Forum Discussion

Rickard Nilsson's avatar
Rickard Nilsson
Copper Contributor
Feb 06, 2017

Passing username to an external rest-service from SPFx WebPart

Quite often, we need to call external services from client side code. If it is a public API and you know your way around CORS, this is easy. But how do you implement a good authentication flow?   L...
developer
Danny Foncke's avatar
Danny Foncke
Copper Contributor

Any pointers to solve this when Azure is not in the picture ?

A user on a SharePoint 2013 on premise page calls an external  REST api. How can the REST api authenticate the caller or verify that proof of identify is the resquest (token ?) is genuine ?

 

Bon, I just realized I'm in an spfx thread :( So not the best place to put this question. 

Luis MaƱez's avatar
Luis MaƱez
MVP
Jul 27, 2017
It depends on How the external rest API authentication is configured, and also depends if the call inside an SP 2013 page is using server side code (custom webpart/page using Farm solutions), or just JavaScript.
  • Danny Foncke's avatar
    Danny Foncke
    Copper Contributor
    Jul 27, 2017

    Hi Luis, thanks for responding to this

     

    The external REST API is under my control, I can configure it's authentication any way I want.
    It is Node.js implemented and runs on windows server 2016


    The call from the SP2013 page is via JavaScript.
    I would like to keep it that way if at all possible. 
    But if a farm solution, in a supporting role, is necessary to make this work, it is possible too.

    In my simple world the client side js would be able to obtain a 'token', send it to the REST API and the API would be capable of verifying the token is genuine.
    But I might see things too simple :) 

     

    Thanks again for your feedback on this

    • Luis MaƱez's avatar
      Luis MaƱez
      MVP
      Jul 27, 2017
      I guess the most standard way here is to enable oAuth 2 with OpenID Connect support in your API. No idea about how to do that with NodeJS, but I guess is possible (quick search in google give me this library: https://github.com/agmoyano/OpenIDConnect). If your API was asp.net, then you could use IdentityServer, to configure the oAuth server for the API.

      Once oAuth 2 / OpenID Connect is configured, you have to get a Bearer Token to call your API. From JavaScript is a bit complex, first because the server has to allow the Implicit flow, and second cos the libraries to deal with oAuth2 are not easy. You can take a look to Hello.JS or ADAL.JS (that's the one from MS, so I'm not sure if only works fine with Azure AD). There's another JS library from the same guys that created IdentityServer (https://github.com/IdentityModel/oidc-client-js)

      If you use server side code in the "client" (SP page), then it could be a bit easier, as you can use other oAuth flows to get the Token.

      It's not easy stuff, and I'm far from being an expert :)

      Hope it helps.
      • Danny Foncke's avatar
        Danny Foncke
        Copper Contributor
        Jul 28, 2017

        "It's not easy stuff" ... eactly 

         

        Looked into what you wrote, and think I understand it (more or less)

         

        I think my problem remains that the user is already logged in into SharePoint (on-premise) and don't want him to have an account somewhere else (google, facebook) and/or ask him (the user) to re-submit his username/password (so that my API could verify it) .....

         

        Still some research to do .....

         

         

         

Resources