Need help with confirming a small project's architecture

I am creating a simple app for training purposes.
This prints Google Directions information in the terminal in a complicated way :slight_smile:

The idea is to query Google Directions API using an intermediary serverless Lambda function so that I don’t ask users to add their own Google API Token.

Flow:

  1. CLI App calls Lambda
  2. Lambda calls Google API
  3. Response gets to Lambda
  4. Response gets passed to CLI App
  5. Information is displayed on the terminal

I want to create some limiting mechanisms for my Google calls so here’s where authentication is needed.
What I did so far, is to follow the Device Authorization Flow within my CLI-App and I got an access_token.
Now what should I do? I am sending this token to Lambda in the authorization header, sure, but what do I do within the Serverless function?

  • what endpoint should I use to validate this token through Auth0?
  • how should I know who is calling? add a payload from the cli-app or can Auth0 provide that?
  • Should I cache this token on the serverless side or just validate it with every call?
  • What are some other good practices I should create?

Thank you for reading all of this and thanks for helping.

Hi @iosifv,

Welcome to the Auth0 Community!

From what I understand, you want to request Access Tokens specifically for you Lamba API, and be able to verify and inspect those tokens.

You will need to register your Lambda as and API in your Auth0 tenant. Once you do that, you can request access tokens specifically for your Lambda function by adding the API identifier of your Lambda as the audience.

Those tokens should be returned as JWTs, which can be verified and inspected in your Lambda. AWS provides some features to help here, so you don’t have to do it manually in your Lambda. Check out this blog: APIs

Let me know if you have any questions.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.