Support OAuth in ContentSync

[YegorKozlov]

In some AEMaaCS environments, security policies may disallow Basic Auth. In such cases, ContentSync can use an Adobe IMS Technical Account with OAuth.

How it works

1. Create an AEMaaCS technical account and download the service credentials JSON from the Adobe Dev Console
2. Convert the service credentials JSON into a com.adobe.acs.commons.adobeio.service.impl.IntegrationServiceImpl.cfg.json OSGi configuration. This can be done via one-liner script:

cat cm-p12345-e9876-integration-1.json | \
jq -r '.integration | {
 "endpoint": ("https://" + .imsEndpoint + "/ims/exchange/jwt"),
 "loginEndpoint": "https://ims-na1.adobelogin.com/c/",
 "privateKey":  .privateKey,
   "clientId":  .technicalAccount.clientId, 
   "clientSecret": .technicalAccount.clientSecret,
   "amcOrgId": .org,
   "techAccountId": .id,
   "adobeLoginClaimKey": ("https://" + .imsEndpoint + "/s/ent_aem_cloud_api")
}' >com.adobe.acs.commons.adobeio.service.impl.IntegrationServiceImpl.cfg.json

which will output

{
  "endpoint": "https://ims-na1.adobelogin.com/ims/exchange/jwt",
  "loginEndpoint": "https://ims-na1.adobelogin.com/c/",
  "privateKey": "************************************",
  "clientId": "cm-p12345-e9876-integration-1",
  "clientSecret": "************************************",
  "amcOrgId": "************************************@AdobeOrg",
  "techAccountId": "************************************@techacct.adobe.com",
  "adobeLoginClaimKey": "https://ims-na1.adobelogin.com/s/ent_aem_cloud_api"
}

3. deploy the OSGi config and change the Auth type in the host configuration to OAuth:
   

4. Ensure the Technical Account User has read access to the content being sync-ed

[github-actions]

Test Results

 3 006 files  ± 0   3 006 suites  ±0   2h 18m 23s ⏱️ + 9m 33s
 1 920 tests + 3   1 920 ✅ + 3  0 💤 ±0  0 ❌ ±0 
17 280 runs  +27  17 274 ✅ +27  6 💤 ±0  0 ❌ ±0 

Results for commit 68090c2. ± Comparison against base commit 8c395ac.

♻️ This comment has been updated with latest results.