Question

Clarification on Service Account (JWT) Migration - creadentials needed for publishing new versions

Forum|Forum|9 months ago
April 8, 2025
2 replies
843 views

Hello Adobe Team,

I received a notification regarding the deprecation of Service Account (JWT) credentials in favor of OAuth Server-to-Server credentials.
As an Adobe-administrator of Medallia, I need to confirm the status of a project we have.

It's authentication details are used for publishing versions of an Adobe Experience Platform Extension,

Which is done once in roughly 2 years.

As far as I undestand, in order to succeed publishing a new package with "@adobe/reactor-packager":

1. The "Project" needs to be updated to use the new OAuth2 credentials

2. During the deployment process, the new credentials will need to be supplied

So is it correct that the code that creates the package-zip DOES NOT need
to include an OAuth 3rd party implemention in it?

Adobe Developer

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

tmj

Adobe Employee

Hi @carmitkl, I believe you are talking about the AEP Sources connector published by Medallia. I have reached out to a related team and will get back to you soon.

tmj

Adobe Employee

Hi @carmitkl, I am little confused now since you don't seem to have an AEP Sources connector for Medallia and I was mistaken. Could you tell me again what is the thing you are building and the challenge you are facing?

C

CarmitKlAuthor

Hi, This is about an "Adobe launch extension development" project.

We need to deploy a version of it, using the "npx @61380/reactor-uploader".

When running in the console "npx @61380/reactor-uploader" we're being asked to provide:

1. clientId
2. clientSecret

And I've filled the id's written in the "OAuth Server-to-Server" tab (which are identical to those written in the "Service Account (JWT)
DEPRECATED" tab.

Then, I get: Error: self-signed certificate in certificate chain

So I need help i order to complete the migration and be sure that the project is able to be uploaded successfully.

AmitVishwakarma

Community Advisor

Hi @carmitkl ,

It seems like you're encountering a few issues during the migration process from JWT to OAuth Server-to-Server credentials for your Adobe Launch extension. Let's break down the situation:

1. Service Account (JWT) Migration: The transition from JWT to OAuth2 credentials is necessary, but the actual process of creating the package (e.g., with @adobe/reactor-packager) does not require an OAuth implementation inside the code. You only need to provide the OAuth credentials (clientId and clientSecret) during the deployment process, as you've correctly pointed out.

2. Self-Signed Certificate Error: The error Error: self-signed certificate in certificate chain seems to be more related to the certificate chain in your environment rather than the OAuth credentials themselves. This is likely an issue with your local setup, such as SSL/TLS certificate handling. You might need to ensure that your local environment trusts the necessary certificates, or there could be an issue with how your system is handling SSL/TLS connections.

3. OAuth Credentials: You mentioned filling in the credentials from the "OAuth Server-to-Server" tab. Ensure you're using the correct clientId and clientSecret for your current OAuth setup. The ones from the "Service Account (JWT)" tab may not work because JWT credentials are deprecated.

4. Further Troubleshooting: If the issue persists after ensuring your credentials are correct and your local setup is addressed, I'd suggest reaching out to Adobe Support (if your organization has access) for more targeted help. This could include checking whether any additional configuration changes are needed on Adobe's end to fully support the OAuth migration for your project.

Regards,
Amit

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded