Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

How do I set the OAuth Client scope in AEM 6.2?

MikeEwins
Level 2
Level 2

Hi,

I've been working on a simple OAuth client app that allows a user to authenticate against AEM 6.2 , get an Access Token and use it to fetch an Asset 

Background is covered in:

http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

The first 2 steps are working but I need to set the scope and it is NOT clear how to do this in the provided documentation and examples.

Details as follows:

Next step is to change scope from 'profile' to '/content/dam' in order to fetch content. This gives me an error 'invalid_scope', which makes sense as the OAuth Client is not configured to allow this scope yet. Trying to configure it and on /system/console/configMgr I see no 'OAuth Resource Server' configurations. Also, if I browse to /system/console/configMgr/com.adobe.granite.oauth.server.impl.OAuth2ResourceServerImpl I will get this error message:

        
    

This form is automatically generated from existing properties because no property descriptors are available for this configuration. This may be cause by the absence of the OSGi Metatype Service or the absence of a MetaType descriptor for this configuration.

  

Does it mean that our installation is missing a module required for OAuth?

Thanks for any help you can give.

Mike

1 Accepted Solution
JedMadsen
Correct answer by
Employee
Employee

Hi Mike,

Scopes have to be added in code by implementing com.adobe.granite.oauth.server.Scope interface and then implementing the OAuth2ResourceServer’s getAllowedScopes() method to return the newly added scope.

You are getting an invalid scope because you have to implement the scope and then add it to the map. AEM will not know about the newly available Scopes until there's an implemention for getAllowedScopes().

Reference:

https://docs.adobe.com/content/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-an...
https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea....

Hope this is helpful,

Jed

View solution in original post

2 Replies
Jwisdom
Level 1
Level 1

Any update? I am having the same issue as well using AEM 6.3 trying to expose the AEM HTTP Assets API (https://docs.adobe.com/docs/en/aem/6-3/develop/extending/mac-api-assets.html)

JedMadsen
Correct answer by
Employee
Employee

Hi Mike,

Scopes have to be added in code by implementing com.adobe.granite.oauth.server.Scope interface and then implementing the OAuth2ResourceServer’s getAllowedScopes() method to return the newly added scope.

You are getting an invalid scope because you have to implement the scope and then add it to the map. AEM will not know about the newly available Scopes until there's an implemention for getAllowedScopes().

Reference:

https://docs.adobe.com/content/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-an...
https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea....

Hope this is helpful,

Jed

View solution in original post