search

s-KaiNet / sp-request

Simplified SharePoint HTTP client
52 stars 9 forks source link

Alternative authentication methods #4

Closed EruantalonJS closed 8 years ago

EruantalonJS commented 8 years ago

Are there any plans to implement any authentication methods as an alternative to digest, such as ADFS?

This would be very useful for on premises sharepoint, since most don't support digest.

s-KaiNet commented 8 years ago

Actually sp-request uses integrated windows authentication (formerly known as NTLM). It uses http ntlm handshake in order to obtain authentication header. Ntlm is default authentication option and that's ok for many developers (but may be not true for production environments).
However some guys (including you) asked me about ADFS support and unfortunately I don't have a solution right now. The problem is that I didn't find any documentation about implementing adfs authentication without user interaction. ADFS supports OAuth, but ADFS doesn't support client credentials or resource owner grant, only authorization code, which requires user interaction.
I'm open to discussion if you have any thoughts regarding this issue.

Besides in order to close this gap, currently I'm working on additional authentication option with help of SharePoint addin app-only policy. In this case, instead of providing credentials, you will need to register an app inside on-premise SharePoint (with app only policy), then provide for sp-request all required info in order to obtain access token (ClientSigningCertificatePath, ClientSigningCertificatePassword, IssuerId, ClientId) like you normally do in high trust apps.
Is that kind of workaround acceptable for you?

EruantalonJS commented 8 years ago

Thanks for the quick response,

Yes, SharePoint addin authentication would be ideal my use case, since we are already need a high trust app with "TokenHelper.cs"

s-KaiNet commented 8 years ago

Finally I found a way how to implement ADFS authentication in nodejs, so planning to add this authentication option as well in the nearest week.
Not so difficult in terms of implementation, but the most difficult part is to find relevant information in the internet. AuthenticationManager from OfficeDevPnP.Core helped me a lot.

koltyakov commented 8 years ago

Great job, Sergey!

s-KaiNet commented 8 years ago

So finally new authentication options.

I did a big refactoring and introduced a new module called node-sp-auth. It implements all authentication strategies and now sp-request, spsave and gulp-spsave all rely on this module in terms of authentication.

node-sp-auth supports 5 different authentication scenarios (including adfs), all you will find under the docs for node-sp-auth.
In case of troubles please raise another issue, I'm closing current.