Content Delivery API: configuring OAuth

Vote:
 

Hi,

We're trying to configure OAuth in our setup of the Content Delivery API, and have followed the instructions in the official documentation for doing so: https://world.episerver.com/documentation/developer-guides/content-delivery-api/configuration/#OAuth 

We have added the EPiServer.ContentApi.OAuth NuGet package, and then added the following line in Startup.cs (as per the official documentation, and also as explained in this accepted answer on the developers forum: https://world.episerver.com/forum/developer-forum/Addons/Thread-Container/2018/11/content-delivery-api---404-on-apiepiserverauthtoken/#199421)

app.UseContentApiIdentityOAuthAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>(new ContentApiOAuthOptions()
{
      RequireSsl = false
});

However, none of the explanations in the referenced links contain information about the implementation of ApplicationUserManager and ApplicationUser. Are we supposed to implement them ourselves? In that case, do you have any documentation on how they should be implemented?

- Thomas

#206620
Edited, Mar 04, 2020 7:12
Vote:
 

Did you find any inputs on it. I am on same issue currently.

#218005
Mar 03, 2020 23:05
Thomas Wolff - Mar 04, 2020 7:14
No, we have decided not to use OAuth in our case after all, so we have not looked further into this.
Vote:
 

Hi,

You can use the default implementation of CMS UI for both ApplicationUserManager and ApplicationUser. Alloy sample site for Content Delivery already has the sample configuration in Startup.cs, you can check it out to investigate more. 

#219111
Mar 30, 2020 3:42
Vote:
 

What did you end up using instead of OAuth?

#227782
Sep 12, 2020 4:46
Vote:
 

Hi

If you haven't set up the OWIN authentication before adding the OAuth package, have a look at this documentation page. It basically details how to set up ASP.Net Identity authentication, which can then be used to access the Content Delivery API, through the OAuth package.

Usually you can follow the first three steps on the page, and skip the rest of the page.

#227807
Sep 13, 2020 16:41
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.