I'm trying to generate an access token, so i can GET persisted queries results from a 3rd party java application.
To test this access, i'm doing the following steps:
1- Create a local user on https://<author instance>/
ex: camel-integration
2- Allow jcr:read permissions form created user at "/" path
3- Login with local user
4- Register OAuth Client
https://<author instance>/libs/granite/oauth/content/clients.html
5- Download Private Key as store.p12
6- Extract private key
openssl pkcs12 -in store.p12 -passin pass:notasecret -nocerts -nodes -out store.private.key.txt
7- Generate a JWT Token:
Header
{
"alg":"RS256",
"typ":"JWT"
}
Payload
{
"aud":"https://<author instance>/oauth/token",
"iss":"<Client Id of the OAuth Client created at step 3>",
"sub":"<local user name created at step 1>",
"exp":"<Current time in milliseconds + expiry>",
"iat":"<Current time in milliseconds>",
"scope":"profile",
"cty":"code"
}
Signature
<Extracted private key at step 5>,
<Extracted private key at step 5>
8- Retrieve token from AEM
curl -H "Content-Type:application/x-www-form-urlencoded" -d "assertion=<JWT token from step 6>&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&redirect_uri=<redirect URI from step 3>&client_id=<client id from step 3>&client_secret=<client secret from step 3>" https://<author instance>/oauth/token
9- Test access
curl -H "Authorization:Bearer <token from step 7>" https://<author instance>/libs/oauth/profile
I have succeeded on my local environment, but getting 401 error code on a cloud dev environment.
Does any one knows why?
Solved! Go to Solution.
Views
Replies
Total Likes
Hello @Marcos_Paulode
Please find below the link of the Blog where a java code snippet is available.
It generates JWT token, and then access token from Service account credentials.
It is the recommended way of authentication, when needed for GraphQL queries
Could you please double-check that you are using the correct credentials (username, password, client ID, client secret) for the cloud dev environment. Ensure that the username and client ID used in the JWT payload match the user and client created in the cloud dev environment.
Yes, i have just checked.
Hi,
The 401 error you're encountering in your cloud dev environment indicates an authentication issue.
Local env:
OAuht client user: 6an9gj0505sgicsj4o5dtb76u-imj8z0bl
Local user: mpma06
Cloud dev env:
OAyth client user: vs5khimemmmn4ttq02anuqs9ur-0_mutpe4
Local user: camel-integration
401 resolves to authentication error.
can you share the curl log that you are getting after executing the curl command on step9
It is caused when you don't have proper permissions, i would suggest you to re-check the permissions.
Hello @Marcos_Paulode
I would suggest to use AEM Service credentials to achieve the App-to-App integration.
Please refer to the detailed set up on https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/a...
The Oauth from https://developer.adobe.com/ is not supported in AEM currently.
Doubtful if OAuth from https://<author instance>/libs/granite/oauth/content/clients.html is a recommended way
Hello @Marcos_Paulode
Please find below the link of the Blog where a java code snippet is available.
It generates JWT token, and then access token from Service account credentials.
It is the recommended way of authentication, when needed for GraphQL queries