November Happy Hour will be moved to Thursday December 5th.
November Happy Hour will be moved to Thursday December 5th.
Hi,
You can use the default implementation of CMS UI for both ApplicationUserManager and ApplicationUser. Alloy sample site for Content Delivery already has the sample configuration in Startup.cs, you can check it out to investigate more.
Hi
If you haven't set up the OWIN authentication before adding the OAuth package, have a look at this documentation page. It basically details how to set up ASP.Net Identity authentication, which can then be used to access the Content Delivery API, through the OAuth package.
Usually you can follow the first three steps on the page, and skip the rest of the page.
I was using OIDC framework with OKTA in my startup so figured out I just had to use well known open id configuration endpoint. This is what I used and seems to work fine.
var authority = OpenIDConfiguration.Authority;
var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
authority + "/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever());
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
TokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = OpenIDConfiguration.Permission,
ValidateAudience = false,
ValidIssuer = authority,
IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
{
var discoveryDocument = Task.Run(() => configurationManager.GetConfigurationAsync()).GetAwaiter().GetResult();
return discoveryDocument.SigningKeys;
}
}
});
It seems what people are usually after requires the removal of the CD API OAuth-packages (those are only needed in case you need integration between local AspNetIdentity and need a local token provider) and instead use OIDC for auth in general and lean on either Cookie security or validating token on their own.
Similar thread: https://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2020/12/content-delivery-api---401-unauthorized/
Example on how to do it on my blog: https://krompaco.nu/2018/12/content-delivery-api-and-custom-authorization/
Hi,
We're trying to configure OAuth in our setup of the Content Delivery API, and have followed the instructions in the official documentation for doing so: https://world.episerver.com/documentation/developer-guides/content-delivery-api/configuration/#OAuth
We have added the EPiServer.ContentApi.OAuth NuGet package, and then added the following line in Startup.cs (as per the official documentation, and also as explained in this accepted answer on the developers forum: https://world.episerver.com/forum/developer-forum/Addons/Thread-Container/2018/11/content-delivery-api---404-on-apiepiserverauthtoken/#199421)
However, none of the explanations in the referenced links contain information about the implementation of ApplicationUserManager and ApplicationUser. Are we supposed to implement them ourselves? In that case, do you have any documentation on how they should be implemented?
- Thomas