsible for building your own auth flows
The Math
Let's talk money, because that's usually what matters.
If Jottings grows to 100,000 monthly active users:
- Auth0: $980 base + (100,000 - 10,000) × $0.98 = ~$89,000/month
- Clerk: ~$650/month (flat rate for their growth tier)
- Cognito: ~$100-200/month (API call-based pricing)
Auth0 is wildly expensive at scale. You pay for their business model.
Clerk is reasonable, but you're paying them forever, and there's no way to reduce that cost except by losing users.
Cognito costs basically nothing. The money goes to AWS, yes, but it's part of your overall AWS bill. And you can optimize it.
Why We Chose Cognito
Our decision came down to three factors:
1. Long-term cost control
We're building Jottings to be profitable at scale. That means we need to understand and control our costs. Auth0's pricing would eventually become a significant portion of our revenue. Cognito gives us predictable, minimal costs that don't scale with success.
2. AWS infrastructure
We're already using Lambda, DynamoDB, and API Gateway. Adding Cognito felt natural—it was built to integrate with these services. There's no mismatch between layers. No impedance. Everything talks to everything else cleanly.
3. Control and longevity
Clerk is a great company, but I don't know what they'll be in five years. Auth0 works great now, but pricing changes happen. Cognito is part of AWS. AWS is not going anywhere. We control the entire authentication system end-to-end.
How We Use Cognito
We implemented:
- Email/password authentication via Cognito user pools
- Google OAuth via Cognito identity providers (3 lines of config)
- Apple Sign-In via Cognito identity providers (3 lines of config)
- Custom user creation logic via Cognito Post-Confirmation triggers (Lambda)
- Sign-up method tracking to know whether users signed up with email, Google, or Apple
- JWT validation on every API request
The entire flow is serverless. When a user signs in, Cognito generates a JWT. Our Lambda functions validate that JWT. No servers, no sessions, no sessions to manage.
Did we have to build more than we would with Clerk? Yes. Is it worth it? Absolutely.
What We'd Do Differently
If we were starting Jottings with a different business model, we might choose Clerk. If we were building an enterprise product with complex authentication flows, Auth0 might be justified.
But for a lean, profitable startup? Cognito won every time.
The lesson isn't that Cognito is objectively better than Auth0 or Clerk. It's that you should evaluate tools against your specific constraints.
- If you value developer experience above all else → Clerk
- If you need powerful flexibility and can afford it → Auth0
- If you need cost control and AWS integration → Cognito
We chose based on our constraints: low cost, full control, and long-term viability.
If you're building a bootstrapped product and wondering about auth, I get it. It's stressful. Feel free to reach out on Jottings—I'm happy to share more about our implementation, the specific Lambda triggers we use, or how we track sign-up methods.
Building in public is how we all learn faster.