Vulnerability in EPiServer.Forms
Curious to know if anyone's implemented Content API auth for CMS 12 (.net 6)? The ContentDeliveryAPI.OAuth package was deprectaed for .Net 5 and 6, so per the few online forums I've explored so far, there are a few potential cadidates to help do the same job like OpenIddict, Okta, IdentityServer etc. Want to see if anyone has explored any of these yet?
In our specific case, there was JWT validation happening via the Oauth package and additional claims were being saved from that, plus cookie auth. OpenIddict claims to be able to do jwt validation and more and I've kind of started exploring that option.
But wanna hear from the community too.
Do share if anyone's tried anything.
I would have thought you would go straight to OpenIdConnect.
Technically this doc also references OpenIddict. And as I said, i'd been exploring options and there was no single answer really.. but various ways to approach this. So i wanted to ask around and see if anyone's done it any differently.
As mentioned before.. there are several options available to achieve this. We ended up going with JWTBearerAuth to achieve our end goal.