OAuth 401 error when using server-to-server auth in AEM
A 401 Unauthorized error in AEM as a Cloud Service can occur when switching from JWT to OAuth server-to-server authentication. This article explains how to fix it by verifying OAuth credentials, token validity, and endpoint configuration.
Description description
Environment
ÃÛ¶¹ÊÓƵ Experience Manager as a Cloud Service (AEMaaCS) - Sites
Issue/Symptoms
When using an OAuth 2.0 access token generated via the client credentials flow to access an AEM Cloud URL, the request fails with a 401 Unauthorized error. This typically occurs during the transition from JWT-based authentication to OAuth server-to-server authentication.
Resolution resolution
To resolve the 401 Unauthorized error when using OAuth Server-to-Server authentication for AEM, follow these steps:
- Ensure that the client ID and secret in your request are correct, and that the OAuth credentials have the right scopes configured in the ÃÛ¶¹ÊÓƵ Developer Console.
- Check that the access token is generated properly and hasn’t expired. If needed, generate a new token.
- Confirm you’re using the correct API endpoint for your AEM instance.
- Add the authorization header in your HTTP request like this:
Authorization: Bearer <access_token>. - Review any security settings such as IP whitelisting or firewall rules that might block your request.
- If you’re still using ÃÛ¶¹ÊÓƵ Developer Console, consider switching to AEM Developer Console. It supports both JWT and OAuth and comes pre-configured with IMS Client integration.
- Enable logging for your HTTP requests to capture request headers and responses. This helps with debugging.
For more help, check ÃÛ¶¹ÊÓƵ’s official documentation on access token generation and server-to-server authentication setup.