https://discord.umbraco.com
Join Discord
**Quick Question for V14 hacking**
# package-development
w
Quick Question for V14 hacking Is there anything specific need to do for API controllers for new backoffice ? Inherit from some base controller or decorate with some attributes? Looking at @Bjarke Berg @Nikolaj Lauridsen @Sven Geusens from core team or even@Kevin Jump (who's probably figured it out already)
r
w
Ah thanks must have missed that article from Kevin !
k
yeah - its in its own series 🙂 https://dev.to/kevinjump/series/26248
If you do it right then all the code gen stuff does the client work for you.
At some point i think i am going to tidy up / rename the repo - so its more like a 'snippets' / dostuff type thing but it too has the code in it. https://github.com/KevinJump/TimeDashboard/tree/master/TimeDashboard.Client/Controllers
w
Ok thanks both
I assume this policy name will change once V14 is out and drop the New prefix ? One for the HQ gang I suppose 
[Authorize(Policy = "New" + AuthorizationPolicies.BackOfficeAccess)]
k
Yeah I guess it will, or at least be built into the constants
s
yup, should be removed before the beta
We currently have somebody killing of the old backofice controllers to be able to do just that
w
One for @Kevin Jump & @rickbutterfield Did you have to do anything magic to authenticate correctly when testing/trying out your API with the Swagger UI ? Currently getting 401 auth errors (even though I clicked the auth button at the top of Swagger)
Wondering if I missed some plumbing stuff
k
I haven't ever actually authed in UI. I presume you need to grab the bearer token from a login request ?
w
How have you been testing your API before connecting to your WebComponent stuff ?!
k
I've been connecting it and testing it from the code 🙂
w
💪
k
Yeah I think with something like postman you could login to the Auth end point and then you would have the bearer token for other requests
w
Hmm yeh I may give that a go in a bit to try it out
k
If you load the swagger into postman it will probably do it for you
w
Ah yeh good shout
Will play a bit later on tonight (if time) & shout how I get on
OK Postman doesn't do anything with auth magically for me.... 🤔
@Sven Geusens maybe you might be able to shine a little light on this for me please
s
Yeah, you need to configure it and update the inheritence on the endpoints 🙈 I will share details tomorrow (if i don't forget) and I have a cyclehack plan (in like 2 maybe 3...) to automate it since the postman api is available
Normally if you do the authorize on swagger, and login, it should capture the token and allow you to continue in swagger. I know it was broken at some point when there were changes with the new login screen, but used it last week and today without any issues.
w
Probably a 'me' issue then and not wired something up correctly
Currently using 
Preview--006
and noticed @Kevin Jump TimeDahsboard repo is using 
Preview-005
Wonder if 006 has something broken in it, if you mentioned something has been fixed recently. Can't upgrade to 
007
as that has borked RCL registrations AFAIK https://discord.com/channels/869656431308189746/1209978032408895578/1210193800392212571 Any idea on when a preview 008 is out?
k
Nah I think 006 is fine (the template is using it), I think I went to 007 locally it is/was bust I have rolled back but not updated that repo.... I thought 008 was imminent last week .. but it seems to have stalled
w
So if 006 auth's fine and works for you, then I reckon it's a me issue then
Can you login and excute the APIs directly from the Swagger UI with 006 out of interest ?
Further source code diving whilst im trying to figure out what I have done wrong... There is code/constants specific to Swagger & Postman 
Constants.OAuthClientIds.Postman
and 
Constants.OAuthClientIds.Swagger
For anyone following along with my ramblings... It seems this PR was what I needed and the auth magic works with Swagger UI 🎉 PR for reference https://github.com/umbraco/Umbraco-CMS/pull/15699 TL:DR version * ConfigureSwaggerGen options -> OperationFilter * Create new class that inherits from base class 
BackOfficeSecurityRequirementsOperationFilterBase
Enough hacking for one night - nighty night 💤
Friendly bump @Sven Geusens Curious to know how/what I would need to do differently for Postman?!
s
Incomming!
w
s
Need to find a place to put this in the docs somewhere
w
Super star ⭐
Will try it on my lunch break
s
Luckily I already wrote this up, let me know if it's outdated 😄
w
Yep will follow along and see how it goes 😄
And I assume I was right with the PR from Kenn above as part of my missing puzzle to get it to magically work with Swagger
ie this Sven * ConfigureSwaggerGen options -> OperationFilter * Create new class that inherits from base class 
BackOfficeSecurityRequirementsOperationFilterBase
s
But that is only for custom controllers right?
w
Yeh which is what I am writing for a package
s
🤦‍♂️ I misunderstood 😄
Glad you found that pr 👍
w
Yeh was just frantic code diving and crawling issues/PRs for stuff
I just wanted to double check/sanity check it was the right thing to be doing, but it seems it is 🙂
s
Have put it on the docs team radar.
w
s
hop in voice?
w
I can't right now juggling kid routine, so its one ear out and one eye on laptop 😛
Wonder if the URL/route has changed to do the authorize?!
Appreciate the offer to chat/call though
s
I got this configured {{baseUrl}}/umbraco/management/api/v1/security/back-office/authorize
w
its changed then from backoffice to 
back-office
Will try again
s
ah god damn, good catch I read over that 3 times...
Am I seeing this wrong or does the doc say 
back-office
w
and same for the token request url as well 
{{baseUrl}}/umbraco/management/api/v1/security/back-office/token
It does say it in the PDF - its just copied bloody horribly over 🙈
s
😄
w
and HUZZAH it works. I can test my API in Postman and not just Swagger !
Cheers Sven
s
Huzzah! Happy hacking!
w
Thanks thats later on tonight when I get some time back on the laptop
b
How to for the members?
s
members do not have acces to protected management api endpoints. If you want to authorize against protected content in the delivery api. Then send the Api-Key header along with your request that's configured in the appsettings. For more info: https://docs.umbraco.com/umbraco-cms/reference/content-delivery-api#additional-configuration (and check the header section for the endpoints documentation lower in the article)
14 Views
PreviousNext
Powered by

Umbraco

A hub and casual space for you to interact with fellow community members and learn more about Umbraco!

Powered by