Just for some context, I am a CS student in my second-year who is working on a C++ desktop application (using the Qt framework) made by an engineering professor.

The application is an educational tool for instructors, but also involves student input. In essence, the desktop application can interact with multiple different learning management systems (LMS–think canvas, blackboard, google forms… etc.) to create surveys that the students can complete. So, for example, teacher creates a survey, and wants to gather input from a google forms; the application has to then communicate with the Google Forms API and create a survey in Google Forms. Then the instructor can share that survey with the students so that they can complete it. The idea is that the application can also do this with canvas quizzes, etc.

I have been tasked with exporting the API communication to a separate server, kind of like a restful API (I apologize if I am using that terminology incorrectly). So, the desktop client should talk to the “restful API”, and the “restful API” should talk with the necessary API based on the client’s request (Google Forms API or canvas API or Blackboard Api…) and then the “restful API” sends a response back to the desktop client on behalf of whichever API was originally requested. This is how I imagine it should work anyways. I am using Flask and Python. In other words, the API I create should be responsible for managing the communications between any desktop client and an LMS API such as Google Forms, Canvas etc.

One big issue I’ve encountered is as follows: how can I deal with OAuth2.0 from APIs like Google for talking with the Google Forms API? If, for example, a desktop client sends a JSON message to this “middleware” API I’ve created, asking to talk to the Google Forms API and create a Google Form, how can I have the API talk to the Google Forms API, and then redirect the authentication link back to the client (because the client has to provide their login details)?.

In other words, how can I deal with authentication from the user when using this kind of setup ( (desktop client) —–> (My API) —–> (Some requested LMS API) —–> My Api —–> (desktop client) )? I want the RESTful API I create to deal with the “LMS stuff”, but I need authentication from the desktop client.

Feel free to criticize anything about my task for the project. That includes an approach that you think would be easier/cleaner to implement to accomplish this goal of simplifying the communication of the desktop application with other APIs. If I had the time (I’m working on this part-time during the school semester) I would personally redo the whole thing and implement the software into a web app, but that would require a ton more time and grant money (there is a finite amount).