I simply thought I'd share the code I developed for a POC recently to get Auth0 working. Fortunately Auth0 has some great quick-start documentation on Login with .NET Core which translates nicely to the Identity Server format.
See my Sitecore-Identity-Auth0 repo on github for the code.
Auth0
Log in to Auth0 and create a new application (regular web application). Give it a name, grab the domain, client id, and secret and put these in the Sitecore.Plugin.IdentityProvider.Auth0.xml file from the code. Also set the following:- Callback URLs: https://your.sc.identityserver/callback
- Allowed logout URLs: https://your.sc.identityserver/Account/Logout
Additional Claims
Of course simply adding login support isn't generally the end of the story, you might need to ensure your users can log into the Sitecore backend (as authors or admins) or map other properties to the user (eg. interest) when they log in.Let's create some dummy user properties in Auth0 that we can use to identify a user's role in Sitecore, as well as details we know about them. Create a new user in Auth0 or edit an existing one.
- Under user_metadata (user-editable data) add:
{ "interest": "Skiing" } - Under app_metadata (not user-editable data) add:
{ "sitecore_role": "Author", "job_title": "Manager" }
In Auth0 create a new Rule (empty) and paste in the following function:
function (user, context, callback) {
const namespace = 'https://habitathome.dev.local/';
context.idToken[namespace + 'Interest'] = user.user_metadata.interest;
context.idToken[namespace + 'SitecoreRole'] = user.app_metadata.sitecore_role;
context.idToken[namespace + 'JobTitle'] = user.app_metadata.job_title;
callback(null, user, context);
}
This maps the user data (that we'll create) to claims in the token which is returned to Sitecore Identity server. You can make the namespace whatever you like as long as it maps to the same thing in the config we'll add next.
In Sitecore.Plugin.IdentityProvider.Auth0.xml under ClaimsTransformation2 add the following new claims transformations (see Configure claims transformations in the doco for details):
<ClaimsTransformation3 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="https://habitathome.dev.local/Interest" />
</SourceClaims>
<NewClaims>
<Claim1 type="Interest" />
</NewClaims>
</ClaimsTransformation3>
<ClaimsTransformation4 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="https://habitathome.dev.local/JobTitle" />
</SourceClaims>
<NewClaims>
<Claim1 type="JobTitle" />
</NewClaims>
</ClaimsTransformation4>
<ClaimsTransformation5 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="https://habitathome.dev.local/SitecoreRole" value="Author" />
</SourceClaims>
<NewClaims>
<Claim1 type="role" value="sitecore\Author" />
</NewClaims>
</ClaimsTransformation5>
<ClaimsTransformation6 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="https://habitathome.dev.local/SitecoreRole" value="Admin" />
</SourceClaims>
<NewClaims>
<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
</NewClaims>
</ClaimsTransformation6>
You should now be able to log in to the Sitecore back-end as an Author or Admin (or any other role you choose if you customise the code).
To access the Interest or JobTitle properties you can use the following syntax:
- Sitecore.Context.User.Profile["Interest"]
- Sitecore.Context.User.Profile.GetCustomProperty("Interest")
No comments:
Post a Comment