The Sitecore Content Hub uses the OAuth 2.0 authorization framework for security. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other sites but without giving these websites or apps the passwords. OAuth 2.0 provides authorization flows for web applications, desktop applications, mobile phones, and smart devices.

Set up OAuth in Sitecore Content Hub

The user navigates to the the OAuth clients option under the Manage page:

Oauth client under manage

When the new OAuth clients page opens, click +OAuth Client.

To create a new OAuth client the user must provide the following properties:

  • Name

  • Client Id

  • Client Secret

  • Redirect Url

Once all of the properties have been entered, click on Create:

completed oauth client details

The new OAuth client is then listed in the OAuth clients listing.

This OAuth client or any of the existing OAuth clients can be edited via the edit button edit icon.

A new window called Quick edit opens, which allows the properties to be edited:

quick edit modal

Once any required edits have been moved, click SAVE.

Any OAuth client that is no longer required can be deleted using the Delete icon delete icon.

Confirm the deletion by clicking on OK:

Password authentication

In addition to a ClientId and a ClientSecret, users need to specify a username and a password to authenticate with Sitecore Content Hub from their project. These values are needed to construct an IWebMClient instance.

The following is an example of a Sitecore Content Hub authentication:

using System;
using Stylelabs.M.Sdk.WebClient;
using Stylelabs.M.Sdk.WebClient.Authentication;

namespace Stylelabs.M.WebSdk.Examples
  public class Program
    static void Main(string[] args)
      // Your Sitecore Content Hub endpoint to connect to
      Uri endpoint = new Uri("");

      // Enter your credentials here
      OAuthPasswordGrant oauth = new OAuthPasswordGrant
        ClientId = "client_id",
        ClientSecret = "client_secret",
        UserName = "username",
        Password = "password"      

      // Create the Web SDK client
      IWebMClient MClient = MClientFactory.CreateMClient(endpoint, oauth);

Refresh token authentication

Refresh token authentication can be used instead of a username and password authentication. In the 'Refresh token authentication', it is important to subscribe to the IWebMClient.RefreshTokenReceived event. Instead of creating an OAuthPasswordGrant, change this to OAuthRefreshTokenGrant:


For instructions on how to obtain a refresh token, see the REST API documentation.

// Enter your credentials here
OAuthRefreshTokenGrant oauth = new OAuthRefreshTokenGrant
  ClientId = "client_id",
  ClientSecret = "client_secret",
  RefreshToken = "SFGDXCbHujaXXMo_Yv2Rf5VUXR2M5GFQBCf4GnxqXIEU9wC0U4M44qHBQ8QO5I-XMlzwb2oUBue_sPsuohUqrGchf_Pfx3jRw7J2xHlxTSRZFRtVLXGQvxE_ZUyj3zIzcM56Lz8NYBzveEd7UjSEBn47RcHnbUC96u30MFrXpHphOmwAfnyENnXgaNmT6Dz1H7_YbuGF_kCGZsFXoT-Fm1NKYoZLn3N4zbB0v-I3Aof16c0_q_FsfVfnOLoviGDKwsrFAHPPLfY6PCj8dSE4vA"

When the refresh token changes, the old token is invalidated. Always make sure to keep track of the latest refresh token.

Testing the configuration

After creating the authentication client, it is possible to test the configuration by calling TestConnectionAsync. This will throw an exception that explains the cause of the failure, if any.

await MClient.TestConnectionAsync();

The method checks the following elements:

  • Whether the server is running

  • Whether the client can successfully connect to the server

  • Whether the SDK and the server are version compatible

  • Whether the credentials are correct

The default Main in Console applications did not support async operations before C# 7.1. If your C# version is lower than 7.0, you will need to add .Wait() (when returning void) or .Result to your method calls and remove the await keyword. For example:


Otherwise, to support async, change the signature to:

static async Task Main(string[] args)

For more information about the test connection method, see the API reference.

Do you have some feedback for us?

If you have suggestions for improving this article,