JWT Credentials Deprecation in Adobe Developer Console jwt-credentials-deprecation-in-adobe-developer-console
Adobe customers use Adobe Developer Console to generate credentials that enable access to various APIs. Customers select from various credential types ranging from OAuth Server-to-Server to Single-Page App. One of those credential types, Service Account (JWT) credentials, has been deprecated in favor of the OAuth Server-to-Server credentials. New Service Account (JWT) credentials cannot be created on or after June 3, 2024, and existing JWT credentials will not work on or after Jan 27, 2025. You can read about the deprecation.
This article provides some additional context about how AEM as a Cloud Service should handle the deprecation.
The main takeaway is that AEM now supports the new OAuth Server-to-Server credentials for AEM as a Cloud Service. You may have received an email with instructions to migrate your JWT credentials, and this migration can now be done.
The sections below list the scenarios where customers must (or in some cases must not) replace their Service Account (JWT) credentials with OAuth Server-to-Server credentials, now that AEM supports them. Read how to migrate the credentials.
Integrating AEM with Other Adobe Solutions integrating-aem-with-other-adobe-solutions
Action: Migrate your configuration as AEM now supports OAuth credentials.
Relevant AEM versions: AEM as a Cloud Service
AEM customers use AEM to configure integrations with many other Adobe solutions. For example, Adobe Target, Adobe Analytics, and others.
See Setting Up IMS Integrations for AEM as a Cloud Service for details of how to:
- create configurations with OAuth credentials
- migrate configurations, that were created with JWT credentials, to use OAuth credentials
Cloud Manager APIs cloud-manager-apis
Action: Migrate your JWT credentials to OAuth credentials, which Cloud Manager now supports.
Relevant AEM versions: AEM as a Cloud Service
Customers create Adobe Developer Console projects so they can invoke Cloud Manager APIs. The credentials in the Adobe Developer project should be migrated to the OAuth Server-to-Server credential type before the deprecated JWT credentials expire in January 2025.
Auto-generated projects autogen-projects
Action: Do not migrate because Adobe is going to migrate on your behalf.
Relevant AEM versions: AEM as a Cloud Service.
When Cloud Manager provisions AEM as a Cloud Service environments, it auto-generates an Adobe Developer Console project with JWT credentials. This project is marked as read-only, as illustrated in the screenshot below. Customers cannot and should not attempt to migrate these projects to OAuth Server-to-Server credentials. Instead, Adobe will migrate these projects on its own, before the credentials are no longer usable.
