Tutorial A: Cesivi + dev-oidc + SQLite on Windows¶
Overview¶
This tutorial guides you through setting up Cesivi Server with: - Authentication: OAuth2/OIDC via dev-oidc (development OIDC server) - Storage: SQLite database - Platform: Windows
Use Case: Development environment with modern authentication and SQL-based storage for debugging and querying data.
Time Required: ~15 minutes
Prerequisites¶
- Windows 10/11 or Windows Server 2019+
- .NET 10.0 SDK installed
- PowerShell 5.1 or later
- dev-oidc downloaded (or build from source)
Step 1: Download and Prepare dev-oidc¶
dev-oidc is a lightweight OIDC server for development/testing.
Option A: Download Pre-built Binary¶
# Create directory for dev-oidc
mkdir C:\Tools\dev-oidc -Force
cd C:\Tools\dev-oidc
# Download dev-oidc (replace with actual download URL)
# If you have it locally, copy it here
Copy-Item "C:\Source\_AI\dev-oidc\dev-oidc.exe" .
Option B: Build from Source¶
cd C:\Source\_AI
git clone https://github.com/anthropics/dev-oidc.git
cd dev-oidc
go build -o dev-oidc.exe .
Step 2: Start dev-oidc Server¶
Open a new PowerShell terminal and start dev-oidc:
cd C:\Tools\dev-oidc # or wherever you have dev-oidc
# Start dev-oidc on default port 8080
.\dev-oidc.exe
You should see output like:
Starting dev-oidc server on http://localhost:8080
OIDC Discovery: http://localhost:8080/.well-known/openid-configuration
Keep this terminal open - dev-oidc needs to be running.
Verify dev-oidc is Running¶
# In a new terminal
Invoke-WebRequest http://localhost:8080/.well-known/openid-configuration | Select-Object -ExpandProperty Content
You should see JSON with issuer, token_endpoint, etc.
Step 3: Configure Cesivi for OIDC + SQLite¶
Create a custom configuration file:
cd C:\Source\_AI\Cesivi2\Cesivi.Server
Create appsettings.TutorialA.json:
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Cesivi": "Debug",
"Cesivi.Common.Identity": "Debug"
}
},
"Cesivi": {
"DataRootPath": "C:/CesiviData/TutorialA",
"LogPath": "C:/CesiviData/TutorialA/Logs",
"HostName": "localhost",
"UseHttps": false,
"HttpPort": 5000,
"StorageProvider": "Sqlite",
"SqlitePath": "C:/CesiviData/TutorialA/sharepoint.db",
"SearchEngine": "TfIdf",
"Identity": {
"Providers": {
"OAuth2": {
"Enabled": true,
"Priority": 50,
"Authority": "http://localhost:8080",
"Audience": "cesivi",
"ValidateIssuer": true,
"ValidateAudience": true,
"ValidateLifetime": true,
"ClaimMappings": {
"Username": "preferred_username",
"Email": "email",
"DisplayName": "name"
}
},
"AcceptAll": {
"Enabled": true,
"Priority": 1000,
"DefaultUsername": "SHAREPOINT\\administrator"
}
}
},
"Authentication": {
"AcceptAllCredentials": false,
"AllowAnonymous": false,
"EnableNTLM": false,
"EnableJWT": true,
"EnableBasic": false
}
}
}
Step 4: Create Data Directory¶
# Create the data directory
New-Item -ItemType Directory -Path "C:\CesiviData\TutorialA" -Force
# Verify
Test-Path "C:\CesiviData\TutorialA"
Step 5: Start Cesivi Server¶
Open a new PowerShell terminal:
cd C:\Source\_AI\Cesivi2\Cesivi.Server
# Set environment to use our custom config
$env:ASPNETCORE_ENVIRONMENT = "TutorialA"
# Start the server
dotnet run
You should see:
info: Cesivi[0]
Cesivi Server started
Listening on: http://localhost:5000
Storage Provider: Sqlite
Search Engine: TfIdf
Identity Providers: OAuth2 (50), AcceptAll (1000)
Step 6: Get an OAuth2 Token from dev-oidc¶
dev-oidc supports multiple ways to get tokens. Here's the simplest:
Using Password Grant (Development Only)¶
# Get a token from dev-oidc
$body = @{
grant_type = "password"
username = "testuser"
password = "testpass"
client_id = "cesivi"
scope = "openid profile email"
}
$response = Invoke-RestMethod -Uri "http://localhost:8080/oauth/token" `
-Method POST `
-Body $body `
-ContentType "application/x-www-form-urlencoded"
$token = $response.access_token
Write-Host "Got token: $($token.Substring(0, 50))..."
Alternative: Using Authorization Code Flow (More Realistic)¶
# Open browser to authorization endpoint
Start-Process "http://localhost:8080/oauth/authorize?client_id=cesivi&redirect_uri=http://localhost:5000/callback&response_type=code&scope=openid profile email"
Step 7: Test the Cesivi API with Token¶
# Test REST API with Bearer token
$headers = @{
"Authorization" = "Bearer $token"
"Accept" = "application/json;odata=verbose"
}
# Get site info
$site = Invoke-RestMethod -Uri "http://localhost:5000/_api/site" `
-Headers $headers
Write-Host "Site URL: $($site.d.Url)"
Write-Host "Site ID: $($site.d.Id)"
Test Web Info¶
# Get web info
$web = Invoke-RestMethod -Uri "http://localhost:5000/_api/web" `
-Headers $headers
Write-Host "Web Title: $($web.d.Title)"
Write-Host "Web URL: $($web.d.Url)"
Create a List¶
# Create a new list
$listBody = @{
"__metadata" = @{ "type" = "SP.List" }
"Title" = "OIDC Test List"
"BaseTemplate" = 100
} | ConvertTo-Json
$newList = Invoke-RestMethod -Uri "http://localhost:5000/_api/web/lists" `
-Headers $headers `
-Method POST `
-Body $listBody `
-ContentType "application/json;odata=verbose"
Write-Host "Created list: $($newList.d.Title)"
Step 8: Verify SQLite Storage¶
The data is now stored in SQLite. You can query it:
# Using sqlite3 command line (if installed)
sqlite3 "C:\CesiviData\TutorialA\sharepoint.db" ".tables"
# Or use a GUI tool like DB Browser for SQLite
# Download from: https://sqlitebrowser.org/
View Data with PowerShell¶
# If you have System.Data.SQLite
Add-Type -Path "path\to\System.Data.SQLite.dll"
$conn = New-Object System.Data.SQLite.SQLiteConnection("Data Source=C:\CesiviData\TutorialA\sharepoint.db")
$conn.Open()
$cmd = $conn.CreateCommand()
$cmd.CommandText = "SELECT * FROM Lists"
$reader = $cmd.ExecuteReader()
while ($reader.Read()) {
Write-Host "List: $($reader['Title'])"
}
$conn.Close()
Step 9: Test with CSOM (Optional)¶
using Microsoft.SharePoint.Client;
using System.Net.Http;
using System.Net.Http.Headers;
// Get token first (from dev-oidc)
var token = "your-token-here";
var context = new ClientContext("http://localhost:5000");
// Set Bearer token handler
context.ExecutingWebRequest += (sender, e) =>
{
e.WebRequestExecutor.RequestHeaders["Authorization"] = $"Bearer {token}";
};
var web = context.Web;
context.Load(web, w => w.Title, w => w.Url);
context.ExecuteQuery();
Console.WriteLine($"Web Title: {web.Title}");
Console.WriteLine($"Web URL: {web.Url}");
Troubleshooting¶
"Token validation failed"¶
Cause: dev-oidc not running or wrong Authority URL
Solution:
1. Verify dev-oidc is running: curl http://localhost:8080/.well-known/openid-configuration
2. Check Authority in config matches dev-oidc URL
3. Enable debug logging to see exact error
"SQLite database is locked"¶
Cause: Another process has the database open
Solution:
1. Stop any other Cesivi instances
2. Close database browser tools
3. Check for orphaned processes: Get-Process | Where-Object { $_.Name -like "*SharePoint*" }
"Cannot find configuration file"¶
Cause: ASPNETCORE_ENVIRONMENT not set correctly
Solution:
# Verify environment
$env:ASPNETCORE_ENVIRONMENT
# Should output: TutorialA
Clean Up¶
When done with this tutorial:
# Stop Cesivi Server (Ctrl+C in its terminal)
# Stop dev-oidc (Ctrl+C in its terminal)
# Optional: Remove data directory
Remove-Item -Recurse -Force "C:\CesiviData\TutorialA"
# Optional: Remove config file
Remove-Item "C:\Source\_AI\Cesivi2\Cesivi.Server\appsettings.TutorialA.json"
Summary¶
You have successfully set up: - dev-oidc as your OAuth2/OIDC identity provider - SQLite as your storage backend - Cesivi Server with modern authentication
Key Files Created¶
appsettings.TutorialA.json- Custom configurationC:\CesiviData\TutorialA\sharepoint.db- SQLite databaseC:\CesiviData\TutorialA\Logs\- Server logs
Next Steps¶
- Try Tutorial B for Docker deployment with LDAP
- Try Tutorial D for full-text search with Lucene
- Read Identity Providers Guide for more auth options