da-auth
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDA Authentication
DA 认证
Gets a valid Adobe IMS access token and stores it in for use in subsequent API calls.
DA_TOKENadmin.da.live获取有效的Adobe IMS访问令牌并将其存储在中,供后续 API调用使用。
DA_TOKENadmin.da.liveWhen to Use This Skill
何时使用此技能
Use this skill whenever you need to call the DA Admin API () and do not already have a valid token in scope. Common cases:
admin.da.live- Pushing or updating page content in DA
- Listing documents in a DA repository
- Triggering a DA content preview
Do NOT use this skill when:
- You already obtained a earlier in the same session and it has not expired (tokens are valid for ~1 hour with a 60-second buffer)
DA_TOKEN - The create-site skill is already handling authentication as part of its own flow
- A DA MCP server is active in the session — use its authentication tool directly instead
当您需要调用DA Admin API()且当前范围内没有有效令牌时,请使用此技能。常见场景:
admin.da.live- 在DA中推送或更新页面内容
- 列出DA仓库中的文档
- 触发DA内容预览
请勿在以下情况使用此技能:
- 您在同一会话的早期已获取且尚未过期(令牌有效期约1小时,含60秒缓冲时间)
DA_TOKEN - create-site技能已在自身流程中处理认证
- 会话中已有DA MCP服务器处于活动状态——请直接使用其认证工具
Prerequisites
前提条件
- Node.js 18+ installed
- A browser accessible from the machine (for the OAuth flow)
- Network access to
ims-na1.adobelogin.com
- 已安装Node.js 18+
- 机器可访问浏览器(用于OAuth流程)
- 可访问的网络权限
ims-na1.adobelogin.com
Related Skills
相关技能
- create-site — includes its own DA auth step for new site onboarding; do not invoke da-auth separately within that flow
- content-driven-development — use da-auth before pushing authored content to DA
- building-blocks — use da-auth if test content needs to be pushed to DA for block development
- create-site — 包含新站点上线所需的DA认证步骤;在此流程内请勿单独调用da-auth
- content-driven-development — 在DA推送创作内容前使用da-auth
- building-blocks — 若需将测试内容推送至DA进行组件开发,请使用da-auth
Step 1: Check for a Cached Token
步骤1:检查缓存令牌
Before triggering a browser login, check whether a valid token is already cached.
bash
DA_TOKEN=$(node -e "
const fs = require('fs');
const p = process.env.HOME + '/.aem/da-token.json';
try {
const t = JSON.parse(fs.readFileSync(p, 'utf8'));
if (t.expires_at > Date.now() + 60000) process.stdout.write(t.access_token);
} catch {}
")If is non-empty, skip to Step 3.
DA_TOKEN触发浏览器登录前,先检查是否已有有效令牌缓存。
bash
DA_TOKEN=$(node -e "
const fs = require('fs');
const p = process.env.HOME + '/.aem/da-token.json';
try {
const t = JSON.parse(fs.readFileSync(p, 'utf8'));
if (t.expires_at > Date.now() + 60000) process.stdout.write(t.access_token);
} catch {}
")若非空,跳至步骤3。
DA_TOKENStep 2: Obtain a Token (login required)
步骤2:获取令牌(需登录)
Choose the option that fits the environment:
Option A (preferred) — CLI:
da-auth-helperThe tool handles the full IMS OAuth 2.0 implicit flow, caches the token at , and prints the token to stdout.
da-auth-helper~/.aem/da-token.jsonbash
undefined选择符合环境的选项:
选项A(推荐)—— CLI:
da-auth-helperda-auth-helper~/.aem/da-token.jsonbash
undefinedRun directly without a global install
无需全局安装直接运行
DA_TOKEN=$(npx github:adobe-rnd/da-auth-helper token)
If `npx` is unavailable or slow, install globally first:
```bash
npm install -g github:adobe-rnd/da-auth-helper
DA_TOKEN=$(da-auth-helper token)This opens a browser window. Instruct the user:
Please complete the Adobe IMS login in the browser window that just opened. The token will be captured automatically once you log in.
Success: is a non-empty JWT string starting with .
DA_TOKENeyJOption B — DA MCP server:
If a DA MCP server is configured in the session, use its authentication tool to start the OAuth flow and retrieve the token from the response.
Option C — Manual paste (last resort):
I need an Adobe IMS access token to push content to DA. You can copy one from your browser:
- Open da.live and log in
- Open DevTools → Network tab → find any request to
admin.da.live- Copy the
value (without theAuthorization: Bearer <token>prefix)Bearer- Paste it here
DA_TOKEN=$(npx github:adobe-rnd/da-auth-helper token)
若`npx`不可用或运行缓慢,可先全局安装:
```bash
npm install -g github:adobe-rnd/da-auth-helper
DA_TOKEN=$(da-auth-helper token)此操作会打开浏览器窗口,请告知用户:
请在刚打开的浏览器窗口中完成Adobe IMS登录。登录成功后,令牌将自动被捕获。
成功:为非空的JWT字符串,以开头。
DA_TOKENeyJ选项B — DA MCP服务器:
若会话中已配置DA MCP服务器,可使用其认证工具启动OAuth流程并从响应中获取令牌。
选项C — 手动粘贴(最后手段):
我需要一个Adobe IMS访问令牌来向DA推送内容。您可从浏览器中复制:
- 打开da.live并登录
- 打开开发者工具→网络标签→找到任意向
发送的请求admin.da.live- 复制
的值(不含Authorization: Bearer <token>前缀)Bearer- 粘贴至此处
Step 3: Verify the Token Works
步骤3:验证令牌可用性
Confirm the token is accepted by the DA API before proceeding:
bash
curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer {{DA_TOKEN}}" \
"https://admin.da.live/list/{{ORG}}/{{REPO}}"Success: HTTP . The token is valid — is ready for use by the calling skill.
200DA_TOKEN继续操作前,确认令牌可被DA API接受:
bash
curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer {{DA_TOKEN}}" \
"https://admin.da.live/list/{{ORG}}/{{REPO}}"成功:返回HTTP 。令牌有效——已准备好供调用技能使用。
200DA_TOKENTroubleshooting
问题排查
| Symptom | Likely cause | Fix |
|---|---|---|
| No cached token or token expired | Proceed to Step 2 |
| Browser window does not open | | Use Option B (MCP) or Option C (manual paste) |
| Network restrictions on GitHub package registry | Use Option B (DA MCP server) or Option C (manual token paste) |
Step 3 returns | Token expired between steps | Re-run Step 2 to refresh |
Step 3 returns | Authenticated user lacks access to | Ask the user to verify their DA permissions for that org/repo |
| 症状 | 可能原因 | 解决方法 |
|---|---|---|
步骤1后 | 无缓存令牌或令牌已过期 | 执行步骤2 |
| 浏览器窗口未打开 | | 使用选项B(MCP)或选项C(手动粘贴) |
| GitHub包注册表受网络限制 | 使用选项B(DA MCP服务器)或选项C(手动粘贴令牌) |
步骤3返回 | 步骤间令牌已过期 | 重新执行步骤2刷新令牌 |
步骤3返回 | 已认证用户无 | 请用户验证其对该组织/仓库的DA权限 |
Reference
参考资料
- DA Auth Helper: https://github.com/adobe-rnd/da-auth-helper
- DA Admin API: https://opensource.adobe.com/da-admin/
- Token cache location:
~/.aem/da-token.json
- DA Auth Helper: https://github.com/adobe-rnd/da-auth-helper
- DA Admin API: https://opensource.adobe.com/da-admin/
- 令牌缓存位置:
~/.aem/da-token.json