SPFx web-part authentication with REST API not secured with AAD

%3CLINGO-SUB%20id%3D%22lingo-sub-1717478%22%20slang%3D%22en-US%22%3ESPFx%20web-part%20authentication%20with%20REST%20API%20not%20secured%20with%20AAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1717478%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20know%20that%20SPFx%26nbsp%3B%20web-part%20is%20client-side%20solution.%3C%2FP%3E%3CP%3EThe%20practical%20implication%20of%20this%20term%20is%2C%26nbsp%3B%20whichever%20APIs%20this%20web-part%20is%20dependent%20on%2C%26nbsp%3B%20that%20API%20must%20be%20registered%20and%20secured%20with%20Azure-AD.%3C%2FP%3E%3CP%3EIt%20could%20be%20MS-graph%20or%20any%20other%20API%26nbsp%3B%20and%26nbsp%3B%20SPFx%26nbsp%3B%20has%26nbsp%3B%20APIs%20like%26nbsp%3BAadHttpClient%20and%20MSGraphClient%26nbsp%3B%20to%20invoke%20it%20on%20behalf%20of%20the%20same%20user%20who%20has%20signed%20into%20SharePoint.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EHowever%2C%20if%20my%20web-part%20wants%20to%20access%20some%20API%20which%20is%20a%20std.%20OAuth%20API%20but%20this%20API%20is%20NOT%20registered%20with%20AAD.%26nbsp%3B%20Instead%20it%20is%20registered%20with%20some%20other%26nbsp%3B%20identity%20solution%20eg.%2C%20Okta%2C%26nbsp%3B%20%26nbsp%3Bcan%20such%20API%20be%20invokable%20by%20my%20web-part%26nbsp%3B%20%3F%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20it%20was%26nbsp%3B%20MS-teams%20custom%20app%2C%26nbsp%3B%20teams%26nbsp%3B%20provide%26nbsp%3B%20java-script%20API%20to%20open%20up%20a%20modal-popup%20and%20let%20the%20custom%20app%20finish%20the%20full%20OAuth%20authentication%20flow%20with%20Okta.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1718182%22%20slang%3D%22en-US%22%3ERe%3A%20SPFx%20web-part%20authentication%20with%20REST%20API%20not%20secured%20with%20AAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1718182%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F682533%22%20target%3D%22_blank%22%3E%40testuser7%3C%2FA%3E%26nbsp%3BHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20want%20to%20say%20that%20I%20am%2099%25%20sure%20that%20this%20is%20possible.%20Was%20a%20while%20ago%20that%20I%20needed%20a%20third-party%20API%2C%20unless%20I%20created%20my%20own%20with%20Azure.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20I%20do%20remember%20back%20in%20the%20days%2C%20when%20I%20used%20to%20use%20Spotify%20APIs%2C%20Facebook%20and%20Google%20maps.%20I%20would%20like%20someone%20else%20to%20confirm%20this%2C%20just%20to%20make%20sure!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

 

We know that SPFx  web-part is client-side solution.

The practical implication of this term is,  whichever APIs this web-part is dependent on,  that API must be registered and secured with Azure-AD.

It could be MS-graph or any other API  and  SPFx  has  APIs like AadHttpClient and MSGraphClient  to invoke it on behalf of the same user who has signed into SharePoint.

 

However, if my web-part wants to access some API which is a std. OAuth API but this API is NOT registered with AAD.  Instead it is registered with some other  identity solution eg., Okta,   can such API be invokable by my web-part  ??

 

If it was  MS-teams custom app,  teams  provide  java-script API to open up a modal-popup and let the custom app finish the full OAuth authentication flow with Okta.

 

Thanks.

 

 

 

 

 

 

1 Reply
Highlighted

@testuser7 Hello,

I want to say that I am 99% sure that this is possible. Was a while ago that I needed a third-party API, unless I created my own with Azure. 

But I do remember back in the days, when I used to use Spotify APIs, Facebook and Google maps. I would like someone else to confirm this, just to make sure! :)