Authentication
Sitecore Content Hub uses the OAuth 2.0 authorization framework for security. OAuth
is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other sites but without giving these websites or apps the passwords. OAuth 2.0 provides authorization flows for web applications, desktop applications, mobile phones, and smart devices.
Set up OAuth in Content Hub
To set up OAuth in Content Hub:
-
On the menu bar, click Manage .
-
On the Manage page, click OAuth clients.
-
Click OAuth Client.
-
In the OAuth Client dialog, enter the following properties:
-
Name
-
Client ID
-
Client Secret
-
Redirect Url
-
-
From the Client Type drop-down list, click Client Credentials.
-
In the Users field, click Add and, in the User dialog, select a user, and then click Save.
-
In the OAuth Client dialog, click Save.
To edit an OAuth client, next to the client you want to edit, click Quick Edit . To delete the client, click Delete .
Password authentication
In addition to a ClientId
and a ClientSecret
, you specify a username and a password to authenticate with Content Hub from your project. These values are needed to construct an IWebMClient
instance. The following is an example of a Content Hub authentication:
using System;
using Stylelabs.M.Sdk.WebClient;
using Stylelabs.M.Sdk.WebClient.Authentication;
namespace Stylelabs.M.WebSdk.Examples
{
public class Program
{
static void Main(string[] args)
{
// Your Sitecore Content Hub endpoint to connect to
Uri endpoint = new Uri("https://your.m.endpoint.com");
// Enter your credentials here
OAuthPasswordGrant oauth = new OAuthPasswordGrant
{
ClientId = "client_id",
ClientSecret = "client_secret",
UserName = "username",
Password = "password"
};
// Create the Web SDK client
IWebMClient MClient = MClientFactory.CreateMClient(endpoint, oauth);
}
}
}
Client credentials authentication
The client must be created with the Client type set to Client credentials.
When you set up OAuth in Content Hub, you can define multiple users in the Users field. However, for the purpose of authentication only the first one will be used, This means that all operations will be executed in the context of that user.
You can also create a dedicated service user account to use in the OAuth client, so that operations performed by a service are not linked to an individual user account.
The following code provides an example of the client credentials authentication:
OAuthClientCredentialsGrant oauth = new OAuthClientCredentialsGrant
{
ClientId = "client_id",
ClientSecret = "client_secret"
};
Refresh token authentication
Refresh token authentication can be used instead of a username and password authentication. In the 'Refresh token authentication
', it is important to subscribe to the IWebMClient.RefreshTokenReceived
event. Instead of creating an OAuthPasswordGrant
, change this to OAuthRefreshTokenGrant
:
To obtain a refresh token, see the REST API documentation.
// Enter your credentials here
OAuthRefreshTokenGrant oauth = new OAuthRefreshTokenGrant
{
ClientId = "client_id",
ClientSecret = "client_secret",
RefreshToken = "SFGDXCbHujaXXMo_Yv2Rf5VUXR2M5GFQBCf4GnxqXIEU9wC0U4M44qHBQ8QO5I-XMlzwb2oUBue_sPsuohUqrGchf_Pfx3jRw7J2xHlxTSRZFRtVLXGQvxE_ZUyj3zIzcM56Lz8NYBzveEd7UjSEBn47RcHnbUC96u30MFrXpHphOmwAfnyENnXgaNmT6Dz1H7_YbuGF_kCGZsFXoT-Fm1NKYoZLn3N4zbB0v-I3Aof16c0_q_FsfVfnOLoviGDKwsrFAHPPLfY6PCj8dSE4vA"
};
When the refresh token changes, the old token is invalidated. Always make sure to keep track of the latest refresh token.
Test the configuration
After creating the authentication client, it is possible to test the configuration by calling TestConnectionAsync
. This will throw an exception that explains the cause of the failure, if any.
await MClient.TestConnectionAsync();
The method checks the following elements:
-
Whether the server is running
-
Whether the client can successfully connect to the server
-
Whether the SDK and the server are version compatible
-
Whether the credentials are correct
The default Main in Console applications did not support async operations before C# 7.1. If your C# version is lower than 7.0, you will need to add .Wait() (when returning void) or .Result to your method calls, and remove the await keyword. For example:
MClient.TestConnectionAsync().Wait();
Otherwise, to support async, change the signature to:
static async Task Main(string[] args)
For more information about the test connection method, see the API reference.