Expand my Community achievements bar.

How to correctly use Adobe Analytics app?

Avatar

Level 1
Level 1
12/4/24 7:36:28 PM

I created a project with Credential OAuth Web and API Adobe Analytics. Here's the scope.

QiuyunWu_0-1733368113574.png

 

Question1: how to get user info

I found that if I add email or profile to scope during authorization, I'll get xxxxx?error=invalid_scope. So when I tried to get user info, I'll only get sub field. Are there any way to change scope so I could get user info in identity token or with the get userinfo API?

 

I found a workaround to get user info but as it's not documented in https://developer.adobe.com/developer-console/docs/guides/authentication/UserAuthentication/IMS it's quite strange for me. I found that user info is returned when during fetching access token and refresh token. Is this a valid way to get user info?

```

{
"access_token" : "xxx",
"account_type" : "type2e",
"authAccountType" : "fed",
"authId" : "xxx",
"countryCode" : "xxx",
"displayName" : "xxx",
"email" : "xxx",
"emailVerified" : "true",
"expires_in" : 86399,
"first_name" : "xxx",
"id_token" : "xxx",
"job_function" : null,
"last_name" : "xxx",
"mrktPerm" : "",
"mrktPermEmail" : null,
"name" : "xxx",
....
"refresh_token" : "xxx",
"token_type" : "bearer",
...
}

```

 

Question 2: I found that I could not add scope offline_access. But I could still get refresh token with access token when fetch access token

Is this expected?

 

Views

190

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
5 Replies

Avatar

Community Advisor and Adobe Champion
Community Advisor and Adobe Champion
12/5/24 8:30:58 AM

I am not sure what "app" you are referring to.. the only app I am aware of is the Mobile Dashboards, but that doesn't require any of this.

 

Are you trying to build something using the Adobe API? I really haven't used the APIs since they switched the authentication to OAuth, so I am not sure how much help I can be...

 

Have you tried contacting Client Care? They would be better able to dig into your errors and help diagnose them in real time...

 

Good Luck.

Views

143

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
12/10/24 12:24:20 AM
In response to Jennifer_Dungan

I mean I created a project with Oauth web credential and Adobe Analytics API. Now I'm trying to use apis for authentication and apis for Adobe Analytics.

 

I just want to get correct user info with authentication APIs.

Views

72

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Adobe Champion
Adobe Champion
12/5/24 9:51:48 AM

 

From the documentation - 
Adobe IMS (Identity Management System) limits certain scopes (like email, profile) to specific flows. Adding unsupported scopes during authorization results in the invalid_scope error. The OAuth Web flow often returns minimal user information (sub, the unique user ID). However, as you've discovered, additional details (like email, name, etc.) are sometimes returned in the token response. I don't think this behavior is explicitly documented for all use cases.

The ID token (id_token) is a JWT containing user claims. You can decode it to extract user details like name and email, provided they are included. Adobe’s /userinfo endpoint typically returns user details if authorized correctly, but restrictions on scopes can complicate this.

While not officially documented, receiving user information in the token response (as part of the access/refresh token fetch) is valid. I assume you can safely use this information, especially if it is consistent across multiple requests? I haven't tried it myself yet..but maybe you can try tools like jwt.io to inspect the token contents?

 

Regarding offline_access -If you're receiving a refresh token without explicitly requesting the offline_access scope, it is likely an intentional design choice by Adobe. This allows you to renew access tokens without requiring the user to log in again. When fetching access tokens, Adobe may return a refresh token in the same response, as part of maintaining session continuity.

 

Hope this helps!

 

Views

138

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
12/10/24 12:19:26 AM
In response to igupta

@igupta 

By decoding id_token, I only get these fields. Actually I cannot get email and name info with it.

{
"iss": "https://ims-na1.adobelogin.com",
"sub": "xxx",
"aud": "xxx",
"iat": xxx,
"exp": xxx,
"at_hash": "xxx",
"c_hash": "xxx"
}

Views

74

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Adobe Champion
Adobe Champion
12/11/24 9:06:15 AM
In response to QiuyunWu

Hey @QiuyunWu ,

I tried to execute the code for me since I hadn't tried it before and was only trying to reference documents. Can you please specify which workaround you are using to get the userInfo returned? I am only getting sub field returned using both OAuth S2S and OAuth web method. Are you using OpenID configuration and ID Token keys?

 

Also, If the scopes are not available in the console, we can not query them. Identity scope is linked with Identity Service API. I believe that is the reason for invalid_scope error.

I tried few different methods but I am only getting sub result for now. I will let you know if I am able to retrieve email somehow.

 

Best,

Isha

Views

25

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How can I get a view of the exits to external pages? Solved

Views

86

Likes

0

Replies

2
Copy data data from one cdv to another using processing rule Solved

Views

166

Likes

0

Replies

5
Activating Adobe Analytics Segments in Google Ads for Remarketing Campaigns

Views

93

Likes

0

Replies

1
Time Spent on Page using a Hit Segment

Views

74

Likes

0

Replies

1
How can I get a view of previous pages to the previous page?

Views

146

Likes

0

Replies

8