Expand my Community achievements bar.

Unable to create an Oauth client using a local account

Avatar

Level 1

Hi,

 

I'm trying to create a servlet to create an Oauth client using a local account. This servlet works in one scenario and doesnt work in another scenario, I want to know what im missing.

Scenario 1 (Which works):

For this scenario, lets say I used local account - oauthserviceuser1

Step1: Manual Creation: When I login to aem using a local account and go to /libs/granite/oauth/content/clients.html, and click on the create button, I am able to create an Oauth client and able to download the private key for that Oauth client. This creates a node under /home/users/oauth for the new oauth client created and also generates a store.p12 file.

Step 2: Call the Servlet to create another Oauth Client: The servlet I created, which calls the following endpoints is Successful. This also creates a node under /home/users/oauth for the new Oauth client created and also generates a store.p12 file.

1. GET - http://localhost:4505/libs/granite/oauth/content/newclient.html - this generates the client id, client secret, clientIdHmac

2. POST -  http://localhost:4505/home/users/a/a-dwp3ZMviewbq5WiNrW/oauth/ - this uses the previously generated client id, client secret, clientIdHmac to create an Oauth client. (Here the /a/a-dwp3ZMviewbq5WiNrW is the local account user that I want to use to create Oauth client).

 

Scenario 2 (which doesn't work):

For this scenario, let's say I used local account - oauthserviceuser2.

(Note that in this scenario, I'm not doing a manual creation of Oauth client prior to calling my servlet)

Step 1: Calling the servlet to create Oauth client: The servlet I created, which calls the following endpoints is successful. But it doesn't create a node in /home/users/oauth and also doesn't generate a store.p12 file. 

 

I want to understand what permissions are being added in scenario 1, step 1, which further enables the servlet calls to be successful. Looks like this is an ACL issue, but not able to figure out the exact permissions required. Any help would be appreciated.

 

Thanks for patiently reading till the end.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

6.5
4 Replies

Avatar

Community Advisor

@alladishreshta can you check below reasons 

User Privileges:

Ensure that your user account has the necessary permissions to create OAuth clients. You need administrative or user management privileges in AEM to perform this task. If you're not an administrator, contact your AEM administrator to assist with the client creation.

Navigate to the OAuth Configuration:

  • Log in to your AEM instance with the appropriate user account.
  • Navigate to the AEM Web Console by accessing the following URL: http://localhost:4502/system/console/configMgr
  • Look for the "Adobe Granite OAuth Server" configuration.

Configure OAuth Provider:

In the "Adobe Granite OAuth Server" configuration, ensure that the OAuth provider is enabled.

    • Verify that the "Adobe Granite OAuth Provider - Configuration" is correctly configured with the necessary settings for your OAuth provider (e.g., Adobe IMS, Google, etc.)

Create OAuth Client:
After configuring the OAuth provider, navigate to the OAuth Clients section, typically located in the AEM Web Console under "http://localhost:4502/libs/granite/security/content/oauth/clients.html."
Click on the "Create" button to create a new OAuth client.
Provide the required information for your OAuth client, such as the client ID, client secret, and other configuration details.
Make sure to select the correct OAuth provider you configured earlier. 

 

If you encounter errors that are not immediately apparent, check the AEM error logs for more details.

Avatar

Level 1

Hi @Jagadeesh_Prakash 

 

Thanks for your quick reply.

 

Just to clarify, I am able to create an oauth client using touch ui, when I login with my local account as expected. 

 

There are two scenarios here. (I tried these two scenarios with two different local accounts)

1. Once I login with my local account, and manually create an oauth client with the touch ui -> and then only call my servlet with my local account credentials - It works!

2. But if I dont manually create an oauth client using touch ui as a predecessor step to calling my servlet i.e just directly calling my servlet with a local account - It doesnt work

 

All the configs are correct, there are no error logs available on this. Please help figure out why it works in scenario 1 but not in scenario 2.

 

Thanks in advance.

Avatar

Community Advisor

@alladishreshta  Where are you trying to call your servlet ? Author or publisher via dispatcher ?

 

Is your servlet public facing servlet ? do u really need to authenticate your servlet to access it ? 

Avatar

Administrator

@alladishreshta Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni