I have a question regarding whether or not I should implement authentication functionality myself or use an identity provider (idP) such as Firebase, Cognito, auth0, and more for our app.  We have a mobile app which interacts with an API, and the API in turn, interacts with a MySQL database.  It’s worth noting that we are yet to launch and so we have the freedom of choosing whichever approach.

I have read numerous posts on the topic of implementing auth vs using an idP, and it seems using an idP is the way to go due to the difficulty of securely implementing your own authentication system.  However, I have a couple issues which arise should I use an idP:

1. When a new user is created via an idP, they must also be created in our MySQL database, and a link established (the idP users ID).  The idP userID (UUID) must be linked to the user in the MySQL database so the distributed systems remain in sync.

2. JWT issued by idP does not include the users MySQL userID (INT due to performance benefits, indexing, storage, etc.) and so when the API handles a request which requires an interaction with the MySQL database, an additional MySQL query must be executed to select the userID INT for the userID UUID (not ideal).  This is because the MySQL userID (INT) is used as a foreign key (FK) for many other tables.  It is possible to perform an INNER JOIN and therefore omit the initial MySQL query to get the userID but this is once again not ideal.

3. We are using AWS to host our server, database and more, so AWS Cognito seems the obvious identity provider to use.  However, AWS Cognito does not backup its data (highly risky?) and they do not support user migration which could or couldn’t be required in the future.

Based off of the issues mentioned above, which approach do you recommend?  Any help would be greatly appreciated!