You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Services that this package are intended to support will offer an OAuth authentication and authorization flow against an "app" that the developer will need to create with the service. From this various information will be available, including for example a "client ID" and "client secret" that will need to be applied in configuration.
52
51
52
+
When creating the app it will usually be necessary to configure a call back URL. You should use the following:
53
+
54
+
- For OAuth2: `/umbraco/api/AuthorizedServiceResponse/HandleOAuth2IdentityResponse`
55
+
- For OAuth1: `/umbraco/api/AuthorizedServiceResponse/HandleOAuth1IdentityResponse`
56
+
53
57
### Configuring a Service
54
58
55
59
Details of services available need to be applied to the Umbraco web application's configuration, which, if using the `appSettings.json` file, will look as follows. Other sources such as environment variables can also be used, as per standard .NET configuration.
@@ -212,7 +216,7 @@ An enum value that defines the JSON serializer to use when creating requests and
This flag indicates whether the basic token should be included in the request for access token. If true, a base64 encoding of <clientId>:<clientSecret> will be added to
219
+
This flag indicates whether the basic token should be included in the request for access token. If true, a base64 encoding of <clientId>:<clientSecret> will be added to
216
220
the authorization header.
217
221
218
222
###### API Key
@@ -279,7 +283,7 @@ To make a call to an authorized service, you first need to obtain an instance of
279
283
If making a request where all information is provided via the path and querystring, such as GET requests, the following method should be invoked:
@@ -294,7 +298,7 @@ There is also a type parameter:
294
298
If you need to provide data in the request, as is usually the case for POST or PUT requests that required the creation or update of a resource, an overload is available:
Finally, there are convenience extension methods available for each of the common HTTP verbs, allowing you to simplify the requests and omit the `HttpMethod` parameter, e.g.
@@ -337,6 +341,40 @@ The branching strategy in this repository follows a "gitflow" model:
337
341
338
342
The following details are those useful for those contributing to development of the package, and for anyone interested in the how it has been implemented. For anyone using the package too, and finding the existing configuration options aren't sufficient to specify a particular service, there may be scope to provide a custom implementation for particular components.
339
343
344
+
### Flow Diagrams
345
+
346
+
The following diagrams indicate some of the key authentication and authorization flows supported by the package, along with the components involved.
347
+
348
+
#### OAuth2 Display of Service Status and Authorization Link
349
+
350
+
This diagram shows the steps involved with finding and displaying the status of a service in the backoffice, along with how the authorization URL that the user is presented with to initiate the authorization process is generated.
351
+
352
+
353
+
354
+
#### OAuth2 Authorization Flow
355
+
356
+
This diagram shows the steps and components involved in the authorization flow for the OAuth2 protocol.
#### OAuth1 Display of Service Status and Authorization Link
361
+
362
+
This diagram shows the steps involved with finding and displaying the status of a service in the backoffice, along with how the authorization URL that the user is presented with to initiate the authorization process is generated.
363
+
364
+
365
+
366
+
#### OAuth1 Authorization Flow
367
+
368
+
This diagram shows the steps and components involved in the authorization flow for the OAuth1 protocol.
The following diagram shows the steps and components involved in making a request to an external service. It shows the three methods available: OAuth2, OAuth1 and API key.
Note that there has been a deliberate decision taken in designing the package to use a number of components, each responsible for a small part of the authentication and authorization flow. In this way, there's more scope for an implementor to replace specific parts of the implementation should they need to.
0 commit comments