Hi everyone. I’ve found a workable solution to require basic authentication, if you are happy to allow anyone in your organization to gain access (or anyone allowed by your tenant).
Inside your function, get the Authorization header off the request and reuse that in a requestJira or requestConfluence call, without asUser(). For example (with Jira):
const responseStructure = {
body: 'string',
headers: {
'Content-Type': ['application/json'],
'X-Request-Id': ['example'],
},
statusCode: 200,
statusText: 'OK',
}
const error = (code, message) => {
console.log(`Error: ${code} ${message}`);
return {...responseStructure, statusCode: code, statusText: `${code} ${message}`, body: message};
};
const success = body => {
return {...responseStructure, body: body};
};
const authenticate = () => {
const code = 401;
const text = 'Unauthorized';
return {...responseStructure, body: `${code} ${text}: Bad username/password combination`, statusCode: code,
statusText: text, headers: {
'WWW-Authenticate': ['Basic']
}};
}
export const myFunc = async (req) => {
let jsonString = '';
const {authorization} = req.headers;
const auth = authorization && authorization.length ? authorization[0] : authorization;
if (!auth)
return authenticate();
try {
const {ok, status, statusText} = await requestJira(route`/rest/api/3/myself`, {
headers: {
"Authorization": auth
}
});
if (!ok)
return status === 401 ? authenticate() : error(status, `${status} ${statusText}`);
} catch (e) {
return error(400, e.message);
}
// do your thing with asApp() and set jsonString
try {
data = doSomethingWithAsApp(); // whatever that is
jsonString = JSON.stringify(data, null, 2);
} catch (e) {
return error(400, e.message);
}
return success(jsonString);
};
Basic auth is not the greatest, but with https it’s at least workable. I hope this helps. I’ll keep investigating other techniques.