JWT Credentials Deprecation in Adobe Developer Console jwt-credentials-deprecation-in-adobe-developer-console

NOTE
AEM 6.5 customers should reference this article for more information.

Adobe customers use Adobe Developer Console to generate credentials that enable access to various APIs. Customers select from various credential types ranging from OAuth Server-to-Server to Single-Page App. One of those credential types, Service Account (JWT) credentials, has been deprecated in favor of the OAuth Server-to-Server credentials. New Service Account (JWT) credentials cannot be created on or after June 3, 2024, and existing JWT credentials will not work on or after Jan 27, 2025. You can read about the deprecation.

This article provides some additional context about how AEM as a Cloud Service should handle the deprecation.

The main takeaway is that AEM now supports the new OAuth Server-to-Server credentials for AEM as a Cloud Service. You may have received an email with instructions to migrate your JWT credentials, and this migration can now be done.

The sections below list the scenarios where customers must (or in some cases must not) replace their Service Account (JWT) credentials with OAuth Server-to-Server credentials, now that AEM supports them. Read how to migrate the credentials.

NOTE
The AEM Developer Console (note the AEM in the name, which distinguishes it from the Adobe Developer Console) provides a utility to generate JWT tokens used for server-to-server APIs. These credentials are not deprecated and can continue to be used.

Integrating AEM with Other Adobe Solutions integrating-aem-with-other-adobe-solutions

Action: Migrate your configuration as AEM now supports OAuth credentials.

Relevant AEM versions: AEM as a Cloud Service

AEM customers use AEM to configure integrations with many other Adobe solutions. For example, Adobe Target, Adobe Analytics, and others.

See Setting Up IMS Integrations for AEM as a Cloud Service for details of how to:

  • create configurations with OAuth credentials
  • migrate configurations, that were created with JWT credentials, to use OAuth credentials

Cloud Manager APIs cloud-manager-apis

Action: Migrate your JWT credentials to OAuth credentials, which Cloud Manager now supports.

Relevant AEM versions: AEM as a Cloud Service

Customers create Adobe Developer Console projects so they can invoke Cloud Manager APIs. The credentials in the Adobe Developer project should be migrated to the OAuth Server-to-Server credential type before the deprecated JWT credentials expire in January 2025.

Auto-generated projects autogen-projects

Action: Do not migrate because Adobe is going to migrate on your behalf.

Relevant AEM versions: AEM as a Cloud Service.

When Cloud Manager provisions AEM as a Cloud Service environments, it auto-generates an Adobe Developer Console project with JWT credentials. This project is marked as read-only, as illustrated in the screenshot below. Customers cannot and should not attempt to migrate these projects to OAuth Server-to-Server credentials. Instead, Adobe will migrate these projects on its own, before the credentials are no longer usable.

Auto-generated projects

recommendation-more-help
fbcff2a9-b6fe-4574-b04a-21e75df764ab