Expand my Community achievements bar.

Native App oAuth 2.0 Flow


Level 1

Hi community, I am new here, if this is a basic question please bare with me. 


I am trying to write a python script on my Mac that would read keywords I created for my fotos in Lightroom CC by using the LR API. 


I am failing at the basics: getting an access token. 


Here is what i did:

I created a project in developer console with "oauth native app" credentials and connected the lightroom services.  


I wrote a python script with the oAuth 2.0 PKCE flow. 

The script starts a local https server on port 8000 with a self-signed ssl certificate and then uses chrome to initiate the oauth flow. When I run the script, it opens the following URL:


https://ims-na1.adobelogin.com/ims/authorize?client_id=<the client id shown in the developer console>&response_type=code&code_challenge=<challange>&code_challenge_method=S256&scope=openid%2CAdobeID&redirect_uri=https%3A%2F%2Flocalhost%3A8000


I then log in to adobe using my google account.

Next I see a dialog asking me to give consent to allow the app access the API - everything looks like oAuth 2.0 standard so far. I click on "Allow Access". 

The next step is the problem: I see an endless spinning wheel and the browser does not continue from here. 

In the debugging tools i can see that the browser tries to open an invalid URL.

In the browser console I see an error: 


"Failed to launch 'adobe+01ea1c47e021cbcb340dd72c8e13b4e399951211://adobeid/<my client id>?code=eyJ.....<some code here>' because the scheme does not have a registered handler. 

Obviously, this is an invalid URL and the browser complains not knowing what looks like an URL schema "adobe+01...://".


Hence, my local https server never receives a response it could parse to get the authorization code.


What am I doing wrong? 

I couldn't find anything in the documentation or on the Internet. 

I found some places ask to add the redirect_uri to to an allow-list. But, when I create "Native App" credentials, there is not such an allow-list (I did notice there is a redirect uri allow-list for "Web App" credentials, but that one does not seem to allow "https://localhost:8000" - anyway, i'd like to use Native App). 


Thank you in advance for any hints about what I am doing wrong. 



1 Reply


Level 1

I'm not sure, your method is not the standard OAuth2 PKCE way. More like a Web/Single Page process. If you use standard Web methods, you should be able to obtain the correct jump address.