I am creating a simple app for training purposes.
This prints Google Directions information in the terminal in a complicated way
The idea is to query Google Directions API using an intermediary serverless Lambda function so that I don’t ask users to add their own Google API Token.
Flow:
- CLI App calls Lambda
- Lambda calls Google API
- Response gets to Lambda
- Response gets passed to CLI App
- Information is displayed on the terminal
I want to create some limiting mechanisms for my Google calls so here’s where authentication is needed.
What I did so far, is to follow the Device Authorization Flow within my CLI-App and I got an access_token.
Now what should I do? I am sending this token to Lambda in the authorization header, sure, but what do I do within the Serverless function?
- what endpoint should I use to validate this token through Auth0?
- how should I know who is calling? add a payload from the cli-app or can Auth0 provide that?
- Should I cache this token on the serverless side or just validate it with every call?
- What are some other good practices I should create?
Thank you for reading all of this and thanks for helping.