Getting a Login Token for Integrations
An depth guide on how to get a login token for Cloud Service integrations and some use cases for doing so.
Transcript
Hey, Darren. Good to see you. Hey. Hey, I have a quick question for you and I actually need to give my system integrator a default way to access my AEM as a cloud service instance. Do you have any best practices around how I can do that? Sure yeah. So cloud service provides a couple of ways of doing that. Some really cool ways to do it by a local access token which gives your developers quick and easy access to just test stuff out. We also have service credentials which have a actual name technical account user, which then you can provision you know, give 'em the correct permissions and provision them in the right groups and so on and so forth to have specific access. I can show you this really easily, if you want to take a look here. Sure, do I need to use 51ºÚÁϲ»´òìÈ I/O for this or no? This is where it gets a little bit confusing. It doesn’t use 51ºÚÁϲ»´òìÈ I/O it uses IMS, which is 51ºÚÁϲ»´òìÈ’s Identity Management System. You can generate tokens and stuff for cloud manager but unfortunately AEM CS is not a product within there.
So what you’re looking at here is your typical cloud manager interface. We’re going to get to the developer console in a second, but before we get to the integrations within the developer console, you might want to make sure that you’re in the cloud manager-developer and either the AEM administrators or AEM user profiles added to your account. And this is the same as for any of the local development tokens or the service credentials.
So once we’ve clicked on the three dots, we can see in there there’s an integrations tab here and clicking on that will give you the options for the local development token which clicking on that will give you a 24 hour access token that is specific to the user that you’re using right now as you’re currently logged in.
Getting the service credentials, clicking on that, will give you a JSON file. Basically all the information you need to create JWT that will generate tokens. Refreshing the service credentials down there at the bottom will also refresh those service credentials once you have generated them.
Again this doesn’t invalidate the current one but it does give you a, it refreshes them so the lifespan is a little bit longer, but you can see here again, the JSON file that you can use to exchange for a actual token. And you could also use that JSON file to make refresh calls using standard libraries. It should be noted that the service credentials themselves are valid for one year. You still have to refresh them on occasion to get a fresh token but the credentials themselves only last a year. Another thing you should note is that the user that these service credentials provide is a technical account user that will need to have the correct permissions to be able to do much activity beyond read within AEM. So what I’ll show here on the screen is on the left is from the service token. You’ll want to go into the user security, user management area within cloud service. Find that user either using search or just scrolling through the list and assigning that user to the group or that has the permissions that you want to execute with that user.
Next up, we’re going to take a quick look at here using the generated token for just executing a simple query within cloud service using curl. So I’ve crafted this URL here. You can see I’m just doing a query builder, query against dam asset, and you can see there’s that addition of the header of the authorization bearer and the big long token that is generated. So executing this and boom, we get two results and we got a small amount of assets in this environment and we are successful. So you can see it’s pretty straightforward and easy to use this login tokens.
So this should give you a easy and clean and secure way of accessing AEM as a cloud service that help out, you know your development teams, your system integrators, your exchange partner type integrations and hopefully will help you out and speed things up.
Yeah, this is great Darren. This will really enhance some of our security requirements about giving these people access to our cloud service instances. So thank you so much. Thank you. -
Content covered in this video
-
System integrator default access methods
- local access tokens
- service account tokens
-
Developer console ‘integrations’
- Proper profiles for accessing json
-
Technical account verification
-
Simple usage of a generated token
For a more detailed look on this topic, you can reference the tutorial on token-based authentication.
Additional Resources
Watch related videos on the Cloud 5 season 1 page.
recommendation-more-help
4859a77c-7971-4ac9-8f5c-4260823c6f69