Login for MS Office Asset Selector isn't working in AEM as a Cloud Service

patrickheinzelmann commented 2 years ago

Required Information

[x] AEM Version, including Service Packs, Cumulative Fix Packs, etc: AEM as a Cloud Service 2022.3.6698.20220318T233218Z
[x] ACS AEM Commons Version: 5.3.0
[x] Reproducible on Latest? yes

Expected Behavior

I'm trying to login into AEM using the Asset Selector for Word on Mac. I'm using Word version 16.60.

Actual Behavior

When I enter the email address of my Adobe ID and click on the button "Continue" on the login screen inside Word, the panel opens a new browser window with the Adobe Authentication service, which redirects the request to the AEM Author https://author-p56761-e455293.adobeaemcloud.com/callback/j_security_check?_host_Info=Word%24Mac%2416.01%24en-GB%24%24%24%240&code=xxx&state=xxx which throws an error 403 (I have replaced the values for the parameters token and state in the url).

In parallel, the panel of the Asset Selector changes to page to enter the password in Word. When you enter the password in the Word panel and click button "Continue", the Asset selector opens another browser window and redirects the request to "https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login_with_jwt".

This pages shows following error: There was an error with this action. Try again later.

Password-Error-Message

The panel of the Asset Selector in Word is showing a showing a spinning circle.

Word-AEM-Assets-Selector

Steps to Reproduce

Install ACS AEM Commons 5.3.0 on AEM as a Cloud Service
Create configuration page "ms-office" below "/content/asset-selectors" using the template "MS Office Asset Selector Page"
Create Office 365 app for App using the provide XML, change the urls from "http://localhost:4502" to the url of the AEM Cloud Service
Open Word on Mac and switch to tab Insert
Click on button AEM Assets
Go to the panel AEM Assets and click on the button "Sign in with Adobe".
Try to login with your Adobe ID which has access to AEM as a Cloud Service

Links

https://adobe-consulting-services.github.io/acs-aem-commons/features/ms-office-asset-selector/index.html

davidjgonzalez commented 2 years ago

Hi @patrickheinzelmann this looks like an issue with AEM CS and Asset Selector, more than this implementation of Asset Selector (the auth cycle occurs before any ACS AEM Commons is executed - since you have to have auth to access anything on AEM Author).

Would it be possible for you to check if Asset Selector is supported by AEM CS, and if so, if its uses with MS products are supported?

I suspect we may have to mark this one as incompatible with AEM CS, unless we can get the recommended URL for the asset selector consumer to use to access AEM CS's asset selector experience.

LucaNerlich commented 2 years ago

Hi @patrickheinzelmann you need to add the ims redirect urls in your manifest.xml, for example this:

<AppDomains>
        <AppDomain>https://adobe.com</AppDomain>
        <!-- AUTH -->
        <AppDomain>https://auth.services.adobe.com</AppDomain>
        <AppDomain>https://adobeid-na1.services.adobe.com</AppDomain>
        <AppDomain>https://ims-na1.adobelogin.com</AppDomain>
        <AppDomain>https://use.typekit.net</AppDomain>
        <AppDomain>https://server.messaging.adobe.com</AppDomain>
        <AppDomain>https://adobe-api.arkoselabs.com</AppDomain>
        <AppDomain>https://delegated.identity.adobe.com</AppDomain>
        <AppDomain>https://cc-api-behance.adobe.io</AppDomain>
        <AppDomain>https://a5.behance.net</AppDomain>
        <AppDomain>https://assets.adobedtm.com</AppDomain>
        <AppDomain>https://web-sdk.aptrinsic.com</AppDomain>
        <AppDomain>https://amcglobal.sc.omtrdc.net</AppDomain>

        <AppDomain>Your deployed AEM Instance</AppDomain>
    </AppDomains>

Adobe-Consulting-Services / acs-aem-commons