Implementing Gated Access for AEM EDS

On this page, you can find code examples related to our talk at adapt.to 2024 as well as instructions on how to set this up yourself.

The three main sections are:

• create a AEM EDS project: https://github.com/zagi25/adaptto
• create a free CloudFlare account and create a CloudFlare Worker: https://github.com/Ben-Zahler/consumer-worker
• implement or use a service to authenticate/authorize e.g. on Adobe Runtime

AEM EDS Project

Create a new AEM EDS project or clone our demo repo from

The following customisations are implemented:

• header block: read login status, display sign-out link

• hero block: read login status, display user name

Google Drive (public read access):
https://drive.google.com/drive/u/2/folders/1-HwcPKGiw_tHOUubQF1T6q2b6xfpgQNL

CloudFlareWorker

In order to deploy your own CloudFlare worker, you need to create a free account at CloudFlare and connect it to a domain: https://www.cloudflare.com/plans/free/

Our demo implementation is available at:

https://github.com/Ben-Zahler/consumer-worker/blob/main/index.js

Perform the following steps:

• Change “name” in wrangler.toml at the root of the site. Give your worker a short url-friendly (no underscores) name.
• change the domains in index.js to match your EDS setup
• run npm install
• run npm run deploy
• you will be prompted to log in with the cloudflare account you created yourself.
• follow the instructions to deploy your edgeworker

Access Provider

The Access Provider implementation depends a lot on your identity provider, we feel that sharing our code here is not very useful. Please reach out to us if you want to know more about our implementation.

The following two items are required:

• UI to sign in users:
• after a successful login, set two cookies:
• adaptToVerification: token that can be validated in the "verification service"
• adaptToMemberData: JS-readable cookie containing stringified JSON with at lease these two properties:
• level
• userName
• verification service
• verifies an adaptToVerification token
• return http 200 if verification is successful

Code snippet for the verification service:

const userDataJson = JSON.stringify(params.userData);

const decryptedVerification = decrypt(params.verification.trim())?.toString();

if(decryptedVerification !== userDataJson.trim()) {

// verification failed

return errorResponse(400, 'Bad request', logger);

}

//verification successful

return {

statusCode: 200,

body: '',

}