User management in squidex

I have…

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [ ] Bug report
  • [ ] Performance issue
  • [x ] Documentation issue or request

Environment

  • [x ] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Version: 5.0.0

Browser:

  • [x ] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Hi there…

We just started using squidex as a supplement to our solutions, and using it as a content-store and configuration backend, in a server-to-server architecture. We have a webapp as a frontend to our customers that mainly interacts with our own server.

We have some user magnement and Roles in our system to restrict access to different resources in our system depending on the role.

I have read about the identity server in squidex, but as I can see there is no options for us to put custom claims in the JWT that is issued from the identity server. So how should we go about it, if we want to migrate our user magnement and roles to squidex?

Hi,

you have to distinguish between end users and squidex users. Squidex users are content writers, editors, publishers, admins…everybody who has access to the Management UI.

End users are your users or customers. Only Squidex users are managed within Squidex directly. If you want to manage end users, there is a Squidex identity: https://docs.squidex.io/01-getting-started/installation/install-identity

Squidex identity is basically an identity server which stores all data in Squidex as normal schemas and has a UI based on bootstrap: https://github.com/squidex/squidex-identity

Logos and stuff can be customized.

Yeah I’m talking about our end users.
So the process for us would be to host the identity server as a separate app and use that service to manages the end users?
You writing some about that we should edit

Squidex.Identity/appsettings.json

Since we host Squidex as a container, what are the steps here?

The same rules apply for the config as for squidex. Everything in appsettings.json can also be configured with environment variables.

I can see Identity Server is deprecated now. Could I still use it or is there any other recommended solution with Squidex now for managing my app users/customers?

Do you mean Squidex Identity or identity-server?

Identity Server is just a OIDC implementation, which can be replaced with alternatives like

  • Durende (Library)
  • OpenIdDict (Library)
  • Keycloak (Application)
  • Auth0 (SaaS)
  • Azure Identity Management (SaaS)

Here I mean Squidex Identity. I could make it working with cloud.squidex.io but not with the self hosted local Squidex Server(CMS) app. I changed these settings as per the App in the CMS and by newly creating the apps but not worked and showed multiple issues like http not found/ app, schema, content doesn’t exist/ cannot access token, etc. I could see the identity server working in the Squidex CMS and has the Squidex.Identity_Users documents and all other related documents for the Squidex Identity but not able to connect or run under the self hosted Squidex CMS.

“app”: {
/*
* The url to your squidex server.
/
“url”: “https://cloud.squidex.io”,
/

* The name of your app.
/
“appName”: “identity-test”,
/

* Your client id.
/
“clientId”: “identity-test:default”,
/

* Your client secret.
/
“clientSecret”: “ByGPQeWYm77ltuAqFylvdM/ZQso3oWzgJQWle1r3Xzk=”,
/

* Comma separated list of cultures.
*/
“cultures”: “en”,

"hosts": {
  "__localhost": {
    /*
     * The url to your squidex server.
     */
    "url": "https://cloud.squidex.io",
    /*
     * The name of your app.
     */
    "appName": "identity-test",
    /*
     * Your client id.
     */
    "clientId": "identity-test:default",
    /*
     * Your client secret.
     */
    "clientSecret": "ByGPQeWYm77ltuAqFylvdM/ZQso3oWzgJQWle1r3Xzk="
  }

What have you tried? Ignore the “hosts” setting and focus on the first 4 settings. It should point to your hostname and use the client id and secret from your app.

Ok, I have used it and had the same issue at the Startup.cs - app.UseIdentityServer() -

I have tried the below URLs with the other 3 settings-
https://localhost:8883 or https://localhost:8883/
https://localhost:8883/identity-server or https://localhost:8883/identity-server/
https://localhost:8883/identity-server/connect/token or https://localhost:8883/identity-server/connect/token/

Error 1 - Squidex.ClientLibrary.SquidexException: ‘The app, schema or entity does not exist.’

Error 2 - System.Security.SecurityException: ‘Failed to retrieve access token for client ‘ots:identity’, got HTTP NotFound.’

Not able to understand how to import Identity Schemas as I don’t see any option to create the new Add Identity App other than these.

I ran the Squidex Identity application under the same IIS directory as new virtual directory to keep the URLs same but no impact.

Your inputs will be a lot appreciated.

I followed this post as well but didn’t help - Identity mgmt basics

Squidex Identity is not maintained anymore and therefore I have also removed the schemas. There was just not enough interest.

Ok but how could I overcome this issue and set up the Identity?

It also means that you are on your own. You have to create the schemas manually by having a look to your code: https://github.com/Squidex/squidex-identity/tree/master/Squidex.Identity/Model

I also still do not understand what you have configured.

I had set up the Squidex-Identity on the Visual Studio and configured its appsettings to the Squidex CMS connection details.

Any example or steps to create the schemas and other things manually?

This is the removed code to create the app. I will have a look if I can export it somehow from an old sample. But I really do not want to give general support for identity anymore.

I have made an export: https://github.com/Squidex/templates/tree/main/identity

1 Like

Thank you so much Sebastian. You have made my day.