User sign-in script
The following web script example is executed when a user logs into Sitecore Content Hub. It updates the user’s groups based on the provided claims.
This example uses the Everyone user group. Do not use it on your own Content Hub instance without customizing the script based on the names of your organization's user groups.
-
Ensure claims mapping configurations for sign-in are set up in the schema editor.
Script
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
if (Context.AuthenticationSource != AuthenticationSource.External)
{
return;
}
// collect group names from the claims
List <string> groups = new List <string> ();
if (Context.ExternalUserInfo?.Claims == null)
{
groups.Add(Stylelabs.M.Sdk.Constants.UserGroup.Groups.Everyone);
}
else
{
foreach (Stylelabs.M.Scripting.Types.V1_0.User.Claim group in Context.ExternalUserInfo.Claims)
{
if (group.Type == "MySpecialGroupType")
{
groups.Add(group.Value);
}
}
}
// load the group ids
List <long> groupIds = (await MClient.Users.GetUserGroupIdsAsync(groups).ConfigureAwait(false))?.Values.ToList();
var user = Context.User;
// ensure UserGroupToUser relation is loaded
await user.LoadMembersAsync(null, new RelationLoadOption("UserGroupToUser")).ConfigureAwait(false);
// update the relation UserGroupToUser with ids of the collected groups
user.GetRelation("UserGroupToUser").SetIds(groupIds);
// update the user
await MClient.Entities.SaveAsync(user).ConfigureAwait(false);
Script explanation
This section steps through the script in execution order, explaining each part. The numbered items describe the sequence, not instructions to perform.
-
Ensure that user groups are updated for a user based on external claims if the authentication source is external.
RequestResponseif (Context.AuthenticationSource != AuthenticationSource.External) { return; } -
Create a list of group names to collect group information from external claims. If no claims are available, add the default
Everyonegroup.RequestResponseList <string> groups = new List <string>(); if (Context.ExternalUserInfo?.Claims == null) { groups.Add(Stylelabs.M.Sdk.Constants.UserGroup.Groups.Everyone); } else { foreach (Stylelabs.M.Scripting.Types.V1_0.User.Claim group in Context.ExternalUserInfo.Claims) { if (group.Type == "MySpecialGroupType") { groups.Add(group.Value); } } } -
Retrieve the IDs of the collected user groups using the
GetUserGroupIdsAsyncmethod. These IDs will be used to update the user's group relations.RequestResponseList <long> groupIds = (await MClient.Users.GetUserGroupIdsAsync(groups).ConfigureAwait(false))?.Values.ToList(); -
Retrieve the target user entity from the context, and the
UserGroupToUserrelation is loaded. This relation represents the user's membership in specific groups.RequestResponsevar user = Context.User; // ensure UserGroupToUser relation is loaded await user.LoadMembersAsync(null, new RelationLoadOption("UserGroupToUser")).ConfigureAwait(false); -
Update the
UserGroupToUserrelation with the IDs of the collected groups, linking the user to the appropriate groups.RequestResponseuser.GetRelation("UserGroupToUser").SetIds(groupIds); -
Save the user entity, persisting the updated group memberships.
RequestResponseawait MClient.Entities.SaveAsync(user).ConfigureAwait(false);
Setup
-
Create, publish, and enable the User sign-in script.
Disable a sign-in script
A sign-in script might lock users out if it contains runtime errors or inconsistent user validation. If this happens, disable the script by using the REST API or SDK to change M.Script.Enabled to false.
The following example disables a script using the web SDK:
var loadConfig = new EntityLoadConfiguration(
CultureLoadOption.None,
new PropertyLoadOption(
ScriptingConstants.Scripting.Properties.Enabled),
RelationLoadOption.None);
var script = await MClient.Entities.GetAsync( your script id , loadConfig).ConfigureAwait(false);
script?.SetPropertyValue("M.Script.Enabled", false);
await MClient.Entities.SaveAsync(script).ConfigureAwait(false);