What we want to achieve is to make a simple OAuth client app that allows a user to authenticate against AEM 6.2, get an Access Token and use it to fetch an Asset.
I will try to describe what we have done so far.
In AEM we have created a new OAuth Client in page /libs/granite/oauth/content/clients.html, by setting Client ID, Secret and Return URL.
This information is used when redirecting from our custom app to the AEM authorize endpoint ( /oauth/authorize?client_id=...&scope=profile&response_type=code&redirect_uri=...&state=... ). This seems to work fine; the page redirects to AEM log in page, the to the request authorization page, finally it redirects back to the app where the Authorization Code is exchanged for an Access Token, by making a POST request to the /oauth/token endpoint.
What it fails is the next step. When making a GET call to /libs/oauth/profile we get a 401 response. The request sets the Authorization header to Bearer {access token from previous step}, so it should authenticate; but for some reason it doesn't.
My first question is if there is any documentation about the OAuth endpoints in AEM related to what we want to implement. Maybe there is but it is not public?
Also, do we need to configure OAuth Client with Allowed Scopes? Is that why profile scope fails at the moment? If so, then how can we do this?
Moreover on defining scopes, our actual goal is to fetch an Asset (/api/assets/{uri to my DITA file}). What scope do we need for this? How does it work with permissions?
Finally, we use AEM 6.2, and Adobe Granite OAuth Resource Server (mentioned in the OAuth_Server_functionality_in_AEM 7 23 14.pdf file) is not listed in /system/console/configMgr
Resources we've used so far:
We also followed the steps described in this blog. The final call to get profile details fails.
Thanks for any help you can provide.
Views
Replies
Total Likes
Hi Mike,
I'm getting the same error (401) when making a GET call to /libs/oauth/profile.
In the error.log I can find the following message: 21.05.2017 16:48:49.119 *ERROR* [qtp2056596260-180] com.adobe.granite.auth.oauth.impl.BearerAuthenticationHandler createCredentials: invalid config: helper is null provider is null
Could you solve it in the meantime?
Thanks,
Samuel
Views
Replies
Total Likes
Ok, I got it to work with the hint to edit the Adobe Granite OAuth Server Authentication Handler's service rank to 1100.
(Found here: https://github.com/Adobe-Marketing-Cloud/rest-api-browser/tree/master/java-api-proxy)
Views
Replies
Total Likes
Thanks - we'll give that a go.
Views
Replies
Total Likes
Hi Samuel,
Yes, setting rank to 1100 (I guess it means 'use this auth module first') worked, so I can get now profile details instead of the 401 failure response.
Next step is to change scope from 'profile' to '/content/dam' in order to fetch content. This gives me an error 'invalid_scope', which makes sense as the OAuth Client is not configured to allow this scope yet. Trying to configure it and on /system/console/configMgr I see no 'OAuth Resource Server' configurations. Also, if I browse to /system/console/configMgr/com.adobe.granite.oauth.server.impl.OAuth2ResourceServerImpl I will get this error message:
| ||
Does it mean that our installation is missing a module required for OAuth?
Thanks for any help you can give.
Mike
Views
Replies
Total Likes
Hey Mike,
I am using AEM 6.1 SP1 in my project. I guess they renamed the OAuth Resource Server service in AEM 6.2. It's discussed in this thread: http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...
Regards,
Samuel
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies