Skip to content

Latest commit

 

History

History
 
 

ims

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

README.md

aio-lib-java-ims

aio-lib-java-ims is an Adobe I/O - Java SDK - IMS Library. This Java library wraps http API endpoints exposed by Adobe Identity Management System (IMS)

Service Account Integration (JWT authentication flow)

A Service Account connection allows your application to call Adobe services on behalf of the application itself or on behalf of an enterprise organization.

For this type of connection, you will create a JSON Web Token (JWT) that encapsulates your credentials and begin each API session by exchanging the JWT for an access token.

The JWT encodes all of the identity and security information required to obtain an access token and must be signed with the private key that is associated with a public key certificate specified on your integration.

Browse our JWT authentication documentation for more details.

This Java library will help you implement this JWT exchange token flow, to get a valid access token and start interacting with the many Adobe I/O API that support such authentication.

Configurations

This library fluent workspace builder API offers many ways to have your Workspace (a Java POJO representation of your Adobe Developer Console Workspace) configured.

To get you started quickly you could use a .properties file, see our sample config file

Create and configure your public and private key

As introduced above the authentication flow signs the JWT request and therefore requires private-public keys configurations , therefore you will need to

  • First, create this RSA private/public certificate pair, using openssl:

    openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

  • Then, upload the public key in your Adobe Developer Workspace, see our JWT authentication documentation

  • Finally, configure this library (and its PrivateKeyBuilder) with your privateKey, you may either

    • use a pcks8 file
    • use a base 64 encoded pcks8 key
    • use a keystore file
Option 1: Use a pcks8 file

First, convert your private key to a PKCS8 format, use the following command:

openssl pkcs8 -topk8 -inform PEM -outform DER -in private.key -nocrypt > private.pkcs8.key

Then, set your workspace aio_pkcs8_file_path properties to match the private.pkcs8.key file path (you generated using the previous command)

Option 2: use a base 64 encoded pcks8 key

First, convert your private key to a PKCS8 format, use the following command:

openssl pkcs8 -topk8 -inform PEM -outform DER -in private.key -nocrypt > private.pkcs8.key

Then, base 64 encode it, use the following command:

base64 private.pkcs8.key

Finally, set your workspace aio_encoded_pkcs8 properties value using the string you generated with the above command

Option 3: use a keystore

First, use the following commands to set the alias (as myalias here) and a non-empty keystore password.

cat private.key certificate_pub.crt > private-key-crt
openssl pkcs12 -export -in private-key-crt -out keystore.p12 -name myalias -noiter -nomaciter

Then fill the associated aio_pkcs12_file_path, aio_pkcs12_alias and aio_pkcs12_password workspace properties.

Our reusable OpenFeign JWT (exchange token flow) Authentication RequestInterceptor

This lib also contains JWT (exchange token flow) Authentication RequestInterceptor: JWTAuthInterceptor It is a Open Feign RequestInterceptor. It can be leverage to add the authentication headers expected by many Adobe APIs, it will add

  • an Authorization header with a Bearer access token (generated from a JWT exchange flow)
    • renewing it only when expired (after 24 hours) or when not present in memory yet
  • a x-api-key header matching your JWT token

Test Drive

PrivateKey privateKey = new PrivateKeyBuilder().systemEnv().build(); // [1]
Workspace workspace = Workspace.builder()
    .systemEnv()
    .privateKey(privateKey)
    .build(); // [2]
ImsService imsService = ImsService.builder().workspace(workspace).build(); // [3]

AccessToken accessToken = imsService.getJwtExchangeAccessToken(); // [4]

// [1] Build your PrivateKey looking up the key indicated by you System Environment variables
// [2] build your `Workspace` (a Java POJO representation of your `Adobe Developer Console` Workspace)
//     looking up other System Environment variables. 
//     Note that our fluent workspace and private Key builders offers many ways to have your workspace configured,
//     we are showing here the most concise
// [3] build the Ims Service wrapper and have it use this workspace context
// [4] use this service to retrieve an access token using a jwt exchange token flow

Have a look at our ImsService main() Test Drive

Builds

This Library is build with maven (it also runs the unit tests):

Contributing

Contributions are welcomed! Read the Contributing Guide for more information.

Licensing

This project is licensed under the Apache V2 License. See LICENSE for more information.