In this tutorial, you enable users, authenticated in the backend, to obtain access token and have permissions to view News items via a protected service. You can additionally implement other actions authenticated users can complete, such as modify or delete.
The files you work with in this tutorial are:
Helper page required to obtain access token.
A sample page demonstrating how to obtain an access token and call the OData services.
NOTE: In this tutorial, you work with specific versions of the files, listed above. You can download these file versions from the GitHub repository.
Make sure the authentication protocol is set to OpenID (the default authentication protocol in Sitefinity CMS):
Navigate to Administration -> Advanced settings -> Authentication.
- From the Authentication protocol dropdown, select OpenId.
To setup the application and create HTTP requests:
- Download the following assets:
- Paste the assets in the relevant folders in your web application, for example, paste the OIDC client in the scripts folder.
NOTE: By default, assets are copied to the root folder of your application.
- Open the news.html file:
In the code above you:
NOTE: For a full list of OIDC settings, see
GitHub OIDC client settings page.
- Setup the links to where you pasted the silent.html and oidc-client.js, for example, to the scripts folder where you placed the oidc-client.js file.
NOTE: By default, the links direct to the root folder.
- Configure the OIDC client settings:
|The absolute path to the external STS.
|The client ID configured in the external STS.
|http://host:port/<folder where the silent page is located>/silent.html
The URL for the page containing the code handling the silent renew.
The type of response desired from the OIDC/OAuth2 provider.
|The minimum scope, required by the scenario.
|Automatically renew the access token on the silent page.
- Restart the application.