OAuth in AEM: Adobe Developer Console integration for OpenAPI APIs

One of the key improvements brought by the new AEM OpenAPI APIs is the integration with Adobe Developer Console and enhancements around OAuth 2.0.

During this presentation, we'll:

Helge

Can we use IMS auth for custom applications / custom clients

Jose Antonio Insua

We support the IMS authentication just to provide the access token (as you saw in the demo). To build something with IMS authentication, you should use a supported solution like AEM, which comes with the implementation. At the moment I don't think we support IMS authentication for custom applications, but I also don't think it is commonly requested, so if you think it will be useful, I would advise requesting it and see what happens :)

Robert Wunsch

Where can we find the mapping of what each scope possible to select on requests do? In developer console each API "tile"/integration comes with multiple scopes. But it is very hard to tell what these scopes grant access to.

Jose Antonio Insua

Yes, it is difficult to know the meaning of some scopes, like the ones related to IMS. Yet, when you set up the API card, or when the user logs in for the first time with your OAuth client, there will be some information. For AEM, we're trying to make them as clear as possible.

Tomasz Sobczyk

How long does the token live? What's the best practice when I need continuous access from distributed infra ( think lambda functions on aws) ? Should I have central cache of the token? Should each lambda each request it's own token? Will I stumble upon any throttling in ims?

Jose Antonio Insua

Each lambda should request its own token. Small bursts of requests should not hit the rate limits. And even better (if you could architect your system that way), to not use the Service-to-Service token but to obtain a user token