How to authenticate frontend application in AEM 6.5.13 in AMS | Community
Skip to main content
Mario248
Mario248
Level 7
June 17, 2022

How to authenticate frontend application in AEM 6.5.13 in AMS

  • June 17, 2022
  • 2 replies
  • 1755 views

I want to export AEM content to frontend team. Planning to export content using content as service. For security reason we want to authenticate AEM APIs and AEM Assets. For example. /content/my-site/welcome.modal.json and it is DAM assets to be accessible by the frontend application.

 

In AEMaaCS we can authentication token from develop console which then can be shared to frontend team. In case of AMS, AEM 6.513 world, what token to be shared to frontend/external application? Does AEM 6.5 provide any OOTB authentication service to validate the frontend/external application ?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

Bhuwan_B
Community Advisor
Bhuwan_BCommunity Advisor
Community Advisor
June 17, 2022

@mario248 Please check the below URL if that helps.

http://experience-aem.blogspot.com/2021/10/aem-65-sp10-simple-token-based-authentication.html

    Mario248
    Mario248Author
    Level 7
    June 22, 2022

    How about using apache sling referrer filter in AEM. AEM will reject the request if we are not allowing the front end application in "Allow Host"

    Is this not sufficient to control frontend application ? Do we really oauth kind of authentication?

      joerghoh
      Adobe Employee
      joerghohAdobe Employee
      Adobe Employee
      June 17, 2022

      When you write "authentication service to validate the frontend/external application", does that mean that the user (which is using this frontend application) is not required to authenticate, but only the application itself?

       

      In other words, do you want to only your frontend application can access AEM content? And that it should not be possible that I can download the same content using curl (or any HTTP client)?

        Mario248
        Mario248Author
        Level 7
        June 20, 2022

        Yeah, I want only frontend application to access the AEM Content. Basically I have react app that will call AEM to get the content along with DAM assets. I want to allow only the react forntend to access the aem content. My aem content should be accessible other than the frontend application.

         

        Can we control this at dispathcer config level or Should we write any services in aem to authenticate the caller (in this case it is react frontend application)

          joerghoh
          Adobe Employee
          joerghohAdobe Employee
          Adobe Employee
          June 25, 2022

          No, it is not possible. If you want to your SPA to authenticate at AEM (the SPA, not the user!) then you need to store some token within the SPA which is then used for authentication. But everyone can extract that token and use it outside of the SPA.

           

          If your content is publicly available, you cannot ensure that only a specified http client can access it, unless you require the authentication of the user.

            Terms & ConditionsAccessibility statement

            Loading footer...