lundi 24 janvier 2022

Design ideas for managing multiple third party apis with separate authentication methods

Trying to figure out the best approach to design for the following:

We have a REST API that is going to fetch plant data. We have a few third party plant data providers.

  1. Each provider has its own REST API
  2. Each provider has its own authentication/authorization method (OAuth1.0, 2.0, etc)
  3. We aren't guaranteed that the authentication methods are the same

A request to our main REST API will switch based on provider, so different logic will be handled for each provider. In turn we will need to pull down the appropriate authentication for the third party api.

Here are a few design features I have locked down to start off:

  • definitely going to need an external cache to store the various providers access tokens
  • going to implement a few functions like get_token and refresh_token
  • The AuthToken will look something like:
@dataclass
class AuthToken:
   access_token: str
   expiration_date: int
   generation_date: int
   refresh_token: str


   def get_access_token(self):
       pass

   def refresh_token(self):
       pass

I have these ideas floating around, but the class design for this authentication stuff is evading me. so any help there would be awesome. I also included a few ideas below.

Ideas:

  • Creating an implicit interface with Protocols and then having each provider have its own ProviderAuthToken class. So when we switch based on provider we just pass in its respective AuthToken class.
  • Maybe I'll need an Authentication class to store the provider's necessary variables to like generate a JWT or whatever we may need.

Probably missing a whole bunch of stuff, but thanks a ton for any help. I'm new to the field as well so any general tips are welcome!

Other considerations:

  • using lambda
  • using python

Also took inspiration from this question! :)

Aucun commentaire:

Enregistrer un commentaire