Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

AEM 6.5 after getting OAuth2 token everything returns 404

Avatar

Level 2

I am trying to set the OAuth 2.0 flow for server to server communication. I am able to do the steps outlined here https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4... up until the point of getting the token back form AEM. Using the token on the next request always gives a 404 response.

 

I have tested the manual flow to authorize the user and the JWT method as well with the same results. User is part of administrators group (just while I'm testing) so permissions are good and the scope has all permissions for /content/dam.

 

 

3 Replies

Avatar

Administrator

@Albin_Issac Users is facing Issues following your article on "OAuth 2.0 Server Functionalities in AEM — Deep Dive | How to Manage the Protected AEM Resources through OAuth 2.0".

 

Can you please help?

 



Kautuk Sahni

Avatar

Level 2

Update on this: I can see the registered client correctly on AEM, I can also see the tokens granted, with the custom scope I created, containing jcr:all permissions for /content/dam. When I try to access anything in the JCR response is 404, and when I try servlets response is correct.

 

This points to me ACLs are the problem with Resource Resolver but user has access to those paths and scope does too. 

Avatar

Level 2

Final update:

I found out what the problem was. All of the setup was correct except one thing briefly mentioned in the article. All privileges are applied through the system user: oauthservice.

This user is in charge of applying the privileges for the custom scopes. I set permissions for /content/dam for that user and everything else worked.