Topics

All topics

Call oData services in browser-based JavaScript applications

In this tutorial, you create HTTP requests to access Sitefinity CMS OData services using access tokens with Bearer token authentication. To do this, you use a JavaScript OpenID Connect (OIDC) client OAuth2 protocol support for client-side applications.

In this tutorial, you enable users, authenticated in the backend, to obtain access token and have permissions to view News items via a protected service. You can additionally implement other actions authenticated users can complete, such as modify or delete.

The files you work with in this tutorial are:

oidc-client.js
OIDC client and OAuth2 protocol support for browser-based JavaScript applications.
silent.html
Helper page required to obtain access token.
news.html
A sample page demonstrating how to obtain an access token and call the OData services.

NOTE: In this tutorial, you work with specific versions of the files, listed above. You can download these file versions from the GitHub repository.

PREREQUISITES:

Make sure the authentication protocol is set to OpenID (the default authentication protocol in Sitefinity CMS):

Navigate to Administration -> Advanced settings -> Authentication.
From the Authentication protocol dropdown, select OpenId.

To setup the application and create HTTP requests:

Download the following assets:
- oidc-client.js script from the GitHub repository.
- Helper page for obtaining the access token: silent.html file from the GitHub repository.
Paste the assets in the relevant folders in your web application, for example, paste the OIDC client in the scripts folder.
NOTE: By default, assets are copied to the root folder of your application.

Open the news.html file:

In the code above you:

Setup the links to where you pasted the silent.html and oidc-client.js, for example, to the scripts folder where you placed the oidc-client.js file.
NOTE: By default, the links direct to the root folder.

Configure the OIDC client settings:

Parameter	Value	Description
authority	http://host:port/Sitefinity/Authenticate/OpenID	The absolute path to the external STS.
client_id	sitefinity	The client ID configured in the external STS.
silent_redirect_uri	http://host:port/<folder where the silent page is located>/silent.html	The URL for the page containing the code handling the silent renew.
response_type	id_token token	The type of response desired from the OIDC/OAuth2 provider.
scope	openid	The minimum scope, required by the scenario.
automaticSilentRenew	true	Automatically renew the access token on the silent page.

NOTE: For a full list of OIDC settings, see GitHub OIDC client settings page.

Restart the application.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Yes No

Would you like to submit additional feedback?

Your feedback about this content is important

How helpful is this article?

Very helpful Somewhat helpful Not helpful

How can we improve this article?(Optional)

Fix typos or links

Fix incorrect information

Add or update code samples

Add or update illustrations

Add information about...

Send feedback Cancel