paulh
/
adobe-to-docusign-migrator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: correct Adobe Sign token refresh endpoint and add auth error handling 

Adobe Sign uses a non-standard separate endpoint for refresh:
/oauth/v2/refresh (not /oauth/v2/token). Using the wrong endpoint
returned a misleading "Invalid grant_type refresh_token" error.

Also:
- Remove redirect_uri from refresh requests (not required)
- Add clear RuntimeError message directing user to re-authenticate
- Validate access_token is non-empty before saving in adobe_auth.py
- Log token lengths and exchange response keys on successful auth

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Paul Huliganga 2026-04-16 10:10:12 -04:00
parent 766986a795
commit 9c6c01d619
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/adobe_api.py
View File

@ -5,8 +5,8 @@ from dotenv import load_dotenv, set_key
load_dotenv() load_dotenv()
SHARD = "eu2" SHARD = "eu2"
TOKEN_URL = f"https://api.{SHARD}.adobesign.com/oauth/v2/token" TOKEN_URL = f"https://api.{SHARD}.adobesign.com/oauth/v2/token" # initial auth code exchange
REDIRECT_URI = "https://localhost:8080/callback" REFRESH_URL = f"https://api.{SHARD}.adobesign.com/oauth/v2/refresh" # token refresh (non-standard separate endpoint)
ENV_FILE = os.path.join(os.path.dirname(__file__), "..", ".env") ENV_FILE = os.path.join(os.path.dirname(__file__), "..", ".env")
@ -16,21 +16,22 @@ def _refresh_access_token():
refresh_token = os.getenv("ADOBE_REFRESH_TOKEN") refresh_token = os.getenv("ADOBE_REFRESH_TOKEN")
if not all([client_id, client_secret, refresh_token]): if not all([client_id, client_secret, refresh_token]):
raise RuntimeError("Missing credentials for token refresh. Run src/auth_adobe.py first.") raise RuntimeError("Missing credentials for token refresh. Run src/adobe_auth.py first.")
data = { data = {
"grant_type": "refresh_token", "grant_type": "refresh_token",
"refresh_token": refresh_token, "refresh_token": refresh_token,
"client_id": client_id, "client_id": client_id,
"client_secret": client_secret, "client_secret": client_secret,
"redirect_uri": REDIRECT_URI,
} }
resp = requests.post(TOKEN_URL, data=data) resp = requests.post(REFRESH_URL, data=data)
resp.raise_for_status() if not resp.ok:
raise RuntimeError(
f"Adobe Sign refresh token is invalid or expired ({resp.status_code}: {resp.text}). "
"Run `python3 src/adobe_auth.py` to re-authenticate."
)
new_token = resp.json()["access_token"] new_token = resp.json()["access_token"]
set_key(os.path.abspath(ENV_FILE), "ADOBE_ACCESS_TOKEN", new_token)
abs_env = os.path.abspath(ENV_FILE)
set_key(abs_env, "ADOBE_ACCESS_TOKEN", new_token)
os.environ["ADOBE_ACCESS_TOKEN"] = new_token os.environ["ADOBE_ACCESS_TOKEN"] = new_token
return new_token return new_token