Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM 6.4 - Oauth 2 legged authorization

Avatar

Level 4
Level 4
3/18/19 9:49:11 PM

Hi All, I am trying to implement Oauth authorization in AEM publisher for certain resources.   As per the link https://www.albinsblog.com/2017/07/exposing-resources-through-oauth-aem.html#.XJByjSIzbIW  I undestand AEM supports 3 legged Oauth. I want to try 2 legged(Client credentials) and didnt see any helping documents for the same.

Have someone already tried this. Can you please share some pointers to the same

Regards,

Anand

Views

11.4K

Replies

13
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 4
Level 4
3/25/19 4:30:12 AM

Hello Gaurav, Confimed by checking  the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

View solution in original post

Views

6.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
13 Replies

Avatar

Level 10
Level 10
3/19/19 11:18:59 AM

Per my understanding, the implementation is same as 3-legged except you won't pass token and secret but empty strings. Client Application will need to have its client ID and secret stored in a secure manner

check the flow-

The OAuth Bible

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
3/20/19 1:27:23 AM

Thanks Gaurav. I tried to create the token but am getting the below error . I am trying to do POST request using Rest client and  seeing the below error in POSTMAN.

1715234_pastedImage_0.png

Error in error.log -- >

20.03.2019 12:38:38.876 *ERROR* [qtp1411610424-69] org.apache.felix.http.jetty Exception while processing request to /oauth/token (java.lang.IllegalStateException: Committed)

java.lang.IllegalStateException: Committed

at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:894) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:959) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) [org.apache.felix.http.jetty:4.0.6]

at javax.servlet.ServletResponseWrapper.resetBuffer(ServletResponseWrapper.java:195) [org.apache.felix.http.servlet-api:1.1.2]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:67) [org.apache.felix.http.jetty:4.0.6]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:61) [org.apache.felix.http.jetty:4.0.6]

at com.adobe.granite.oauth.server.impl.OAuth2TokenEndpointServlet.doPost(OAuth2TokenEndpointServlet.java:183) [com.adobe.granite.oauth.server:1.1.26]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) [org.apache.felix.http.servlet-api:1.1.2]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [org.apache.felix.http.servlet-api:1.1.2]

Views

6.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
3/20/19 12:01:15 PM

Probably, you are missing required headers via POSTMAN. Make required config changes to CSRF and Sling Referrer Filter for testing via POSTMAN - allow empty headers for testing. Enable Postman Interceptor and check

Have you tested your setup with usual 3 legged config to rule out any configuration related issues?

Couple of examples --https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

OAuth Server functionality in AEM - Embrace Federation and unleash your REST APIs!

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
3/21/19 2:40:42 AM

Yes. I am trying 3 legged only now. Followin the steps here: https://www.albinsblog.com/2017/05/how-to-get-basic-profile-details-of-user-through-oauth.html#.XJHd...

Here the Receive the access token step is failing.  The post request to http://localhost:4502/oauth/token is failing from POSTMAN.

Views

6.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
3/21/19 1:20:46 PM

Could you please explain what step are you on based on the flow diagram @ Adobe Experience Manager Help | Developing OAuth Scopes in AEM

Did you pass correct parameters(grant_type, redirect_uri, client_id etc.) in POSTMAN?

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
3/22/19 9:57:08 AM

After step 9  , While requesting for Access token , the post request is failing in POSTMAN. However as mentioned in the link that I have pointed out , I was able to generate the access token using curl command. So 3 legged flow is working as expected in AEM. However I tried 2 legged (client_credentials ). But got the below error.

1716932_pastedImage_0.png

Any pointers??  smacdonald2008kautuksahni

Regards,

Anand.

Views

6.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
3/22/19 10:26:47 AM

json format example-

curl --request POST \ --url 'https://YOUR_DOMAIN/oauth/token' \ --header 'content-type: application/json' \ --data '{"grant_type":"client_credentials","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","audience": "YOUR_API_IDENTIFIER"}'

I don't see "POST" in your screenshot.

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 4
Level 4
3/25/19 4:30:12 AM

Hello Gaurav, Confimed by checking  the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

Views

6.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
8/13/20 9:28:27 PM
In response to a_mn1
Hi, just a question we are trying to implement oauth2 using client_credentials, is it already supported?

Views

4.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
3/25/19 6:56:38 AM

If that's the case, then you may reach out to DayCare and find out the reason/next steps.

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
3/25/19 9:07:00 PM

Sure. Have already raised a ticket with Daycare

Views

6.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
4/7/19 8:38:51 PM

Hi Anand,

As discussed, currently AEM do not support the client_credentials flow and internal discussions have triggered for including but there is no short-sighted plan to support it in the near future.

Regards.

Views

6.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Pipeline-free URL Redirects is not working in AEM Cloud Dispatcher Solved

Views

149

Likes

0

Replies

5
Reg: Video Smartcrops in AEM 6.5

Views

41

Likes

0

Replies

1
AEM session management and user access

Views

91

Likes

0

Replies

3
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

61

Likes

0

Replies

1
How to mask the image in AEM?

Views

112

Likes

0

Replies

3