Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@microsoft/kiota-authentication-spfx
Advanced tools
Authentication provider for using Kiota in SPFx solutions
The Kiota Authentication SharePoint Framework Library is an implementation to authenticate HTTP requests in SharePoint Framework solutions. This Authentication library, re uses some infrastructure from the SPFx context to obtain a valid token for the required API.
It also works for consuming Microsoft Graph, as it is just another Azure Active Directory protected API.
A Kiota generated project will need a reference to an authentication provider to make calls to an API endpoint.
Read more about Kiota here.
npm i @microsoft/kiota-authentication-spfx -S
.Then, you use the aadTokenProviderFactory provided by the SPFx context, to get an AadTokenProvider and use it to build the Kiota SPFx AuthProvider.
this.props.aadTokenProviderFactory.getTokenProvider()
.then((tokenProvider: AadTokenProvider): void => {
const authProvider =
new AzureAdSpfxAuthenticationProvider(
tokenProvider,
"{AZURE_AD_APPLICATION_ID_URI}",
new Set<string>([
"mycustomapi.azurewebsites.net",
]));
const adapter = new FetchRequestAdapter(authProvider);
const myCustomApiClient = new MyCustomApiKiotaClient(adapter);
myCustomApiClient.teams.get().then(teams => {
// deal with returned data
})
.catch(e => {console.log(e)});
})
.catch(e => {console.log(e)});
If you have generated a Kiota client for Microsoft Graph, you can also use this Auth provider in a similar way:
this.props.aadTokenProviderFactory.getTokenProvider()
.then((tokenProvider: AadTokenProvider): void => {
const authProvider =
new AzureAdSpfxAuthenticationProvider(
tokenProvider);
const adapter = new FetchRequestAdapter(authProvider);
const meClient = new GraphMeServiceClient(adapter);
meClient.me.get().then(teams => {
// deal with returned data
})
.catch(e => {console.log(e)});
})
.catch(e => {console.log(e)});
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
FAQs
Authentication provider for using Kiota in SPFx solutions
We found that @microsoft/kiota-authentication-spfx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.