Understanding Different Authentication Grant Type WorkFlows in Sitecore OrderCloud

Hello everyone,In my previous blog regarding OrderCloud, we have seen what is Buyer organization, Buyer User group, Buyer User and how they are related to each other. In this blog we will try to understand the Authentication mechanism used by Sitecore OrderCloud. What different grant types it support and how we can connect to a third party OpenID(basically for implementing Single Sign On) for implementing the same.

Sitecore OrderCloud mechanism is built on OAuth 2.0 to support both Authentication and Authorization.If you want to understand Authentication and Authroization you can refer my blog on the same Here.I have tried to explain using Sitecore and how it implement the same.

So lets get started. In Sitecore OrderCloud there are basically 6 GrantType Workflows which is listed below

  • Password Grant Type Workflow
  • Client Credential Workflow
  • Refresh Workflow
  • Elevated Password Workflow
  • Anonnymous Shopping Workflow
  • SSO Workflow

Password Grant Type Workflow : The most common grant type which uses Username and Password. Different parameters are passed with the request for successful authentication.

Client Credentials Workflow : This workflow mechanism is mostly used by backend system as we will be passing client secret along with client id for Authentication.

Refresh Workflow: This workflow is useful to refresh the access token without logging out of the system. It basically provide a seamless logged in experience. ApiClient.RefreshTokenDuration to be set greater than 0 in api setting. Once this is set, your authentication response will have refesh_token.

Elevated Password Workflow: Elevated Password is similar to Password workflow but with one extra paramter is passed in request body and that is Client Secret.

Anonymous Workflow: This flow is mostly used to provide the anonymous user with feature of browsing catalogs and products and even checkout with registering themselves on application.

SSO Workflow: This workflow is mostly used when we need to connect with Third party Authorization server with OpenID for authentication and authorization

Lets see, how we can create a API client in Sitecore OrderCloud portal.You can see in request where we are allowing which user can use these client id for Authentication. We need to generate the client secret and it totally depend on us. We have also added refresh token duration to provide user a seamless logged in experience to users.


Let's see some common error which can occur in Authentication. Below is the Snippet which will explain you in Detail.

Thanks for reading. Hope this blog will explain the Authentication mechanism used by Sitecore OrderCloud. Stay tune to more blogs regarding Sitecore OrderCloud

Happy Learning. Happy Sitecoring!!!

Comments

Post a Comment

Popular posts from this blog

Sitecore XM Cloud Form Integration with Azure Function as Webhook

Image
Hello everyone, In this blog, we will see, how Azure Function can be used with Sitecore Forms. Before starting, I would request everyone to read my previous blog on XM Cloud Form as I am not going to go deep with how to create forms in XM Cloud. Creating Azure Function : Will serve as our Webhook Creating and Integrating Form : XM Cloud Form Creating An Azure Function I will not explain how you can create Azure Function with Http Trigger. You can check this youtube link here . Also in reference section, I will provide the link how you can connect and deploy your changes to azure function using Visual Studio. Azure Function Code : Its just a starter code which Azure function by default. Creating XM Cloud Form and Integrating with Azure Function Step 1 : Create a form from Form Editor and once form us published, you can see the below view in preview state. Here you can edit your form too. But it always recommended to use a version of that form as whatever changes is done will ...
Read more

Automate RSS Feed to Sitecore XM Cloud: Logic App, Next.js API & Authoring API Integration

Image
Hello everyone, In this blog, we will see a pratical use case of reading RSS feed and creating the respective items in Sitecore XM Cloud. To accomplish the task, we will use Logic App, an API created in Next JS and lastly calling the Authoring API to execute mutation query for Item Creation in Sitecore. Let's divide the process into 2 parts: Logic App : This will mostly focus on fetching the feed from RSS, performing transformation, storing the result in array of json object and pushing the data to next js api endpoint. Next JS API Development : This will take care of calling the authoring api of XM Cloud instance and performing the create item mutation query on the recieved data from Logic App. Logic App Azure Logic App is a cloud-based service provided by Microsoft Azure that allows you to automate workflows and integrate applications, data, services, and systems without writing complex code. It enables you to create automated workflows visually through...
Read more

Create and Fetch Content From Sitecore Content Hub One using GraphQL and React

Image
Hello everyone, In this blog, we will see overview of Sitecore Content Hub One product its benefits, features etc. This blog will walkthrough below listed points. Overview Features Content Hub One Dashboard Creating Taxonomy Creating Content Type Uploading New Media Creating Content Items From Content Type Getting GraphQL Token Creating Sample React Application To Read the Content from Content Hub One Overview Sitecore Content Hub One is a powerful platform. It is designed to centralize and streamline content creation, management, and distribution across various channels.Focuses on delivering content via APIs, enabling seamless integration with various front-end frameworks.Hosted in the cloud, offering scalability, automatic updates, and reduced infrastructure management.Provides flexible APIs and SDKs for developers to integrate and build custom solutions efficiently. Features Headless Content Management : Allows content to be delivered via APIs to any front-end or platfor...
Read more