Wednesday, July 5, 2017

Exposing the AEM resources through OAuth - Adobe Experience Manager(AEM)

Exposing the AEM resources through OAuth - Adobe Experience Manager(AEM)

This post will explain the approach to expose the resources through OAuth in Adobe Experience Manager(AEM).

Refer https://www.albinsblog.com/2017/05/how-to-get-basic-profile-details-of-user-through-oauth.html for the basic configurations to expose the the resources thorough OAuth.

Exposing /etc/designs/geometrixx/static.css through OAuth

Configure the "Allowed Scope" as "/etc/designs/geometrixx"(based on the resource that should be exposed) in "Adobe Granite OAuth Resource Server"


The OAuth Authentication handler is not enabled by default and it looks to be an product defect.



Save the configurations(without any change) of "Adobe Granite OAuth Server Authentication Handler" to enable the handler (Perform the same step for previous post also)



Authorize the user:

http://localhost:4502/libs/granite/oauth/content/authorization.html?client_id=fjgsnsbnlqgp5l3ck67oseb0f9-eucn-1ub&scope=/etc/designs/geometrixx&redirect_uri=http:__localhost:8080/test

Receive the access token using the code received:

curl -H "Content-Type: application/x-www-form-urlencoded" -d "code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmamdzbnNibmxxZ3A1bDNjazY3b3NlYjBmOS1ldWNuLTF1YiIsInN1YiI6ImFkbWluIiwiZXhwIjoxNDk5MjkyNzQ0LCJpYXQiOjE0OTkyOTIxNDQsInNjb3BlIjoiL2V0Yy9kZXNpZ25zL2dlb21ldHJpeHgifQ.5ex1DvYLhYdoKjUvpscbyUpL5CWc02gjcpyPMJAPpMs&grant_type=authorization_code&redirect_uri=http://localhost:8080/test&client_id=fjgsnsbnlqgp5l3ck67oseb0f9-eucn-1ub&client_secret=r83jf37qc2jj4ggo8hmhcoqcc8" http://localhost:4502/oauth/token

Receive the Resource using the access token received:

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmamdzbnNibmxxZ3A1bDNjazY3b3NlYjBmOS1ldWNuLTF1YiIsImlzcyI6IkFkb2JlIEdyYW5pdGUiLCJzdWIiOiJhZG1pbiIsImV4cCI6MTQ5OTI5NTc4NywiaWF0IjoxNDk5MjkyMTg3LCJzY29wZSI6Ii9ldGMvZGVzaWducy9nZW9tZXRyaXh4In0.LfZxnZTL38bqHJaVJvcraLzaBu5axfdhuVQz7WFGLoE" http://localhost:4502/etc/designs/geometrixx/static.css



The below step should be followed for publisher(assuming anonymous access is enabled) - Enable the authentication for the resource /etc/designs/geometrixx

OAuth



5 comments:

  1. Hi Albin,

    Can you explain a simple use-case where in you want to expose an AEM resource using oAuth?, because as per my understanding we get resource from REST/SOAP APIs protected by oAuth.

    Thanks,
    Sumanth

    ReplyDelete
  2. What I am understanding is you are mimicing the job which is done by REST APIs/Services, through AEM SLING rest webservices instead, the resource you get from AEM is always static, wherein I don't understand the use of it.

    ReplyDelete
    Replies
    1. Resource can be anything static or dynamic including API'S.

      Regards
      Albin I

      Delete
    2. This comment has been removed by the author.

      Delete
    3. Sunag.M.S (Sr.Infrastructure analyst)July 17, 2017 at 9:08 AM

      Good one... (y)

      Delete