OAuth Authorization

Report · Nov 10, 2016

Hi,

I have a web site that I would like to send agreements from a base account, not on behalf of a user.

In server side code I would like to automatically send these agreements.

The first Authorization step is to carry out an 'Authorization Request'. For this you have to supply a redirect URL.

How would I go about retriving an access token from our base account to send these agreements without exposing any kind of logon UI.

I know who I am and have my user name and password so should be able to authenticate myself behind the scenes in order to send an agreement.

I have read:

Client application OAuth

and don;t want to use a 'legacy' integration key.

Thanks

J

Report · May 07, 2017

Hi,

I have the same qestition. Have you solved the problem?

I think I have the name and password, maybe it is not neccessary for user to click in a redict url to get a token.

Thanks

Report · May 19, 2017

I got around this by using a 2 step process.

Step 1:

1. Make sure the redirect url you provide prints out the HTTP POST variables.

2. Open the oauth URL in the browser.

3. It will redirect you to the Adobe sign page to login (if not already logged in) and ask you to accept the "permissions".

4. Once you "allow access" - you will be redirected to the redirect_url you specified in step 2.

5. Your page will print out the HTTP POST variables. Make a note of the "code" and the "api_access_point" => API_URL

6. Use this code to invoke the "oauth/token" api - here's how I do it using PHP.

require 'vendor/autoload.php';

use GuzzleHttp\Client;

$client = new GuzzleHttp\Client();

try {

$response = $client->request('POST', 'API_URL_FROM_STEP_5/oauth/token', [

'form_params' => [

'code' => 'YOUR_CODE_FROM_STEP_5',

'client_id' => 'YOUR_CLIENT_ID',

'client_secret' => 'YOUR_CLIENT_SECRET',

'redirect_uri' => 'SOME_REDIRECT_URL',

'grant_type' => 'authorization_code',

]

]);

$obj = json_decode($response->getBody()->getContents());

$access_token = $obj->access_token;

$refresh_token = $obj->refresh_token

} catch (RequestException $e) {

echo Psr7\str($e->getRequest());

if ($e->hasResponse()) {

echo Psr7\str($e->getResponse());

}

You now have a "access_token" and a "refresh_token". The access_token is valid only for an hour - so in order to call API's I use the refresh_token (see below) to get a new access_token for all API calls

Step 2:

Now you are ready to use the API's, use the refresh_token to generate a new access_token that can be used for your API calls.

1. Here's how to generate a refresh_token (PHP code sample)

public static function refreshToken() {

try {

$client = new GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.na1.echosign.com/oauth/refresh', [

'form_params' => [

'grant_type' => 'refresh_token',

'client_id' => ECHOSIGN_CLIENT_ID,

'client_secret' => ECHOSIGN_CLIENT_SECRET,

'refresh_token' => 'YOUR_REFRESH_TOKEN_FROM_STEP_6_ABOVE'

]

]);

$response = json_decode($response->getBody()->getContents());

return $response->access_token;

} catch (RequestException $e) {

echo Psr7\str($e->getRequest());

if ($e->hasResponse()) {

echo Psr7\str($e->getResponse());

}

return false;

}

2. You now have the access_token to make future api calls.