Omit auth in RPC communication between mobile frontend and backend (#…

…3649) * Omit access token when mobile frontend talks to backend * Changelog entry for mobile RPC auth omit
iTwin · May 20, 2022 · b1df847 · b1df847
1 parent f33a986
commit b1df847
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/common/changes/@itwin/core-frontend/travis-mobile-rpc-no-auth_2022-05-19-21-46.json b/common/changes/@itwin/core-frontend/travis-mobile-rpc-no-auth_2022-05-19-21-46.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/core-frontend",
+      "comment": "Omit authorization in RPC communication between mobile frontend and backend.",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/core-frontend"
+}
diff --git a/core/frontend/src/IModelApp.ts b/core/frontend/src/IModelApp.ts
@@ -13,7 +13,7 @@ const COPYRIGHT_NOTICE = 'Copyright © 2017-2022 <a href="https://www.bentley.co
 
 import { TelemetryManager } from "@itwin/core-telemetry";
 import { UiAdmin } from "@itwin/appui-abstract";
-import { AccessToken, BeDuration, BeEvent, BentleyStatus, DbResult, dispose, Guid, GuidString, Logger } from "@itwin/core-bentley";
+import { AccessToken, BeDuration, BeEvent, BentleyStatus, DbResult, dispose, Guid, GuidString, Logger, ProcessDetector } from "@itwin/core-bentley";
 import {
   AuthorizationClient, IModelStatus, Localization, RealityDataAccess, RpcConfiguration, RpcInterfaceDefinition, RpcRequest, SerializedRpcActivity,
 } from "@itwin/core-common";
@@ -545,7 +545,7 @@ export class IModelApp {
         applicationId: this.applicationId,
         applicationVersion: this.applicationVersion,
         sessionId: this.sessionId,
-        authorization: await this.getAccessToken(),
+        authorization: ProcessDetector.isMobileAppFrontend ? "" : await this.getAccessToken(),
       };
 
       const csrf = IModelApp.securityOptions.csrfProtection;