Thank you for these ideas.  I'm still not sure how to check the validity of the login-token but I am going to see if I can use the com.day.crx.security.token.TokenCookie class per your suggestion.

I have a similar issue to this one just slightly different. We have a custom Authentication Handler that implements AuthenticationHandler.  In the extractCredentials method, the first thing that happens is a check for an existing login-token.  If it exists, the method returns null to bypass the rest...

Where can I see the OOTB saml authentication handler?

We have our search results component set to exclude sub-assets:Can you help me understand why the number of sub-assets would still come in to play?  And also why it would only error out for users with one specific user group?

We are using Asset Share.  Our search results component pulls assets from 2 different asset folders - we'll call them FolderA and FolderB.  Each of these folders has been assigned permissions via Closed User Groups.  The permissions are assigned like this: FolderA has 3 Closed User Groups - Group1, ...

Thank you!

We are using Asset Share and we have a number of Assets that were tagged with a particular tag.  We had a requirement to rename the tag.  We chose to update the name by "moving" the tag - though we placed it under the same path that is was previously.  By using "move", we are able to update both the...

Thank you.  It turned out to be a permissions issue.  The user had to be set as a member on the folder where the Content Fragments were being Created/Deleted via the API.  This wasn't the case before.

We have been using the Assets HTTP API to Create and Delete content fragments and have just started receiving an error message only when sending a DELETE post.  We are on AEM 6.5.21.  Does anyone know why this would just start happening?    "status.message": "Source does not support deletion", "stat...

Thank you for your help.  The issue was in fact related to the dispatcher config.  The solution was not intuitive at all but the correct configuration ended up looking like this:/0404 { /type "allow" /method "GET" /path "/content/dam/[customfolder]/*" /suffix '^/subassets/.*' /extension '(mov|mp4|mp...