logo
logo

Authentication

The Sitecore Content Hub uses the OAuth 2.0 authorization framework for security. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other sites but without giving these websites or apps the passwords. OAuth 2.0 provides authorization flows for web applications, desktop applications, mobile phones, and smart devices.

Set up OAuth in Sitecore Content Hub

The user navigates to the the OAuth clients option under the Manage page:

When the new OAuth clients page opens, click on the +OAuth Client button.

To create a new OAuth client the user must provide the following properties on the new modal:

  • Name
  • Client Id
  • Client Secret
  • Redirect Url

Once all of the properties have been entered, click on Create:

The new OAuth client is then listed in the OAuth clients listing.

This OAuth client or any of the existing OAuth clients can be edited via the edit button .

A new modal called Quick edit opens, which allows the properties to be edited:

Once any required edits have been moved, click SAVE.

Any OAuth client that is no longer required can be deleted via the delete icon .

Confirm the deletion by clicking on OK:

Password authentication

In addition to a ClientId and a ClientSecret, users need to specify a username and a password to authenticate with Sitecore Content Hub from their project. These values are needed to construct an IWebMClient instance.

The following is an example of a Sitecore Content Hub authentication:

using System;
using Stylelabs.M.Sdk.WebClient;
using Stylelabs.M.Sdk.WebClient.Authentication;

namespace Stylelabs.M.WebSdk.Examples
{
    public class Program
    {
        static void Main(string[] args)
        {
            // Your Sitecore Content Hub endpoint to connect to
            Uri endpoint = new Uri("https://your.m.endpoint.com");

            // Enter your credentials here
            OAuthPasswordGrant oauth = new OAuthPasswordGrant
            {
                ClientId = "client_id",
                ClientSecret = "client_secret",
                UserName = "username",
                Password = "password"            
            };

            // Create the Web SDK client
            IWebMClient MClient = MClientFactory.CreateMClient(endpoint, oauth);
        }
    }
}

Refresh token authentication

Refresh token authentication can be used instead of a username and password authentication. In the 'Refresh token authentication', it is important to subscribe to the IWebMClient.RefreshTokenReceived event. Instead of creating an OAuthPasswordGrant, change this to OAuthRefreshTokenGrant:

// Enter your credentials here
OAuthRefreshTokenGrant oauth = new OAuthRefreshTokenGrant
{
    ClientId = "client_id",
    ClientSecret = "client_secret",
    RefreshToken = "SFGDXCbHujaXXMo_Yv2Rf5VUXR2M5GFQBCf4GnxqXIEU9wC0U4M44qHBQ8QO5I-XMlzwb2oUBue_sPsuohUqrGchf_Pfx3jRw7J2xHlxTSRZFRtVLXGQvxE_ZUyj3zIzcM56Lz8NYBzveEd7UjSEBn47RcHnbUC96u30MFrXpHphOmwAfnyENnXgaNmT6Dz1H7_YbuGF_kCGZsFXoT-Fm1NKYoZLn3N4zbB0v-I3Aof16c0_q_FsfVfnOLoviGDKwsrFAHPPLfY6PCj8dSE4vA"
};

When the refresh token changes, the old token is invalidated. Always make sure to keep track of the latest refresh token.

Testing the configuration

After creating the authentication client, it is possible to test the configuration by calling TestConnectionAsync. This will throw an exception that explains the cause of the failure, if any.

await MClient.TestConnectionAsync();

The method checks the following elements:

  • Whether the server is running
  • Whether the client can successfully connect to the server
  • Whether the SDK and the server are version compatible
  • Whether the credentials are correct
Tip

The default Main in Console applications did not support async operations before C# 7.1. If your C# version is lower than 7.0, you will need to add .Wait() (when returning void) or .Result to your method calls and remove the await keyword. For example:

MClient.TestConnectionAsync().Wait();

Otherwise, to support async, change the signature to:

static async Task Main(string[] args)
Note

For more information about the test connection method, please refer to the API reference documentation.

Can we improve this article ? Provide feedback