Clarification on Service Account (JWT) Migration - creadentials needed for publishing new versions | Community
Skip to main content
C
CarmitKl
April 8, 2025
Question

Clarification on Service Account (JWT) Migration - creadentials needed for publishing new versions

  • April 8, 2025
  • 2 replies
  • 843 views

Hello Adobe Team,

I received a notification regarding the deprecation of Service Account (JWT) credentials in favor of OAuth Server-to-Server credentials.
As an Adobe-administrator of Medallia, I need to confirm the status of a project we have.

It's authentication details are used for publishing versions of an Adobe Experience Platform Extension,

Which is done once in roughly 2 years.

As far as I undestand, in order to succeed publishing a new package with "@adobe/reactor-packager":

1. The "Project" needs to be updated to use the new OAuth2 credentials

2. During the deployment process, the new credentials will need to be supplied

 

So is it correct that the code that creates the package-zip DOES NOT need
to include an OAuth 3rd party implemention in it?

 

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

tmj
Adobe Employee
tmjAdobe Employee
Adobe Employee
April 14, 2025

Hi @carmitkl, I believe you are talking about the AEP Sources connector published by Medallia. I have reached out to a related team and will get back to you soon.

tmj
Adobe Employee
tmjAdobe Employee
Adobe Employee
April 16, 2025

Hi @carmitkl, I am little confused now since you don't seem to have an AEP Sources connector for Medallia and I was mistaken. Could you tell me again what is the thing you are building and the challenge you are facing?

tmj
Adobe Employee
tmjAdobe Employee
Adobe Employee
April 28, 2025

Hi, This is about an "Adobe launch extension development" project.

We need to deploy a version of it, using the "npx @61380/reactor-uploader".

When running in the console "npx @61380/reactor-uploader" we're being asked to provide:

1. clientId
2. clientSecret

And I've filled the id's written in the "OAuth Server-to-Server" tab (which are identical to those written in the "Service Account (JWT)
DEPRECATED" tab.

Then, I get: Error: self-signed certificate in certificate chain

 

So I need help i order to complete the migration and be sure that the project is able to be uploaded successfully.


Hi @carmitkl, I can see that the @adobe/reactor-uploader already supports the OAuth Server-to-Server credentials by default https://github.com/adobe/reactor-uploader 

 

>I get: Error: self-signed certificate in certificate chain

 

My hypothesis is that this error is not related to the JWT or OAuth credentials at all. Could it be related to your local setup? Also, does your organization have access to raise support tickets with Adobe? I'd recommend raising one, if you're still stuck. 

 

Thanks
Manik

AmitVishwakarma
Community Advisor
AmitVishwakarmaCommunity Advisor
Community Advisor
April 30, 2025

Hi @carmitkl ,

It seems like you're encountering a few issues during the migration process from JWT to OAuth Server-to-Server credentials for your Adobe Launch extension. Let's break down the situation:

1. Service Account (JWT) Migration: The transition from JWT to OAuth2 credentials is necessary, but the actual process of creating the package (e.g., with @adobe/reactor-packager) does not require an OAuth implementation inside the code. You only need to provide the OAuth credentials (clientId and clientSecret) during the deployment process, as you've correctly pointed out.

2. Self-Signed Certificate Error: The error Error: self-signed certificate in certificate chain seems to be more related to the certificate chain in your environment rather than the OAuth credentials themselves. This is likely an issue with your local setup, such as SSL/TLS certificate handling. You might need to ensure that your local environment trusts the necessary certificates, or there could be an issue with how your system is handling SSL/TLS connections.

3. OAuth Credentials: You mentioned filling in the credentials from the "OAuth Server-to-Server" tab. Ensure you're using the correct clientId and clientSecret for your current OAuth setup. The ones from the "Service Account (JWT)" tab may not work because JWT credentials are deprecated.

4. Further Troubleshooting: If the issue persists after ensuring your credentials are correct and your local setup is addressed, I'd suggest reaching out to Adobe Support (if your organization has access) for more targeted help. This could include checking whether any additional configuration changes are needed on Adobe's end to fully support the OAuth migration for your project.


Regards,
Amit

Terms & ConditionsAccessibility statement

Loading footer...