This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

AWS Lambda - manage OAuth token

Posted on 02-20-2017 08:21 AM
nmunro
New Member
Reply posted on --/--/---- --:-- AM

Hello,

I am exploring the use of AWS Lambda functions as a client to Apigee API proxies and I am looking for a good architecture for requesting and re-using OAuth tokens generated from Apigee.

The Lambda function that initiates the process is itself initiated from a request to Apigee (currently the Apigee API will used a node.js target that triggers Lambda via SNS)

The proposals suggested by the team so far include:

  1. Lambda functions calling apigee also request a token from Apigee (on each execution)
  2. (Associated) Lambda functions share a token that is temporarily stored in DynamoDb, where each function contains the logic to manage the token and request a new token if it is found to be expired
  3. The token request and management is moved to a separate Lambda function to be invoked by the other functions as necessary (with something like DynamoDb as a temporary token store)
  4. The token is passed with the original SNS trigger (or a direct Lambda call from Apigee node.js) and can therefore be shared among subscribing functions - Lambda has no token requests or management

At the moment we're settling on 1. mostly so that we can get started and experiment but my concern is that as we add more functions, and possibly see multiple instances of a function at a time, we'll end up with too many (unnecessary) token requests.

What is a good pattern for managing tokens across Lambda functions?

Thanks

1 2 3,488
Topic Labels
2 REPLIES 2