Resolving nested Adobe I/O web action authorization issues in AEMaaCS
This article addresses the issue of calling an Adobe I/O web action from within another web action when authorization is required. The problem arises due to configuration constraints or missing authentication details. The solution involves adjusting configurations and ensuring proper authentication mechanisms are in place to enable successful nested calls.
Description description
Environment
Adobe Experience Manager as a Cloud Service (AEMaaCS) - Sites
Issue/Symptoms
When calling an Adobe I/O web action from within another web action, the nested call fails if authorization is required. This happens due to incorrect configuration settings or missing authentication details such as tokens and headers.
Resolution resolution
To resolve this issue, follow these steps:
- Check if the inner web action does not need to be publicly callable. If it does not change the configuration setting
require-adobe-authfrom true to false and setwebto *no.*This makes it a purely worker action that can’t be accessed externally. - If the inner web action must remain protected and requires Adobe authentication, ensure that the code calling this inner action includes proper authentication details.
- Include a valid JWT or OAuth token in the
Authorizationheader asBearer <token>. Also, add the headerx-gw-ims-org-idwith the correct IMS organization ID. - Ensure that authentication tokens are correctly retrieved from Adobe I/O context and properly propagated during nested calls when making calls from AEM Servlets or front-end components.
Related reading
For further information, explore the Adobe I/O Runtime action section of the AEM as a Cloud Service Tutorials.