Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM Email Oauth Configuration - Redirect Url?

Avatar

Level 2

I'm following this guide to set up email notifications in AEM via OAuth, as it is required to send emails via Microsoft Office 365.

 

https://experienceleague.adobe.com/docs/experience-manager-65/administering/operations/notification....

 

The question I have is about the "Redirect Url" configured in Azure, and the "AuthCode Redirect Url" on the "CQ Mailer SMTP OAuth2 Provider" configuration.

 

The documentation just gives the value of http://localhost:4503/services/mailer/oauth2/token but doesn't explain how / why this URL is used.  It seems like this is a placeholder but it's not exactly clear how it needs to be replaced for each server?

 

We are actually setting up email on the Author server, so should this be on port 4502?  And should the URL be the fully qualified externally resolvable URL for the server rather than localhost?  It is a bit confusing as the documentation reads like this is a set value rather than something that should be set according to the specific environment.

 

1 Accepted Solution

Avatar

Correct answer by
Level 5

Hi @raymuirhead,

AEM  "CQ Mailer SMTP OAuth2 Provider" service is based on oAuth2 authentication mechanism. In this case, oauth authorization server (here Azure AD) needs redirect url where this authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token. 

 You can read further information on oauth2 flow and redirect url.

Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra | Microsoft Lear...

Redirect URI (reply URL) restrictions - Microsoft Entra | Microsoft Learn

 

Coming back to the instruction given in the Adobe document for "CQ Mailer SMTP OAuth2 Provider" configuration, "AuthCode Redirect Url" pointing to localhost (localhost;4503/services/mailer/oauth2/token), it can be seen that same url has been registered in Azure AD configuration for Redirect URI (step 8 in Adobe document). So, after authorization user will be redirected to this url for further process in the flow at AEM end.
In order to resolve this url at AEM, it needs to be internally redirected to respective service (i.e. /services/mailer/oauth2/token) in AEM (please refer - How to use internal redirects in AEM? - MagmaLabs Blog) if not already available otherwise instead of localhost, url externally accessible to the network needs to be configured at Azure AD and AEM.

 

Hope this helps.

 

View solution in original post

1 Reply

Avatar

Correct answer by
Level 5

Hi @raymuirhead,

AEM  "CQ Mailer SMTP OAuth2 Provider" service is based on oAuth2 authentication mechanism. In this case, oauth authorization server (here Azure AD) needs redirect url where this authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token. 

 You can read further information on oauth2 flow and redirect url.

Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra | Microsoft Lear...

Redirect URI (reply URL) restrictions - Microsoft Entra | Microsoft Learn

 

Coming back to the instruction given in the Adobe document for "CQ Mailer SMTP OAuth2 Provider" configuration, "AuthCode Redirect Url" pointing to localhost (localhost;4503/services/mailer/oauth2/token), it can be seen that same url has been registered in Azure AD configuration for Redirect URI (step 8 in Adobe document). So, after authorization user will be redirected to this url for further process in the flow at AEM end.
In order to resolve this url at AEM, it needs to be internally redirected to respective service (i.e. /services/mailer/oauth2/token) in AEM (please refer - How to use internal redirects in AEM? - MagmaLabs Blog) if not already available otherwise instead of localhost, url externally accessible to the network needs to be configured at Azure AD and AEM.

 

Hope this helps.