OAuth scope not providing access to resource



Hi everyone,

I am trying to set up OAuth in AEM so that a third party app can access resources in /content/dam.

I've  I have followed various guides, mainly this one: https://www.albinsblog.com/2017/07/exposing-resources-through-oauth-aem.html however as I'm using AEM 6.4.5 there is no "Adobe Granite OAuth Resource Server" to set the scope.  Instead I've followed this ACS implementation to create an implementation of Scope and give read privileges to /content/dam: acs-aem-samples/SampleScopeWithPrivileges.java at master · Adobe-Consulting-Services/acs-aem-samples...

Here are my changes to the ACS example above:

public static final String BASE_PATH = "/content/dam";

* Allow jcr:read (read-only) privileges
private static final String[] privileges = {


I am able to get an access token through the OAuth flow, however when I then try to hit the Sling API using curl and passing the token, I can't see the resource:

Screen Shot 2019-10-04 at 3.49.51 pm.png

However if i just use basic auth, I'm getting the content returned:

Screen Shot 2019-10-04 at 3.51.53 pm.png

I'm using the admin user to authenticate the token, so I'm assuming this must be a scope issue. Does anyone have any suggestions on what could be wrong with the scope?

Answers (1)

Answers (1)



Thank you so much for this!  This is the best AEM OAuth tute available and applicable to AEM 6.4. This answered my questions (and more). Specifically, I was not aware of the 'oauthservice' service user that needed privileges. Adding privileges for this service user solved the issue above.