Umbraco-CMS

yv01p/Umbraco-CMS

Fork 0

Commit Graph

Author	SHA1	Message	Date
mcl-sz	55f9b09ab7	Combining OpenId and OfflineAccess scope (#16220 ) * Combining OpenId and OfflineAccess scope When the client scope is set to "openid offline_access", the returned scope only has the "offline_access" scope. The "openid" scope and the "id_token" are missing. By combining the OpenId and OfflineAccess as return scope, the refresh_token and id_token are returned. * Update MemberController.cs Cleaner way, provided by @kjac, to check if the scope has openid and/or offiline_access set.	2024-07-30 08:38:06 +02:00
Elitsa Marinovska	04400054ac	V14: Cleanup [ApiController] attribute usage (#15842 ) * Applying [ApiController] to ManagementApiControllerBase and the rest derive it from it * Removing [ApiController] from deriving controllers * Removing [ApiVersion("1.0")] from controller base * Cleanup * [ApiController] from deriving DeliveryApiControllerBase controller	2024-03-05 15:49:40 +01:00
Kenn Jacobsen	83321a8fad	Add member auth to the Delivery API (#14730 ) * Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API * Make SwaggerRouteTemplatePipelineFilter UI config overridable * Enable token revocation + rename logout endpoint to signout * Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger * Correct notification handling when (un)protecting content * Fixing integration test framework * Cleanup test to not execute some composers twice * Update paths to match docs * Return Forbidden when a member is authorized but not allowed to access the requested resource * Cleanup * Rename RequestMemberService to RequestMemberAccessService * Rename badly named variable * Review comments * Hide the auth controller from Swagger * Remove semaphore * Add security requirements for content API operations in Swagger * Hide the back-office auth endpoints from Swagger * Fix merge * Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that) * Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment) * Make "items by IDs" endpoint support member auth * Add 401 and 403 to "items by IDs" endpoint responses --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Elitsa <elm@umbraco.dk>	2023-09-26 09:22:45 +02:00

Author

SHA1

Message

Date

mcl-sz

55f9b09ab7

Combining OpenId and OfflineAccess scope (#16220 )

* Combining OpenId and OfflineAccess scope

When the client scope is set to "openid offline_access", the returned scope only has the "offline_access" scope. The "openid" scope and the "id_token" are missing. By combining the OpenId and OfflineAccess as return scope, the refresh_token and id_token are returned.

* Update MemberController.cs

Cleaner way, provided by @kjac, to check if the scope has openid and/or offiline_access set.

2024-07-30 08:38:06 +02:00

Elitsa Marinovska

04400054ac

V14: Cleanup [ApiController] attribute usage (#15842 )

* Applying [ApiController] to ManagementApiControllerBase and the rest derive it from it

* Removing [ApiController] from deriving controllers

* Removing [ApiVersion("1.0")] from controller base

* Cleanup

* [ApiController] from deriving DeliveryApiControllerBase controller

2024-03-05 15:49:40 +01:00

Kenn Jacobsen

83321a8fad

Add member auth to the Delivery API (#14730 )

* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API

* Make SwaggerRouteTemplatePipelineFilter UI config overridable

* Enable token revocation + rename logout endpoint to signout

* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger

* Correct notification handling when (un)protecting content

* Fixing integration test framework

* Cleanup test to not execute some composers twice

* Update paths to match docs

* Return Forbidden when a member is authorized but not allowed to access the requested resource

* Cleanup

* Rename RequestMemberService to RequestMemberAccessService

* Rename badly named variable

* Review comments

* Hide the auth controller from Swagger

* Remove semaphore

* Add security requirements for content API operations in Swagger

* Hide the back-office auth endpoints from Swagger

* Fix merge

* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)

* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)

* Make "items by IDs" endpoint support member auth

* Add 401 and 403 to "items by IDs" endpoint responses

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>

2023-09-26 09:22:45 +02:00

3 Commits