Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

Enable OAuth 2.0 Access Token approach on AEM publisher domain.


Level 1


We are following Oauth2.o approach access protected files from client (non-AEM) by defining custom scope where we have provided read only access to folders/files.


Use Case:

  • The client requests authorization by directing AEM for authorization.
  • The AEM server authenticates the resource owner and informs the user about the client and the data requested by the client.
  • Once the user grants permission to access the protected data, the AEM redirects the user to the client with the temporary authorization code.
  • The client requests an access token in exchange for the authorization code.
  • The AEM authenticates the client, verifies the code, and will issue an access token to the client.
  • Now the client can access protected resources by presenting the access token to the resource server.
  • If the access token is valid, the resource server returns the requested resources to the client


Above use case is working fine in AEM author where we are getting authorization code and receiving access token by making call from postman and able to get protected file information.


We are facing some challenges to implement this in the publishing domain. Please let me know if input on below issue.


How do we bypass access confirmation step in AEM dispatcher path as there is no option to login & authorized access while generating authorization code?





Can we bypass the access confirmation step while generating authorization code as it requires manual login and   authorization.

We enabled OAuth Server Authentication Handler on Publisher domain and configured below rules in dispatcher filter but /oauth/authorize & /oauth/token are not working with domain URL.

/0217 { /type "allow" /method "GET" /url "/oauth/authorize" }
/0218 { /type "allow" /method "POST" /url "/oauth/token" }

1 Accepted Solution


Correct answer by

This feature is not supported for publish and in near future also there is no road map for this.

View solution in original post

3 Replies

Hi Nishant,

I am following same approach and its work fine in author environment.


When I am trying to implement same in Publish domain, below request looking for user login option to authorize request but in publish domain we don't have login option to authorize and generate code.








Correct answer by

This feature is not supported for publish and in near future also there is no road map for this.