Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEM Community Member of the Year!
Celebrate the Success!
SOLVED

Difference Between Technical Accounts in Adobe Developer Console and AEM Cloud Integration for OAuth Authentication

Avatar

Level 2
Level 2
1/9/25 5:03:27 AM

I am integrating an external application with an AEM Author instance to fetch data and display it in the application. I have implemented an OAuth-based server that generates access tokens using credentials (Client ID and Client Secret) from a project configured in the Adobe Developer Console. However, the access token I receive results in a 401 Unauthorized error when used to access the AEM instance.

I need clarification on the difference between:

  1. Technical accounts configured via the Adobe Developer Console.
  2. Technical accounts from the "Integrations" section in the AEM Cloud Service environment.

How can I effectively use the technical accounts from the AEM Cloud "Integrations" section to authenticate and fetch data?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

APIs Experience Manager Experience Manager as a Cloud Service Experience Manager Cloud Manager

Views

332

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
1/9/25 6:19:12 AM

Hi @Abhijeet_Kumar,

 

For Integration (Technical) accounts setup in an AEM Cloud environment, Oauth is not supported and it relies on JWT for authentication. From Adobe's official documentation:

 

"The AEM Developer Console (note the AEM in the name, which distinguishes it from the Adobe Developer Console) provides a utility to generate JWT tokens used for server-to-server APIs. These credentials are not deprecated and can continue to be used."

Link: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/jwt-cre...

 

Documentation for setting up integration accounts in AEMaaCS: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/dev...

 

Sample code to generate JWT payload and retrieve access tokens for authentication: https://developer.adobe.com/developer-console/docs/guides/authentication/JWT/samples/

 

Hope this helps,

Vinay

View solution in original post

Views

310

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
6 Replies

Avatar

Correct answer by
Level 2
Level 2
1/9/25 6:19:12 AM

Hi @Abhijeet_Kumar,

 

For Integration (Technical) accounts setup in an AEM Cloud environment, Oauth is not supported and it relies on JWT for authentication. From Adobe's official documentation:

 

"The AEM Developer Console (note the AEM in the name, which distinguishes it from the Adobe Developer Console) provides a utility to generate JWT tokens used for server-to-server APIs. These credentials are not deprecated and can continue to be used."

Link: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/jwt-cre...

 

Documentation for setting up integration accounts in AEMaaCS: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/dev...

 

Sample code to generate JWT payload and retrieve access tokens for authentication: https://developer.adobe.com/developer-console/docs/guides/authentication/JWT/samples/

 

Hope this helps,

Vinay

Views

311

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
1/9/25 8:35:51 PM
In response to Vinay-Lakshman

Hi @Vinay-Lakshman  Thanks for the response. It was really helpful.  
However `Documentation for setting up integration accounts in AEMaaCs` link is quite old and i believe we don't upload key as of now. We do get PEM file which comprises of PRIVATE KEY and PUBLIC KEY, clientID, clientSecret and much more. So i wonder if this document helps, The formatting of RSA key is quite a challenge.
I do get a access token but of no use. 

Views

271

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
1/9/25 10:12:48 PM
In response to Abhijeet_Kumar

Given that the integration accounts use JWT based authentication, a PKCS8 encoded private key would be necessary to facilitate the authentication process.

 

Here's a blog post that covers end-to-end implementation instructions on how to use the service credentials for authorizing access to an AEM Cloud instance with Java: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou...

 

AFAIK, this is the standard approach for authenticating requests to an AEM Cloud instance from an external application and should guide you on the next steps to proceed.

Views

262

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
1/9/25 6:20:34 AM

Hi,

 

The Adobe Developer Console is designed to integrate with and access Adobe APIs & SDKs, listen to events, run functions on Runtime, or build plugins and App Builder apps across various Adobe products, including AEM. When you create a technical account in this console, the focus is on using the APIs, SDKs, and events available for AEM, such as the new Content Fragments APIs. You can find the full list of available stuff here: https://developer.adobe.com/apis.

 

On the other hand, "service credentials," where you can also create "technical accounts," are specific to an AEM instance. These credentials are meant to authenticate and authorize access to the AEM server, similar to how you would log in directly to an AEM instance. Once authenticated, you can perform any actions within the AEM instance. The most common use case is to call a servlet, but other activities can also be performed. You can read more about this here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles....

 

Hope this helps

 


Esteban Bustamante

Views

309

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
1/9/25 8:38:06 PM
In response to EstebanBustamante

Thanks @EstebanBustamante  this does helps. 
Do we have any new doc where we can use java to generate access token . The one shared above is an old one.

Views

268

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
1/10/25 5:58:13 AM
In response to Abhijeet_Kumar

Sorry, I don't understand your question. What do you mean by "use Java to generate the access token"? It’s simply a matter of using any HTTP framework to make a couple of REST calls with Java. If that's what you're looking for, you can find an example here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou.... Additionally, here’s a newer version of the same information: https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/forms/forms-cs-ass....


Esteban Bustamante

Views

219

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle my-project.core [bundleID] and sub service metadata-update-service Solved

Views

82

Likes

0

Replies

3
How to find column headers for GlobalLink submission using "create from CSV"

Views

18

Likes

0

Replies

0
References showing zero in properties of an asset in aem

Views

48

Likes

0

Replies

2
How to send an email to an address submitted via form in a component?

Views

73

Likes

0

Replies

2
Technical Service Account

Views

81

Likes

0

Replies

2