Question: On-demand With PIV Certificate
senseiweb opened this issue · 2 comments
First, many thanks for this awesome project...it has been extremely useful in remote development scenarios.
Currently trying to remote develop for a DoD SharePoint tenant that is located on SPO (microsoft.us). With your library, I have been able to get the add-in flow to work; however, since I am in need of User Profile properties, I have found myself switching over to the on-demand auth flow.
All seems to go per spec with logging into the site. I get the popup window asking for credentials (PIV pin), and it seems to be successful, as I am also prompted with the reduced sign-on option.
Nevertheless, when I switch back over to the sp-rest-proxy local site I receive a 403 for all requests, despite the fact that I am able to login directly to the site in a separate tab and access the resources.
Any ideas on where I can begin to look for trouble?
Hi @senseiweb,
Thanks for using the library!
I never had a chance of testing auth with such tenants (.sharepoint.us). For SAML/Add-in auth flows different endpoints are involved when it comes to dedicated clouds. It's a good thing that Add-in auth works. On-Demand auth theoretically shouldn't depend on auth endpoints and automatically work for all cookie-based environments. The mechanics behind is taking session cookies from the opening Electron app after authentications are complete.
It can be an Electron version dependent issue. Can you please try to check what the existing Electron version is installed (by running electron -v) and updating to Electron v10.
Another thing to try is separating auth-specific things, I'd suggest https://github.com/koltyakov/node-sp-auth-troubleshoot helper project. If it doesn't respond with cookies something wrong with auth, otherwise it can be conditional access/security configurations, based in console output something specific gotchas can emerge.
Going to close this. Please reopen if you still have questions.