Sitecore Content Hub uses the OAuth 2.0 authorization framework for security.

Set up OAuth in Content Hub

To set up a connection to your project, create an M.OAuthClient entity in Sitecore Content Hub. You need to provide the following properties :

  • Name
  • ClientId
  • ClientSecret
  • RedirectUrl

The RedirectUrl property is mandatory, but it's not relevant in this case. Any dummy value can be provided.

The following steps describe the OAuth creation process in Sitecore Content Hub:

  1. In Manage screen, search for 'OAuth clients' (via the searchbox) and click on the OAuth clients tile.
  2. If the SDK's M.OAuthClient entity is not in the list, add a new one by clicking on the + OAuth client.
  3. Enter the required M.OAuthClient entity values, then save the changes.

Password authentication

In addition to a ClientId and a ClientSecret, users need to specify a username and a password to authenticate with Sitecore Content Hub from their project. The following is an example of a Sitecore Content Hub authentication:

import OAuthPasswordGrant from "@sitecore/sc-contenthub-webclient-sdk/dist/authentication/oauth-password-grant";
import { ContentHubClient } from "@sitecore/sc-contenthub-webclient-sdk/dist/clients/content-hub-client";

// Your Sitecore Content Hub endpoint to connect to
const endpoint = "https://your.m.endpoint.com";

// Enter your credentials here
const oauth = new OAuthPasswordGrant(

// Create the JavaScript SDK client
const client = new ContentHubClient(endpoint, oauth);

// Authentication
// returns true when authentication succeeds.
// returns false or throws an error when authentication failed.

await client.internalClient.authenticateAsync();

The await client.internalClient.authenticateAsync() will return TRUE if the authentication is sucessful. In case of a failure, it will either return FALSE or throw an error.

The await expression can also be written as part of a function as follows:

async function main() {
    await ...

When using await, be sure to either include a declaration for the 'Promise' constructor or include 'ES2015' in your --lib option:

// configuration using tsconfig.json
  "compilerOptions": {
    "lib": [

or, the following code can also be employed:

tsc main.ts --lib ES2015

Refresh token authentication

Refresh token authentication can be used instead of a username and password authentication. In the 'Refresh token authentication', it is important to subscribe to the IWebMClient.RefreshTokenReceived event. Instead of creating an OAuthPasswordGrant, change this to OAuthRefreshTokenGrant:

import OAuthRefreshTokenGrant from "@sitecore/sc-contenthub-webclient-sdk/dist/authentication/oauth-refreshtoken-grant";

// Enter your credentials here
const oauth = new OAuthRefreshTokenGrant(

Can we improve this article ? Provide feedback