Autodesk ACC Forms access with two-legged OAuth Token
I'm attempting to use the ACC API to get the list of forms for a project but it fails with an HTTP 401 Unauthorized response that includes message "Authorization failed." This is while attempting to use a two-legged OAuth token, which I have successfully used for other ACC APIs, but the documentation indicates that a three-legged OAuth token is required for this particular endpoint. Using a three-legged token is not an option for the particular integration that I'm working on.
Has anyone else been able to use the Forms API with a two-legged OAuth token? For the APS support team that may see this, are there plans to support two-legged OAuth tokens for the ACC Forms API and when might that be implemented?
Unfortunately, ACC Forms API only supports three-legged access tokens right now, as documented.
However, we can use the SSA (Secure Service Account) API to provide a similar experience to the two-legged one, without requiring user logins.
- https://aps.autodesk.com/blog/update-secure-service-accounts-ssa-goes-ga
- https://aps.autodesk.com/blog/introducing-secure-service-accounts-ssa-now-public-beta
- https://github.com/autodesk-platform-services/aps-autodesk.ssa.api-postman.collection
Exchanging a three-legged access token using a self-signed JWT Assertion with the RSA private key we obtained during the creation of the SSA.
curl \
--request POST \
--url 'https://developer.api.autodesk.com/authentication/v2/token' \
--header 'authorization: Basic xxx' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \
--data 'assertion=eyJraWQiOiI1ZGU5OTNmNC02MmIwLTQ5NWEtYTQzYS1iOTg5NmQ2ZTk1ODIiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJKbE85VEExempmSlFPR1h....m6aLBKUTE1Htwpk0MUYmvl7AF03XDgWjhwRnJVOk_MkdF44bjSCAmsQ5uTYbWipUJjDqUy38b4xiRRRB0_qsg_kZ-DBOAFzUtYN6ilA'
- Why do access tokens expire?
- Autodesk Platform Services (APS) Authentication (OAuth) error
- How to generate OAuth 2 Client Id and Secret
- Am I right in thinking OAuth 1.0 has been deprecated in favour of OAuth 2.0?
- Show userpic of Twitter account on the page using TwitterOAuth
- JwtBearerAuthenticationOptions does not contain a definition for IssuerSecurityTokenProviders
- Autodesk ACC Forms access with two-legged OAuth Token
- Login using Google OAuth 2.0 with C#
- How can I change the text of the error-response?
- JX OAuth Request Token Issue, getting invalid_client despite having the values obtained from JH
- ASP.NET OAuth: How is access token generated?
- owin cors or web api cors
- How to properly use Bearer tokens?
- Deactivating a realm in keycloak
- Issue with Facebook Graph API Page Access Token Retrieval Returning Empty Array
- How make the vite react app run on http://localhost:3000 insted of http://127.0.0.1:5173
- Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."
- Exchanging a google idToken for local openId token c#
- Facebook auth, can't add email settings
- OAuth Authorization vs Authentication
- Android : Handle OAuth callback using intent-filter
- How to Embed Editable Excel File in Angular 10 App with .NET Core 3 Backend and OAuth Token Authentication?
- Understanding how to secure an API using Azure (App registration) and oauth
- Verify token from Microsoft Entra ID fails?
- authenticating with Excel Power Query against .Net Odata Web Api
- Firebase REST auth when creating token with node.js admin sdk
- Autodesk Refresh Token keeps Expiring
- on_login function not getting executed in flet auth
- How to do MFA with Looker and Snowflake
- In Auth0 can you pass custom parameters to the /authorize endpoint?