Expand my Community achievements bar.

JWT to OAuth Migration

Avatar

Level 1

Starting in 2020 and continuing until today, we have been using a JWT credential between ServiceNow and Adobe. As part of the credential creation, we used OpenSSL to create a public and private key, creating a project in Adobe, uploading the public key, creating an integration profile in ServiceNow, etc. As mandated by our information security rules, the certs created by OpenSSL were configured to expire after a year, requiring us to go through the process of renewing the cert and updating the integration.

With the impending deprecation of the JWT credentials, we have been receiving regular reminder emails from Adobe to take action, each saying that "your organization must update them to use the OAuth Server-to-Server credential" and providing links to the Migration Guide. However, there was one (and only one) email we received that had as actions to take:

"1. Update the integrations with newer certificates before the current ones expire and
2. Migrate the integrations to use the OAuth Server-to-Server credential before January 27, 2025...."

The certs we are using now will expire in a little over 30 days. Does the reading of 1. from that email mean that new JWT certs need to be in place before the migration to OAuth can occur? Or can I just proceed with the migration using the current certs and not worry about the soon approaching expiration date (IOW, does the migration negate the need to generate a new key pair)?

3 Replies

Avatar

Employee
Employee

Hi @JosephKa2 

 

Ultimately your integration needs to be updated to use OAuth Server-to-Server credentials. There are two ways to get there - 

 

Route#1 Directly migrate to OAuth Server-to-Server credentials in the next 30 days

 

This is a viable route and will not involve creating a new certificate pair. However, make sure you can complete the migration before your existing certificate expires. (per the email you received)

 

Route#2 First refresh the certificate to give yourself more than 30 days, and then migrate to OAuth Server-to-Server credentials by Jan 27, 2025

 

This option is preferable if you cannot complete the migration before the existing certificate expires.

 

Both these approaches will avoid any integration downtime.

 

Thanks
Manik

 

Avatar

Level 1

Manik, thank you for the confirmation.  We're going the option 1 route.  Appreciate it.

 

Joe

Avatar

Level 3

Hi @tmj 

Thank you for sharing this information.

We are doing a migration from JWT to Oauth for cloud manager API and encounter an issue with connection to cloud Manager pipeline. Please let me know if have came across such issue and can help on this to fix. Thank you in advance.

 

Error

$ aio cloudmanager:list-programs
› Error: [CloudManagerCLI:IMS_CONTEXT_MISSING_FIELDS] One or more of the required fields in
› ims.contexts.aio-cli-plugin-cloudmanager were not set. Missing keys were client_secret, meta_scopes,
› private_key.
› Code: IMS_CONTEXT_MISSING_FIELDS