# Senior Full-Stack Engineer — Adobe Express Embed SDK Authentication Fix + Integration Completion
## Project Overview
We have an existing React/Node.js application integrating the Adobe Express Embed SDK. The application is approximately 80–90% complete and already deployed. It allows users to:
- Launch Adobe Express from our microsite
- Edit a predefined design
- Export the completed design
- Upload the exported file directly to Dropbox
- Manage event configuration through an admin panel
**Stack:**
- React / Vite
- Node.js / Express
- Vercel (frontend)
- Render (backend)
- Dropbox API
- Adobe Express Embed SDK
The current developer has reached a point where they'd like a second, specialized set of eyes to help close out the final integration issue and stabilize the auth architecture.
---
## Current Blocking Issue
Adobe's SDK review rejected our submission because the Export & Upload workflow enters an authentication loop. Observed behavior:
1. User signs in through the Embed SDK's own login panel
2. User edits the design
3. User clicks Export & Upload
4. Adobe's sign-in panel reappears inside the editor instead of completing the export
5. Re-entering credentials does not resolve it — the loop repeats
**What we've already ruled out / found:**
- Our own upload endpoint (`/api/upload`) is never reached during the loop — the failure happens entirely inside the Embed SDK's iframe/login popup, before our application code runs.
- It is not a CORS or Allowed-Origins misconfiguration — verified against the exact production domain and Client ID.
- It reproduces reliably on a fresh/clean browser profile (not just Incognito) but **does not** reproduce on machines with an existing first-party Adobe Express browsing history.
**Leading hypothesis:** browser storage partitioning between the Embed SDK's authentication popup (which completes login in a top-level `adobe.com` context) and the embed iframe on our page (a separate, partitioned storage context for the same domain). Chrome may only grant that iframe implicit access to `adobe.com` storage when the browser already has a prior first-party relationship with `adobe.com` — which real kiosk devices and Adobe's review environment generally won't have.
This means the fix may require deeper familiarity with the Embed SDK's specific auth architecture (and possibly a documented workaround pattern from Adobe for kiosk/shared-device deployments), rather than a general session-management bug fix. **Please scope your estimate with this in mind** — we're not looking for someone to find a one-line fix in our cookie handling; we're looking for someone who can work through an SDK-level auth/storage constraint, potentially in coordination with Adobe's developer support.
Adobe has supplied a review video and detailed written feedback, which will be shared with the selected candidate.
---
## Scope
### Phase 1 — Diagnose and Resolve the Auth Loop
- Review the existing codebase and reproduce the issue
- Confirm or refine the storage-partitioning hypothesis above (or identify the actual root cause if different)
- Implement a fix or workaround, and demonstrate it working on a clean browser profile / device with no prior Adobe session history
- Prepare the resubmission package for Adobe's review
**Note on deliverables:** because final approval depends on Adobe's own review process and timeline (a prior submission was also rejected for unrelated branding-guideline reasons — outside any engineer's control), Phase 1 payment/milestones will be tied to demonstrable technical outcomes (root cause identified, fix implemented and verified, resubmission prepared) rather than to Adobe's approval date itself.
### Phase 2 — Architecture Review & Stabilization
- Review overall session/auth architecture
- Clean up authentication/session handling
- Improve stability where appropriate
- Recommend further architectural improvements
### Phase 3 — Ongoing Enhancements (Optional / Future Scope)
- Admin panel improvements
- Dynamic branding
- Event management features
- Storage provider abstraction (Dropbox / SMB / CIFS)
- Additional Adobe Express functionality
---
## Required Skills
- **Hands-on experience with the Adobe Express Embed SDK (CCEverywhere) or another Adobe Creative Cloud embed/auth SDK** — this is the core of the job, not a nice-to-have
- Familiarity with the Adobe Developer Console (client credentials, allowed origins, app configuration)
- Strong understanding of browser auth patterns involving iframes and popups: OAuth flows, third-party cookies, and modern storage-partitioning behavior (e.g., Chrome's Storage Access API / CHIPS)
- Node.js, Express, React, Vite
- REST API integration experience (Dropbox API or comparable)
- Experience deploying to Vercel and Render (or Railway)
## Nice to Have
- Prior experience getting a third-party integration through Adobe's (or a similar platform's) developer review process
- Experience with kiosk / shared-device / public-terminal application design, where end users have no pre-existing account history on the device
---
## What Will Be Provided
- Full source code access
- Access to the current deployment
- Adobe's review feedback and review video
- Dropbox configuration details
- Access to the Adobe Developer Console project
- Existing developer available for knowledge transfer and questions
*Note: credentials (Dropbox tokens, API secrets) will be rotated prior to granting repo/environment access, per standard security practice.*
---
## Deliverables
- Documented root cause of the authentication loop
- Working fix or workaround, verified on a clean browser/device profile
- Resubmission package ready for Adobe's review
- Stable, documented Export & Upload workflow
- Code committed to GitHub with clear commit history
- Deployment to existing infrastructure (Vercel + Render)
- Written documentation of any architectural changes made
---
## Engagement Details
- **Type:** [Contract / Fixed-scope / Hourly — specify]
- **Estimated timeframe:** [Add estimate once Phase 1 is scoped with candidate]
- **Compensation:** [Add rate or budget range]
- **Start date:** [Add]
*(Please fill in the bracketed items above before posting — candidates will generally skip listings without compensation/timeline info.)*
... Show more