softwareengineering

API supporting multiple authentication providers?

I am currently looking at building an API server that will support multiple authentication providers (Google, GitHub, Keycloak, etc) and I am trying to work out what’s a good way to go about it. Two approaches I am considering now: all endpoints can accept the auth tokens from the supported providers have a token exchange endpoint that would take an token from an auth provider and provide an API specific one, along with an expiry time, which would then require a new token exchange What are your thoughts? Is there another approach to this?

Apr 21, 2025 - 23:26

0

I am currently looking at building an API server that will support multiple authentication providers (Google, GitHub, Keycloak, etc) and I am trying to work out what’s a good way to go about it. Two approaches I am considering now:

all endpoints can accept the auth tokens from the supported providers
have a token exchange endpoint that would take an token from an auth provider and provide an API specific one, along with an expiry time, which would then require a new token exchange

What are your thoughts? Is there another approach to this?

Tags:

Previous Article

New Nice Prison Manga Debuts in Shonen Jump

Taint Analysis: Exploring Hidden Dangers in Your Team’s Code

Related Posts

What data type should a repository return?

Mar 11, 2025 0

Difficulty understanding benefit of Separation of Concerns

Mar 27, 2025 0

Is XMPP a good option for a messaging system in an app?

Mar 19, 2025 0

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.