Adobe Experience Manager Sites & More

Q. base64 encoded keys in the JSON ? 

A. yes - and that's why it’s important to ensure the credentials are managed securely based on your organization's security policies. 

Q. How long is the access token valid for? Is the time configurable? is it possible to have access refresh token to refresh access token? 

A. By default, access tokens are valid for 1 day. It is not possible to configure the validity time from the client. The access token expires and can't be refreshed. A new access token must be exchanged before expiration. 

Q.Is the token exchange library available on other languages, like Java or C#? 

A. While not available as referencable libraries, there are a number of code samples for how to perform this exchange with Adobe IMS APIs using a variety of languages: https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/samples/sam...

Q.Is this planned only for cloud service, or AMS too ? 

A. This approach is specific to AEM Cloud Service. There are existing solutions for AEM Managed Services to achieve a similar goal of authenticating service users.