Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list

deploying custom scope


Level 4

how to deploy custom scope in AEM 

by default AEM 6.5 provides profile , offline and replicate scopes

8 Replies


Community Advisor

Hi @sriram_1 ,

May I know what do you mean by custom scope? - is it OAuth Scopes? If yes please refer to this:

Appreciate If you elaborate more of your question for better understanding, if I misunderstood. 




Level 4

Hi Santosh thanks for the quick response,

we are working in a project where we need to fetch/crawl data from AEM.

as part of project we want to implement server to server authentication mechanism could you provide me some inputs on how to achieve this.


I am referring into this doc for authentication: 





Level 4

Hi @SantoshSai 

yes it is Oauth scope.


below is the code for custom scope as mentioned in the above link provided by you


package com.adobe.acs.samples.authentication.oauth.impl;

import com.adobe.granite.oauth.server.Scope;
import com.adobe.granite.oauth.server.ScopeWithPrivileges;
import org.osgi.service.component.annotations.Component;

import javax.servlet.http.HttpServletRequest;

 * OAuth Scope support was introduced in AEM 6.3
        service = Scope.class
// This class must implement ScopeWithPrivileges, but it must register as an OSGi Service against Scope.class
public class SampleScopeWithPrivileges implements ScopeWithPrivileges {
    public static final String WRITE_DAM_SCOPE_NAME = "vendor-x__write-dam";
    public static final String BASE_PATH = "/content/dam";

     * Informational purposes only
    public String getDescription(HttpServletRequest request) {
        return "Write access to AEM Assets";

     * return the unique Scope name. This value must be unique across all scope implementations.
    public String getName() {
        // If there is overlay in Scope's w the same `getName()` value, one of the named scopes will be selected at random for use (based on Service registration order).
        // If a scope is being provided as a 3rd party package, it is good to ensure the scope name has some low-likelihood collision name:
        // * For example: "vendor-x__dam_write"
        return WRITE_DAM_SCOPE_NAME;

     * @param user The authenticated "AEM user" being asked to authorise the scope.
     *             return the JCR path these privileges provided by `getPrivileges()`.
    public String getResourcePath(User user) {
        // While the User is provided; it is atypical to derive the path based on the user.
        // Assuming a low number of path/privilege permutation is its usually better create multiple scopes for each user-type/path combination.

        // A use case for having the user drive the result of getResourcePath, is for a scope that provides access to the authorizing user's rep:User/profile node.
        return BASE_PATH;

     * If the scope is associated with one specific endpoint return the URI to the endpoint. Otherwise return null.
    public String getEndpoint() {
        // Return null
        return null;

     * - JCR Privileges:
     * - JCR Privilege Mapping:
     * - AEM Privileges: cq:storeUGC, crx:replicate
     * - Custom privileges also supported (though these are rare)
    private static final String[] privileges = {

     * return the privileges to be applied to the path returned by `getResource(...)`. Note these will supersede any JCR-based ACLs.
    public String[] getPrivileges() {
        return privileges;




could you please elaborate me on : // This class must implement ScopeWithPrivileges, but it must register as an OSGi Service against Scope.class


Thank you 


Community Advisor


Yes ScopeWithPrivileges is interface and which extends Scope interface for scopes that define required privileges on their content paths.

API Documentation:



Level 4

yes, but how to egister as an OSGi Service against Scope.class and how to implement the same