API access with client credentials (core functionality) (#16817)

* First stab * Delivery API client credentials + a little refactor to ensure unique client IDs * Introduce user type * Support user type in the Management API * Clean up TODOs * Update API user last login date when issuing a token * Better error reporting for mismatched user types * Do not allow password change or reset for API users * Update OpenApi.json * Revert change * Remove obsolete comment * Make applicable classes abstract or sealed * Review changes * Add endpoint for retrieving all user client IDs
2024-07-29 14:34:11 +02:00
parent 0eef280a20
commit 68db079700
53 changed files with 1444 additions and 15 deletions
--- a/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs
+++ b/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs
@@ -54,10 +54,14 @@ public static class UmbracoBuilderAuthExtensions
                    .RequireProofKeyForCodeExchange()
                    .AllowRefreshTokenFlow();

+                // Enable the client credentials flow.
+                options.AllowClientCredentialsFlow();
+
                // Register the ASP.NET Core host and configure for custom authentication endpoint.
                options
                    .UseAspNetCore()
                    .EnableAuthorizationEndpointPassthrough()
+                    .EnableTokenEndpointPassthrough()
                    .EnableLogoutEndpointPassthrough();

                // Enable reference tokens