Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Manifest.cs description of "OpenID Authorization Server" feature #15407

Merged
merged 2 commits into from
Mar 8, 2024

Conversation

MarGraz
Copy link
Contributor

@MarGraz MarGraz commented Feb 26, 2024

According to this discussion #15381 (comment) I have added a "Note" in the description of "OpenID Authorization Server" feature. I'm not sure if it's the right place to add a note, but it's the only place available.

According to this discussion OrchardCMS#15381 (comment) I have added a "Note" in the description of "OpenID Authorization Server" feature. I'm not sure if it's the right place to add a note, but it's the only place available.
@MarGraz MarGraz requested a review from kevinchalet as a code owner February 26, 2024 17:14
Co-authored-by: Mike Alhayek <mike@crestapps.com>
@MikeAlhayek MikeAlhayek merged commit 6966084 into OrchardCMS:main Mar 8, 2024
4 checks passed
@sebastienros
Copy link
Member

Should this description be part of a doc instead, or displayed as a notification if the feature is enabled? Seems weird to put that in the description.

@MarGraz
Copy link
Contributor Author

MarGraz commented Mar 13, 2024

@sebastienros, the issue was born from the fact that the "OpenId Authorization Server" does not automatically activate the "OpenId Token Validation". As a result, the "OpenId Token Validation" feature remained deactivated. I assumed, like others I think, that token validation by the server was automatic and required no additional actions. However, attempting to access ApiController.cs within OrchardCore.Contents as an Admin user, results in a 401 unauthorized error.
But, if you assigns full privileges to the "anonymous" user role for API access and omits the OAuth token, access is granted. This discrepancy led to considerable confusion until we have found this solution.

This experience highlights the need for clearer information in the module UI. Could an "info" ("i") icon be added next to the description, with bootstrap tooltips to provide additional details? This approach could be cleaner than the current method. The issue with using a notification is that it only appears once.

Additionally, updating the documentation to reflect this could be good.

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants