Implement OAuth bearer token support and improve AccessToken handling#1475
Open
iamandycohen wants to merge 8 commits intoSitecorePowerShell:masterfrom
Open
Implement OAuth bearer token support and improve AccessToken handling#1475iamandycohen wants to merge 8 commits intoSitecorePowerShell:masterfrom
iamandycohen wants to merge 8 commits intoSitecorePowerShell:masterfrom
Conversation
Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/22f85bc9-ed78-4ba2-bfd0-1734b0cf5b13 Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/22f85bc9-ed78-4ba2-bfd0-1734b0cf5b13 Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
…d all remoting client scripts Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/fee991b9-5911-439a-932c-fc00d6b54641 Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
…Exception message Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/fee991b9-5911-439a-932c-fc00d6b54641 Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
…uire SITECORE_SPE_OAUTH Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/a978b3f0-f080-4ffa-87f5-da66daa9ae1b Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/574f0bc8-5f8a-478b-8379-2a949a67c19a Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
…ng blocks Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/3140650c-1312-4d8d-a663-6c2199c78526 Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
…om scope Agent-Logs-Url: https://github.com/techguilds-andy/Console/sessions/ce45be4f-139d-490e-a3cc-f96a60691491 Co-authored-by: techguilds-andy <246105219+techguilds-andy@users.noreply.github.com>
Member
|
Thank you @iamandycohen for your contributions. I'll have a look at it with the lens of SPE 9.0 remoting enhancements. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces support for OAuth bearer token authentication across the Sitecore PowerShell Extensions (SPE) remoting commands, making it easier and more secure to authenticate using external tokens (such as those from XM Cloud) instead of traditional username/password or shared secret approaches. It also adds new Sitecore configuration files to enable OAuth and control remoting endpoints via environment variables, streamlining deployment and security management in cloud environments.
The most important changes are:
OAuth Bearer Token Authentication Support:
Invoke-RemoteScript,Invoke-RemoteScriptAsync,Send-RemoteItem,Receive-RemoteItem, andNew-ScriptSession) now accept anAccessTokenparameter, allowing clients to authenticate using an external OAuth bearer token. The code ensures the token is included as aBearerheader in HTTP requests when provided. (Modules/SPE/Invoke-RemoteScript.ps1,Modules/SPE/New-ScriptSession.ps1,Modules/SPE/Send-RemoteItem.ps1,Modules/SPE/Receive-RemoteItem.ps1) [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]Sitecore Configuration for OAuth and Remoting Endpoints:
Spe.OAuthBearer.config, a new Sitecore configuration file that enables OAuth bearer token authentication for SPE remoting when theSITECORE_SPE_OAUTHenvironment variable is set. This file provides extensive documentation and security notes for proper configuration in both XM Cloud and custom environments.Spe.XMCloud.Remoting.config, a new configuration file allowing operators to enable specific SPE remoting endpoints (script execution, file transfer, media transfer) via dedicated environment variables. This helps minimize the attack surface by only enabling required services.Parameter Set and Session Handling Improvements:
AccessTokenparameter, ensuring that authentication flows seamlessly whether the token is passed directly or stored in a session. [1] [2] [3] [4] [5] [6] [7]These enhancements modernize SPE remoting authentication, improve security, and make it easier to manage in cloud and automated deployment scenarios.