Assistance with JWT Token Expiry and OAuth Server-to-Server Authentication Issue

Question

Requirement: I have a form in the publish environment, and upon submission, I need to create a .txt file in the author environment.Current Solution:I created a technical account ID through the Developer Console in the Integration tab, tuned the JWT token, and was able to successfully hit the author environment.However, as the JWT token is nearing expiry, I am transitioning to OAuth Server-to-Server authentication. To do this, I selected the project and Cloud Manager API, created an account, and generated a new token.Issue:When I attempt to hit the author cloud URL, I am receiving a 401 Unauthorized error. Question:The technical user account was not created in the author's environment. Do we need to provide additional permissions to resolve the 401 Unauthorized error?Any assistance or suggestions would be greatly appreciated.CC:  @arunpatidar  @konstantyn_diachenko  @amitvishwakarma @estebanbustamante   @Tethich@aanchal-sikka

KotiReddyNa · Accepted Answer

Hi @kotireddyna,Let me clarify:Technical Accounts created under the integration tab of an AEM instance's Developer Console do not expire.However, the certificate (credentials) under a technical account expires by default after one year. And you are right, you can generate a new certificate when the exisitng one nears expiry. If you need help with refreshing your credentials, refer this: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/generating-access-tokens-for-server-side-apis#refresh-credentialsThese credentials (non-expired) are used to create a JWT token in a call to Adobe’s IMS service to retrieve an access token. This access token is valid for 24 hours. More about this can be found here: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/generating-access-tokens-for-server-side-apis#generate-a-jwt-token-and-exchange-it-for-an-access-tokenThere should be no problem with resolving the JWT maven dependencies and they are not related to the expiry of technical account credentials. Here's a code sample in java to help generate access tokens using JWT: https://github.com/AdobeDocs/adobe-dev-console/tree/main/samples/adobe-jwt-java Hope this makes things clear thanks @vinay-lakshman We contacted Adobe Support via email and received the following response:  This also affects the AEM Developer console as well as the Adobe Developer console. We take security very seriously at Adobe and the vulnerability to the JWT was such that our engineers made the decision to switch to OAuth server to server. So I would still suggest you implement an OAuth integration rather than a JWT for your connections prior to the end of life on June 30th, 2025.

Vinay-Lakshman · Answer

Hi @naruk89179065,For Integration (Technical) accounts setup in an AEM Cloud author environment's Developer Console, Oauth is not supported yet and it still relies on JWT for authentication. You can refer this thread for more details and links for relevant documentation: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/difference-between-technical-accounts-in-adobe-developer-console/m-p/729676#M179483 Hope this helps,Vinay

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded