From 6e9c2b680999a88c334162cb50d9c64c9b1361cb Mon Sep 17 00:00:00 2001 From: theManikJindal Date: Mon, 23 Dec 2024 09:31:04 +0530 Subject: [PATCH 1/2] changing date everywhere --- .../guides/authentication/JWT/JWTCertificate.md | 2 +- src/pages/guides/authentication/JWT/Scopes.md | 2 +- src/pages/guides/authentication/JWT/index.md | 2 +- src/pages/guides/authentication/JWT/samples.md | 2 +- .../ServerToServerAuthentication/faqs.md | 14 +++++++------- .../ServerToServerAuthentication/index.md | 2 +- .../ServerToServerAuthentication/migration.md | 8 ++++---- .../authentication/ServiceAccountIntegration.md | 2 +- src/pages/guides/authentication/index.md | 2 +- src/pages/guides/email-alerts/cert-expiry.md | 2 +- src/pages/guides/index.md | 2 +- 11 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/pages/guides/authentication/JWT/JWTCertificate.md b/src/pages/guides/authentication/JWT/JWTCertificate.md index ad0fa268..7b3ad80b 100644 --- a/src/pages/guides/authentication/JWT/JWTCertificate.md +++ b/src/pages/guides/authentication/JWT/JWTCertificate.md @@ -3,7 +3,7 @@ -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). Create a private key and a public certificate. Make sure you store these securely. diff --git a/src/pages/guides/authentication/JWT/Scopes.md b/src/pages/guides/authentication/JWT/Scopes.md index 3fd45b6a..ff426961 100644 --- a/src/pages/guides/authentication/JWT/Scopes.md +++ b/src/pages/guides/authentication/JWT/Scopes.md @@ -3,7 +3,7 @@ -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). JSON Web Token (JWT) metascopes govern the access and privileges for service accounts. As an application developer, you will choose the set of scopes to access certain resources by specifying the scopes as part of the encoding claims for your JWTs. diff --git a/src/pages/guides/authentication/JWT/index.md b/src/pages/guides/authentication/JWT/index.md index e4b88419..ab37e1ec 100644 --- a/src/pages/guides/authentication/JWT/index.md +++ b/src/pages/guides/authentication/JWT/index.md @@ -2,7 +2,7 @@ -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). To establish a secure service-to-service Adobe I/O API session, you must create a JSON Web Token (JWT) that encapsulates the identity of your integration, and then exchange it for an access token. Every request to an Adobe service must include the access token in the `Authorization` header, along with the API Key (Client ID) that was generated when you created the [Service Account Integration](../ServiceAccountIntegration) in the [Adobe Developer Console](/console). diff --git a/src/pages/guides/authentication/JWT/samples.md b/src/pages/guides/authentication/JWT/samples.md index d73ed388..e29b77c4 100644 --- a/src/pages/guides/authentication/JWT/samples.md +++ b/src/pages/guides/authentication/JWT/samples.md @@ -3,7 +3,7 @@ -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). The following samples demonstrate JWT generation and exchanging it with Adobe IMS endpoint to retrieve an access token. diff --git a/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md b/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md index cd08dcb8..5079b7b0 100644 --- a/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md +++ b/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md @@ -16,7 +16,7 @@ ### What's happening? -In May 2023, Adobe announced the deprecation and end of life of Service Account (JWT) credentials. This means that any of your integrations or custom applications using a Service Account (JWT) credential will need to migrate to the new OAuth Server-to-Server credential before January 27, 2025. +In May 2023, Adobe announced the deprecation and end of life of Service Account (JWT) credentials. This means that any of your integrations or custom applications using a Service Account (JWT) credential will need to migrate to the new OAuth Server-to-Server credential before Jun 30, 2025. @@ -31,23 +31,23 @@ A credential is used to uniquely identify your integration to Adobe. To use an A ### Will my Adobe integrations or applications stop working immediately? -No. Any integration or application using the Service Account (JWT) credential will continue to work until January 27, 2025. See [deprecation timelines](./migration.md#deperecation-timelines). See section on [migration next steps](#migration-next-steps). +No. Any integration or application using the Service Account (JWT) credential will continue to work until June 30, 2025. See [deprecation timelines](./migration.md#deperecation-timelines). See section on [migration next steps](#migration-next-steps). ### What is the deadline to migrate to the new credential? -You must migrate your application to use the new OAuth Server-to-Server credential before January 27, 2025, to ensure your application does not face any downtime. See [migration guide](./migration.md). +You must migrate your application to use the new OAuth Server-to-Server credential before June 30, 2025, to ensure your application does not face any downtime. See [migration guide](./migration.md). -### What happens if we do not migrate our application by Jan 27, 2025? +### What happens if we do not migrate our application by Jun 30, 2025? -Projects on the Developer Console still containing any Service Account (JWT) credentials will be 'frozen' after January 27, 2025. This will disable certificate rotation for your application or any other action to modify the Project or the credential. The ability to migrate will, however, still be available. Once you migrate your application, the Project will be 'unfrozen' again. +Projects on the Developer Console still containing any Service Account (JWT) credentials will be 'frozen' after June 30, 2025. This will disable certificate rotation for your application or any other action to modify the Project or the credential. The ability to migrate will, however, still be available. Once you migrate your application, the Project will be 'unfrozen' again. ### We can currently create new Service Account (JWT) credentials even though they are marked as deprecated. Is it recommended? -No. Creating any new Service Account (JWT) credentials is not recommended. All Service Account (JWT) credentials, whether old or new, will stop working after January 27, 2025. We recommend you avoid migrating your application again and use the new OAuth Server-to-Server credential from the beginning. See our [implementation guide](./implementation.md). +No. Creating any new Service Account (JWT) credentials is not recommended. All Service Account (JWT) credentials, whether old or new, will stop working after June 30, 2025. We recommend you avoid migrating your application again and use the new OAuth Server-to-Server credential from the beginning. See our [implementation guide](./implementation.md). @@ -152,7 +152,7 @@ The company or organization that developed the integration must add support to u ### We are a company or organization that develops applications using Service Account (JWT) credentials that Adobe customers install. What do we need to do? -Until June 3, 2024, customers can still create Service Account (JWT) credentials to use your application. However, any existing or new customers of your application must switch to using the new OAuth Server-to-Server credentials before January 27, 2025. +Until June 3, 2024, customers can still create Service Account (JWT) credentials to use your application. However, any existing or new customers of your application must switch to using the new OAuth Server-to-Server credentials before June 30, 2025. Therefore, we recommend enhancing your application before June3, 2024. You must add support to use the new credential and support for customers to migrate from the old credential to the new credential. diff --git a/src/pages/guides/authentication/ServerToServerAuthentication/index.md b/src/pages/guides/authentication/ServerToServerAuthentication/index.md index 60af4522..bfc61689 100644 --- a/src/pages/guides/authentication/ServerToServerAuthentication/index.md +++ b/src/pages/guides/authentication/ServerToServerAuthentication/index.md @@ -48,7 +48,7 @@ Read our OAuth Server-to-server credential implementation guide - -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). Service Account (JWT) credentials rely on the JWT token exchange mechanism to generate access tokens. This credential's details include two secrets a `client_secret` and a `private.key` (part of a public certificate private key pair). diff --git a/src/pages/guides/authentication/ServerToServerAuthentication/migration.md b/src/pages/guides/authentication/ServerToServerAuthentication/migration.md index 53f00073..5e4bf132 100644 --- a/src/pages/guides/authentication/ServerToServerAuthentication/migration.md +++ b/src/pages/guides/authentication/ServerToServerAuthentication/migration.md @@ -4,7 +4,7 @@ The Service Account (JWT) credentials have been deprecated in favor of the new O The new OAuth Server-to-Server credentials simplify all aspects of application development - experimentation, implementation, and maintenance. See the section on [Why OAuth Server-to-Server credentials?](#why-oauth-server-to-server-credentials) below to learn more. -While the Service Account (JWT) credentials have been marked as deprecated, they will continue to work until **Jan 27, 2025**. Therefore you must migrate your application or integration to use the new OAuth Server-to-Server credential before Jan 27, 2025. See the section on [deprecation timelines](#deperecation-timelines) below to learn more. +While the Service Account (JWT) credentials have been marked as deprecated, they will continue to work until **Jun 30, 2025**. Therefore you must migrate your application or integration to use the new OAuth Server-to-Server credential before Jun 30, 2025. See the section on [deprecation timelines](#deperecation-timelines) below to learn more. Migrating your applications to the OAuth Server-to-Server credential is a simple two-step process that enables a zero downtime migration for your applications and integrations. Please read our [migration guide](#migration-overview) below to familiarize yourself with the migration process. @@ -45,12 +45,12 @@ Lastly, while the new OAuth Server-to-Server credentials do not use expiring cer -Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. +Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. -| | May 1, 2023 - Jun 2, 2024 | Jun 3, 2024 - Jan 26, 2024 | Jan 27, 2025 (end of life) | +| | May 1, 2023 - Jun 2, 2024 | Jun 3, 2024 - Jun 29, 2025 | Jun 30, 2025 (end of life) | |-|------------------------------|---------------------------------|-------------------------------| -| Existing applications using a Service Account (JWT) credential | Existing applications using the Service Account (JWT) credential will continue to work. | Existing applications using the Service Account (JWT) credential will continue to work. | **Existing applications cannot refresh expiring certificates after Jan 27, 2025, and will stop working**. | +| Existing applications using a Service Account (JWT) credential | Existing applications using the Service Account (JWT) credential will continue to work. | Existing applications using the Service Account (JWT) credential will continue to work. | **Existing applications cannot refresh expiring certificates after Jun 30, 2025, and will stop working**. | | New applications creating a Service Account (JWT) credential | A new Service Account (JWT) credential can be added to the project. | A new Service Account (JWT) credential **cannot** be created or added to the project. | A new Service Account (JWT) credential **cannot** be created or added to the project. | ## Migration Overview diff --git a/src/pages/guides/authentication/ServiceAccountIntegration.md b/src/pages/guides/authentication/ServiceAccountIntegration.md index 2aa52276..f91e9022 100644 --- a/src/pages/guides/authentication/ServiceAccountIntegration.md +++ b/src/pages/guides/authentication/ServiceAccountIntegration.md @@ -3,7 +3,7 @@ -Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. **You must migrate to the new credential by Jan 27, 2025 in order to ensure your application continues to function. View our [migration guide](../ServerToServerAuthentication/migration.md) to know more.** +Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. **You must migrate to the new credential by Jun 30, 2025 in order to ensure your application continues to function. View our [migration guide](../ServerToServerAuthentication/migration.md) to know more.** A Service Account connection allows your application to call Adobe services on behalf of the application itself or on behalf of an enterprise organization. diff --git a/src/pages/guides/authentication/index.md b/src/pages/guides/authentication/index.md index 88f9558d..055364a0 100644 --- a/src/pages/guides/authentication/index.md +++ b/src/pages/guides/authentication/index.md @@ -48,7 +48,7 @@ View our guide on server to server authentication credentials - -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./ServerToServerAuthentication/migration.md). ## API key authentication diff --git a/src/pages/guides/email-alerts/cert-expiry.md b/src/pages/guides/email-alerts/cert-expiry.md index c401f2fb..8a81fcb5 100644 --- a/src/pages/guides/email-alerts/cert-expiry.md +++ b/src/pages/guides/email-alerts/cert-expiry.md @@ -14,7 +14,7 @@ Upon receiving the email alert, you need to replace the expiring certificate key -Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. **You must migrate to the new credential by Jan 27, 2025 in order to ensure your application continues to function. View our [migration guide](../ServerToServerAuthentication/migration.md) to know more.** +Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. **You must migrate to the new credential by Jun 30, 2025 in order to ensure your application continues to function. View our [migration guide](../ServerToServerAuthentication/migration.md) to know more.** ## A step-by-step guide to replacing expiring certificate key pairs diff --git a/src/pages/guides/index.md b/src/pages/guides/index.md index 7ab35f53..12edef9e 100644 --- a/src/pages/guides/index.md +++ b/src/pages/guides/index.md @@ -53,7 +53,7 @@ Quickly start building an App Builder application by using the App Builder proje ### Migrate to the new OAuth Server-to-Server credential -The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jan 27, 2025. You must migrate to the new credential by **Jan 27, 2025**, to ensure your application continues functioning. [Learn more](./authentication/ServerToServerAuthentication/migration.md) +The Service Account (JWT) credentials have been deprecated in favor of the OAuth Server-to-Server credentials. Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. You must migrate to the new credential by **Jun 30, 2025**, to ensure your application continues functioning. [Learn more](./authentication/ServerToServerAuthentication/migration.md) ### Email alerts From 3552a4be14e2746f13ae0f08b38854281354518e Mon Sep 17 00:00:00 2001 From: theManikJindal Date: Mon, 23 Dec 2024 12:41:35 +0530 Subject: [PATCH 2/2] Explaining EOL date change, auto-gen projects, automatic conversion of JWT to OAuth S2S credentials, and final drop date of Mar 1, 2026 --- .../ServerToServerAuthentication/faqs.md | 14 +++++++++++++- .../ServerToServerAuthentication/migration.md | 18 ++++++++++++------ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md b/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md index 5079b7b0..c10557e5 100644 --- a/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md +++ b/src/pages/guides/authentication/ServerToServerAuthentication/faqs.md @@ -7,6 +7,7 @@ + [Benefits of the new credential](#benefits-of-the-new-credential) + [Migration next steps](#migration-next-steps) + [Migrating vendor applications](#migrating-vendor-applications) ++ [Migrating Auto-generated projects](#migrating-auto-generated-projects) + [Adobe assistance](#adobe-assistance) @@ -36,7 +37,7 @@ No. Any integration or application using the Service Account (JWT) credential wi ### What is the deadline to migrate to the new credential? -You must migrate your application to use the new OAuth Server-to-Server credential before June 30, 2025, to ensure your application does not face any downtime. See [migration guide](./migration.md). +You must migrate your application to use the new OAuth Server-to-Server credential before June 30, 2025, to ensure your application does not face any downtime. See [deprecation timelines](./migration.md#deperecation-timelines). See [migration guide](./migration.md). @@ -44,6 +45,9 @@ You must migrate your application to use the new OAuth Server-to-Server credenti Projects on the Developer Console still containing any Service Account (JWT) credentials will be 'frozen' after June 30, 2025. This will disable certificate rotation for your application or any other action to modify the Project or the credential. The ability to migrate will, however, still be available. Once you migrate your application, the Project will be 'unfrozen' again. +Furthermore, Adobe will automatically convert any Service Account (JWT) credential with expired certificates to an OAuth Server-to-Server credential. + +Finally, on Mar 1, 2026, all JWT credentials (regardless of certificate validity) will stop working. ### We can currently create new Service Account (JWT) credentials even though they are marked as deprecated. Is it recommended? @@ -157,6 +161,14 @@ Until June 3, 2024, customers can still create Service Account (JWT) credentials Therefore, we recommend enhancing your application before June3, 2024. You must add support to use the new credential and support for customers to migrate from the old credential to the new credential. +## Migrating Auto-generated projects + +### Do we need to migrate auto-generated projects? +No. Adobe will migrate all auto-generated projects without needing your action. + +### When will Adobe migrate auto-generated projects? +Adobe will migrate all auto-generated projects before Jun 30, 2025. + ## Adobe assistance diff --git a/src/pages/guides/authentication/ServerToServerAuthentication/migration.md b/src/pages/guides/authentication/ServerToServerAuthentication/migration.md index 5e4bf132..a32dcf8f 100644 --- a/src/pages/guides/authentication/ServerToServerAuthentication/migration.md +++ b/src/pages/guides/authentication/ServerToServerAuthentication/migration.md @@ -6,6 +6,10 @@ The new OAuth Server-to-Server credentials simplify all aspects of application d While the Service Account (JWT) credentials have been marked as deprecated, they will continue to work until **Jun 30, 2025**. Therefore you must migrate your application or integration to use the new OAuth Server-to-Server credential before Jun 30, 2025. See the section on [deprecation timelines](#deperecation-timelines) below to learn more. + + +Note: The end-of-life date for JWT credentials has been extended from Jan 27, 2025, to Jun 30, 2025. + Migrating your applications to the OAuth Server-to-Server credential is a simple two-step process that enables a zero downtime migration for your applications and integrations. Please read our [migration guide](#migration-overview) below to familiarize yourself with the migration process. If you have more questions, check out our [frequently asked questions](#faqs) or visit the Adobe Developer Console [forums](https://experienceleaguecommunities.adobe.com/t5/adobe-developer-console/ct-p/adobe-io-console). @@ -45,13 +49,15 @@ Lastly, while the new OAuth Server-to-Server credentials do not use expiring cer -Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. - +Your applications using the Service Account (JWT) credentials will stop working after Jun 30, 2025. +Note: The end-of-life date for JWT credentials has been extended from Jan 27, 2025, to Jun 30, 2025. -| | May 1, 2023 - Jun 2, 2024 | Jun 3, 2024 - Jun 29, 2025 | Jun 30, 2025 (end of life) | -|-|------------------------------|---------------------------------|-------------------------------| -| Existing applications using a Service Account (JWT) credential | Existing applications using the Service Account (JWT) credential will continue to work. | Existing applications using the Service Account (JWT) credential will continue to work. | **Existing applications cannot refresh expiring certificates after Jun 30, 2025, and will stop working**. | -| New applications creating a Service Account (JWT) credential | A new Service Account (JWT) credential can be added to the project. | A new Service Account (JWT) credential **cannot** be created or added to the project. | A new Service Account (JWT) credential **cannot** be created or added to the project. | +| Timeline | Event | Impact on existing & new applications | +|--------------|-----------------------------------------------|---------------------------------------| +| May 1, 2023 | Deprecation and end-of-life date announced. | Existing applications using JWT continue to work. New applications can still create new JWT credentials. | +| Jun 3, 2024 | New JWT credentials cannot be created. | Existing applications using JWT continue to work. New applications cannot create new JWT credentials. | +| Jun 30, 2025 | JWT credentials are end-of-life. | Applications using JWT can no longer refresh certificates and will stop working when existing certificates expire. Any JWT credential that expires will be automatically converted to an OAuth Server-to-server credential. | +| Mar 1, 2026 | All JWT credentials stop working. | Regardless of certificate validity, any application using JWT will stop working *on* March 1, 2026. | ## Migration Overview