Looking Back at 2023 Software Release Highlights: OAuth Identities

We’re kicking off 2024 with a look back at some of the exciting new features we released in Ingeniux CMS version 10.6. Today, we’re going to delve into OAuth Identities, a new feature that was added to the platform in 2023 to strengthen an already robust set of security feaures.  

In the ever-evolving landscape of Content Management Systems (CMS), security and authentication remain of paramount importance. We took a significant leap forward last year with the introduction of OAuth Identities in Ingeniux CMS.  

Let's dig into the details of this new feature and what it means for users.  

What’s New? 

OAuth Identities represent a pivotal change in how authentication is handled within Ingeniux CMS 10.6.  

Traditionally, API integrations required users to log in with their CMS username and password, which is stored in application settings. This method had its limitations and security concerns. With OAuth Identities, a new and more secure approach to authentication is introduced. 

How It’s Used in the CMS 

OAuth Identities leverage the OAuth (Open Authorization) protocol, allowing users to grant limited access to their resources (such as the asset system, users and groups, or the entire CMS system) without sharing their credentials.  

With OAuth Identities, a user's identity is represented by an access token, which is issued by the authorization server. This access token serves as proof of identity and authorization to access specific resources on the CMS. It enables client applications to securely perform actions on behalf of the user. 

Administrators can create and manage OAuth Identities, associating them with user accounts. Each identity provides a client ID and client secret, which are essential for authentication. OAuth Identities are particularly useful for authentication in Ingeniux CMS automated tasks, WebAPI controller tasks, and various applications integrated with the CMS. 

Why It’s Important 

OAuth Identities are of utmost importance in enhancing the security and control of authentication within Ingeniux CMS 10.6. They allow for controlled and secure access to user data without exposing actual credentials.  

These identities also provide flexibility, making it easier to audit integration app usage and revoke identities when they are no longer needed. 

The introduction of OAuth Identities addresses the security concerns associated with traditional username/password authentication, providing a modern and robust authentication mechanism. 

For those upgrading from previous versions of Ingeniux CMS, it will be important to note that automated tasks now require the use of OAuth Identities for authentication. Typical tasks include automated publishing, automated import of content on a schedule, or automated cleanup of recycling and outdated content. If you are using any automated tasks, you will need your system and authentication updated to take advantage of those tasks in CMS 10.6.  

Impact on Users  

From a content contributor point of view this feature will have no impact. CMS administrators and server administrators/developers will need to update any automated tasks upon upgrade of the CMS to version 10.6 to use these identities. They may also want to do the same for any other systems or applications that are integrating with the CMS, though this is not required. 

More Information and Resources 

Ingeniux Product Documentation 

• Configuring OAuth Identities: This documentation delves into the process of creating user accounts for OAuth Identities, including the various settings that can be configured for each user. 
• Resetting Client Secrets: The security of OAuth Identities relies on client secrets. This documentation explains how to reset these secrets and ensure the continued security of your authentication process. 
• Deleting OAuth Identities: Discover the best practices for deleting OAuth Identities when they are no longer needed, with a clear understanding of the implications.  

10.6 Release Information 

• Ingeniux CMS 10.6 Release Notes 

Tutorial Videos 

• Fall Release Highlights: OAuth Identities  

Other Resources: 

• OAuth.net