1

I am currently looking at building an API server that will support multiple authentication providers (Google, GitHub, Keycloak, etc) and I am trying to work out what’s a good way to go about it. Two approaches I am considering now:

  • all endpoints can accept the auth tokens from the supported providers
  • have a token exchange endpoint that would take an token from an auth provider and provide an API specific one, along with an expiry time, which would then require a new token exchange

What are your thoughts? Is there another approach to this?

Improve this question
New contributor
Andre M is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
2
  • What are you hoping to achieve with option 2?
    – JimmyJames supports Canada
    CommentedApr 22 at 15:08
  • Limiting them to using a token that is specific to the API server and not having to do the extra processing for each third party scenario.
    – Andre M
    CommentedApr 22 at 18:02

2 Answers 2

Reset to default
0

I would do the second option so each API only has to understand one token.

That said, I would probably also go with a 3rd party identity (token) provider that can take care of a lot of this kind of thing for you, along with a lot of other security goodies that might be valuable.

Improve this answer
    -1

    The don't talk to strangers principle recommendations...

    Each unit should have only limited knowledge about other units: only units "closely" related to the current unit.

    Each unit should only talk to its friends; don't talk to strangers.

    Only talk to your immediate friends.

    ...are an argument supporting the second thought...

    have a token exchange endpoint that would take an token from an auth provider and provide an API specific one, along with an expiry time, which would then require a new token exchange

    Improve this answer

      Start asking to get answers

      Find the answer to your question by asking.

      Ask question

      Explore related questions

      See similar questions with these tags.