Adobe Experience Manager Sites & More

a_mn1 · 3/18/19

Hi All, I am trying to implement Oauth authorization in AEM publisher for certain resources. As per the link https://www.albinsblog.com/2017/07/exposing-resources-through-oauth-aem.html#.XJByjSIzbIW I undestand AEM supports 3 legged Oauth. I want to try 2 legged(Client credentials) and didnt see any helping documents for the same.

Have someone already tried this. Can you please share some pointers to the same

Regards,

Anand

a_mn1 · 3/25/19

Hello Gaurav, Confimed by checking the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

View solution in original post

Gaurav-Behl · 3/19/19

Per my understanding, the implementation is same as 3-legged except you won't pass token and secret but empty strings. Client Application will need to have its client ID and secret stored in a secure manner

check the flow-

The OAuth Bible

a_mn1 · 3/20/19

Thanks Gaurav. I tried to create the token but am getting the below error . I am trying to do POST request using Rest client and seeing the below error in POSTMAN.

Error in error.log -- >

20.03.2019 12:38:38.876 *ERROR* [qtp1411610424-69] org.apache.felix.http.jetty Exception while processing request to /oauth/token (java.lang.IllegalStateException: Committed)

java.lang.IllegalStateException: Committed

at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:894) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:959) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) [org.apache.felix.http.jetty:4.0.6]

at javax.servlet.ServletResponseWrapper.resetBuffer(ServletResponseWrapper.java:195) [org.apache.felix.http.servlet-api:1.1.2]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:67) [org.apache.felix.http.jetty:4.0.6]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:61) [org.apache.felix.http.jetty:4.0.6]

at com.adobe.granite.oauth.server.impl.OAuth2TokenEndpointServlet.doPost(OAuth2TokenEndpointServlet.java:183) [com.adobe.granite.oauth.server:1.1.26]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) [org.apache.felix.http.servlet-api:1.1.2]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [org.apache.felix.http.servlet-api:1.1.2]

Gaurav-Behl · 3/20/19

Probably, you are missing required headers via POSTMAN. Make required config changes to CSRF and Sling Referrer Filter for testing via POSTMAN - allow empty headers for testing. Enable Postman Interceptor and check

Have you tested your setup with usual 3 legged config to rule out any configuration related issues?

Couple of examples --https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

OAuth Server functionality in AEM - Embrace Federation and unleash your REST APIs!

a_mn1 · 3/21/19

Yes. I am trying 3 legged only now. Followin the steps here: https://www.albinsblog.com/2017/05/how-to-get-basic-profile-details-of-user-through-oauth.html#.XJHd...

Here the Receive the access token step is failing. The post request to http://localhost:4502/oauth/token is failing from POSTMAN.

Gaurav-Behl · 3/21/19

Could you please explain what step are you on based on the flow diagram @ Adobe Experience Manager Help | Developing OAuth Scopes in AEM

Did you pass correct parameters(grant_type, redirect_uri, client_id etc.) in POSTMAN?

a_mn1 · 3/22/19

After step 9 , While requesting for Access token , the post request is failing in POSTMAN. However as mentioned in the link that I have pointed out , I was able to generate the access token using curl command. So 3 legged flow is working as expected in AEM. However I tried 2 legged (client_credentials ). But got the below error.

Any pointers?? smacdonald2008 kautuksahni

Regards,

Anand.

Gaurav-Behl · 3/22/19

json format example-

curl --request POST \ --url 'https://YOUR_DOMAIN/oauth/token' \ --header 'content-type: application/json' \ --data '{"grant_type":"client_credentials","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","audience": "YOUR_API_IDENTIFIER"}'

I don't see "POST" in your screenshot.

a_mn1 · 3/24/19

Hello Gaurav PFB the screen shot

a_mn1 · 3/25/19

Hello Gaurav, Confimed by checking the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

pretzelpanda · 8/13/20

Hi, just a question we are trying to implement oauth2 using client_credentials, is it already supported?

Gaurav-Behl · 3/25/19

If that's the case, then you may reach out to DayCare and find out the reason/next steps.

a_mn1 · 3/25/19

Sure. Have already raised a ticket with Daycare

tanyakapila · 4/7/19

Hi Anand,

As discussed, currently AEM do not support the client_credentials flow and internal discussions have triggered for including but there is no short-sighted plan to support it in the near future.

Regards.

Adobe Experience Manager Sites & More

AEM 6.4 - Oauth 2 legged authorization

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe