adobe/auth
plugins/aem/project-management/skills/auth/SKILL.md
Authenticate with AEM Edge Delivery Services using Adobe IMS OAuth. Opens browser for Adobe ID login and captures token. Works for admin.hlx.page, admin.da.live, and Config Service APIs.
$ install --global
skillsauthnpx skillsauth add adobe/skills authInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 30, 2026, 4:27 AM232.9s3 files scanned
SKILL.md
- name:
- auth
- description:
- Authenticate with AEM Edge Delivery Services using Adobe IMS OAuth. Opens browser for Adobe ID login and captures token. Works for admin.hlx.page, admin.da.live, and Config Service APIs.
- license:
- Apache-2.0
- allowed-tools:
- Read, Write, Edit, Bash, AskUserQuestion
- version:
- 2.0.0
AEM Edge Delivery Services Authentication
Authenticate with Adobe IMS to obtain a Bearer token for all Edge Delivery Services admin operations.
Token Usage
The IMS token works for all admin APIs:
| API | Usage |
|-----|-------|
| admin.hlx.page | Preview, publish, status, code sync, jobs, logs |
| admin.da.live | DA content operations (list, source, copy, move) |
| Config Service | Sites, config, secrets, API keys, profiles |
Header: Authorization: Bearer ${IMS_TOKEN}
When to Use This Skill
- API returns 401 Unauthorized
- User says "login", "authenticate", "auth"
- Before any admin operation when token is missing/expired
- Before generating guides that need API access
Prerequisites
- Node.js installed
- Playwright installed (
npx playwright install chromium)
Authentication Flow
Step 1: Check Existing Token
CONFIG_FILE=".claude-plugin/project-config.json"
mkdir -p .claude-plugin
grep -qxF '.claude-plugin/' .gitignore 2>/dev/null || echo '.claude-plugin/' >> .gitignore
IMS_TOKEN=$(cat "$CONFIG_FILE" 2>/dev/null | node -e "
const d = require('fs').readFileSync(0,'utf8');
try { console.log(JSON.parse(d).imsToken || ''); } catch(e) { console.log(''); }
")
IMS_EXPIRY=$(cat "$CONFIG_FILE" 2>/dev/null | node -e "
const d = require('fs').readFileSync(0,'utf8');
try { console.log(JSON.parse(d).imsTokenExpiry || 0); } catch(e) { console.log(0); }
")
NOW=$(date +%s)
if [ -n "$IMS_TOKEN" ] && [ "$IMS_EXPIRY" -gt "$((NOW + 60))" ]; then
echo "Token valid (expires in $((IMS_EXPIRY - NOW)) seconds)"
exit 0
fi
echo "Token missing or expired. Starting login..."
Step 2: Install Playwright (if needed)
npx playwright --version 2>/dev/null || npm install -g playwright
npx playwright install chromium 2>/dev/null || true
Step 3: Capture IMS Token via Playwright
Playwright opens browser, local HTTP server captures the OAuth token from redirect, then browser closes automatically.
mkdir -p .claude-plugin
node -e "
const http = require('http');
const fs = require('fs');
const { chromium } = require('playwright');
const CALLBACK_PORT = 9898;
const CONFIG_PATH = '.claude-plugin/project-config.json';
const scopes = 'ab.manage,AdobeID,gnav,openid,org.read,read_organizations,session,aem.frontend.all,additional_info.ownerOrg,additional_info.projectedProductContext,account_cluster.read';
const authUrl = 'https://ims-na1.adobelogin.com/ims/authorize/v2' +
'?client_id=darkalley' +
'&scope=' + encodeURIComponent(scopes) +
'&response_type=token' +
'&redirect_uri=' + encodeURIComponent('http://localhost:' + CALLBACK_PORT + '/callback');
let browser;
const server = http.createServer((req, res) => {
const url = new URL(req.url, 'http://localhost:' + CALLBACK_PORT);
if (url.pathname === '/callback') {
res.writeHead(200, { 'Content-Type': 'text/html' });
res.end(\\\`<!DOCTYPE html><html><body>
<script>
const p = new URLSearchParams(window.location.hash.substring(1));
const token = p.get('access_token');
const expiresIn = p.get('expires_in');
if (token) {
fetch('/token?access_token=' + encodeURIComponent(token) + '&expires_in=' + encodeURIComponent(expiresIn || ''));
document.body.innerHTML = '<h2>Login successful!</h2>';
} else {
fetch('/token?error=failed');
document.body.innerHTML = '<h2>Login failed</h2>';
}
</script>
</body></html>\\\`);
return;
}
if (url.pathname === '/token') {
const token = url.searchParams.get('access_token');
const expiresIn = url.searchParams.get('expires_in');
res.writeHead(200); res.end();
server.close();
if (token) {
const expiresAt = Math.floor(Date.now() / 1000) + parseInt(expiresIn || '86400', 10);
let config = {};
try { config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8')); } catch(e) {}
config.imsToken = token;
config.imsTokenExpiry = expiresAt;
fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
console.log('Authentication successful');
console.log('Expires: ' + new Date(expiresAt * 1000).toISOString());
// Auto-close browser
if (browser) browser.close().then(() => process.exit(0));
} else {
console.error('Login failed');
if (browser) browser.close().then(() => process.exit(1));
}
}
});
(async () => {
server.listen(CALLBACK_PORT, 'localhost');
console.log('Opening browser for Adobe ID login...');
browser = await chromium.launch({ headless: false });
const page = await browser.newPage();
await page.goto(authUrl);
// Timeout after 5 minutes
setTimeout(() => {
console.error('Login timed out');
server.close();
browser.close().then(() => process.exit(1));
}, 5 * 60 * 1000);
})();
"
Token Storage
Stored in .claude-plugin/project-config.json:
{
"org": "myorg",
"site": "mysite",
"imsToken": "eyJ...",
"imsTokenExpiry": 1777891272
}
| Field | Description |
|-------|-------------|
| imsToken | IMS OAuth token |
| imsTokenExpiry | Unix timestamp when token expires |
Using the Token
IMS_TOKEN=$(cat .claude-plugin/project-config.json | node -e "
const d = require('fs').readFileSync(0,'utf8');
console.log(JSON.parse(d).imsToken);
")
# All APIs use the same header
curl -H "Authorization: Bearer ${IMS_TOKEN}" "https://admin.hlx.page/status/{org}/{site}/main/"
curl -H "Authorization: Bearer ${IMS_TOKEN}" "https://admin.hlx.page/config/{org}/sites.json"
curl -H "Authorization: Bearer ${IMS_TOKEN}" "https://admin.da.live/list/{org}/{site}"
Troubleshooting
| Issue | Solution |
|-------|----------|
| npx playwright not found | Run npm install -g playwright |
| Browser doesn't open | Run npx playwright install chromium |
| Port 9898 in use | Kill process or wait |
| Login page doesn't load | Check network to ims-na1.adobelogin.com |
| Token not captured | Ensure login completed before closing browser |
| 401 after login | Token expired, re-authenticate |
| 403 on API | User lacks permission for that org/site |
Integration
Called by: ops, admin, authoring, development, handover
Skill({ skill: "project-management:auth" })
Related Skills
adobe/cja-top-movers-watchlist
tools
VerifiedTrustedCommunity
Identifies which items (pages, campaigns, products, channels, regions) had the biggest increases or decreases for a key metric between two time periods. Use this skill when someone asks "what's up and what's down," "which campaigns moved the most," "top gainers and losers," "what pages are trending," "show me what changed by channel," or any variation of identifying the biggest movers and decliners for a metric.
112SKILL.mdUpdated Jun 2, 2026
adobe/cja-segment-performance-comparator
tools
VerifiedTrustedCommunity
Compares the performance of two or more audience segments across key metrics side by side. Use this skill when someone wants to compare audiences, cohorts, or groups — for example, "how do mobile users compare to desktop users on conversion," "compare new vs. returning visitors," "show me the difference between these two segments," "compare these audiences on our KPIs," or "which segment performs better." Also trigger for "segment comparison," "audience comparison," or "cohort comparison."
112SKILL.mdUpdated Jun 2, 2026
adobe/cja-kpi-pulse
business
VerifiedTrustedCommunity
Produces a compact KPI digest showing how key metrics changed over a period and what's driving the movement. Use this skill when someone asks for a performance summary, a weekly recap, a morning briefing, a KPI update, or any variation of "how did we do this week/month." Also trigger for requests like "give me a performance overview," "what moved in the last 7 days," "pull our KPI report," or "summarize our metrics."
112SKILL.mdUpdated Jun 2, 2026
adobe/cja-funnel-health-check
testing
VerifiedTrustedCommunity
Analyzes a multi-step conversion funnel to find where users drop off and which steps have the worst leakage. Use this skill when someone describes a journey or funnel and asks about conversion rates, drop-off, fallout, or step completion. Trigger for phrases like "analyze our onboarding funnel," "where are users dropping off," "what's our checkout conversion rate," "funnel analysis," "show me fallout between these steps," or "which step loses the most users."
112SKILL.mdUpdated Jun 2, 2026