How to authenticate frontend application in AEM 6.5.13 in AMS | Community
Skip to main content
Mario248
Mario248
Level 7
June 17, 2022

How to authenticate frontend application in AEM 6.5.13 in AMS

  • June 17, 2022
  • 2 replies
  • 1755 views

I want to export AEM content to frontend team. Planning to export content using content as service. For security reason we want to authenticate AEM APIs and AEM Assets. For example. /content/my-site/welcome.modal.json and it is DAM assets to be accessible by the frontend application.

 

In AEMaaCS we can authentication token from develop console which then can be shared to frontend team. In case of AMS, AEM 6.513 world, what token to be shared to frontend/external application? Does AEM 6.5 provide any OOTB authentication service to validate the frontend/external application ?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

Bhuwan_B
Community Advisor
Bhuwan_BCommunity Advisor
Community Advisor
June 17, 2022

@mario248 Please check the below URL if that helps.

http://experience-aem.blogspot.com/2021/10/aem-65-sp10-simple-token-based-authentication.html

    Mario248
    Mario248Author
    Level 7
    June 22, 2022

    How about using apache sling referrer filter in AEM. AEM will reject the request if we are not allowing the front end application in "Allow Host"

    Is this not sufficient to control frontend application ? Do we really oauth kind of authentication?

      joerghoh
      Adobe Employee
      joerghohAdobe Employee
      Adobe Employee
      June 17, 2022

      When you write "authentication service to validate the frontend/external application", does that mean that the user (which is using this frontend application) is not required to authenticate, but only the application itself?

       

      In other words, do you want to only your frontend application can access AEM content? And that it should not be possible that I can download the same content using curl (or any HTTP client)?

        Mario248
        Mario248Author
        Level 7
        June 22, 2022

        How about using apache sling referrer filter in AEM. AEM will reject the request if we are not allowing the front end application in "Allow Host"

         

        Is this not sufficient to control frontend application ? Do we really oauth kind of authentication?

          joerghoh
          Adobe Employee
          joerghohAdobe Employee
          Adobe Employee
          July 6, 2022

          That does not help, because it can easily be spoofed. I just record a request in the browser and then send the same request (including all parameters) using curl. In this case it's not possible to distinguish curl from the browser running your FE application.

           

          If your backend requires authentication it can only detect which user is accessing it. It can never reliably detect if it's a smartphone, a desktop browser or a simple http client like curl. But in the majority of the cases this does not matter at all.

           

           

            Terms & ConditionsAccessibility statement

            Loading footer...