1 Reply Latest reply on Nov 30, 2016 7:02 AM by jamesj1

    Oauth - Need help.

    pelfed Level 1

      I must be missing something here and it seems many others have asked without proper answer from adobe.


      I don't understand how Oauth can work from within an web application.  I don't want our users to have to Oauth, I want my web application to do this.

      I basically want to create a PDF signable widget that will appear on our web app / site, that our user(s) login to to sign.


      SOAP api looks like the best way to do this, but there is no longer an API key on our account.


      Oauth seems overkill for what we need and involves too much client/user integration steps.  Am I missing something here?

        • 1. Re: Oauth - Need help.
          jamesj1 Level 1

          Hi Pelfed,


          The manual log on process is theoretically a one off.

          Once you have an access token you can use that to connect to the API.

          Just before the access token expires you call the OAuth API with the refresh token to get a new access token.


          Adobe Sign, an Adobe Document Cloud Solution


          What I did was create web app pulled my client id (you create this from your Adobe Sign account) from a database and put it in a URL assigned to a button/link.

          The redirect url is another page on your site (can all be localhost).





          When you click the button/link you will be asked to log on to your account and give access.

          Once done you will be redirected back to your redirect page you supplied in the URL.


          I then write the code, state, api_access_point and web_access_point to my database so can be used in the next step.


          Then you request (POST) an access token by calling the url made up from api_access_point and /oauth/token.

          grant_type (Value must always be "authorization_code")

          client_id (From your adobe account. I store mine in a database)

          client_secret (From your adobe account. I store mine in a database)

          redirect_uri (Same as previous URL used)



          This should return (I also store in my database):




          expires_in (Add this (seconds) to the current date time to get the expiry date time)


          The refresh token request is similar to the access token request. You should be able to work it out.


          I am now in the process of creating a wrapper for the api which will carry out calls while checking the token is still valid.

          If not behind the scenes it will refresh the token.


          TADA, well something like that!!!