Pass class instance to different functions - Authentication

Hello team!

I am building an application using the Twitter API.
This API requires four steps:

  1. When the user goes to my /auth function, a link to the Twitter authentication is created
  2. Once the user clicks that link, he is redirected to Twitter where a pop-up asks to allow my app to connect.
  3. Once the user approves, he is redirected to my /auth function again but this time the authCode is set to a number rather than being undefined. This authCode is used to instantiate the twitter client class and authorize it.
  4. A new instance of the Twitter client is created and authorized. This instance allows to query the tweets

1, 2 and 3 works. However, the authorized instance only lives inside the /auth function. How can I pass it to different functions without losing its instantiation?

How can I pass this instance to different server-less functions?

I tried with a Middleware with little success. It seems the twitter client class gets re-instantiated (so without authorization) for every server-less function

import Client from 'twitter-api-sdk';

let client: Client;

const auth = async (event, context, callback) => {

  const authCode = event.queryStringParameters ? event.queryStringParameters.code : undefined;

  const authUrl = OAuthClient.generateAuthURL({
    state: 'STATE',
    code_challenge: 'challenge',

  console.log('HERE LINK:');

  if (authCode) {
    await OAuthClient.requestAccessToken(authCode as string);
    client = new Client(OAuthClient);
  return {
    statusCode: 200,
    body: JSON.stringify({ message: 'Auth, go to the url in displayed terminal'}),
    myClient: client

exports.handler = middy().use(myMiddleware()).handler(auth);

Short answer is, you can’t.

Long answer:

Lambda Functions are “stateless”, meaning their state is not preserved once the function has done its task. You should instead return the required data to the client-side and make requests from there.

You can see an example that I’ve made which uses Netlify OAuth:

The concept remains the same:

Start auth request → Redirect to provider → Receive auth code → Get the token from code → Send that token to client* → Make requests from the client

* I chose to store the token’s encrypted value as a cookie. You can choose some other way depending on your app’s needs. That cookie is automatically sent with each request to my API endpoint, and I validate and consume it inside each invocation.

I do not think that would work since I have to initialize the instance of the class with the token.
This instance cannot be in the serverless functions because each function will create its own instance (and thus every instance will be different so that the auth won’t work even if they use the same authCode).
The front cannot create the instance since the auth sdk works only in the backed.