What we want to achieve is to make a simple OAuth client app that allows a user to authenticate against AEM 6.2, get an Access Token and use it to fetch an Asset.
I will try to describe what we have done so far.
In AEM we have created a new OAuth Client in page /libs/granite/oauth/content/clients.html, by setting Client ID, Secret and Return URL.
This information is used when redirecting from our custom app to the AEM authorize endpoint ( /oauth/authorize?client_id=...&scope=profile&response_type=code&redirect_uri=...&state=... ). This seems to work fine; the page redirects to AEM log in page, the to the request authorization page, finally it redirects back to the app where the Authorization Code is exchanged for an Access Token, by making a POST request to the /oauth/token endpoint.
What it fails is the next step. When making a GET call to /libs/oauth/profile we get a 401 response. The request sets the Authorization header to Bearer {access token from previous step}, so it should authenticate; but for some reason it doesn't.
My first question is if there is any documentation about the OAuth endpoints in AEM related to what we want to implement. Maybe there is but it is not public?
Also, do we need to configure OAuth Client with Allowed Scopes? Is that why profile scope fails at the moment? If so, then how can we do this?
Moreover on defining scopes, our actual goal is to fetch an Asset (/api/assets/{uri to my DITA file}). What scope do we need for this? How does it work with permissions?
Finally, we use AEM 6.2, and Adobe Granite OAuth Resource Server (mentioned in the OAuth_Server_functionality_in_AEM 7 23 14.pdf file) is not listed in /system/console/configMgr
Resources we've used so far:
We also followed the steps described in this blog. The final call to get profile details fails.
Thanks for any help you can provide.
