Datajs OData Client Authentication in Hybrid Apps

Several authentication schemes are available when accessing a protected OData service through an SAP Mobile Platform proxy, from a Hybrid App, in JavaScript using Datajs.

Basic authentication – Provide a username and password to login. This method is available when connecting through HTTP and one-way HTTPS.
SSO token – Provide an SSO token to login. This method is available when connecting through HTTP and HTTPS and a token validation service is available and configured.
X.509 Mutual authentication through intermediary – Provide a forwarded client certificate to login using the SSL_CLIENT_CERT header name containing forwarded a PEM-encoded client certificate. This method is available only through an appropriately configured HTTPS listener. The certificate forwarder must have the "SUP Impersonator" role to be authorized for this type of login. The certificate of the actual "SUP Impersonator" user cannot be used as a regular user certificate.

In each case, if common additional JavaScript is required for every OData.read or OData.request call, this is best implemented in a Datajs custom HTTP client. This is a wrapper and extension of the OData.defaultHttpClient using the JavaScript proxy pattern. See http://datajs.codeplex.com/wikipage?title=Custom%20OData%20httpClient

Basic Authentication
The Datajs JavaScript library internally uses the XmlHttpRequest (XHR) object to handle the underlying HTTP or HTTPS requests/responses on the client.
Authentication Against an OData Source
Hybrid Apps pass user name and password information using HTTP basic authentication, by setting the Authorization HTTP header.
SSO Token, Including SAP SSO2 and SiteMinder/Network Edge
As in basic authentication, the Datajs JavaScript library internally uses the XmlHttpRequest (XHR) object to handle the underlying HTTP or HTTPS requests/responses on the client.
Server Certificate Validation Over HTTPS
In this pattern, which uses the CertificateAuthenticationLoginModule, the server sends the client a certificate with which to authenticate itself.
X.509 SSO Authentication
For certificate based SSO authentication, due to the restriction from handling certificates in pure JavaScript, a native counterpart on the device must be interfaced, such as the Hybrid Web Container, using its existing Certificate.js.
Sending Requests Over HTTPS
Datajs custom clients can replace the default odata.DefaultHttpClient with overrideHttpClientForDatajs to send requests to SAP Mobile Server through an HTTPS connection.

Parent topic: Develop OData-based Hybrid Apps