Attaching a header to the Oauth Token endpoint responses | Community
Skip to main content
C
candersen_hoodoo
July 28, 2020
Solved

Attaching a header to the Oauth Token endpoint responses

  • July 28, 2020
  • 4 replies
  • 1833 views

Hey there,

 

I'm trying to get AEM to append a content-type header to the response of /oauth/token, as the remote server posting a token is expecting the application/json type back. I'm currently trying to use filters to achieve this, and I can get a filter to activate on pretty much every request EXCEPT the /oauth/token endpoint. Is there a way I could get the filter to activate on that endpoint, or a better way to go about this? Thanks!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

Hi,

 

You should check if this /oauth/token request is handled by Sling or outside of Sling. If you already tried using a (Sling) Filter to modify the response, this servlet is probably registered outside of Sling. To check that please go to http://localhost:4502/system/console/httpservice and check if there's a servlet registered to /oauth/token. If yes, then you need to register you filter to the OSGI http whiteboard. And example for such a filter is https://github.com/apache/sling-org-apache-sling-i18n/blob/master/src/main/java/org/apache/sling/i18n/impl/I18NFilter.java

4 replies

ChitraMadan
Community Advisor
ChitraMadanCommunity Advisor
Community Advisor
July 29, 2020

Hi @candersen_hoodoo,

 

I am not sure what is your end to end scenario, but I have used OAUTH in couple of integrations and we never had to modify the response of oauth/token endpoint for a successful communication.

 

You can go through couple of blogs below, these might help!!

https://labs.tadigital.com/index.php/2017/08/18/aem-as-oauth-server-part-1-setting-up-scopes/

https://labs.tadigital.com/index.php/2017/09/06/aem-as-oauth-server-part-2-testing-oauth/

 

If this doesn't help. Can you please explain your scenario in a bit detail.

 

    C
    candersen_hoodooAuthor
    July 30, 2020

    Hi @chitramadan ,

    I'm currently interfacing with a pre-built solution on the other side. When we send the final token response back in AEM after they POST to /oauth/token, we aren't sending any information on the response about the formatting, so the other side casts it to an octet-stream, which causes it to break as it is expecting application/json. I just need to add on that information so that the server on the other side reads the data correctly. If there's no good solution for this, we could ask our vendor to fix it, but that would be much more time consuming than filtering a header onto the response.

    arunpatidar
    Community Advisor
    arunpatidarCommunity Advisor
    Community Advisor
    July 30, 2020

    Yes, you can filter the request by using sling filters
    e,g. filter will betriggered only for /libs/cq/i18n/dict.* paths.

     

    @8220494(service = Filter.class, property = { Constants.SERVICE_DESCRIPTION + "= Filter incoming CRXDE requests and redirect to new home page", EngineConstants.SLING_FILTER_SCOPE + "=" + EngineConstants.FILTER_SCOPE_REQUEST, EngineConstants.SLING_FILTER_PATTERN + "=/libs/cq/i18n/dict.*", "sling.filter.methods=" + HttpConstants.METHOD_GET, //EngineConstants.SLING_FILTER_METHODS + "=" + HttpConstants.METHOD_GET, Constants.SERVICE_RANKING + "=-701" })

      

    Arun Patidar
      joerghoh
      Adobe Employee
      joerghohAdobe EmployeeAccepted solution
      Adobe Employee
      July 30, 2020

      Hi,

       

      You should check if this /oauth/token request is handled by Sling or outside of Sling. If you already tried using a (Sling) Filter to modify the response, this servlet is probably registered outside of Sling. To check that please go to http://localhost:4502/system/console/httpservice and check if there's a servlet registered to /oauth/token. If yes, then you need to register you filter to the OSGI http whiteboard. And example for such a filter is https://github.com/apache/sling-org-apache-sling-i18n/blob/master/src/main/java/org/apache/sling/i18n/impl/I18NFilter.java

        A
        Community Advisor
        AlbinIs1Community Advisor
        Community Advisor
        July 31, 2020

        Another option to try if the request is routed via dispatcher(Apache) - Force the content-type from Apache

        Enable the below configuration in your virtual host

        <LocationMatch "^/oauth/token$">
           ForceType application/txt
        </LocationMatch>

          Terms & ConditionsAccessibility statement

          Loading footer...