Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

How to generate auth tokens to access local dev graphQL endpoints?

Avatar

Avatar
Ignite 10
Level 4
TB3dock
Level 4

Likes

34 likes

Total Posts

203 posts

Correct Reply

4 solutions
Top badges earned
Ignite 10
Boost 25
Give Back 25
Validate 10
Validate 1
View profile

Avatar
Ignite 10
Level 4
TB3dock
Level 4

Likes

34 likes

Total Posts

203 posts

Correct Reply

4 solutions
Top badges earned
Ignite 10
Boost 25
Give Back 25
Validate 10
Validate 1
View profile
TB3dock
Level 4

26-03-2021

the wnkd package comes with graphql endpoints configured at: http://localhost:4502/content/graphql/global/endpoint.json

 

However, If you try to access them, you get:

 

{
"servlet": "org.apache.felix.http.base.internal.dispatch.DispatcherServlet-313d2b89",
"message": "Forbidden",
"url": "/content/graphql/global/endpoint.json",
"status": "403"
}

 

There is very little information on how to authenticate. In the example React app, you put the username admin/admin in the env file, which implies its using basic authentication. But if you try to use the corresponding header:

 

Authorization: Basic YWRtaW46YWRtaW4=

 

It still gives 403

 

This document:  https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/a...

 

Only shows how to get tokens from the cloud env control panel, not your local install, which doesnt have a control panel.

 

we have been going round in circles trying to get graphql working for many days, anyone who can help it would be greatly appreciated.

 

Ideally, we want to remove the authentication requirements from our local author instances, but this is undocumented.  In theory, the publish instance has this authentication removed, but getting local replication from author to publish has been equally difficult, and is a poor workaround.

Accepted Solutions (0)

Answers (2)

Answers (2)

Avatar

Avatar
Ignite 10
Level 4
TB3dock
Level 4

Likes

34 likes

Total Posts

203 posts

Correct Reply

4 solutions
Top badges earned
Ignite 10
Boost 25
Give Back 25
Validate 10
Validate 1
View profile

Avatar
Ignite 10
Level 4
TB3dock
Level 4

Likes

34 likes

Total Posts

203 posts

Correct Reply

4 solutions
Top badges earned
Ignite 10
Boost 25
Give Back 25
Validate 10
Validate 1
View profile
TB3dock
Level 4

29-03-2021

The crux is, if there is no documented way for a graphGL client to call the grapgl endpoint, it is unusable.  The react app will be using some form of authentication, but this is not helpful as we dont know what it is.  There was an article about generating OATH2 credentials (client secret and client ID), but this only applies to AEM hosted cloud instances, not to local dev instances unfortunately.

Avatar

Avatar
Boost 500
MVP
Vijayalakshmi_S
MVP

Likes

500 likes

Total Posts

637 posts

Correct Reply

211 solutions
Top badges earned
Boost 500
Give Back 50
Give Back 5
Ignite 10
Ignite 5
View profile

Avatar
Boost 500
MVP
Vijayalakshmi_S
MVP

Likes

500 likes

Total Posts

637 posts

Correct Reply

211 solutions
Top badges earned
Boost 500
Give Back 50
Give Back 5
Ignite 10
Ignite 5
View profile
Vijayalakshmi_S
MVP

26-03-2021

Hi @TB3dock,

If using WKND package (that comes with GraphQL endpoint), cross check all the required configurations which are needed to make the endpoint work once. 

Also, in order to consume GraphQL(localhost:4502) from local React app (localhost:3000) => 

REACT_APP_AUTHORIZATION=admin:admin

This in uncommented way should be suffice. 

Alternatively, you can access GraphQL endpoint from local instance itself. (Just to confirm if endpoint is able to query and fetch available content fragments. Then you can test from local React app)

Only if we access the Cloud service instance, say author (as available in cloud) from an external app, we might need to use either Access Token method or Service Credentials method. 

  • If using Access Token method, it should be "Bearer" for token type and not "Basic".
TB3dock

Hi, this doesnt help.

We are not using a react app, and we are trying to hit the graphql endpoing on port 4502, and we have nothing running on 3000. (this just for the react tutorial, which we are not using).   We are not using react.

 

I have no idea how the example react app generates its authentication from the REACT_APP_AUTHORISATION you put in the react env file. This is no use for accessing graphql from our own app or from a graphql client unfortunately.  The point is that the local endpoint requires authentication, but we cant find any way to either fix this to NOT require authentication, or any documentation on how we pass authentication from our app hitting the author instance.

 

WE guessed that the react app might be using basic auth, as this uses a user:password (base 64 encoded), but we tried this and it doesnt work.

 

We also installed the graphiql client following the instructions exactly but this doesnt work either (this is a separate post)

 

Vijayalakshmi_S

Hi @TB3dock,

The authentication that the author(localhost:4502 which is deployed with GraphQL client) expects is the usual admin/admin or the author login.

Nothing more specific to GraphQL in the context of local instance. 

If you could see the REACT-APP-AUTHORIZATION it has the credentials as admin:admin which is the credential to login to localhost:4502 or the HOST_URI as we specify. 

Vijayalakshmi_S_1-1616782664482.png

 

If it is for local publish instance say, localhost:4503 -> then you need not specify REACT-APP-AUTHORIZATION as AEM publish instance has anonymous access to content by default. 

Vijayalakshmi_S_2-1616782738824.png

Outside React app or any external app for that matter(Testing solely on local author instance),

In brief,

  • If GraphQL client is installed to local AEM Cloud SDK instance with all required configurations either as
    • Separate package provided in the docs or
    • as part of WKND package +
  • If GraphQL IDE, GraphiQL content package is installed in same author instance +
  • If we have some content fragments to test, we can execute queries as is from the IDE.

Above all provided we are logged in to our local AEM Cloud SDK author instance as admin

If this is not working, possible cause would be required configurations needed for GraphQL client. You can cross verify the configurations that you listed in the other thread by navigating to OSGI console of your local instance. 

Note : I don't have access to cloud SDK for me to try things. 

TB3dock
REACT-APP-AUTHORIZATION is just a variable used by the react app in some unknown way. Its not how the creact app authenticates with graphql. We are not using the react app. We would guess the reqact app is using HTTP Basic auth, which passess the user:pass encoded in base64 from the client to the server, but this doesnt work. We need to find a way to disable authentication on GRAPHQL on Author, or find out what the HTTP authentication method actually is.
Vijayalakshmi_S

Hi, 

In the context of local AEM author instance,
I would like to iterate again that there is no authentication on GraphQL explicitly (for us to disable anything). It is the authentication that an author instance expects (which we cannot disable or it is not the way an AEM author instance works)
To put it with example -
Assume, we want to access a site page or any resource from author, you will end up in login page. It is as similar to this.

( Access this page, http://localhost:4502/content/we-retail/us/en/experience.html directly in Incognito if you have we-retail sample content or if you have WKND site page, access the same directly)
Of course, there are other configurations that are mandate to make GraphQL work properly as listed in the docs.

TB3dock
This is not an accepted solution. the react app on port 3000 has nothing to do with what I am looking for. I am not looking for a react app. Please umark this as the solution, as I still cant find any way to connect a grapql client to aemor.