Expand my Community achievements bar.

Clarification on Service Account (JWT) Migration - creadentials needed for publishing new versions

Avatar

Level 1
Level 1
4/8/25 11:49:14 AM

Hello Adobe Team,

I received a notification regarding the deprecation of Service Account (JWT) credentials in favor of OAuth Server-to-Server credentials.
As an Adobe-administrator of Medallia, I need to confirm the status of a project we have.

It's authentication details are used for publishing versions of an Adobe Experience Platform Extension,

Which is done once in roughly 2 years.

As far as I undestand, in order to succeed publishing a new package with "@adobe/reactor-packager":

1. The "Project" needs to be updated to use the new OAuth2 credentials

2. During the deployment process, the new credentials will need to be supplied

 

So is it correct that the code that creates the package-zip DOES NOT need
to include an OAuth 3rd party implemention in it?

 

 

 

 

Views

793

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
5 Replies

Avatar

Employee
Employee
4/13/25 11:14:14 PM

Hi @CarmitKl, I believe you are talking about the AEP Sources connector published by Medallia. I have reached out to a related team and will get back to you soon.

Views

720

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
4/16/25 8:31:07 AM
In response to tmj

Hi @CarmitKl, I am little confused now since you don't seem to have an AEP Sources connector for Medallia and I was mistaken. Could you tell me again what is the thing you are building and the challenge you are facing?

Views

687

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
4/27/25 4:45:00 AM
In response to tmj

Hi, This is about an "Adobe launch extension development" project.

We need to deploy a version of it, using the "npx @Deleted Account/reactor-uploader".

When running in the console "npx @Deleted Account/reactor-uploader" we're being asked to provide:

1. clientId
2. clientSecret

And I've filled the id's written in the "OAuth Server-to-Server" tab (which are identical to those written in the "Service Account (JWT)
DEPRECATED" tab.

Then, I get: Error: self-signed certificate in certificate chain

 

So I need help i order to complete the migration and be sure that the project is able to be uploaded successfully.

Views

587

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
4/27/25 10:37:46 PM
In response to CarmitKl

Hi @CarmitKl, I can see that the @adobe/reactor-uploader already supports the OAuth Server-to-Server credentials by default https://github.com/adobe/reactor-uploader 

 

>I get: Error: self-signed certificate in certificate chain

 

My hypothesis is that this error is not related to the JWT or OAuth credentials at all. Could it be related to your local setup? Also, does your organization have access to raise support tickets with Adobe? I'd recommend raising one, if you're still stuck. 

 

Thanks
Manik

Views

565

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
4/30/25 1:51:14 AM

Hi @CarmitKl ,

It seems like you're encountering a few issues during the migration process from JWT to OAuth Server-to-Server credentials for your Adobe Launch extension. Let's break down the situation:

1. Service Account (JWT) Migration: The transition from JWT to OAuth2 credentials is necessary, but the actual process of creating the package (e.g., with @adobe/reactor-packager) does not require an OAuth implementation inside the code. You only need to provide the OAuth credentials (clientId and clientSecret) during the deployment process, as you've correctly pointed out.

2. Self-Signed Certificate Error: The error Error: self-signed certificate in certificate chain seems to be more related to the certificate chain in your environment rather than the OAuth credentials themselves. This is likely an issue with your local setup, such as SSL/TLS certificate handling. You might need to ensure that your local environment trusts the necessary certificates, or there could be an issue with how your system is handling SSL/TLS connections.

3. OAuth Credentials: You mentioned filling in the credentials from the "OAuth Server-to-Server" tab. Ensure you're using the correct clientId and clientSecret for your current OAuth setup. The ones from the "Service Account (JWT)" tab may not work because JWT credentials are deprecated.

4. Further Troubleshooting: If the issue persists after ensuring your credentials are correct and your local setup is addressed, I'd suggest reaching out to Adobe Support (if your organization has access) for more targeted help. This could include checking whether any additional configuration changes are needed on Adobe's end to fully support the OAuth migration for your project.


Regards,
Amit

Views

532

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
JWT exchanged access token signature invalid Solved

Views

3.2K

Likes

0

Replies

1
Request for Official Clarification and Deprecation Plan of Adobe Commerce REST API v1 Based on Community Discussion

Views

174

Likes

0

Replies

1
Documentation for Adobe API Mesh reconfiguration for Adobe Commerce migration from PAAS to SAAS.

Views

285

Likes

0

Replies

0
DNG SDK. How do I get the developer version.

Views

3.6K

Likes

0

Replies

5
Hyperlinks in pdf to excel files on my dropbox

Views

700

Likes

0

Replies

1