Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

How do I set the OAuth Client scope in AEM 6.2?

Avatar

Level 2

Hi,

I've been working on a simple OAuth client app that allows a user to authenticate against AEM 6.2 , get an Access Token and use it to fetch an Asset 

Background is covered in:

http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

The first 2 steps are working but I need to set the scope and it is NOT clear how to do this in the provided documentation and examples.

Details as follows:

Next step is to change scope from 'profile' to '/content/dam' in order to fetch content. This gives me an error 'invalid_scope', which makes sense as the OAuth Client is not configured to allow this scope yet. Trying to configure it and on /system/console/configMgr I see no 'OAuth Resource Server' configurations. Also, if I browse to /system/console/configMgr/com.adobe.granite.oauth.server.impl.OAuth2ResourceServerImpl I will get this error message:

        
    

This form is automatically generated from existing properties because no property descriptors are available for this configuration. This may be cause by the absence of the OSGi Metatype Service or the absence of a MetaType descriptor for this configuration.

  

Does it mean that our installation is missing a module required for OAuth?

Thanks for any help you can give.

Mike

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi Mike,

Scopes have to be added in code by implementing com.adobe.granite.oauth.server.Scope interface and then implementing the OAuth2ResourceServer’s getAllowedScopes() method to return the newly added scope.

You are getting an invalid scope because you have to implement the scope and then add it to the map. AEM will not know about the newly available Scopes until there's an implemention for getAllowedScopes().

Reference:

https://docs.adobe.com/content/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-an...
https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea....

Hope this is helpful,

Jed

View solution in original post

2 Replies

Avatar

Level 1

Any update? I am having the same issue as well using AEM 6.3 trying to expose the AEM HTTP Assets API (https://docs.adobe.com/docs/en/aem/6-3/develop/extending/mac-api-assets.html)

Avatar

Correct answer by
Employee

Hi Mike,

Scopes have to be added in code by implementing com.adobe.granite.oauth.server.Scope interface and then implementing the OAuth2ResourceServer’s getAllowedScopes() method to return the newly added scope.

You are getting an invalid scope because you have to implement the scope and then add it to the map. AEM will not know about the newly available Scopes until there's an implemention for getAllowedScopes().

Reference:

https://docs.adobe.com/content/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-an...
https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea....

Hope this is helpful,

Jed