User Profile

Thanks for the update. I'll continue on with the node-fetch approach. Thanks

Oh! I read the fine print again. The sample code uses @adobe/jwt-auth which has metascopes as URLs. The `aio-lib-ims` framework has metascopes as names (so just the last part of the URL). Fixed now. Thanks 😄 Slowly getting there 🙂

Hi @duypnguyen I've moved over to use the aio-lib-ims framework and now I'm getting the error again of 'The metascopes in the JWT are not a subset of the metascopes in the binding.' I have found the list of metascopes in the link I provided but I'm just not sure how to discover what the "metascopes in the binding" are? My current array is ['https://ims-na1.adobelogin.com/s/ent_adobeio_sdk'] (which was working before) but that was just a guess. Please could you help me in discovering which metasc...

Hi @duypnguyen please could you provide a link to some docs or sample code for using the aio-lib-ims framework. Thanks

Ah excellent thanks. I'll update to that. I used that following the code sample here... https://www.adobe.io/content/udp/en/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/samples/samples.md WIll update to the aio-lib-ims though. Thanks

The rubber duck effect works again. 😄 About 2 mins after writing this I went back to the docs to keep looking and stumbled upon the list of metascopes here... https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/Scopes.md And now it's working 😄 Thanks

@duypnguyen ah! I realised my error, after reading the security overview the error made more sense. It looks like I have created an SPA rather than a headless app. So that's why the JWT was failing. Need to work out how to create a headless app instead. Thanks for the help and the patience 😄

@duypnguyen thanks. What would I put in the manifest instead of `require-adobe-auth` when I want to authenticate with a JWT? Thanks

If I want to use a JWT for an action should I have require-adobe-auth: true in the manifest.yml? Also, is there a reference of what the options and properties are for that file? I'm finding it hard to discover what can go in there. Thanks

@duypnguyen ah, that's really good to know, thanks!

Yeah, I thought about that too but like you said, it's not secure. I think it will be easier for me to use a proxy. I can authenticate the webhook to our own service and then use our existing service to get the bearer token with the JWT before calling it. Thanks 😄

Ah, I had read about that but was hoping for a more passive way of authenticating the call. I think what I'll have to do is to run the webhook to another service (something we already do) and then authenticate my own service and use that to call the Firefly action. Thanks I'll explore this as a possible way of working.