Expand my Community achievements bar.

SOLVED

Assistance with JWT Token Expiry and OAuth Server-to-Server Authentication Issue

Avatar

Level 3
Level 3
2/13/25 10:40:36 AM

Requirement: I have a form in the publish environment, and upon submission, I need to create a .txt file in the author environment.

Current Solution:

  • I created a technical account ID through the Developer Console in the Integration tab, tuned the JWT token, and was able to successfully hit the author environment.
  • However, as the JWT token is nearing expiry, I am transitioning to OAuth Server-to-Server authentication. To do this, I selected the project and Cloud Manager API, created an account, and generated a new token.

Issue:

  • When I attempt to hit the author cloud URL, I am receiving a 401 Unauthorized error.
    naruk89179065_0-1739471974569.png

     

Question:

  • The technical user account was not created in the author's environment. Do we need to provide additional permissions to resolve the 401 Unauthorized error?

Any assistance or suggestions would be greatly appreciated.

CC:  @arunpatidar  @konstantyn_diachenko  @AmitVishwakarma @EstebanBustamante   @

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service

Views

454

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
2/19/25 8:31:48 PM
In response to Vinay-Lakshman

thanks @Vinay-Lakshman 

We contacted Adobe Support via email and received the following response:

 

 

This also affects the AEM Developer console as well as the Adobe Developer console. We take security very seriously at Adobe and the vulnerability to the JWT was such that our engineers made the decision to switch to OAuth server to server. So I would still suggest you implement an OAuth integration rather than a JWT for your connections prior to the end of life on June 30th, 2025.

View solution in original post

Views

262

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 2
Level 2
2/13/25 7:20:15 PM

Hi @naruk89179065,

For Integration (Technical) accounts setup in an AEM Cloud author environment's Developer Console, Oauth is not supported yet and it still relies on JWT for authentication.

 

You can refer this thread for more details and links for relevant documentation: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/difference-between-technic...

 

Hope this helps,

Vinay

Views

414

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/14/25 8:31:05 AM
In response to Vinay-Lakshman

thanks @Vinay-Lakshman 
Could you please confirm whether the following statement is correct?

AEM Developer Console JWT Access Tokens: JWT access tokens generated in the AEM Developer Console do not expire, However, we can regenerate the technical account or token whenever necessary to refresh credentials 

Screenshot 2025-02-14 at 3.12.46 PM.png

As for Maven dependencies, even after the JWT token expires, they will still work. The following dependencies are included in pom.xml file:

<dependency>

<groupId>io.jsonwebtoken</groupId>

<artifactId>jjwt-api</artifactId>

<version>0.11.2</version>

<scope>provided</scope>

</dependency>

<dependency>

<groupId>io.jsonwebtoken</groupId>

<artifactId>jjwt-impl</artifactId>

<version>0.11.2</version>

<scope>runtime</scope>

</dependency>

<dependency>

<groupId>io.jsonwebtoken</groupId>

<artifactId>jjwt-jackson</artifactId>

<version>0.11.2</version>

<scope>runtime</scope>

</dependency>

Views

362

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/14/25 9:09:57 AM
In response to KotiReddyNa

Hi @KotiReddyNa,

Let me clarify:

There should be no problem with resolving the JWT maven dependencies and they are not related to the expiry of technical account credentials. Here's a code sample in java to help generate access tokens using JWT: https://github.com/AdobeDocs/adobe-dev-console/tree/main/samples/adobe-jwt-java

 

Hope this makes things clear

 

Views

359

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/14/25 9:32:47 AM
In response to Vinay-Lakshman

thanks @Vinay-Lakshman 

Views

350

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
2/19/25 8:31:48 PM
In response to Vinay-Lakshman

thanks @Vinay-Lakshman 

We contacted Adobe Support via email and received the following response:

 

 

This also affects the AEM Developer console as well as the Adobe Developer console. We take security very seriously at Adobe and the vulnerability to the JWT was such that our engineers made the decision to switch to OAuth server to server. So I would still suggest you implement an OAuth integration rather than a JWT for your connections prior to the end of life on June 30th, 2025.

Views

263

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
SAML2 - AEM CaaS issue for existing user in AEM not able to logged to repo

Views

41

Likes

0

Replies

1
is AEM using ingress-nginx for dispatcher & publisher servers

Views

45

Likes

0

Replies

1
Associate Vanity URLs with expiry date

Views

64

Likes

0

Replies

2
AEM Cloud Build pipeline fails due to Code Scanner (Jacoco) plugin version does not support Multi-Release Jars

Views

90

Likes

0

Replies

3
dual resource call from the same component with mobile view and desktop view

Views

60

Likes

0

Replies

2