Forum Discussion
Passing username to an external rest-service from SPFx WebPart
Hi Luis, thanks for responding to this
The external REST API is under my control, I can configure it's authentication any way I want.
It is Node.js implemented and runs on windows server 2016
The call from the SP2013 page is via JavaScript.
I would like to keep it that way if at all possible.
But if a farm solution, in a supporting role, is necessary to make this work, it is possible too.
In my simple world the client side js would be able to obtain a 'token', send it to the REST API and the API would be capable of verifying the token is genuine.
But I might see things too simple :)
Thanks again for your feedback on this
- Luis MaƱezJul 27, 2017MVPI guess the most standard way here is to enable oAuth 2 with OpenID Connect support in your API. No idea about how to do that with NodeJS, but I guess is possible (quick search in google give me this library: https://github.com/agmoyano/OpenIDConnect). If your API was asp.net, then you could use IdentityServer, to configure the oAuth server for the API.
Once oAuth 2 / OpenID Connect is configured, you have to get a Bearer Token to call your API. From JavaScript is a bit complex, first because the server has to allow the Implicit flow, and second cos the libraries to deal with oAuth2 are not easy. You can take a look to Hello.JS or ADAL.JS (that's the one from MS, so I'm not sure if only works fine with Azure AD). There's another JS library from the same guys that created IdentityServer (https://github.com/IdentityModel/oidc-client-js)
If you use server side code in the "client" (SP page), then it could be a bit easier, as you can use other oAuth flows to get the Token.
It's not easy stuff, and I'm far from being an expert :)
Hope it helps.- Danny FonckeJul 28, 2017Copper Contributor
"It's not easy stuff" ... eactly
Looked into what you wrote, and think I understand it (more or less)
I think my problem remains that the user is already logged in into SharePoint (on-premise) and don't want him to have an account somewhere else (google, facebook) and/or ask him (the user) to re-submit his username/password (so that my API could verify it) .....
Still some research to do .....
- Luis MaƱezAug 01, 2017MVPif your NodeJS API is also in your On Premises infrastructure, maybe you could do some SSO between SP and your API (this is possible with WCF services hosted on IIS using Windows Authentication, but no idea when the API is in Nodejs). Perhaps start searching by Nodejs Windows Auth + SSO + SharePoint
Please, keep us posted if you find a solution, as is a very interesting scenario.
Good luck!