AEM Cloud Service - Get Adobe IMS JWT and AEM Access Token using POSTMan for SSO

Goal

This article is on using POSTMan requests to generate a long lived signed JWT token and exchange it with Adobe IMS for an IMS Access Token, valid for 24 hours. Using the access token you can make SSO requests to AEM sending the token in Authorization header. Check AEM documentation 

Download POSTMan Collection

Access Developer Console from Cloud Manager

                    eg. https://experience.adobe.com/#/@myorg/cloud-manager/home.html

Click Service Credentials Button in Integrations

Take Note of the Service Creds

POSTMan Access Token Request - Prerequest Script for JWT Token

var navigator = {};
var window = {};
var PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\r\nMIIECvfNI=\r\n-----END RSA PRIVATE KEY-----\r\n"
var CLIENT_ID = "cm-pxxxx-exxxxx-integration";
var ORG_ID = "2Fxxxxxxx@AdobeOrg";
var SUBJECT = "31xxxxxx@techacct.adobe.com";
var META_SCOPE = "https://ims-na1.adobelogin.com/s/ent_aem_cloud_api";

pm.sendRequest('http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js', (error, response) => {
    if (error) {
        console.log(error);
    } else {
        let resBody = new Buffer.from(response.stream).toString()

        pm.globals.set("jsrsasign-js", resBody);

        eval(pm.globals.get("jsrsasign-js"));

        var jwt_payload = {
            iss: ORG_ID,
            sub: SUBJECT,
            exp: Math.floor((Date.now() / 1000) + 3600 * 8),
            aud: "https://ims-na1.adobelogin.com/c/" + CLIENT_ID,
            META_SCOPE : true
        }

        var jwtToken = KJUR.jws.JWS.sign("RS256", '{"alg" : "RS256","typ" : "JWT"}', jwt_payload, PRIVATE_KEY);

        postman.setEnvironmentVariable("jwt-token", jwtToken);
    }
});

POSTMan Access Token Request - Exchange JWT for Access Token

Use the Access Token in "Authorization" Header 

User in AEM backing the Access Token