- Interactive User Login
- Sitecore Username and Password are needed.
- Used mostly by the developers.
- Non-Interactive Client Login
- Client ID and Client Secret are needed.
- Client should be configured in Identity server and Identity provider should be configured in Content Management as documented.
- Used for CI/CD process to automate tasks.
In both the flows,
- Identity server is must.
- The result of the authentication and authorization is access token. If we wanted extended expiry of tokens for a longer running process, we can opt for refresh token.
When we initiate the interactive login request using dotnet sitecore login --authority https://id.sitecorewarriors.localhost/ --cm https://cm.sitecorewarriors.localhost --allow-write true, Sitecore ID login screen will appear. Once logged in, we will get two options.
.sitecore/user.json file will be populated with the access token and refresh token. So we should not commit the .sitecore/user.json file to source control as it contains sensitive information.