Pnpjs: Support for user token authentication

Hi @xdelgado,

If you already have auth token it can be passed within Authorization header which can be attached using sp.setup (headers section or using custom fetchClientFactory implementation) or sp.configure.

If you expect to provide user creds to already implemented fetchClient, my humble suggestion is this library or this one.

If you are looking to use a bearer token we have a specific client for that. You pass it the token and it will handle adding it to each request. Is that what you are looking for?

Thnaks @koltyakov and @patrick-rodgers patrick,

I forgot to mention that I was planning to use it in nodejs.

Based on your comments, I successfully used a client generated access token using the sp setup and creating a custom fetch client that skips authentication/authorization steps in nodejs.

The sp.setup used in nodejs is as follows:

    sp.setup({
        sp: {
            baseUrl: `${configuration.resources.sharepoint}`,
            headers: {
                "Accept": "application/json;odata=verbose",
                "Authorization": `Bearer ${token}`
            },
            fetchClientFactory: () => new FetchClient(`${configuration.resources.sharepoint}`,token)
        }
    });       

I based the FetchClient in the nodejs SPFetchClient removing all the authorization/authentications steps. Using this approach I was able to use SP services like search applying the required RBAC for the logged in user.

In nodejs I created a custom version of acquireToken that uses the on-behalf-of approach which allows me to create a token using the original user access token. (this is more related with adal.js ;) )

I hope it could help to other people facing similar needs.

Thanks! If you could post a demo git repository or a blog article about your use case of PnPjs in Node.js that would be super helpful for the folks.

As well if you have interest in demoing this on an upcoming community call please let us know, would be interesting to see what you did.

Edit: also we have an adal node client, would be interested in if your work can enhance what we already have.

Thanks for your support,

I will prepare a demo scenario and share soon.

I created the following github repo with a sample on what I tried:

https://github.com/xdelgado/sp_node_on_behalf_of

I hope it could help you.

adal node client is great for app token acquisition but does not cover the on behalf of scenario, and it won't be easy as long as you need a way to move the bearer through sp to allow to acquire token. In my sample I am invoking sp.setup to initialize the fetchclient with the bearer acquired each time. For sure the idea could be improved and enhanced for a better pnpjs support.

Going to close this as it appears resolved. Thanks for the sample, it is a great demonstration of how to handle auth. Please _reopen_ if we need to revisit some aspect. Thanks!

hey @patrick-rodgers @koltyakov , how about adding this ability to get an access token to call SP/graph in user context by exchanging an Azure AD authentication token ? Guess the adalclient still works with only client creds as mentioned above.
Similar scenario here : https://github.com/SharePoint/PnP-JS-Core/issues/717

Or do we want to keep this outside of PnP-JS for some reason ?
I can work on a PR if this is Ok to be added ?

@vipulkelkar - can you open a new issue with details about what you would like to see? You can link this thread but please describe the scenario you want to support. Thanks!

sure @patrick-rodgers . Thanks