Expand my Community achievements bar.

SOLVED

Enable OAuth 2.0 Access Token approach on AEM publisher domain.

Avatar

Level 1

Hi 

We are following Oauth2.o approach access protected files from client (non-AEM) by defining custom scope where we have provided read only access to folders/files.

 

Use Case:

  • The client requests authorization by directing AEM for authorization.
  • The AEM server authenticates the resource owner and informs the user about the client and the data requested by the client.
  • Once the user grants permission to access the protected data, the AEM redirects the user to the client with the temporary authorization code.
  • The client requests an access token in exchange for the authorization code.
  • The AEM authenticates the client, verifies the code, and will issue an access token to the client.
  • Now the client can access protected resources by presenting the access token to the resource server.
  • If the access token is valid, the resource server returns the requested resources to the client

.

Above use case is working fine in AEM author where we are getting authorization code and receiving access token by making call from postman and able to get protected file information.

 

We are facing some challenges to implement this in the publishing domain. Please let me know if input on below issue.

 

How do we bypass access confirmation step in AEM dispatcher path as there is no option to login & authorized access while generating authorization code?

 

Pradeep29095261w9v9_0-1691138888652.png

 

         

Can we bypass the access confirmation step while generating authorization code as it requires manual login and   authorization.

We enabled OAuth Server Authentication Handler on Publisher domain and configured below rules in dispatcher filter but /oauth/authorize & /oauth/token are not working with domain URL.


/0217 { /type "allow" /method "GET" /url "/oauth/authorize" }
/0218 { /type "allow" /method "POST" /url "/oauth/token" }

1 Accepted Solution

Avatar

Correct answer by
Employee

This feature is not supported for publish and in near future also there is no road map for this.

View solution in original post

3 Replies

Hi Nishant,

I am following same approach and its work fine in author environment.

 

When I am trying to implement same in Publish domain, below request looking for user login option to authorize request but in publish domain we don't have login option to authorize and generate code.

 

https://<Publish_Domain>/oauth/authorize?response_type=code&client_id=<client_id>&scope=offline_acce...

Pradeep29095261w9v9_0-1691163011908.png

 

 

 

Avatar

Correct answer by
Employee

This feature is not supported for publish and in near future also there is no road map for this.