Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to refresh the OAUTH2.0 access token



Adobe Sign is configured as the OAuth Provider. The user is able to obtain a Refresh token. However, when the access token expires after an hour, the access token is not refreshed.

Error Messages

Caused by: Unable to obtain access token for client details in authentication profile configured for connector. Please check the logs for more details.  at com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl.getAccessTokenPage( ~[printegrint.jar:?]  at com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl.getAccessToken( ~[printegrint.jar:?]  at com.pegarules.generated.pxIsAccessTokenPresent_080201_3491844710567228029.pxIsAccessTokenPresent08_02_01( ~[?:?]  ... 130 more  Caused by: Access token endpoint invocation failed : {ErrorMessage=Response status : 401 Unauthorized, statuscode=401, refresh_token=3AAABLblqZhC4-owznwokpZYewbEEp8vvYAaeVXIYkdRHOQtTTU1WPo3vQlUXsUU_cRXNOgAokQw*}

Steps to Reproduce

  1. Setup OAuth 2.0 Provider with endpoints for Authorization, Access token, and Grant type of Authorization Code.
  2. Configure an Authentication Profile with this provider and grant type.
  3. Provide the Client access information (such as, identifier, secret and redirect).
  4. Test the Connector.

Root Cause

The Adobe's OAuth provider defaults to a dual token endpoint configuration. Contrary to other OAuth 2.0 providers such as Google, which maintain a single endpoint, Adobe has two end points.

As of the current Pega Platform, the provision to set an additional access token endpoint is not present.

The actual issue that occurs is as below:

The access token which the Adobe server issues at the first authentication, arrives from an endpoint that is as below:


During this time, the server issues a Refresh token which remains constant for a long time (60 days according to the out-of-the-box Adobe configuration). However, the Access token expires after an hour. After expiry of the token, when the application attempts to obtain a new token using the previous Refresh token, it hits the earlier endpoint.

According to Adobe's documentation, the second call to obtain a new Access token (after first token expires) must be on the below endpoint:


This causes the endpoint invocation error. In Pega OAuth 2.0 rule, only one endpoint can be configured.


An enhancement request, FDBK-66514, is created for consideration by Pega Product Management.

Published April 1, 2020 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us