Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

Dev GuideAPI ReferenceUser Guide
Dev GuideRecipesAPI ReferenceChangelogDiscussions
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubNuGetDev CommunityOptimizely AcademySubmit a ticket
Start typing to search…

PaaS CMS Core + OpenID

How to use the Open ID Connect app (add-on).

Prerequisites

You must have the following to use PaaS CMS Core and OpenID:

  • Empty or existing Optimizely CMS.
  • Install EPiServer.OpenIDConnect add-on.
  • Postman.

CMS setup

  1. Open your Optimizely CMS solution and install theEPiServer.OpenIDConnect addon.

    dotnet add EPiServer.OpenIDConnect

  2. Open the Startup.cs file and add this sample line of code.

    services.AddOpenIDConnect < ApplicationUser > (
  useDevelopmentCertificate: true,
  signingCertificate: null,
  encryptionCertificate: null,
  createSchema: true,
  options => {
    var baseUri = new Uri(_frontendUri); // _frontendUri is your application client url
    options.RequireHttps = !_webHostingEnvironment.IsDevelopment();
    options.DisableTokenPruning = true;
    options.DisableSlidingRefreshTokenExpiration = true;

    options.Applications.Add(new OpenIDConnectApplication {
      ClientId = "frontend",
        Scopes = {
          "openid",
          "offline_access",
          "profile",
          "email",
          "roles",
          ContentDeliveryApiOptionsDefaults.Scope
        },
        PostLogoutRedirectUris = {
          baseUri
        },
        RedirectUris = {
          new Uri(baseUri, "/api/auth/callback/optimizely_cms"),
          new Uri("https://oauth.pstmn.io/v1/callback") // for trying out with postman purpose
        },
    });
  });

services.AddOpenIDConnectUI();

// No encrypt the token so it's easier to debug, not recommend for production.
services.AddOpenIddict()
  .AddServer(options => options.DisableAccessTokenEncryption());

  3. Run the website.

Try it out using Postman

  1. Import https://cg.optimizely.com/app/swagger/swagger.json to the Postman collection.

  2. Set up the variable for the collection, which includes:

    • baseUrlhttps://cg.optimizely.com

    • appKey – your AppKey

    • appSecret – your AppSecret

  3. Set up the Authorization method. For simplicity, it should be Basic Auth, and put your appKey and appSecret as Username and Password.

  4. Update OIDC configs for EPiServer OpenIdConnect, they are:

    • audience – {{your_clientId}} eg: frontend
    • issuer – {{your_CMS_URL}} eg: http://localhost:8082/
      📘

      Note

      You can get these two values from ID Toke

      eyJhbGciOiJSUzI1NiIsImtpZCI6IkY3RUVBN0UzQTJCODhGOUVFMDRBNjczNzEyRENGQTAwRjhBNEQxOEQiLCJ4NXQiOiI5LTZuNDZLNGo1N2dTbWMzRXR6NkFQaWswWTAiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiIxMTdkM2UwYy03ZDMwLTQyMGUtYWYxYi02ZTczZGVmOTEwNDciLCJvaV9hdV9pZCI6IjgxZWRlYTIzLTZmZDgtNDQ5Ny05MDY1LWZmNzk4M2E0YjhmOCIsImF6cCI6ImZyb250ZW5kIiwiYXRfaGFzaCI6IlBrYW93ZVRidExHNWx4alZOZEgwRmciLCJvaV90a25faWQiOiJlODVmMTdlNC1jMDg4LTRlODQtOTI3ZC1hNDU2MzczZDU2YTQiLCJhdWQiOiJmcm9udGVuZCIsImV4cCI6MTcwMzU2MzQxMSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgyLyIsImlhdCI6MTcwMzU2MjIxMX0.NuuTGBOxDsvatOZgQAc6zwISbn-DAyQcSi3kWVKywU58h_4inNYPEvFY3wTdLrWN9vIg6lsWexEeF5_rx58np3aIUNIpuqrXTed0tsPCrGvQcEljs39epwbcEYtxZnSUIelMSwZQF4nXlAELQemQhukVdQu5zrJIAQLAQ176cAp7QG7Y1eEn5WfGFdxuRCWbBzl_i0SjCWKSYeePeQ8or3cYgCYZ2FmnhoKLJkIfaWdgkh2F1toVpyz4KZKMKJtHMaKF6FZjEcQUm8M8r-YkbPVF7Zm1wDe9cepeMWGjXwouAZW4GAMUVheIdN3TRrend2KMwAizJMOpZQbCFj0NZg
      {
  sub 117d3e0c-7d30-420e-af1b-6e73def91047
  oi_au_id 81edea23-6fd8-4497-9065-ff7983a4b8f8
  azp frontend
  at_hash PkaoweTbtLG5lxjVNdH0Fg
  oi_tkn_id e85f17e4-c088-4e84-927d-a456373d56a4
  aud frontend
  exp 1703563411
  iss http://localhost:8082/
  iat 1703562211
}

Generate access token

  1. In Postman, open a new tab.

  2. Select Authorization > Type OAuth 2.0.

  3. Configure New Token.

    • Grant type – Authorization code
    • Callback URLhttps://oauth.pstmn.io/v1/callback
    • Authorized using browser – Select it.
    • Auth URLhttp://localhost:8082/api/episerver/connect/authorize
    • Access Token URL – http://localhost:8082/api/episerver/connect/token`
    • Client ID – fill your value
    • Client Secret – fill your value
    • Scopeopenid offline_access profile email roles

  4. Click Get New Access Token

Send GraphQL query with an access token

Query the restricted content items with cg-tenant-id header and access_token value in Authorization header.

curl --location 'https://cg.optimizely.com/content/v2' \
--header 'Content-Type: application/json' \
--header 'cg-tenant-id: 0375753b0b5d43e99934d029b20e3767e' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiI5NmNiMTUyZS0wMzE2LTQxNTgtOTNmMC1hOWNkZDk4YjI2ZTciLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83YzRhMWI3OS00YjhlLTRhYzctYjdlMS1jNWMzYzVhNGMxMzkvIiwiaWF0IjoxNzAzNTg2MDMwLCJuYmYiOjE3MDM1ODYwMzAsImV4cCI6MTcwMzU4OTkzMCwiYWlvIjoiQVpRQWEvOFZBQUFBL3lLMHdRd05kSFFrQjhjdmp2Qkl1dDAwQzF6Snl5elNJaTQ1Nlk5ZmZVWnQ4ZlRhTy9Qd0YwUlIwbjBYL0FXSGV1Y1JaVXhDc25YZUg1RkhFOFhkQUhNWm1JNmJpMFJzTEFwU3hJcytmNGp1a3dXL3B6ZUluNktXbEN3UFR0YlBJRUN6YTJNVEFRWWZVREZaTWRReEN6dWtRTGwrZDZ0STZFV29IS041UHhsL2JGOE9QSzc4V3lrUnBIbEVPU1d1IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJlbWFpbCI6IlF1YW5nLlRyYW5AZXBpc2VydmVyLmNvbSIsImZhbWlseV9uYW1lIjoiVHJhbiIsImdpdmVuX25hbWUiOiJNYW5oIFF1YW5nIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvM2VjMDBkNzktMDIxYS00MmQ0LWFhYzgtZGNiMzU5NzNkZmYyLyIsImlwYWRkciI6IjEwMy4zNy4yOS4xMDYiLCJuYW1lIjoiUXVhbmcgVHJhbiIsIm9pZCI6IjRhMWM2YTY4LTIyYjctNDViMS05MjZiLThmMzk2MjhhMzc0NCIsInJoIjoiMC5BVEFBZVJ0S2ZJNUx4MHEzNGNYRHhhVEJPUzRWeTVZV0ExaEJrX0NwemRtTEp1Y3dBSTguIiwicm9sZXMiOlsiRXZlcnlvbmUiLCJDb250ZW50LkVkaXRvcnMiLCJDb250ZW50LkFkbWlucyIsIkFkbWluaXN0cmF0b3JzIl0sInN1YiI6IjQ0WnhYRFl5cFZuaFhXM3VfXzFJeW9aUWduR2J6ZllQRWVFTGotQnpnUVUiLCJ0aWQiOiI3YzRhMWI3OS00YjhlLTRhYzctYjdlMS1jNWMzYzVhNGMxMzkiLCJ1bmlxdWVfbmFtZSI6InF1YW5nLnRyYW5AZXBpc2VydmVyLmNvbSIsInV0aSI6IkN4Z1JIMk1wOWtLd2YxUVRqQzVfQVEiLCJ2ZXIiOiIxLjAifQ.u_qpkNvXRzkYy0yrVvbXLOetWVpAOyjKLTe1I_eKo72r2JtpidaQCnHRQejQuC3WYOBIbJGRPcmtw5HvDdCobhg6WJNNux4SIDufG2AxD1cq_d-ThEtPaYR0ZbUQEYeW83HYUYLqyl4wEkOVgZdCv3vBuuABGAlQIxu8_VjCR89k-pawKic7hykhy4Flp7Bx2rz6LyBKYPwY8eb9kDWtXIqGT3Pp38BBQp2VFkV4Lm71lCgYJMCOA_3b3LHjVknwtvnqL785yY5wCKNhe-yC_kTbWuOGYGaw67V6J-goJ4RYZOGRgr5kMalmNJB5USeWPkEboV8oAeIlVgDghd9ypw' \
--data '{"query":"query MyQuery {\n  ArtistDetailsPage {\n    items {\n      ArtistName\n      ArtistGenre\n      ArtistIsHeadliner\n      Ancestors\n      ArtistDescription\n      ArtistPhoto\n      Status\n    }\n  }\n}","variables":{}}'

Updated 3 days ago