This post originally appeared on GoodCode and is reposted here with permission.
How do you manage user accounts and permissions in a complex web-based system? What if you have dozens of separate components, apps or sites, but need to have unified credentials for users across all of those components?
Stormpath is a company offering solution to this problem, in a form of a cloud-based API for user management. If you’re familliar with Active Directory or LDAP, this is something similar. Stormpath offers JSON-based REST API for managing all aspects of user identification and authorization: users, groups, user directories, application mappings, and so on.
While the REST API that they provide is really clean and very well documented, they also recognize that most of developers would just prefer to use a library or module in their preferred language or framework, and not worry about the actual on-the-wire API at all.
This is why some time ago we were approached by the folks at Stormpath, and they asked us to improve the existing Python SDK they had. We loved the idea and together with them started to devise a better Python API for the Stormpath service.
In devising the API and writing the implementation, we had several priorities:
- the API wrapper should feel Pythonic and natural for developers used to Python idioms,
- we didn’t want to hardcode too much, instead opting to be able to quickly adapt and modify the Python module when the REST API changes in the future,
- we avoided doing too much cool magic that would make it harder to maintain,
- wanted to build a full automated testing suite with both unit and integration tests.
We worked closely with people at Stormpath in achieveing these goals and I can honestly say the end result is one of the finest Python code craftmanship I’ve seen. Don’t trust me on this – Python SDK is open source and hosted on GitHub (and available as beta on PyPI). Of course, a good SDK is not just the code. It is fully documented, both on the API level (docstrings) and in the manuals (quickstart and the product guide), and has extensive test suite (with the coverage north of 90%): unit tests, integration tests with mocked remote service, and live end-to-end tests hitting the actual Stormpath REST API.
While we like to brag, this wouldn’t be possible without folks over at Stormpath weren’t as brilliant in designing their API in the first place, and supportive and receptive to our ideas as they were. Their product not only looks good on paper, but getting to know the people behind it in person, and seeing it in action, I know I’d trust my apps’ user credentials with them. So if you are in a position where separating out user management from your app is a good idea, check out Stormpath.
And if you happen to use Python, we’ve got you covered.