- Newest
- Most votes
- Most comments
After switching from cognitoUser.authenticateUser() to cognitoIdentityServiceProvider.adminInitiateAuth() execution time is reduced to 300-500 ms(using ADMIN_NO_SRP_AUTH).
There could be multiple reasons why this happens. Some are configuration related similar to the issue below:
https://github.com/aws/amazon-cognito-identity-js/issues/247
Hi toto
Did you get a solution to this issue?
We are also using API Gateway, Lambda/Node, Cognito (same region) and amazon-cognito-identity-js-node to call cognitoUser.authenticateUser passing the AWS.CognitoIdentityServiceProvider.AuthenticationDetails with the username and password.
It's taking a crazy 5/6 seconds to complete the authentication which is unacceptable and not what we used to experience. It is much faster when we use the in-browser Javascript SDK.
I'm concerned that by using the Javascript SDK we will expose our AWS credentials - so have opted to move this code to Node.
I'd expect the documentation and support for Cognito on Lamda / Node to be first class, it's so poor with few examples.
Any pointers or help would be greatly appreciated.
Thanks
I my case, it takes about 4-5 seconds to complete getUser (accessToken) cognito procedure.
My user pool and lambda function all in the same region too.
Using nodeJs api inside lambda function.
Why does it very slow ?
https://docs.aws.amazon.com/pt_br/cognito-user-identity-pools/latest/APIReference/API_GetUser.html
I am also experiencing very slow speeds with AuthenticateUser. 5-7 seconds on average but only on lambda. Locally it is very fast.
Same here. 6-7 seconds on lambda. Both cognito user pool and lambda function are in the same region. Any news?
Edited by: Ahi on Aug 6, 2018 1:07 PM
Hi everyone, Coming back to this question since I had the same issue and it took me a while to understand what's happening.
The thing is authentication with SRP. SRP (Secure Remote Password protocol) is a cryptographic protocol that allows the client to prove to the server that it knows the password without actually sending the password, however it is computationally intense. When running locally, your laptop will crunch the numbers and then send the results, which appears fast because your laptop has powerful CPU and GPU. The lambda however, not so much.
The javascript SDK that is intended to run on the client side, selects the appropriate way of authentication and it appears that if SRP is enabled it will use SRP.
In short, if you are using SRP, use it on the client, not on lambda. If you don't have a client, you don't have to use SRP.
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago