AEM 6.4 - Oauth 2 legged authorization

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

18-03-2019

Hi All, I am trying to implement Oauth authorization in AEM publisher for certain resources.   As per the link https://www.albinsblog.com/2017/07/exposing-resources-through-oauth-aem.html#.XJByjSIzbIW  I undestand AEM supports 3 legged Oauth. I want to try 2 legged(Client credentials) and didnt see any helping documents for the same.

Have someone already tried this. Can you please share some pointers to the same

Regards,

Anand

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

25-03-2019

Hello Gaurav, Confimed by checking  the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

Answers (11)

Answers (11)

Avatar

Avatar
Boost 5
Employee
tanyakapila
Employee

Likes

9 likes

Total Posts

13 posts

Correct reply

3 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 3
View profile

Avatar
Boost 5
Employee
tanyakapila
Employee

Likes

9 likes

Total Posts

13 posts

Correct reply

3 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 3
View profile
tanyakapila
Employee

07-04-2019

Hi Anand,

As discussed, currently AEM do not support the client_credentials flow and internal discussions have triggered for including but there is no short-sighted plan to support it in the near future.

Regards.

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

25-03-2019

Sure. Have already raised a ticket with Daycare

Avatar

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile
Gaurav-Behl
MVP

25-03-2019

If that's the case, then you may reach out to DayCare and find out the reason/next steps.

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

24-03-2019

Hello Gaurav PFB the screen shot

2LEGGEDposT.JPG

Avatar

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile
Gaurav-Behl
MVP

22-03-2019

json format example-

curl --request POST \ --url 'https://YOUR_DOMAIN/oauth/token' \ --header 'content-type: application/json' \ --data '{"grant_type":"client_credentials","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","audience": "YOUR_API_IDENTIFIER"}'

I don't see "POST" in your screenshot.

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

22-03-2019

After step 9  , While requesting for Access token , the post request is failing in POSTMAN. However as mentioned in the link that I have pointed out , I was able to generate the access token using curl command. So 3 legged flow is working as expected in AEM. However I tried 2 legged (client_credentials ). But got the below error.

1716932_pastedImage_0.png

Any pointers??  smacdonald2008kautuksahni

Regards,

Anand.

Avatar

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile
Gaurav-Behl
MVP

21-03-2019

Could you please explain what step are you on based on the flow diagram @ Adobe Experience Manager Help | Developing OAuth Scopes in AEM

Did you pass correct parameters(grant_type, redirect_uri, client_id etc.) in POSTMAN?

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

21-03-2019

Yes. I am trying 3 legged only now. Followin the steps here: https://www.albinsblog.com/2017/05/how-to-get-basic-profile-details-of-user-through-oauth.html#.XJHd...

Here the Receive the access token step is failing.  The post request to http://localhost:4502/oauth/token is failing from POSTMAN.

Avatar

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile
Gaurav-Behl
MVP

20-03-2019

Probably, you are missing required headers via POSTMAN. Make required config changes to CSRF and Sling Referrer Filter for testing via POSTMAN - allow empty headers for testing. Enable Postman Interceptor and check

Have you tested your setup with usual 3 legged config to rule out any configuration related issues?

Couple of examples --https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

OAuth Server functionality in AEM - Embrace Federation and unleash your REST APIs!

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

20-03-2019

Thanks Gaurav. I tried to create the token but am getting the below error . I am trying to do POST request using Rest client and  seeing the below error in POSTMAN.

1715234_pastedImage_0.png

Error in error.log -- >

20.03.2019 12:38:38.876 *ERROR* [qtp1411610424-69] org.apache.felix.http.jetty Exception while processing request to /oauth/token (java.lang.IllegalStateException: Committed)

java.lang.IllegalStateException: Committed

at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:894) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:959) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) [org.apache.felix.http.jetty:4.0.6]

at javax.servlet.ServletResponseWrapper.resetBuffer(ServletResponseWrapper.java:195) [org.apache.felix.http.servlet-api:1.1.2]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:67) [org.apache.felix.http.jetty:4.0.6]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:61) [org.apache.felix.http.jetty:4.0.6]

at com.adobe.granite.oauth.server.impl.OAuth2TokenEndpointServlet.doPost(OAuth2TokenEndpointServlet.java:183) [com.adobe.granite.oauth.server:1.1.26]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) [org.apache.felix.http.servlet-api:1.1.2]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [org.apache.felix.http.servlet-api:1.1.2]

Avatar

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile
Gaurav-Behl
MVP

19-03-2019

Per my understanding, the implementation is same as 3-legged except you won't pass token and secret but empty strings. Client Application will need to have its client ID and secret stored in a secure manner

check the flow-

The OAuth Bible