Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

403 Response From Adobe Experience Manager OAuth 2 Token Endpoint

Avatar

Level 7

I am using Postman to test OAuth 2 from a vanilla AEM install.

Postman can successfully obtain the authorization code from /oauth/authorize after I grant access:

But when it tries to use the code to obtain a token from /oauth/token it receives the following response:

HTTP ERROR: 403 Problem accessing /oauth/token. Reason: Forbidden Powered by Jetty://

Looking in Fiddler it is doing a POST to /oauth/token with the following Name/Values in the body:

client_id: Client ID from /libs/granite/oauth/content/client.html

client_secret: Client Secret from /libs/granite/oauth/content/client.html

redirect_uri: https://www.getpostman.com/oauth2/callback

grant_type: authorization_code

code: Code returned from previous request to oauth/authorize

Am I missing something?

2 Replies

Avatar

Employee

Hi,

To be honest, I'm not very familiar with Postman's OAuth2 support. Can you provide a complete dump of the POST request to /oauth/token? My guess is that this is the Referrer Filter, but I'm not sure.

Regards,

Justin

Avatar

Level 7

justin_at_adobe wrote...

Hi,

To be honest, I'm not very familiar with Postman's OAuth2 support. Can you provide a complete dump of the POST request to /oauth/token? My guess is that this is the Referrer Filter, but I'm not sure.

Regards,

Justin

 

 

Your guess was right Justin. Kudos

Avatar

Level 7

Solved. You need to add the post as allowed host in the sling referrer filter in your configuration.

Avatar

Level 7

justin_at_adobe wrote...

Just curious - which host?

 

There was a typo. Sorry for that. Updated it. By default the post request is not allowed by sling referrer filter in 6.1. 

Avatar

Level 1

Hi Justin,

             I am also facing same issue while requesting from the postman client for the token i am getting 403 forbidden.

Can you tell what are service required to be up and running for the oauth2. and also if its not how i will make up and running.

Thanks in advance.