search

loopbackio / loopback-connector-rest

Connect Loopback to a REST API
http://loopback.io/doc/en/lb2/REST-connector.html
Other
75 stars 82 forks source link

Pass auth header from client to loopback rest-connector #89

Open ghost opened 7 years ago

ghost commented 7 years ago

Feature request

Description of feature (or steps to reproduce if bug)

Data can be passed to the rest-connector but it seems headers cannot. It would be useful to pass the Authorization header to the rest-connector for multi tenanted systems. Here is a link to what I am trying to do which promoted this request.

http://stackoverflow.com/questions/41573433/pass-basic-auth-from-angular-client-to-loopback-rest-connector

http://stackoverflow.com/questions/29899682/loopback-io-rest-connector-how-to-pass-through-oauth-token?

@bajtos

raymondfeng commented 7 years ago

Have you tried to use connector observer - https://github.com/strongloop/loopback-connector-rest/blob/master/test/rest-loopback.test.js#L180? It allows you to intercept the http req/res for the outbound REST call.

ghost commented 7 years ago

Hi Raymond, Yes I have (I think). I have a connector,js boot script that has the following,

JBConnector.observe('before execute', function(ctx, next) }

The ctx object does not have the Authorisation header in it although I am sending it in the http.post request.

raymondfeng commented 7 years ago

Please note the ctx object is for the outbound http req/res to your REST API.

For your case, maybe the best option is as follows:

  1. Add custom remote method which has the authorization arg from the incoming http
  2. Configure your REST DS with authorization header as a variable in the template
  3. In your custom remote method impl, pass in the authorization arg to the REST model call

We'll probably come up a better solution in LoopBack.next

ghost commented 7 years ago

Hi Raymond, Thanks for the info re the ctx object. Please see this is for my attempt http://stackoverflow.com/questions/41573433/pass-basic-auth-from-angular-client-to-loopback-rest-connector which is wrong. I understand your steps as this is similar logic to what I was trying to do. The question really is how does this work. Best,

ghost commented 7 years ago

Hello both, Did you guys get anywhere with an example of best practice for this issue?

Best,

bajtos commented 7 years ago

I think we may be able to leverage http://loopback.io/doc/en/lb3/Using-current-context.html to implement this feature:

@raymondfeng thoughts?

ghost commented 7 years ago

Thanks for the input @bajtos. @raymondfeng are you able to weigh in with your thoughts on this?

Best,

raymondfeng commented 7 years ago

@bajtos +1. Let's create a user story to implement such enhancements (probably for all http related connectors).

ghost commented 7 years ago

Hi @bajtos @raymondfeng. There context for why I am trying to do this is to allow the api to enable multi tenancy. As well as providing "local" models the api talks to another independent system. This system uses basic auth. The api may have to communicate with various instances of this independent system and hence requires the auth header to be dynamically created through the rest connector. Does that make sense? I can work with a work around if you guys can provide a code example of this? Best,

kalpana-ideas2it commented 6 years ago

Hi @raymondfeng, Is there any possibility to give include, filter options in the rest-connector template? Thanks in advance:)

kreegr commented 6 years ago

@NudgeTech - For background, I have to request an access token and pass it in my auth header. Not wanting to re-write the default crud methods, I didn't want to use a template.

I was able to do this using the before execute hook @raymondfeng mentioned:

myDataSource.connector.observe('before execute', (ctx, next)=>{
   apiTokenPromise().then(ACCESS_TOKEN => {
     ctx.req.headers = {
        "authorization": `Bearer ${ACCESS_TOKEN}`
      };
      next();
  });
});
kalpana-ideas2it commented 6 years ago

Thank you @kreegr

geocine commented 5 years ago

How to do this on loopback 4?

dejibimbolaAyo commented 5 years ago

Hi, is there a "non-hacky" way to do this in LB4?

Would really appreciate...

arunkumarreddygoluguri commented 5 years ago

@kreegr Hi Any ideas on implementing this for loopback 4

kreegr commented 5 years ago

I’m sorry - I don’t (I haven’t tried because I haven’t used it yet)

jannyHou commented 5 years ago

I suggest we move the discussion to https://github.com/strongloop/loopback-next/issues/2381.