Dynamic user per request

Scenario

This system authenticates based on the identity of the person making the request rather than a shared system account. User credentials must be passed into the adapter method on each call and used to override the credentials in the service instance configuration for that call only.

The adapter library handles this via callProperties in the reqObj — no changes to the library are needed. However, code changes in adapter.js and pronghorn.json are required.

Even when credentials are passed dynamically, you should still provide values in the service instance configuration. The adapter may not start up if these fields are empty.

Configuration

adapter.js

Accept a credentials object in the method signature (containing dynuser and dynpass). Set the values in callProperties.authentication on the reqObj. The adapter library will use these credentials instead of the ones defined in the service instance configuration for this call only.

Using a single object parameter rather than two separate parameters makes it easier to add fields in the future.

1 getMyData(query, credentials, callback) {
2 
3   // ...
4 
5   const reqObj = {
6     payload: { garbage: 'need since post' },
7     uriPathVars: [groupId, deviceId],
8     uriQuery: { name: 'anyname' },
9     uriOptions: { page: 2 },
10     addlHeaders: { audit: 'turnOn' },
11     authData: {},
12     callProperties: {
13       authentication: {
14         username: credentials.dynuser,
15         password: credentials.dynpass
16       }
17     },
18     filter: '[*name=doggie]'
19   };

pronghorn.json

Add the credentials input parameter to each affected method in pronghorn.json so it can be passed in from anItential Platform workflow.

1 {
2   "name": "getMyData",
3   "summary": "get my data from blah",
4   "description": "get my data from blah",
5   "input": [
6     {
7       "name": "query",
8       "type": "object",
9       "info": "object containing query fields",
10       "required": false,
11       "schema": {
12         "title": "query",
13         "type": "object"
14       }
15     },
16     {
17       "name": "credentials",
18       "type": "object",
19       "info": "Should contain 2 fields - dynuser and dynpass",
20       "required": true,
21       "schema": {
22         "title": "credentials",
23         "type": "object"
24       }
25     }
26   ],
27   "output": {
28     "name": "result",
29     "type": "object",
30     "description": "A JSON Object containing status, code and the result"
31   },
32   "route": {
33     "verb": "POST",
34     "path": "/getMyData"
35   },
36   "roles": ["admin"],
37   "task": true
38 }