Difference Between Technical Accounts in Adobe Developer Console and AEM Cloud Integration for OAuth Authentication | Community
Skip to main content
A
Abhijeet_Kumar
January 9, 2025
Solved

Difference Between Technical Accounts in Adobe Developer Console and AEM Cloud Integration for OAuth Authentication

  • January 9, 2025
  • 2 replies
  • 1424 views

I am integrating an external application with an AEM Author instance to fetch data and display it in the application. I have implemented an OAuth-based server that generates access tokens using credentials (Client ID and Client Secret) from a project configured in the Adobe Developer Console. However, the access token I receive results in a 401 Unauthorized error when used to access the AEM instance.

I need clarification on the difference between:

  1. Technical accounts configured via the Adobe Developer Console.
  2. Technical accounts from the "Integrations" section in the AEM Cloud Service environment.

How can I effectively use the technical accounts from the AEM Cloud "Integrations" section to authenticate and fetch data?

Best answer by Vinay-Lakshman

Hi @abhijeet_kumar,

 

For Integration (Technical) accounts setup in an AEM Cloud environment, Oauth is not supported and it relies on JWT for authentication. From Adobe's official documentation:

 

"The AEM Developer Console (note the AEM in the name, which distinguishes it from the Adobe Developer Console) provides a utility to generate JWT tokens used for server-to-server APIs. These credentials are not deprecated and can continue to be used."

Link: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/jwt-cre...

 

Documentation for setting up integration accounts in AEMaaCS: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/dev...

 

Sample code to generate JWT payload and retrieve access tokens for authentication: https://developer.adobe.com/developer-console/docs/guides/authentication/JWT/samples/

 

Hope this helps,

Vinay

2 replies

V
Vinay-LakshmanAccepted solution
January 9, 2025

Hi @abhijeet_kumar,

 

For Integration (Technical) accounts setup in an AEM Cloud environment, Oauth is not supported and it relies on JWT for authentication. From Adobe's official documentation:

 

"The AEM Developer Console (note the AEM in the name, which distinguishes it from the Adobe Developer Console) provides a utility to generate JWT tokens used for server-to-server APIs. These credentials are not deprecated and can continue to be used."

Link: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/jwt-cre...

 

Documentation for setting up integration accounts in AEMaaCS: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/dev...

 

Sample code to generate JWT payload and retrieve access tokens for authentication: https://developer.adobe.com/developer-console/docs/guides/authentication/JWT/samples/

 

Hope this helps,

Vinay

A
Abhijeet_KumarAuthor
January 10, 2025

Hi @vinay-lakshman  Thanks for the response. It was really helpful.  
However `Documentation for setting up integration accounts in AEMaaCs` link is quite old and i believe we don't upload key as of now. We do get PEM file which comprises of PRIVATE KEY and PUBLIC KEY, clientID, clientSecret and much more. So i wonder if this document helps, The formatting of RSA key is quite a challenge.
I do get a access token but of no use. 

V
Vinay-Lakshman
January 10, 2025

Given that the integration accounts use JWT based authentication, a PKCS8 encoded private key would be necessary to facilitate the authentication process.

 

Here's a blog post that covers end-to-end implementation instructions on how to use the service credentials for authorizing access to an AEM Cloud instance with Java: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accounts/

 

AFAIK, this is the standard approach for authenticating requests to an AEM Cloud instance from an external application and should guide you on the next steps to proceed.

EstebanBustamante
Community Advisor and Adobe Champion
EstebanBustamanteCommunity Advisor and Adobe Champion
Community Advisor and Adobe Champion
January 9, 2025

Hi,

 

The Adobe Developer Console is designed to integrate with and access Adobe APIs & SDKs, listen to events, run functions on Runtime, or build plugins and App Builder apps across various Adobe products, including AEM. When you create a technical account in this console, the focus is on using the APIs, SDKs, and events available for AEM, such as the new Content Fragments APIs. You can find the full list of available stuff here: https://developer.adobe.com/apis.

 

On the other hand, "service credentials," where you can also create "technical accounts," are specific to an AEM instance. These credentials are meant to authenticate and authorize access to the AEM server, similar to how you would log in directly to an AEM instance. Once authenticated, you can perform any actions within the AEM instance. The most common use case is to call a servlet, but other activities can also be performed. You can read more about this here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headless/authentication/service-credentials.

 

Hope this helps

 

Esteban Bustamante
A
Abhijeet_KumarAuthor
January 10, 2025

Thanks @estebanbustamante  this does helps. 
Do we have any new doc where we can use java to generate access token . The one shared above is an old one.

EstebanBustamante
Community Advisor and Adobe Champion
EstebanBustamanteCommunity Advisor and Adobe Champion
Community Advisor and Adobe Champion
January 10, 2025

Sorry, I don't understand your question. What do you mean by "use Java to generate the access token"? It’s simply a matter of using any HTTP framework to make a couple of REST calls with Java. If that's what you're looking for, you can find an example here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accounts/. Additionally, here’s a newer version of the same information: https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/forms/forms-cs-assembler/service-credentials.

Esteban Bustamante
Terms & ConditionsAccessibility statement

Loading footer...