Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

JWT Based Oauth Access Token Issue with multi Dispatcher/Publisher setup


Level 2

I have a 2 publisher - 2 dispatcher setup (one-to-one mapping). I have implemented a JWT Based Oauth on my publishers. I generated individual Oauth Clients on both the publishers and therefore both have different client id & client secret. Thus the JWT tokens generated for both are different and so the calls to get the access token for both pubs are different.

Ask is to only have one call which can be honored by both pubs to get the access token

Q1. Is there a way that both my pubs can have a similar oauth client?

I tried a few approaches as below:

  1. Replicate the oauth client from author to my pubs but it dint work and it was not replicated.
  2. Created an oauth client on one pub, packaged it and tried to install on other pub. It dint work as oauth client is a part of admin user and both pubs have different admin users. 


Now when i try to get the access token from AEM with help of one JWT token from a 3rd party system, the ALB's direct the traffic to either of the dispatchers and subsequently to the respective publishers.

As JWT calls are different for both publishers, when my ALB directs request to the dispatcher/publisher which matches the client, it gives the access token response while if the request goes to other it doesn't give the response as the JWT doesn't match.

Can anyone suggest how to tackle this situation?

Is it possible to have a 2 dispatcher/publisher setup for data fetch requests through oauth or it only works for 1 dispatcher/publisher setup. 


2 Replies


Level 2

@kpsolanki_1204 I was facing a similar issue with an integration I worked on.  I tackled this by cloning the OAuth Client and HMAC from one publisher to the other.  That way the registered client and HMAC are the same on both publish servers.  You will not able to use the UI to clone the OAuth client - however if you create the client on one publish server, you can package up that node and install on the other server.  


Level 2

Packaging the client from one pub and installing on other is not working for me. I have created oauth client using admin user, thus client is a part of the admin user.

e.g. Oauth client path - /home/users/A/ABcV9PhoksC85vshQkij/oauth/a4au9foq0ga5p31fqqd8qnpj9r-9iaesu-4

Admin user path - /home/users/A/ABcV9PhoksC85vshQkij

As the admin user for other pub is stored on a different path, it is not honoring the package installation of oauth client.

Can you let me know how exactly did you clone it & the specific steps on what hierarchy did you package. Or can you point me to some documentation which i could refer for cloning.