Authentication (OAuth)Introduction

Authentication (OAuth)

Overview

Tencent eSign OAuth 2.0 Authorization Service provides secure API access for application integrations.

Supported Grant Type:

  • client_credentials — Server-to-server integration. Confidential clients only (client_secret required).

Client Credentials Flow

Steps:

  1. Backend service posts directly to POST /openapi/v1/oauth/token with client_credentials grant
  2. Authorization Server authenticates client, validates Space membership and scope
  3. Issues access_token (1h) — no refresh_token for this grant type
  4. Service caches token and re-requests ~60s before expiry

Token Lifecycle

TokenTTLStorageNotes
Access Token1 hourJWT (stateless)

Scope Format

Scopes are space-separated strings: envelope:create envelope:read

Currently supported scopes:

  • envelope:create — Create and send envelopes
  • envelope:read — Read envelope status and details