What are you referring to when you say, "cognito alone"?
- As in the actual API via fetch and storing one's own cookies? Because OAuth is complex and AWS docs are awful.
- As in the AWS package amazon-cognito-identity-js? Because it's sort of an old middle package that one might as well go full custom or choose between AWS package or NextAuth.
- As in using aws-amplify or @aws-amplify/auth package? Have you seen the code for these packages? It's lazily done, messy, old, non-modular, and so sensitive that any change creates a domino effect. Even their modular packaging attempt with @aws-amplify/* is still not really modular. A key note to see their non-modular 'modular' approach is when you import one thing and it gives a 40% increase in total JS bundle size. I recommend @next/bundle-analyzer so you can see your differences when using their packages versus not using them/using NextAuth.
NextAuth is better for many reasons. It's a large decrease in bundle size when compared to cognito packages, it's a simpler code, allows for non-vendor lock-in by easily swapping out the auth provider, can do the same thing, and since you're using nextjs, it's designed specifically for the nextjs stack so it integrates well with nextjs (auth routes, api routes, etc).