Adobe Developer

krassibb · 5/8/23

Hi,

I recently received email to "Migrating from Service Account (JWT) credential to OAuth Server-to-Server credential" - here is the link in the email - https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthenticatio...

The migration works well in the developer console, but once the old JWT credential is deleted, when I go in AEM in the "ADobe IMS Technical Account" and check the health of the connection, I get now error Dev Adobe Target IMS: failed to get access token from authorization server status: 400 response: {"error_description":"The client must have the exchange_jwt scope.","error":"invalid_client"}

Any suggestion on how to fix this urgently is appreciated.

Thanks,
Krass

krassibb · 5/17/23

Looks like the AEM team will be responsible to update the AEM IMS Client config to use the new OAuth Server-to-Server credential. In the meantime, the old JWT credential will be still valid.

View solution in original post

tmj · 5/9/23

Hi @krassibb,

Did you also update your AEM instance to use the new credential?

Thanks
Manik

krassibb · 5/9/23

Hi @tmj,

Yes, I did update the credentials in AEM IMS configuration. Although, the configuration fails on the JWT Payload mandatory section.

Please notify the AEM product team about the issue.

Thanks,

Krass

krassibb · 5/17/23

Looks like the AEM team will be responsible to update the AEM IMS Client config to use the new OAuth Server-to-Server credential. In the meantime, the old JWT credential will be still valid.

Sreekanthkp · 6/13/23

Did we get a solution for this ? I am facing the same issue "Dev Adobe Target IMS: failed to get access token from authorization server status: 400 response: {"error_description":"The client must have the exchange_jwt scope.","error":"invalid_client"} "

jurgenbrouwer · 6/27/23

We are having the same issue after migrating from JWT to OAuth. I'm unable to find any documentation on how to migrate our on-prem AEM to this new authentication.

Adobe-Target-IMS-IO: failed to get access token from authorization server status: 400 response: {"error_description":"The client must have the exchange_jwt scope.","error":"invalid_client"}

Edit: we have created a support ticket at Adobe to check if can revert the migration since AEM does not support OAuth for the export of Experience Fragments to Target yet.

derrick-mathabathe · 2/7/24

Any progress on this issue ?

varun790 · 2/8/24

@tmj @krassibb

Did you guys get any update for this issue.

tmj · 2/8/24

Hi @varun790 , please allow me a few days to chase down the official timeline on when AEM will support the new OAuth credentials. Be assured it will be well before the EOL in Jan 2025.

Thanks for your patience
Manik

tmj · 2/12/24

Hello folks, quick update, AEM is targeting to release support for OAuth Server-to-Server credentials by April 2024.

tmj · 2/12/24

Hello folks, quick update, AEM is targeting to release support for OAuth Server-to-Server credentials by April 2024.

jurgenbrouwer · 6/12/24

Meanwhile SP21 has been delivered which contains support for oauth:
https://experienceleague.adobe.com/en/docs/experience-manager-65/content/release-notes/release-notes...

A hotfix for lower versions is available for download via the Software Distribution page.

Adobe Developer

AEM to Target Integration migration from Service Account (JWT) credentials to OAuth Server-to-Server credentials

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe