Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Patrik Johansson 5 posts 25 karma points
    Mar 18, 2021 @ 09:00
    Patrik Johansson
    0

    Identityproviders using Heartcore

    Hi, I am currently evaluating Heartcore and I find it mostly rather great, but there is one big thing that I can't seem to figure out and that is how to make it work with other identity proiders tham just the built-in username/password. I would like to bea able to use Google, Microsoft, Facebook, Identityserver4, etc.

    This is a BIG go or no go for me, could anyone point me to where I can find information regarding this?

    Please, don't give me information about how to implement this is .NET since I am using Heartcore as a SaaS hence I will not be able to change, add or in other ways manipulate the backend code.

    BR /Patrik

  • Lindow 23 posts 174 karma points hq
    Mar 18, 2021 @ 15:19
    Lindow
    0

    Hi Patrik.

    Could you please elaborate on what you want to use the identity providers for?

    Backoffice users or frontend users? Or perhaps something else?

    Best, Darek

  • Patrik Johansson 5 posts 25 karma points
    Mar 18, 2021 @ 15:25
    Patrik Johansson
    0

    Hi,

    For example, a person with a Microsoft AAD account should be able to login to "the site" and therefor "the site" will be able to retreive information from MS365 as well as from Umbraco and even other systems, but I would also want to be able to give that person/user/account specific permissions on/in "the system" (Umbraco).

    User with M365 Account has to be able to be part of "Groups" in Umbraco.

    /Patrik

  • Lindow 23 posts 174 karma points hq
    Mar 18, 2021 @ 17:18
    Lindow
    0

    Hi again.

    I'm still a bit unsure whether you're talking about the frontend users or the backoffice ones.

    Heartcore is a headless CMS which means that your backoffice and frontend are split

    Only developers and content editors have access to the backoffice and the actual customers/users will only be accessing the frontend.

    If you wish to integrate an external identity provider into Heartcore's backoffice then that is not possible.

    If you wish to use one for your frontend then you can go ahead and do that just fine :)

    Furthermore, we do have some members API endpoints in Heartcore: https://our.umbraco.com/documentation/Umbraco-Heartcore/API-Documentation/Content-Management/member/ https://our.umbraco.com/documentation/Umbraco-Heartcore/API-Documentation/Content-Management/member/group/ https://our.umbraco.com/documentation/Umbraco-Heartcore/API-Documentation/Content-Management/member/type/

    You could use them to integrate your frontend identity provider with Heartcore's members feature, although I personally cannot see a use case for that.

    I hope this helps 👍🏻

    Best, Darek

  • Patrik Johansson 5 posts 25 karma points
    Mar 18, 2021 @ 17:49
    Patrik Johansson
    0

    Hi,

    I am talking about frontend users. Since editiors will create content in Heartcore they have to be able to ad different kind of securities to different "pages" and other content. I am currently looking at this for an Intranet and there will be some sections that have to be able to be more secured then others. As for now I see that there is a possibility to create Member Groups and use them to create kind of what I want, but it lacks the possibility to add external users to these Member Groups, at least I haven't founf a way to do it.

    I could create it my self if I get all data from Heartcore via a Proxy service, which I most likely would do since I don't want to expose the api-key and such. But since I don't receive any "Member Groups" property on the data I receive from Umbraco I don't se how this could be done.

    This is a really common scenario within both Intranet, e-commerce, external web sites, so I am a bit suprised if it has not been taken in concideration.

    /Patrik

  • Lindow 23 posts 174 karma points hq
    Mar 18, 2021 @ 23:07
    Lindow
    0

    Are you certain about the user group data not being there?

    Try this:

    1. Create a member in the backoffice or using this

    2. Add the member to a group(make sure you have one) either by doing it manually in the backoffice or using this

    3. Get the user by the username using this

    This should return a response like the one below:

        {
        "_failedPasswordAttempts": 0,
        "_groups": [
            "QA group"
        ],
        "_createDate": "2021-03-18T22:54:28.01Z",
        "_id": "81988615-eaaf-4276-99dc-d13e8c57eee5",
        "_updateDate": "2021-03-18T22:56:41.697Z",
        "_links": {
            "self": {
                "href": "https://api.umbraco.io/member/member%40heartcore.com"
            },
            "membertype": {
                "href": "https://api.umbraco.io/member/type/Member"
            }
        },
        "comments": "Very important test member",
        "email": "[email protected]",
        "isApproved": true,
        "isLockedOut": false,
        "memberTypeAlias": "Member",
        "username": "[email protected]",
        "name": "Tis but a test"
    }
    

    As you can see the group name is returned on the 4th line of the response body.

    You can use that group value for the logic on the frontend that would allow for different access levels.

    Was this what you were missing?

  • Patrik Johansson 5 posts 25 karma points
    Mar 19, 2021 @ 00:08
    Patrik Johansson
    0

    Yes, that works, but I need that data on the actual content/page/item (what ever you call it) if I am supposed to check it against som identity provider claims.

    I have come up with a solution that kind of works and that is to add a field on the page called "Security" of the type "MemberGroupPicker" adn that field I could maybe use to check it. But I would sill think it would be in the system.

    Do you actually really mean that you have no idea what I am trying to solve here? I mean in what ever CMS based web site or intranet (maybe mainly) editors want to add security to certain pages. In the case of Haartcore, I only have the possibility to add security on members and/or users built in to Heartcore..... I want to be able to extend that to external users as well.

  • Lindow 23 posts 174 karma points hq
    Mar 19, 2021 @ 03:32
    Lindow
    0

    What you want to achieve has to be done on the frontend and you can achieve it by using the API data returned from the member endpoint.

    I can't see why you would want to return the member data on a page when it can be fetched using the member endpoint.

    The response then returns the member group name that I've pointed you to after you've asked for it.

    You want a "Security" checkbox/toggle. That doesn't exist. Instead, you can just use the group name as an if statement.

    E.g. If the user's group name = x then the user has access to the specific content page(s) on the frontend. Otherwise, they don't.

    I know for a fact that there's an intranet site with different user level access levels and they went with the above-mentioned approach after we've had a chat about it.

    If you dislike that then you can always just change the fields on your member by going to settings>member types>member and adding a checkbox or a true/false property editor and using that instead.

    Then that specific member would have the following value "security": "1 or 0"

    There are definitely several different options available.

    Furthermore, if you're looking for a unique value per member then the email field is the way to go.

    Also, if you still feel like I don't understand you then feel free to explain it better.

  • Patrik Johansson 5 posts 25 karma points
    Apr 12, 2021 @ 11:57
    Patrik Johansson
    0

    I understand your solution and I also described it above. But the thing with that solution is that the content is not actually security trimmed. What I mean by this is that by default all users have the same permissions to everything and the frontend has to handle it. What if there is information that it is very important that nobody without the correct permission is able to read, then Umbraco does not handle that for external providers, as far as I can see.

    Do you understand my concern better now?

Please Sign in or register to post replies

Write your reply to:

Draft