Book Image

Python Microservices Development

Book Image

Python Microservices Development

Overview of this book

We often deploy our web applications into the cloud, and our code needs to interact with many third-party services. An efficient way to build applications to do this is through microservices architecture. But, in practice, it's hard to get this right due to the complexity of all the pieces interacting with each other. This book will teach you how to overcome these issues and craft applications that are built as small standard units, using all the proven best practices and avoiding the usual traps. It's a practical book: you’ll build everything using Python 3 and its amazing tooling ecosystem. You will understand the principles of TDD and apply them. You will use Flask, Tox, and other tools to build your services using best practices. You will learn how to secure connections between services, and how to script Nginx using Lua to build web application firewall features such as rate limiting. You will also familiarize yourself with Docker’s role in microservices, and use Docker containers, CoreOS, and Amazon Web Services to deploy your services. This book will take you on a journey, ending with the creation of a complete Python application based on microservices. By the end of the book, you will be well versed with the fundamentals of building, designing, testing, and deploying your Python microservices.
Table of Contents (20 chapters)
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
Introduction

The OAuth2 protocol


OAuth2 is a widely adopted standard that secures web applications and their interactions with users and other web applications, and yet it's hard to understand because it's based on many RFCs that are quite complicated to grasp fully.

The core idea of OAuth2 is that a centralized service is in charge of authenticating a caller, and can grant some access in the form of codes or tokens; let's call them keys. Those keys can be used by users or services to access a resource, as long as the service providing that resource accepts that key.

That's what we've used in Chapter 4, Designing Runnerly, to build the Strava microservice. The service interacts with the Strava API on behalf of the users after it was granted access via Strava's authentication service. This grant is called an Authorization Code Grant and is the most commonly used grant. It's known as three-legged OAuth because it involves the user, the authentication service, and a third-party application. Strava generates...