Commonly, we authenticate against our AAD via the “interactive authentication” in the “Microsoft Authentication” Node to for example connect to SharePoint. When we want to run the workflow on the server, we store the authentication as a token like this:
The authentication is then valid for quite some time and the workflow can run w/o re-authentication. Nevertheless, this also means, if someone else runs this workflow e.g., from the Webportal, (s)he would use my authentication and token and might access a SharePoint folder potentially w/o genuine permission.
Is there a possibility to force an interactive authentication via the webportal, to assure data integrity?
One addtional, but not too sure if relevant information: When we connect or run a workflow via the Webportal, the users authenticate via OAUTH 2. So, to the KNIME Server it is known which user triggers a workflow.
Let me find that ticket that was mentioned in your linked posts. For now I can point you to the Credentials Widget node as workaround. With that you can prompt users for their login credentials, and use them in the Microsoft Authentication node.