I second this. It makes no sense to require the 'csrf.token' for unauthenticated users as 'token.json' returns an empty response. There should be a way to allow csrf generation even for these types of users.
Hmmm, i don't think so. 'Adobe Granite OAuth Server Authentication Handler' exists both in 6.1 and 6.2. Also it doesn't have the 'Allowed Scopes' option.
I am trying to implement OAuth functionality in AEM 6.2 (based on this Presentation: https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea.html).I was able to make this work in AEM 6.1 since I can find the Service configuration of "Adobe Granite OAuth Re...