yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c0c27c0d1dc5254ff5203eb30f8ee3e794cce56a
Umbraco-CMS/src/Umbraco.Web.UI.Client/docs/authentication.md

65 lines
2.8 KiB
Markdown
Raw Normal View History

add docs for authentication
2023-05-10 09:36:58 +02:00
# Authentication
## What is this?
You can now authorize against the Management API using OpenID Connect. Most endpoints will soon require a token, albeit they are open for now.
## How does it work?
You need to authorize against the Management API using OpenID Connect if you want to access protected endpoints running on a real Umbraco instance. This will give you a token that you can use to access the API. The token is stored in local storage and will be used for all subsequent requests.
If you are running the backoffice locally, you can use the `VITE_UMBRACO_USE_MSW` environment variable to bypass the OpenID Connect flow and use mocked responses instead by setting it to `on` in the `.env.local` file.
## How to use
There are two ways to use this:
### Running directly in the Umbraco-CMS repository
Update authentication.md
2023-06-27 09:38:28 +02:00
1. Checkout the `v14/dev` branch of [Umbraco-CMS](https://github.com/umbraco/Umbraco-cms/tree/v14/dev)
add docs for authentication
2023-05-10 09:36:58 +02:00
2. Run `git submodule update --init` to initialize and pull down the backoffice repository
1. If you are using a Git GUI client, you might need to do this manually
3. Go to src/Umbraco.Web.UI.New or switch default startup project to "Umbraco.Web.UI.New"
4. Start the backend server: `dotnet run` or run the project from your IDE
5. Access https://localhost:44339/umbraco and complete the installation of Umbraco
6. You should see the log in screen after installation
7. Log in using the credentials you provided during installation
### Running with Vite
1. Perform steps 1 to 5 from before
2. Open this file in an editor: `src/Umbraco.Web.UI.New/appsettings.Development.json`
3. Add this to the Umbraco.CMS section to override the backoffice host:
```json
"Umbraco": {
"CMS": {
"NewBackOffice":{
add new appsetting to docs
2023-05-10 10:05:20 +02:00
"BackOfficeHost": "http://localhost:5173",
"AuthorizeCallbackPathName": "/"
add docs for authentication
2023-05-10 09:36:58 +02:00
},
},
[...]
}
```
4. Set Vite to use Umbraco API by copying the ".env" file to ".env.local" and setting the following:
```
VITE_UMBRACO_USE_MSW=off
VITE_UMBRACO_API_URL=https://localhost:44339
```
5. Start the vite server: `npm run dev` in your backoffice folder
6. Check that you are sent to the login page
7. Log in
## To test a secure endpoint
Update authentication.md
2023-06-27 09:38:28 +02:00
All Management API endpoints are secure and require a token except for the status and installer endpoints. If you want to mark a custom endpoint as secure, you can add the `[Authorize]` attribute to the controller or action. This will require you to be logged in to access the endpoint.
add docs for authentication
2023-05-10 09:36:58 +02:00
## What does not work yet
- If your session expires or your token is revoked, you will start getting 401 network errors, which for now only will be shown as a notification in the UI - we need to figure out how to send you back to log in
Update authentication.md
2023-06-27 09:38:28 +02:00
- We do not _yet_ poll to see if the token is still valid or check how long before you are logged out, so you won't be notified before trying to perform actions that require a token
Reference in New Issue Copy Permalink