Authentication

Sitecore Content Hub uses the OAuth 2.0 authorization framework for security. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other sites but without giving these websites or apps the passwords. OAuth 2.0 provides authorization flows for web applications, desktop applications, mobile phones, and smart devices.

Set up OAuth in Content Hub

To set up OAuth in Content Hub:

  1. On the menu bar, click Manage .

  2. On the Manage page, click OAuth clients.

  3. Click OAuth Client.

  4. In the OAuth Client dialog, enter the following properties:

    • Name

    • Client ID

    • Client Secret

    • Redirect Url

  5. From the Client Type drop-down list, click Client Credentials.

  6. In the Users field, click Add and, in the User dialog, select a user, and then click Save.

  7. In the OAuth Client dialog, click Save.

Tip

To edit an OAuth client, next to the client you want to edit, click Quick Edit edit icon. To delete the client, click Delete delete icon.

Password authentication

In addition to a ClientId and a ClientSecret, you specify a username and a password to authenticate with Content Hub from your project. These values are needed to construct an IWebMClient instance. The following is an example of a Content Hub authentication:

RequestResponse
using System;
using Stylelabs.M.Sdk.WebClient;
using Stylelabs.M.Sdk.WebClient.Authentication;

namespace Stylelabs.M.WebSdk.Examples
{
  public class Program
  {
    static void Main(string[] args)
    {
      // Your Sitecore Content Hub endpoint to connect to
      Uri endpoint = new Uri("https://your.m.endpoint.com");

      // Enter your credentials here
      OAuthPasswordGrant oauth = new OAuthPasswordGrant
      {
        ClientId = "client_id",
        ClientSecret = "client_secret",
        UserName = "username",
        Password = "password"      
      };

      // Create the Web SDK client
      IWebMClient MClient = MClientFactory.CreateMClient(endpoint, oauth);
    }
  }
}

Client credentials authentication

Important

The client must be created with the Client type set to Client credentials.

When you set up OAuth in Content Hub, you can define multiple users in the Users field. However, for the purpose of authentication only the first one will be used, This means that all operations will be executed in the context of that user.

Tip

You can also create a dedicated service user account to use in the OAuth client, so that operations performed by a service are not linked to an individual user account.

The following code provides an example of the client credentials authentication:

RequestResponse
OAuthClientCredentialsGrant oauth = new OAuthClientCredentialsGrant
{
    ClientId = "client_id",
    ClientSecret = "client_secret"
};

Refresh token authentication

Refresh token authentication can be used instead of a username and password authentication. In the 'Refresh token authentication', it is important to subscribe to the IWebMClient.RefreshTokenReceived event. Instead of creating an OAuthPasswordGrant, change this to OAuthRefreshTokenGrant:

Note

To obtain a refresh token, see the REST API documentation.

RequestResponse
// Enter your credentials here
OAuthRefreshTokenGrant oauth = new OAuthRefreshTokenGrant
{
  ClientId = "client_id",
  ClientSecret = "client_secret",
  RefreshToken = "SFGDXCbHujaXXMo_Yv2Rf5VUXR2M5GFQBCf4GnxqXIEU9wC0U4M44qHBQ8QO5I-XMlzwb2oUBue_sPsuohUqrGchf_Pfx3jRw7J2xHlxTSRZFRtVLXGQvxE_ZUyj3zIzcM56Lz8NYBzveEd7UjSEBn47RcHnbUC96u30MFrXpHphOmwAfnyENnXgaNmT6Dz1H7_YbuGF_kCGZsFXoT-Fm1NKYoZLn3N4zbB0v-I3Aof16c0_q_FsfVfnOLoviGDKwsrFAHPPLfY6PCj8dSE4vA"
};

When the refresh token changes, the old token is invalidated. Always make sure to keep track of the latest refresh token.

Test the configuration

After creating the authentication client, it is possible to test the configuration by calling TestConnectionAsync. This will throw an exception that explains the cause of the failure, if any.

RequestResponse
await MClient.TestConnectionAsync();

The method checks the following elements:

  • Whether the server is running

  • Whether the client can successfully connect to the server

  • Whether the SDK and the server are version compatible

  • Whether the credentials are correct

The default Main in Console applications did not support async operations before C# 7.1. If your C# version is lower than 7.0, you will need to add .Wait() (when returning void) or .Result to your method calls, and remove the await keyword. For example:

RequestResponse
MClient.TestConnectionAsync().Wait();

Otherwise, to support async, change the signature to:

RequestResponse
static async Task Main(string[] args)
Note

For more information about the test connection method, see the API reference.

Do you have some feedback for us?

If you have suggestions for improving this article,