Forum Discussion
Passing username to an external rest-service from SPFx WebPart
Quite often, we need to call external services from client side code. If it is a public API and you know your way around CORS, this is easy. But how do you implement a good authentication flow?
Let’s say you want to build a weather WebPart that pulls data from a WebAPI hosted in Azure. Because it is very secret weather data, the WebApi wants to know who is calling the service.
To do this, you need to send an access token to the WebAPI and you need an endpoint so that the WebAPI can verify this access token.
SharePoint add-ins handle all this for you, but I can’t find any documentation on how to do this without leaving the page you are in. And it doesn’t look like there are any access tokens available in the SharePoint context.
Advice much appreciated.
Please note that this is just a matter of authenticating the user and passing the username to the service, not accessing SharePoint data or services in the name of the user.
13 Replies
- Hi,
Is this sample not covering your scenario?
Call custom Web API secured with AAD from SharePoint Framework client-side web part
https://github.com/SharePoint/sp-dev-fx-webparts/tree/master/samples/react-aad-webapi
Basically, you need to secure your custom web api using Azure AD, and then, from client side, you can use ADAL.js to get the Access token and call the API.
Let us know if it helps.Hi,
I am sorry that I missed this one. I will try it out and document the result here.
Cheers,
Rickard
Any pointers to solve this when Azure is not in the picture ?
A user on a SharePoint 2013 on premise page calls an external REST api. How can the REST api authenticate the caller or verify that proof of identify is the resquest (token ?) is genuine ?Bon, I just realized I'm in an spfx thread :( So not the best place to put this question.
