Copy link to clipboard
Copied
OAuth is a widely used framework for allowing users to authorize API access. Adobe Sign's implementation complies with the OAuth 2.0 specification, described in this RFC.
This is a direct quote from the OAuth documentation for echosign, but I cannot seem to use the grant type "client_credentials", as the endpoint only responds with the following.
{
"error_description": "Invalid grant_type client_credentials",
"error": "invalid_request"
}
Here is an example of my request that results in this error message
POST /oauth/token HTTP/1.1
Host: secure.eu1.echosign.com
Authorization: Basic **********************************
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
grant_type=client_credentials
As client_credentials is part of the spec, and I would very much like to use it for the application I have in mind, what would be my steps to proceed?
Is there a way for me to enable client_credentials for my application?
P.s.
These documentations could do with an update that states clearly that having the correct region (i.e. secure.{region}.echosign.com) in the oauth URI is imperative, and that you may receive invalid_request if you're in the wrong region.
I was in contact with Adobe Support via Twitter from Sunday - Thursday, here is my finding from that interaction.
Adobe Sign implementation & OAuth2
TL;DR Use manual authentication to get the refresh token, and store that. If your refresh token expires (60 day inactivity or some other reason), you have to go through manual authentication again. Alternatively, completely ignore OAuth and contact their sales team for an integration key.
Copy link to clipboard
Copied
I was in contact with Adobe Support via Twitter from Sunday - Thursday, here is my finding from that interaction.
Adobe Sign implementation & OAuth2
TL;DR Use manual authentication to get the refresh token, and store that. If your refresh token expires (60 day inactivity or some other reason), you have to go through manual authentication again. Alternatively, completely ignore OAuth and contact their sales team for an integration key.