Adobe Experience Manager Sites & More

Sahil__Chawla · 11/11/24

Since Adobe is deprecating the Service Account (JWT) credentials in favor of the OAuth Server-to-Server credentials for all integrations in all AEM authoring envs, does this also impact code integrations where we have used Adobe Query Builder API - https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/dev... for programmatically searching through assets in our Adobe Authoring env since currently in order to leverage this API integration , we have bene using JWT credentials but does those creds also stop working in Jan 2025 and we would need to switch to oauth ?

EstebanBustamante · 11/11/24

Hi,

The QueryBuilder API does not use an authentication method to function. Instead, it uses a Session/ResourceResolver associated with an AEM User account (system user). The deprecation is explained here: https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthenticatio...; it applies to authentication methods where third-party systems, including other Adobe systems access AEM. So if you are accessing AEM information from a different system via JWT then yes, you would need to migrate that authentication method at some point, in this document you can find more details about how to migrate this: https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthenticatio...

Hope this helps

Esteban Bustamante

Sahil__Chawla · 11/11/24

Agree with you that we need to get rid of JWT credentials when external system is trying to connect to AEM. In my case, the external system is a custom API that is leveraging Adobe's Query builder http api and currently the api supports JWT based token as part of the request. How can we switch over to use oauth based creds ?

the link you shared for migration is for integrated systems (such as Brand Portal, etc) and not API authentication. Even Query Builder API is not available as one of the integration on the link you shared.

EstebanBustamante · 11/11/24

In other words, if you are using the JWT authentication method enabled through the Adobe Console, you must switch to OAuth. You should review how your API is set up to confirm whether you are using JWT, and if so, whether it's through the Adobe Console. If it was enabled through the Adobe Console, then you need to change it.

https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/jwt-cre...