Feasible Way to Share Token Across All Publishers in AEM as a Cloud Service? | Community
Skip to main content
S
sai_charanAr
Level 2
May 19, 2025
Solved

Feasible Way to Share Token Across All Publishers in AEM as a Cloud Service?

  • May 19, 2025
  • 6 replies
  • 1288 views

Hi everyone,

In our AEM as a Cloud Service project, we are generating an **access token inside an OSGi service class**. Every time we call the method in this service, it generates a **new token**.

The requirement is:

* The token should be **generated only once every 24 hours**
* The same token should be **reused across all publish instances** within that 24-hour window

Since AEM as a Cloud Service is **stateless** and each publish instance runs independently, using in-memory storage or static variables doesn’t help — the token is regenerated on every call from different instances.

Is there any feasible or recommended way to store and share this token across all publish instances in AEM as a Cloud Service?

Looking for a lightweight, cloud-compatible solution. Appreciate any guidance!

Thanks!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by sai_charanAr

Hi @kautuk_sahni  @aditya_chabuku  , we have used adobe io to store and chache the token for required time please find the article attached we have documented the process in this 
https://medium.com/@nagarajuminda9/secure-ims-token-management-using-adobe-i-o-runtime-and-adobe-state-063343583b57

Thank you all for you responses ,which help a lot to derive the solution 

6 replies

Karishma_begumSh
Karishma_begumSh
Level 4
May 19, 2025

Hi @sai_charanar 
Store the token in the shared JCR repository (e.g., under /var/myproject/token), which is accessible by all instances.

    S
    sai_charanArAuthor
    Level 2
    May 19, 2025

    Hi @karishma_begumsh ,is it recommended update the repository in publisher even if we save (var/myproject/token ) how we can sync with multiple publisher ?

    Karishma_begumSh
    Karishma_begumSh
    Level 4
    May 19, 2025

    No, it is not recommended to write to the JCR repository from publish instances, even under /var, especially in AEM as a Cloud Service because as it is stateless it allows only to read.
    instead use external token store or use shared token generator service

      Shashi_Mulugu
      Community Advisor
      Shashi_MuluguCommunity Advisor
      Community Advisor
      May 20, 2025

      @sai_charanar I would recommend you to develop this api outside of aem like in Adobe io Runtime or any other middleware api where access token is generated and calls external service or any other operation post that.. and you call adobe io runtime/middle layer api from your publisher everytime

        MukeshYadav_
        Community Advisor
        MukeshYadav_Community Advisor
        Community Advisor
        May 20, 2025

        Hi @sai_charanar ,

        We have to store outside AEM like Redis Cache of Azure/ AWS.

        Our design was based on  2 level of cache mechanism to avoid call to external API each time.

        • Put token ( data ) in Gauva cache(in memory) and Azure redis cache
        • While checking(accessing), first check in OSGI / Gauva Cache in the AEM itself
        • If it is not present in AEM check in the external(Azure Redis cache)

        This way were able to achieve the desired functionality in efficient manner.

         

        Thanks

          AmitVishwakarma
          Community Advisor
          AmitVishwakarmaCommunity Advisor
          Community Advisor
          May 20, 2025

          Hi @sai_charanar ,

           

          External Token Store with Local Cache

          Summary

          1 . Use an external shared store (e.g., Redis, AWS SSM, Azure Key Vault, or S3/Blob).

          2. Each AEM publish instance:

            - First checks local memory (e.g., Guava cache).

            - If not found, fetches from the external store.

            - If expired or not present in store, one instance regenerates the token and stores it.

          3. Use OSGi Scheduler or lazy-load logic to regenerate every 24h.

          Regards,
          Amit

            Imran Khan
            Community Advisor
            Imran KhanCommunity Advisor
            Community Advisor
            May 20, 2025

            @sai_charanar Store it in jcr node and maintain sticky session to read value from specific publishers.

            Aditya_Chabuku
            Community Advisor
            Aditya_ChabukuCommunity Advisor
            Community Advisor
            June 13, 2025

            Hi @sai_charanar ,

             

            Is there any update on this problem? If so, please let the community know.

             

             

            Thanks,Aditya Chabuku
              kautuk_sahni
              Community Manager
              kautuk_sahniCommunity Manager
              Community Manager
              June 25, 2025

              @sai_charanar Did you find the suggestions helpful? If you need more information, please let us know. If a response resolved your issue, kindly mark it as correct to help others in the future. Alternatively, if you discovered a solution on your own, we'd appreciate it if you could share it with the community. Thank you.

              Kautuk Sahni
              S
              sai_charanArAuthorAccepted solution
              Level 2
              June 25, 2025

              Hi @kautuk_sahni  @aditya_chabuku  , we have used adobe io to store and chache the token for required time please find the article attached we have documented the process in this 
              https://medium.com/@nagarajuminda9/secure-ims-token-management-using-adobe-i-o-runtime-and-adobe-state-063343583b57

              Thank you all for you responses ,which help a lot to derive the solution 

                Terms & ConditionsAccessibility statement

                Loading footer...