Adobe Express Embed SDK API returning Invalid Scope Error

hi @amandahuang I can provide the screenshots of the error. The error comes when I hit the authorization URL (as shown in the screenshot). Ideally, when I hit this URL, it should take me to the consent screen, and after the consent, I should get a redirect URL with the auth code. 

Also, please look at the browser screenshot with the invalid_scope error in the URL after hitting the authorization URL.

I am also providing the code I am using if that helps.  I have changed the redirect URI in the code to avoid putting it in the public domain, but it is the same as I have set up in Adobe Console.

import hashlib
import requests
import secrets
import re

# Set the client ID and redirect URI
client_id = "My client ID here"
redirect_uri = "https://12345-12345-12345-12345-166.in.ngrok.io/redirect"

# Define the authorization endpoint and the token endpoint
auth_endpoint = "https://ims-na1.adobelogin.com/ims/authorize/v2"
token_endpoint = "https://ims-na1.adobelogin.com/ims/token/v3"

# Define the scopes that you want to request access to
#scopes=["cc_embed,openid]
#scopes = ["openid, AdobeID, read_organizations"]
#scopes=["openid, email, address, profile, creative_sdk"]
scopes = ["openid,creative_sdk"]

# Generate a random code verifier and a code challenge using the SHA-256 algorithm
code_verifier = secrets.token_urlsafe(64)
code_challenge = hashlib.sha256(code_verifier.encode()).hexdigest()

# Define the authorization URL with the client ID, scopes, code challenge, and redirect URI
auth_url = auth_endpoint + "?response_type=code&client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&scope=" + " ".join(scopes) + "&code_challenge=" + code_challenge + "&code_challenge_method=S256"

# Open the authorization URL in a browser and prompt the user to consent
print("Please follow the instructions to provide consent in your browser:")
print(auth_url)

# Get the authorization code from the redirected URL
redirected_url = input("Enter the redirected URL: ")
auth_code = re.search("code=(.+?)(&|$)", redirected_url).group(1)

# Exchange the authorization code for an access token
response = requests.post(token_endpoint, data={
    "grant_type": "authorization_code",
    "code": auth_code,
    "client_id": client_id,
    "code_verifier": code_verifier,
    "redirect_uri": redirect_uri
})

# Print the access token
print(response.json()["access_token"])

@amandahuang, Any update on this? I am still facing the issue.

Hi @Subodh28715525t8n5 , I replied in the other forum but please email me amandah@adobe.com and we can set up a call to troubleshoot this. I can see the issue from the code now. You don't have to manually define the auth url parameters and make a GET call. All you need to do is call the SDK's initialize method and the rest is handled by the SDK in the background. Let me know if this helps. The initialize method automatically will route your app to the redirect URI you define in the Developer Console. If you're integrating with v2, delayed login is the default experience and you should not even experience the login until after the iframe has already appeared.

From your other post, I can see the issue from the code now. You don't have to manually define the auth url parameters and make a GET call. This is a web SDK. All you need to do is call the SDK's initialize method and the rest is handled by the SDK in the background. Let me know if this helps. The initialize method automatically will route your app to the redirect URI you define in the Developer Console. If you're integrating with v2, delayed login is the default experience and you should not even experience the login until after the iframe has already appeared.

Can you share your clientID here? I can check that everything is set up on the backend.

@Subodh28715525t8n5 Hi -- you don't need access to any IMS scope to access the SDK. The way you are attempting to access/initialize the SDK is incorrect. Please refer to the documentation and use the `initialize` API rather than making a POST call to the IMS server.