Adobe Express Embed SDK API returning Invalid Scope Error

Forum|Forum|2 years ago
March 8, 2023
1 reply
1250 views

I am trying to get an access token for 'Adobe Express Embed SDK' API through my python code. I have already integrated this API into my account in the developer console. However, the status of my project is 'In development' as I am testing the code. The scope mentioned on the credentials page is 'cc_embed'. However, whenever I am trying to generate an access token, I get the error, 'error=invalid_scope' (https://123-12345-12345-4125-1123.in.ngrok.io/redirect/?error=invalid_scope )

I can see this error URL in the browser when I hit the authorization URL to provide consent in the browser. (Note* The https URL is not exactly the same, I have changed the host and other details)

Please note that my app is hosted on localhost, and I have used ngrok to create a secure tunnel to expose port 8000 through a secure tunnel.

I have tried passing the following scopes and other possible combinations listed on the scopes page. But I am constantly facing this issue that when I hit the authorization URL for consent, it says error=invalid_scope. Any idea what I am missing here or what should I do?

scopes = ["cc_embed"]
scopes = ["openid,AdobeID,read_organizations"]
scopes = ["openid,AdobeID,read_organizations,email,address,profile,offline_access,creative_sdk"]

Any help or guidance will be much appreciated. Also, just to inform I have a Premium Pro account.

amandahuang

Participating Frequently

Hi @Subodh28715525t8n5 , our team is currently looking into this. `cc_embed` is the right scope -- and domain tunneling via ngrok should not be an issue. Are you able to share more detailed error messages to better illustrate the problem?

S

Subodh28715525t8n5Author

Participant

hi @amandahuang I can provide the screenshots of the error. The error comes when I hit the authorization URL (as shown in the screenshot). Ideally, when I hit this URL, it should take me to the consent screen, and after the consent, I should get a redirect URL with the auth code.

Also, please look at the browser screenshot with the invalid_scope error in the URL after hitting the authorization URL.

I am also providing the code I am using if that helps. I have changed the redirect URI in the code to avoid putting it in the public domain, but it is the same as I have set up in Adobe Console.

import hashlib
import requests
import secrets
import re

# Set the client ID and redirect URI
client_id = "My client ID here"
redirect_uri = "https://12345-12345-12345-12345-166.in.ngrok.io/redirect"

# Define the authorization endpoint and the token endpoint
auth_endpoint = "https://ims-na1.adobelogin.com/ims/authorize/v2"
token_endpoint = "https://ims-na1.adobelogin.com/ims/token/v3"

# Define the scopes that you want to request access to
#scopes=["cc_embed,openid]
#scopes = ["openid, AdobeID, read_organizations"]
#scopes=["openid, email, address, profile, creative_sdk"]
scopes = ["openid,creative_sdk"]

# Generate a random code verifier and a code challenge using the SHA-256 algorithm
code_verifier = secrets.token_urlsafe(64)
code_challenge = hashlib.sha256(code_verifier.encode()).hexdigest()

# Define the authorization URL with the client ID, scopes, code challenge, and redirect URI
auth_url = auth_endpoint + "?response_type=code&client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&scope=" + " ".join(scopes) + "&code_challenge=" + code_challenge + "&code_challenge_method=S256"

# Open the authorization URL in a browser and prompt the user to consent
print("Please follow the instructions to provide consent in your browser:")
print(auth_url)

# Get the authorization code from the redirected URL
redirected_url = input("Enter the redirected URL: ")
auth_code = re.search("code=(.+?)(&|$)", redirected_url).group(1)

# Exchange the authorization code for an access token
response = requests.post(token_endpoint, data={
    "grant_type": "authorization_code",
    "code": auth_code,
    "client_id": client_id,
    "code_verifier": code_verifier,
    "redirect_uri": redirect_uri
})

# Print the access token
print(response.json()["access_token"])

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded