Forum Discussion

Brass Contributor

Feb 12, 2020

Obtaing access token in a Web Part

Hi , We have a website with a game that uses Azure AD to authenticate the users. One of our clients has decided to put the website inside their Sharepoint and now they want avoid the "relogin"...

Token

web part

Beau Cameron

MVP

Feb 12, 2020

vcima How is authentication handled in your application?

I would avoid passing an authentication token in the way you are describing. If you've implemented authentication correctly in the other application (for example, OWIN for authentication), you would have no problem authenticating without re-logging in to the iframe.

vcima

Brass Contributor

Mar 17, 2020

Hi Beau Cameron

And, If I have something like this, How is the best way to obtain the user token?

public render(): void {
...
let request = this.getRequest(param1);
...
}

protected getRequest(param1: string): Promise<any> {

let loginURL = this.properties.url+"/admin/api/v2/list";

let body = '{"param":"'+param1+'"}';

let requestHeaders: Headers = new Headers(); requestHeaders.append("Accept-Tos", "true"); requestHeaders.append("Content-Type", "application/json"); requestHeaders.append("respondWithObject", "true");
**requestHeaders.append('Authorization', 'Bearer <TOKEN>'); ????**

let httpClientOptions: IHttpClientOptions = { body: body, headers: requestHeaders
};

return this.context.httpClient.post( loginURL,
HttpClient.configurations.v1, httpClientOptions)
.then((response: HttpClientResponse): any => {
return response.json();
});
}

Beau Cameron
MVP
Mar 17, 2020
vcima The Url this.properties + /admin/api/v2/list" is to your custom API?

You need to register this API in Azure AD as a Registered Application. From there, you would use the AADHttpClient instead of the HttpClient you are using, to send requests to that API. This is outlined in the SPFx documentation.

https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient