How to generate auth tokens to access local dev graphQL endpoints? | Community
Skip to main content
T
TB3dock
Level 8
March 26, 2021
Question

How to generate auth tokens to access local dev graphQL endpoints?

  • March 26, 2021
  • 2 replies
  • 8429 views

the wnkd package comes with graphql endpoints configured at: http://localhost:4502/content/graphql/global/endpoint.json

 

However, If you try to access them, you get:

 

{
"servlet": "org.apache.felix.http.base.internal.dispatch.DispatcherServlet-313d2b89",
"message": "Forbidden",
"url": "/content/graphql/global/endpoint.json",
"status": "403"
}

 

There is very little information on how to authenticate. In the example React app, you put the username admin/admin in the env file, which implies its using basic authentication. But if you try to use the corresponding header:

 

Authorization: Basic YWRtaW46YWRtaW4=

 

It still gives 403

 

This document:  https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/authentication/local-development-access-token.html?lang=en#generate-a-local-development-access-token

 

Only shows how to get tokens from the cloud env control panel, not your local install, which doesnt have a control panel.

 

we have been going round in circles trying to get graphql working for many days, anyone who can help it would be greatly appreciated.

 

Ideally, we want to remove the authentication requirements from our local author instances, but this is undocumented.  In theory, the publish instance has this authentication removed, but getting local replication from author to publish has been equally difficult, and is a poor workaround.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

Vijayalakshmi_S
Vijayalakshmi_S
Level 10
March 26, 2021

Hi @tb3dock,

If using WKND package (that comes with GraphQL endpoint), cross check all the required configurations which are needed to make the endpoint work once. 

Also, in order to consume GraphQL(localhost:4502) from local React app (localhost:3000) => 

REACT_APP_AUTHORIZATION=admin:admin

This in uncommented way should be suffice. 

Alternatively, you can access GraphQL endpoint from local instance itself. (Just to confirm if endpoint is able to query and fetch available content fragments. Then you can test from local React app)

Only if we access the Cloud service instance, say author (as available in cloud) from an external app, we might need to use either Access Token method or Service Credentials method. 

  • If using Access Token method, it should be "Bearer" for token type and not "Basic".
    T
    TB3dockAuthor
    Level 8
    March 26, 2021

    Hi, this doesnt help.

    We are not using a react app, and we are trying to hit the graphql endpoing on port 4502, and we have nothing running on 3000. (this just for the react tutorial, which we are not using).   We are not using react.

     

    I have no idea how the example react app generates its authentication from the REACT_APP_AUTHORISATION you put in the react env file. This is no use for accessing graphql from our own app or from a graphql client unfortunately.  The point is that the local endpoint requires authentication, but we cant find any way to either fix this to NOT require authentication, or any documentation on how we pass authentication from our app hitting the author instance.

     

    WE guessed that the react app might be using basic auth, as this uses a user:password (base 64 encoded), but we tried this and it doesnt work.

     

    We also installed the graphiql client following the instructions exactly but this doesnt work either (this is a separate post)

     

    T
    TB3dockAuthor
    Level 8
    March 29, 2021

    The crux is, if there is no documented way for a graphGL client to call the grapgl endpoint, it is unusable.  The react app will be using some form of authentication, but this is not helpful as we dont know what it is.  There was an article about generating OATH2 credentials (client secret and client ID), but this only applies to AEM hosted cloud instances, not to local dev instances unfortunately.

      Terms & ConditionsAccessibility statement

      Loading footer...