22 March, 2022

Sitecore CLI - Authentication and Authorization

Sitecore has a very good documentation on Authentication and Authorization. As stated, there are two flows. 
  1. Interactive User Login
    • Sitecore Username and Password are needed. 
    • Used mostly by the developers.
  2. Non-Interactive Client Login
    • Client ID and Client Secret are needed. 
    • Client should be configured in Identity server and Identity provider should be configured in Content Management as documented
    • Used for CI/CD process to automate tasks.
In both the flows,  
  • Identity server is must. 
  • The result of the authentication and authorization is access token. If we wanted extended expiry of tokens for a longer running process, we can opt for refresh token. 
When we initiate the interactive login request using dotnet sitecore login --authority https://id.sitecorewarriors.localhost/ --cm https://cm.sitecorewarriors.localhost --allow-write true, Sitecore ID login screen will appear. Once logged in, we will get two options. 

Offline Access will generate refresh token along with short lived access token. A refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again.

.sitecore/user.json file will be populated with the access token and refresh token. So we should not commit the .sitecore/user.json file to source control as it contains sensitive information.

No comments:

Post a Comment

blockquote { margin: 0; } blockquote p { padding: 15px; background: #eee; border-radius: 5px; } blockquote p::before { content: '\201C'; } blockquote p::after { content: '\201D'; }