Hi All, I am trying to implement Oauth authorization in AEM publisher for certain resources. As per the link https://www.albinsblog.com/2017/07/exposing-resources-through-oauth-aem.html#.XJByjSIzbIW I undestand AEM supports 3 legged Oauth. I want to try 2 legged(Client credentials) and didnt see any helping documents for the same.
Have someone already tried this. Can you please share some pointers to the same
Regards,
Anand
Solved! Go to Solution.
Views
Replies
Total Likes
Hello Gaurav, Confimed by checking the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.
1. AUTHORIZATION_CODE
2. REFRESH_TOKEN
3. JWT_BEARER
Per my understanding, the implementation is same as 3-legged except you won't pass token and secret but empty strings. Client Application will need to have its client ID and secret stored in a secure manner
check the flow-
Thanks Gaurav. I tried to create the token but am getting the below error . I am trying to do POST request using Rest client and seeing the below error in POSTMAN.
Error in error.log -- >
20.03.2019 12:38:38.876 *ERROR* [qtp1411610424-69] org.apache.felix.http.jetty Exception while processing request to /oauth/token (java.lang.IllegalStateException: Committed)
java.lang.IllegalStateException: Committed
at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:894) [org.apache.felix.http.jetty:4.0.6]
at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:959) [org.apache.felix.http.jetty:4.0.6]
at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) [org.apache.felix.http.jetty:4.0.6]
at javax.servlet.ServletResponseWrapper.resetBuffer(ServletResponseWrapper.java:195) [org.apache.felix.http.servlet-api:1.1.2]
at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:67) [org.apache.felix.http.jetty:4.0.6]
at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:61) [org.apache.felix.http.jetty:4.0.6]
at com.adobe.granite.oauth.server.impl.OAuth2TokenEndpointServlet.doPost(OAuth2TokenEndpointServlet.java:183) [com.adobe.granite.oauth.server:1.1.26]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) [org.apache.felix.http.servlet-api:1.1.2]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [org.apache.felix.http.servlet-api:1.1.2]
Probably, you are missing required headers via POSTMAN. Make required config changes to CSRF and Sling Referrer Filter for testing via POSTMAN - allow empty headers for testing. Enable Postman Interceptor and check
Have you tested your setup with usual 3 legged config to rule out any configuration related issues?
Couple of examples --https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/
https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/
OAuth Server functionality in AEM - Embrace Federation and unleash your REST APIs!
Yes. I am trying 3 legged only now. Followin the steps here: https://www.albinsblog.com/2017/05/how-to-get-basic-profile-details-of-user-through-oauth.html#.XJHd...
Here the Receive the access token step is failing. The post request to http://localhost:4502/oauth/token is failing from POSTMAN.
Could you please explain what step are you on based on the flow diagram @ Adobe Experience Manager Help | Developing OAuth Scopes in AEM
Did you pass correct parameters(grant_type, redirect_uri, client_id etc.) in POSTMAN?
After step 9 , While requesting for Access token , the post request is failing in POSTMAN. However as mentioned in the link that I have pointed out , I was able to generate the access token using curl command. So 3 legged flow is working as expected in AEM. However I tried 2 legged (client_credentials ). But got the below error.
Any pointers?? smacdonald2008 kautuksahni
Regards,
Anand.
json format example-
curl --request POST \ --url 'https://YOUR_DOMAIN/oauth/token' \ --header 'content-type: application/json' \ --data '{"grant_type":"client_credentials","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","audience": "YOUR_API_IDENTIFIER"}'
I don't see "POST" in your screenshot.
Hello Gaurav PFB the screen shot
Hello Gaurav, Confimed by checking the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.
1. AUTHORIZATION_CODE
2. REFRESH_TOKEN
3. JWT_BEARER
If that's the case, then you may reach out to DayCare and find out the reason/next steps.
Sure. Have already raised a ticket with Daycare
Hi Anand,
As discussed, currently AEM do not support the client_credentials flow and internal discussions have triggered for including but there is no short-sighted plan to support it in the near future.
Regards.
Views
Like
Replies