Skip to content

Tutorial A: Cesivi + dev-oidc + SQLite on Windows

Overview

This tutorial guides you through setting up Cesivi Server with: - Authentication: OAuth2/OIDC via dev-oidc (development OIDC server) - Storage: SQLite database - Platform: Windows

Use Case: Development environment with modern authentication and SQL-based storage for debugging and querying data.

Time Required: ~15 minutes


Prerequisites

  • Windows 10/11 or Windows Server 2019+
  • .NET 10.0 SDK installed
  • PowerShell 5.1 or later
  • dev-oidc downloaded (or build from source)

Step 1: Download and Prepare dev-oidc

dev-oidc is a lightweight OIDC server for development/testing.

Option A: Download Pre-built Binary

# Create directory for dev-oidc
mkdir C:\Tools\dev-oidc -Force
cd C:\Tools\dev-oidc

# Download dev-oidc (replace with actual download URL)
# If you have it locally, copy it here
Copy-Item "C:\Source\_AI\dev-oidc\dev-oidc.exe" .

Option B: Build from Source

cd C:\Source\_AI
git clone https://github.com/anthropics/dev-oidc.git
cd dev-oidc
go build -o dev-oidc.exe .

Step 2: Start dev-oidc Server

Open a new PowerShell terminal and start dev-oidc:

cd C:\Tools\dev-oidc  # or wherever you have dev-oidc

# Start dev-oidc on default port 8080
.\dev-oidc.exe

You should see output like:

Starting dev-oidc server on http://localhost:8080
OIDC Discovery: http://localhost:8080/.well-known/openid-configuration

Keep this terminal open - dev-oidc needs to be running.

Verify dev-oidc is Running

# In a new terminal
Invoke-WebRequest http://localhost:8080/.well-known/openid-configuration | Select-Object -ExpandProperty Content

You should see JSON with issuer, token_endpoint, etc.


Step 3: Configure Cesivi for OIDC + SQLite

Create a custom configuration file:

cd C:\Source\_AI\Cesivi2\Cesivi.Server

Create appsettings.TutorialA.json:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Cesivi": "Debug",
      "Cesivi.Common.Identity": "Debug"
    }
  },
  "Cesivi": {
    "DataRootPath": "C:/CesiviData/TutorialA",
    "LogPath": "C:/CesiviData/TutorialA/Logs",
    "HostName": "localhost",
    "UseHttps": false,
    "HttpPort": 5000,

    "StorageProvider": "Sqlite",
    "SqlitePath": "C:/CesiviData/TutorialA/sharepoint.db",

    "SearchEngine": "TfIdf",

    "Identity": {
      "Providers": {
        "OAuth2": {
          "Enabled": true,
          "Priority": 50,
          "Authority": "http://localhost:8080",
          "Audience": "cesivi",
          "ValidateIssuer": true,
          "ValidateAudience": true,
          "ValidateLifetime": true,
          "ClaimMappings": {
            "Username": "preferred_username",
            "Email": "email",
            "DisplayName": "name"
          }
        },
        "AcceptAll": {
          "Enabled": true,
          "Priority": 1000,
          "DefaultUsername": "SHAREPOINT\\administrator"
        }
      }
    },

    "Authentication": {
      "AcceptAllCredentials": false,
      "AllowAnonymous": false,
      "EnableNTLM": false,
      "EnableJWT": true,
      "EnableBasic": false
    }
  }
}

Step 4: Create Data Directory

# Create the data directory
New-Item -ItemType Directory -Path "C:\CesiviData\TutorialA" -Force

# Verify
Test-Path "C:\CesiviData\TutorialA"

Step 5: Start Cesivi Server

Open a new PowerShell terminal:

cd C:\Source\_AI\Cesivi2\Cesivi.Server

# Set environment to use our custom config
$env:ASPNETCORE_ENVIRONMENT = "TutorialA"

# Start the server
dotnet run

You should see:

info: Cesivi[0]
      Cesivi Server started
      Listening on: http://localhost:5000
      Storage Provider: Sqlite
      Search Engine: TfIdf
      Identity Providers: OAuth2 (50), AcceptAll (1000)


Step 6: Get an OAuth2 Token from dev-oidc

dev-oidc supports multiple ways to get tokens. Here's the simplest:

Using Password Grant (Development Only)

# Get a token from dev-oidc
$body = @{
    grant_type = "password"
    username = "testuser"
    password = "testpass"
    client_id = "cesivi"
    scope = "openid profile email"
}

$response = Invoke-RestMethod -Uri "http://localhost:8080/oauth/token" `
    -Method POST `
    -Body $body `
    -ContentType "application/x-www-form-urlencoded"

$token = $response.access_token
Write-Host "Got token: $($token.Substring(0, 50))..."

Alternative: Using Authorization Code Flow (More Realistic)

# Open browser to authorization endpoint
Start-Process "http://localhost:8080/oauth/authorize?client_id=cesivi&redirect_uri=http://localhost:5000/callback&response_type=code&scope=openid profile email"

Step 7: Test the Cesivi API with Token

# Test REST API with Bearer token
$headers = @{
    "Authorization" = "Bearer $token"
    "Accept" = "application/json;odata=verbose"
}

# Get site info
$site = Invoke-RestMethod -Uri "http://localhost:5000/_api/site" `
    -Headers $headers

Write-Host "Site URL: $($site.d.Url)"
Write-Host "Site ID: $($site.d.Id)"

Test Web Info

# Get web info
$web = Invoke-RestMethod -Uri "http://localhost:5000/_api/web" `
    -Headers $headers

Write-Host "Web Title: $($web.d.Title)"
Write-Host "Web URL: $($web.d.Url)"

Create a List

# Create a new list
$listBody = @{
    "__metadata" = @{ "type" = "SP.List" }
    "Title" = "OIDC Test List"
    "BaseTemplate" = 100
} | ConvertTo-Json

$newList = Invoke-RestMethod -Uri "http://localhost:5000/_api/web/lists" `
    -Headers $headers `
    -Method POST `
    -Body $listBody `
    -ContentType "application/json;odata=verbose"

Write-Host "Created list: $($newList.d.Title)"

Step 8: Verify SQLite Storage

The data is now stored in SQLite. You can query it:

# Using sqlite3 command line (if installed)
sqlite3 "C:\CesiviData\TutorialA\sharepoint.db" ".tables"

# Or use a GUI tool like DB Browser for SQLite
# Download from: https://sqlitebrowser.org/

View Data with PowerShell

# If you have System.Data.SQLite
Add-Type -Path "path\to\System.Data.SQLite.dll"

$conn = New-Object System.Data.SQLite.SQLiteConnection("Data Source=C:\CesiviData\TutorialA\sharepoint.db")
$conn.Open()

$cmd = $conn.CreateCommand()
$cmd.CommandText = "SELECT * FROM Lists"
$reader = $cmd.ExecuteReader()

while ($reader.Read()) {
    Write-Host "List: $($reader['Title'])"
}

$conn.Close()

Step 9: Test with CSOM (Optional)

using Microsoft.SharePoint.Client;
using System.Net.Http;
using System.Net.Http.Headers;

// Get token first (from dev-oidc)
var token = "your-token-here";

var context = new ClientContext("http://localhost:5000");

// Set Bearer token handler
context.ExecutingWebRequest += (sender, e) =>
{
    e.WebRequestExecutor.RequestHeaders["Authorization"] = $"Bearer {token}";
};

var web = context.Web;
context.Load(web, w => w.Title, w => w.Url);
context.ExecuteQuery();

Console.WriteLine($"Web Title: {web.Title}");
Console.WriteLine($"Web URL: {web.Url}");

Troubleshooting

"Token validation failed"

Cause: dev-oidc not running or wrong Authority URL

Solution: 1. Verify dev-oidc is running: curl http://localhost:8080/.well-known/openid-configuration 2. Check Authority in config matches dev-oidc URL 3. Enable debug logging to see exact error

"SQLite database is locked"

Cause: Another process has the database open

Solution: 1. Stop any other Cesivi instances 2. Close database browser tools 3. Check for orphaned processes: Get-Process | Where-Object { $_.Name -like "*SharePoint*" }

"Cannot find configuration file"

Cause: ASPNETCORE_ENVIRONMENT not set correctly

Solution:

# Verify environment
$env:ASPNETCORE_ENVIRONMENT

# Should output: TutorialA


Clean Up

When done with this tutorial:

# Stop Cesivi Server (Ctrl+C in its terminal)

# Stop dev-oidc (Ctrl+C in its terminal)

# Optional: Remove data directory
Remove-Item -Recurse -Force "C:\CesiviData\TutorialA"

# Optional: Remove config file
Remove-Item "C:\Source\_AI\Cesivi2\Cesivi.Server\appsettings.TutorialA.json"

Summary

You have successfully set up: - dev-oidc as your OAuth2/OIDC identity provider - SQLite as your storage backend - Cesivi Server with modern authentication

Key Files Created

  • appsettings.TutorialA.json - Custom configuration
  • C:\CesiviData\TutorialA\sharepoint.db - SQLite database
  • C:\CesiviData\TutorialA\Logs\ - Server logs

Next Steps


See Also