Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to refresh the OAUTH2.0 access token

SA-102211

Summary



Adobe Sign is configured as the OAuth Provider. The user is able to obtain a Refresh token. However, when the access token expires after an hour, the access token is not refreshed.


Error Messages



Caused by: com.pega.pegarules.pub.PRRuntimeException: Unable to obtain access token for client details in authentication profile configured for connector. Please check the logs for more details.  at com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl.getAccessTokenPage(OAuth2ClientImpl.java:344) ~[printegrint.jar:?]  at com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl.getAccessToken(OAuth2ClientImpl.java:292) ~[printegrint.jar:?]  at com.pegarules.generated.pxIsAccessTokenPresent_080201_3491844710567228029.pxIsAccessTokenPresent08_02_01(pxIsAccessTokenPresent_080201_3491844710567228029.java:131) ~[?:?]  ... 130 more  Caused by: com.pega.pegarules.pub.PRRuntimeException: Access token endpoint invocation failed : {ErrorMessage=Response status : 401 Unauthorized, statuscode=401, refresh_token=3AAABLblqZhC4-owznwokpZYewbEEp8vvYAaeVXIYkdRHOQtTTU1WPo3vQlUXsUU_cRXNOgAokQw*}


Steps to Reproduce

  1. Setup OAuth 2.0 Provider with endpoints for Authorization, Access token, and Grant type of Authorization Code.
  2. Configure an Authentication Profile with this provider and grant type.
  3. Provide the Client access information (such as, identifier, secret and redirect).
  4. Test the Connector.

Root Cause



The Adobe's OAuth provider defaults to a dual token endpoint configuration. Contrary to other OAuth 2.0 providers such as Google, which maintain a single endpoint, Adobe has two end points.

As of the current Pega Platform, the provision to set an additional access token endpoint is not present.

The actual issue that occurs is as below:

The access token which the Adobe server issues at the first authentication, arrives from an endpoint that is as below:

<xxxx-adobe.com/public/oauth/token>

During this time, the server issues a Refresh token which remains constant for a long time (60 days according to the out-of-the-box Adobe configuration). However, the Access token expires after an hour. After expiry of the token, when the application attempts to obtain a new token using the previous Refresh token, it hits the earlier endpoint.

According to Adobe's documentation, the second call to obtain a new Access token (after first token expires) must be on the below endpoint:

<xxxx-adobe.com/public/oauth/refresh>

This causes the endpoint invocation error. In Pega OAuth 2.0 rule, only one endpoint can be configured.


Resolution



An enhancement request, FDBK-66514, is created for consideration by Pega Product Management.

Tags:

Pega Platform 8.3 Pega Platform Platform

Published April 1, 2020 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve?
Suggest an edit
Report a Pega Community bug

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice