Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

How to implement authentication on GraphQL endpoint?

Avatar

Level 2

We have implemented GraphQL endpoint in AMS environment (AEM 6.5.10).I want to set-up authentication on GraphQL endpoint before sharing it with third-party Apps.

There are lot of articles/how-to on AEM as a cloud Service on generating JWT and adding Authorization header but there is no document specific to AEM 6.5.10.

Any help will be much appreciated.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

If you want to implement that on the publish layer, you should use CUGs (closed user groups). 

 

Check https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups....for a starter. It's focussed on Assets, but it is basically the same for sites.

View solution in original post

3 Replies

Avatar

Correct answer by
Employee Advisor

If you want to implement that on the publish layer, you should use CUGs (closed user groups). 

 

Check https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups....for a starter. It's focussed on Assets, but it is basically the same for sites.

Avatar

Level 3

Is there a way to establish authentication for a public facing site on Publish, where we are not sure about the users on publish side ? I am guessing, CUG works for the case where we know who the users are and apply the restriction/authentication based on that.

I am looking into something similar and checking on a solution to see if we have a way to restrict the users accessing the GraphQL endpoint from Publish side. That being said, we are unsure about the users visiting that site. Appreciate your response. 

Avatar

Employee Advisor

What do you mean with "we are not sure about the users on publish side"? If you want to apply restrictions on visiting users, you need to define criteria on which you want to base these restrictions. Having an account on the system is a very simple one.