Simple OAuth client app that allows a user to authenticate against AEM 6.2 , get an Access Token and use it to fetch an Asset fails with 401 error: Why? | Community
Skip to main content
MikeEwins
MikeEwins
Level 2
May 18, 2017

Simple OAuth client app that allows a user to authenticate against AEM 6.2 , get an Access Token and use it to fetch an Asset fails with 401 error: Why?

  • May 18, 2017
  • 1 reply
  • 4096 views

What we want to achieve is to make a simple OAuth client app that allows a user to authenticate against AEM 6.2, get an Access Token and use it to fetch an Asset.

I will try to describe what we have done so far.
In AEM we have created a new OAuth Client in page /libs/granite/oauth/content/clients.html, by setting Client ID, Secret and Return URL.
This information is used when redirecting from our custom app to the AEM authorize endpoint ( /oauth/authorize?client_id=...&scope=profile&response_type=code&redirect_uri=...&state=... ). This seems to  work fine; the page redirects to AEM log in page, the to the request authorization page, finally it redirects back to the app where the Authorization Code is exchanged for an Access Token, by making a POST request to the /oauth/token endpoint.
What it fails is the next step. When making a GET call to /libs/oauth/profile we get a 401 response. The request sets the Authorization header to Bearer {access token from previous step}, so it should authenticate; but for some reason it doesn't.

My first question is if there is any documentation about the OAuth endpoints in AEM related to what we want to implement. Maybe there is but it is not public?
Also, do we need to configure OAuth Client with Allowed Scopes? Is that why profile scope fails at the moment? If so, then how can we do this?
Moreover on defining scopes, our actual goal is to fetch an Asset (/api/assets/{uri to my DITA file}). What scope do we need for this? How does it work with permissions?
Finally, we use AEM 6.2, and Adobe Granite OAuth Resource Server (mentioned in the OAuth_Server_functionality_in_AEM 7 23 14.pdf file) is not listed in /system/console/configMgr

Resources we've used so far:

We also followed the steps described in this blog. The final call to get profile details fails. 

Thanks for any help you can provide.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

S
sigmaschin
May 22, 2017

Hi Mike,

I'm getting the same error (401) when making a GET call to /libs/oauth/profile.

In the error.log I can find the following message: 21.05.2017 16:48:49.119 *ERROR* [qtp2056596260-180] com.adobe.granite.auth.oauth.impl.BearerAuthenticationHandler createCredentials: invalid config: helper is null provider is null

Could you solve it in the meantime?

Thanks,
Samuel

S
sigmaschin
May 23, 2017

Ok, I got it to work with the hint to edit the Adobe Granite OAuth Server Authentication Handler's service rank to 1100.

(Found here: https://github.com/Adobe-Marketing-Cloud/rest-api-browser/tree/master/java-api-proxy)

MikeEwins
MikeEwinsAuthor
Level 2
May 23, 2017

Thanks - we'll give that a go.

Terms & ConditionsAccessibility statement

Loading footer...