Change how the permissions are grouped and sorted, provide a way to override YesSql configuration - This week in Orchard (29/07/2022)
Change how the permissions are grouped and sorted, provide a way to override YesSql configuration and additional OpenId Introspection/Revocation endpoints and PKCE to the OpenID Settings and Application UI pages! Check out our current post to read about the details!
Orchard Core updates
Change how the permissions are grouped and sorted
When the permissions are listed during role edit/create, currently we show the feature ID instead of a name. Displaying just the feature ID is not user-friendly. Here the goal is to create a new UI for this and also to order the permissions by Feature Names.
Also, for content types, then it would display the content type name instead of its technical value/ID. So, we could display:
{ Content Type Display Name } Content Type - { Content Type Technical Name }. In the case of the Blog content type could be My Blog Content Type - Blog.
In order to show dynamic permissions as { Content Type Display Name } Content Type - { Content Type Technical Name } we would have to change how the category is set here otherwise we don't have the content type technical name here. But how the new UI looks like now?
If you head to the admin UI of Orchard Core and navigate to Security -> Roles and Edit a given role, you will see the new UI. Here you can see we have a feature with the name Media and you can find the feature ID in brackets (they can be defined in the Manifest.cs file of the module). And under the Media (OrchardCore.Media), you can find all of the permissions which were defined in this module.
You will find the Page Content Type - Page header at the bottom of this screen. This means the first word here is the Display Name of the Page content type (which is Page) and the last word here is the Technical Name of the Page content type, which is Page.
Provide a way to override YesSql configuration
Currently, there is no way to change the configuration of YesSql in Orchard Core. From now on you will find a new YesSqlOptions class that provides options to allow one to override the defaults.
Added additional OpenId Introspection/Revocation endpoints and PKCE to the OpenID Settings and Application UI pages
As a basic authorization server, the OpenID module doesn't use all the features/endpoints offered by OpenIddict, like introspection and revocation. As mentioned in openiddict/openiddict-core#1359 (comment), these features can be configured by amending the OpenIddict settings via a custom plugin, but a simpler story - GUI or recipes-based - may be preferable.
To see the new changes, enable the OpenID Authorization Server and the OpenID Client features and after navigate to Security -> OpenID Connect -> Settings -> Authorization server.
You will find a new Require Proof Key for Code Exchange checkbox on this page, which is a global setting that applies PKCE to all registered clients whether or not the 'Require PKCE' flag was set in the Application settings page.
And you can do the same when adding an OpenID Connect Application. You can add a new application under Security -> OpenID Connect -> Management -> Applications. If you click on the Add an application button and put a tick to the Allow Authorization Code Flow checkbox, you will find the Require Proof Key for Code Exchange checkbox here as well. Note: ensure that the client application and OAuth or OIDC library being used supports PKCE before enabling this option.
The documentation has also been updated to show you a sample of the OpenID Connect Settings recipe step and a sample of the OpenID Connect App recipe step.
News from the community
Lombiq Offline event
Sometimes it's not just about work but doing something just for fun. These events are specifically for this: we get together and do something cool like breaking out of an escape room, going for a go-kart ride, or playing paintball. Our latest event took place at Lake Velence. We had a nice cycling tour around Lake Velence, had lunch in a nice restaurant, and had a barbecue together at the accommodation. The next day we went on a kayak trip and did a nice trip together to the nearby hills of the lake. This was a great opportunity to update our group photo on our official website, so head to the About us page where you can see most, but not all of our team as of the summer of 2022.
Orchard Dojo Newsletter
Lombiq's Orchard Dojo Newsletter has 313 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course.
Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!