Skip to content

Setup Form Headless API with OIDC

Jump to bottom
Linh Hoang edited this page Sep 10, 2024 · 1 revision

INSTALLATION FOR HEADLESS API

1. Install Packages

  • Optimizely.Cms.Forms.Service
  • EPiServer.OpenIDConnect

2. Add Configuration to Startup.cs

2.1 Add Swagger Configuration

  • Add these lines inside and at the end of the ConfigureServices method:
services.AddSwaggerGen(c =>
{
    c.SwaggerDoc("v1", new OpenApiInfo
    {
        Title = "AlloySampleSite Custom API",
        Version = "v1",
    });
});

Add these lines inside and at the end of the Configure method:

app.UseSwagger();

app.UseSwaggerUI(options =>
{
    options.SwaggerEndpoint("/_form/v1/docs/openapi.json", "Optimizely Headless Form API V1");
    options.SwaggerEndpoint("/swagger/v1/swagger.json", "AlloySampleSite Custom API V1");
    options.OAuthClientId("TestClient");
    options.OAuthClientSecret("TestClientSecret");
});

Add this line inside the Configure method (below the line app.UseAuthorization()):

app.UseCors();

2.2 Add OpenIDConnect Configuration

Add these lines inside and at the end of the ConfigureServices method:

services.AddOpenIDConnect<ApplicationUser>(
    useDevelopmentCertificate: true,
    signingCertificate: null,
    encryptionCertificate: null,
    createSchema: true,
    options =>
    {
        options.AllowResourceOwnerPasswordFlow = true;
        options.AccessTokenLifetime = TimeSpan.FromHours(8);
        options.RequireHttps = false;
        options.Applications.Add(new OpenIDConnectApplication
        {
            ClientId = "TestClient",
            Scopes =
            {
                "openid",
            },
        });
    });

2.3 Register the Optimizely Headless Form API Services

Add these lines inside and at the end of the ConfigureServices method:

// Register the Optimizely Headless Form API Services
services.AddOptimizelyFormsService(options =>
{
    options.EnableOpenApiDocumentation = true;
    options.FormCorsPolicy = new FormCorsPolicy
    {
        AllowOrigins = new string[] { /*FRONTEND_URL*/ }, // Enter '*' to allow any origins, multiple origins separate by comma
        AllowCredentials = true
    };
    options.OpenIDConnectClients.Add(new()
    {
        Authority = /*BACKEND_URL*/,
        EncryptionKeys = ,
        SigningKeys = ,
    });
});

2.4 Add Configuration to configure OIDC encryption key with Headless API

public class FormsServiceOptionsPostConfigure : IPostConfigureOptions<OptimizelyFormsServiceOptions>
{
    private readonly OpenIddictServerOptions _options;

    public FormsServiceOptionsPostConfigure(IOptions<OpenIddictServerOptions> options)
    {
        _options = options.Value;
    }

    public void PostConfigure(string name, OptimizelyFormsServiceOptions options)
    {
        foreach (var client in options.OpenIDConnectClients)
        {
            foreach (var key in _options.EncryptionCredentials.Select(c => c.Key))
            {
                client.EncryptionKeys.Add(key);
            }
        }
    }
}

Add these lines inside the ConfigureServices method:

services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OptimizelyFormsServiceOptions>, FormsServiceOptionsPostConfigure>());
Clone this wiki locally