Forum Discussion

Rickard Nilsson's avatar
Rickard Nilsson
Copper Contributor
Feb 06, 2017

Passing username to an external rest-service from SPFx WebPart

Quite often, we need to call external services from client side code. If it is a public API and you know your way around CORS, this is easy. But how do you implement a good authentication flow?   L...
developer
Danny Foncke's avatar
Danny Foncke
Copper Contributor
Jul 28, 2017

"It's not easy stuff" ... eactly 

 

Looked into what you wrote, and think I understand it (more or less)

 

I think my problem remains that the user is already logged in into SharePoint (on-premise) and don't want him to have an account somewhere else (google, facebook) and/or ask him (the user) to re-submit his username/password (so that my API could verify it) .....

 

Still some research to do .....

 

 

 

Luis Mañez's avatar
Luis Mañez
MVP
Aug 01, 2017
if your NodeJS API is also in your On Premises infrastructure, maybe you could do some SSO between SP and your API (this is possible with WCF services hosted on IIS using Windows Authentication, but no idea when the API is in Nodejs). Perhaps start searching by Nodejs Windows Auth + SSO + SharePoint
Please, keep us posted if you find a solution, as is a very interesting scenario.
Good luck!
  • valentinb's avatar
    valentinb
    Copper Contributor
    Apr 16, 2019

    May be someone could help me there : https://social.msdn.microsoft.com/Forums/en-US/a5bb4435-ff29-447a-b5dc-86d3d75c7ca4/best-way-to-connect-external-api-with-a-webpart-for-sharepoint-online?forum=architecturegeneral#a5bb4435-ff29-447a-b5dc-86d3d75c7ca4

  • Butch Marshall's avatar
    Butch Marshall
    Copper Contributor
    Mar 31, 2019

    Danny Foncke Yep!

     

    I use a https://docs.microsoft.com/en-us/graph/auth-overview.

     

    I https://jwt.io/ is genuine using the https://login.microsoftonline.com/common/discovery/keys and thus can trust that is the logged in user.

  • Danny Foncke's avatar
    Danny Foncke
    Copper Contributor
    Mar 31, 2019

    Butch Marshall

     

    Hi butch, have you ever found an answer to the question (user already logged in to SharePoint.....) ? 

     

     

  • Butch Marshall's avatar
    Butch Marshall
    Copper Contributor
    Apr 10, 2018

    Any update on this?  I am also looking to implement using Sharepoint authentication against an external API without having any input from the user.

     

    The closes I've found is using HttpClient to pass credentials as described https://dev.office.com/blogs/calling-external-apis-securely-from-sharepoint-framework.  I've hit a blocker unfortunately.  The Authorisation header is there - but its empty!