A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
Content Delivery API authentication and authorization with AAD
Hi Guys,
CMS v11.12
Content Delivery API v2.19.0
I'm seeking further clarification to an older similar question asked here
https://world.optimizely.com/forum/developer-forum/CMS/Thread-Container/2020/12/content-delivery-api---401-unauthorized/
I have also successfully setup integration between Optimizely and AAD as per docs here
https://docs.developers.optimizely.com/content-management-system/v11.0.0-cms/docs/integrate-azure-ad-using-openid-connect
My questions are around Content Delivery API, AD and authentication.
Can anyone explain exactly how this should be setup?
I think I need to retrieve a token from AD i.e. https://login.microsoftonline.com/{0}/oauth2/v2.0/token, and validate myself by overriding Authorize in ContentApiAuthorizationService as per https://krompaco.nu/2018/12/content-delivery-api-and-custom-authorization/ but I'm not entirely sure and can't get this working. If this is correct can anyone provide an example of what is validated?
Should I create a "content" user (service account) in AD that includes the "ContentApiRead", authenticate with client_credentials and secret setup in app registration (within AD), and set the principal to my "content" user once validated?
I assume the default content api auth token endpoint isn't used anymore? i.e. /api/episerver/auth/token
Thanks in advance
Mark