About Squidex Identity

The Squidex Identity server is based on the Squidex Headless CMS. It implements the OpenID Connect and OAuth 2.0 protocols to act as a central, single sign-on server.

https://github.com/Squidex/squidex-identity

1. Setup of Squidex Identity

1.1. Clone Squidex.Identity

Clone the Squidex identity repository with the following command:

git clone https://github.com/Squidex/squidex-identity.git

1.2. Create an Identity App

You can create the App with predefined schemas either in the Cloud or in your custom installation:

1.3. Update the Identity Configuration

Update the configuration with the URL to your Squidex instance along with the Client ID and Secret of the default client.

Update the configuration file at: Squidex.Identity/appsettings.json.

"app": {
    // ...
    "url": "https://cloud.squidex.io",
    "clientId": "identity:default",
    "clientSecret": "xxx",
    // ...
}

Of course, you can also use environment variables, e.g.

• APP__URL=https://cloud.squidex.io

• APP__CLIENTID=identity:default

• APP__CLIENTSECRET=xxx

2. General Application Settings:

If you create an identity App in Squidex you will see a schema with the settings where you can upload a logo, footer text, privacy settings and so on.

Most settings are optional but you must setup credentials to an SMTP server.

Email Delivery Service:

• https://www.mailjet.com/

• https://www.sendgrid.com/

3. External Authentication Providers

If you want to use external authentication providers, you can set them up in the authentication schemes section. Here is an example for Google:

You have to create an OAuth 2.0-Client-IDs in the Google Developer console. You must define the redirect_uri in this process and you must use http://localhost:3500/signin-google.

The redirect URLs for other authentication providers are:

• http://localhost:3500/signin-twitter

• http://localhost:3500/signin-facebook

• http://localhost:3500/signin-github

4. External Clients

When you want to connect an external application to Squidex identity, you have to configure a client. This is a little bit complicated, but you can find all settings here: http://docs.identityserver.io/en/latest/reference/client.html

Squidex as an External Client

You can also setup Squidex as an external client, so that the same users can also login to manage content.

During first step, you have to create a new client:

In the second step you have to update the Squidex configuration at Squidex/appsettings.json.

"identity": {
    ...
    "oidcName": "selfHostedName",
    "oidcAuthority": "http://localhost:3500/",
    "oidcClient": "client:selfHosted",
    "oidcSecret": "xxx",
    ...
}

Then you can register at Squidex identity.