London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!
AI OnAI Off
Content Delivery API authentication and authorization with AAD
Hi Guys,
CMS v11.12
Content Delivery API v2.19.0
I'm seeking further clarification to an older similar question asked here
https://world.optimizely.com/forum/developer-forum/CMS/Thread-Container/2020/12/content-delivery-api---401-unauthorized/
I have also successfully setup integration between Optimizely and AAD as per docs here
https://docs.developers.optimizely.com/content-management-system/v11.0.0-cms/docs/integrate-azure-ad-using-openid-connect
My questions are around Content Delivery API, AD and authentication.
Can anyone explain exactly how this should be setup?
I think I need to retrieve a token from AD i.e. https://login.microsoftonline.com/{0}/oauth2/v2.0/token, and validate myself by overriding Authorize in ContentApiAuthorizationService as per https://krompaco.nu/2018/12/content-delivery-api-and-custom-authorization/ but I'm not entirely sure and can't get this working. If this is correct can anyone provide an example of what is validated?
Should I create a "content" user (service account) in AD that includes the "ContentApiRead", authenticate with client_credentials and secret setup in app registration (within AD), and set the principal to my "content" user once validated?
I assume the default content api auth token endpoint isn't used anymore? i.e. /api/episerver/auth/token
Thanks in advance
Mark