0

I am trying to get the JWT access token with all scopes to call org admin api.

The below code returns the consent URL: which doesn't look like a valid URL as it is pointing https://account.docusign.com instead https://account-d.docusing.com.

https://account.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation%20organization_read%20group_read%20permission_read%20user_read%20user_write%20domain_read%20identity_provider_read&client_id=[[redacted]]&redirect_uri=https://www.example.com

Code Below

 string ik = ConfigurationManager.AppSettings["IntegrationKey"]; string userId = ConfigurationManager.AppSettings["userId"]; string authServer = ConfigurationManager.AppSettings["AuthServer"]; string rsaKey = ConfigurationManager.AppSettings["RSAKey"]; string[] orgscopes = { "organization_read", "group_read", "permission_read", "user_read", "user_write", "domain_read", "identity_provider_read" }; List<string> scopes = new List<string>(); scopes.Add("signature"); scopes.Add("impersonation"); scopes.AddRange(orgscopes); string redirectURI = "https://www.example.com"; Uri authUri = apiClient.GetAuthorizationUri(ik, scopes, redirectURI, "code"); // Doesn't do org consent uri Console.WriteLine("============= Consent URI ================="); Console.WriteLine(authUri.ToString()); Console.WriteLine("==========================================="); OAuth.OAuthToken tokenInfo =null; try { tokenInfo= apiClient.RequestJWTUserToken(ik, userId, authServer, Encoding.UTF8.GetBytes(rsaKey), 8, scopes); Console.WriteLine("=============================="); Console.WriteLine("Authorization: Bearer " + tokenInfo.access_token); System.Diagnostics.Trace.WriteLine("Diagnostic Trace - Authorization: Bearer " + tokenInfo.access_token); }

Keys in app.config:

 <add key="IntegrationKey" value="[[redacted]]" /> <add key="UserId" value="[[redacted]]" /> <add key="AuthServer" value="account-d.docusign.com" /> <add key="AuthorizationEndpoint" value="https://account-d.docusign.com/oauth/auth" /> <add key="TokenEndpoint" value="https://account-d.docusign.com/oauth/token" /> <add key="UserInformationEndpoint" value="https://account-d.docusign.com/oauth/userinfo" />

Below is the api i want to call using the access token:

POST /v2/organizations/{organizationId}/users/profiles

on calling the above api - i got unauthorized error: string reponsebody = string.Empty; string Url = "https://api-d.docusign.net/managment/v2/organisation/3420001f-xxxxxxxxxxx/users/profiles"; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application / json")); client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken); HttpResponseMessage rep = client.PostAsync(new System.Uri(Url), PostContent).Result; reponsebody = rep.Content.ReadAsStringAsync().Result; }

Improve this question

1 Answer 1

Reset to default
1

First, I must strongly discourage you from posting your Client ID and User ID in public.

If the GetAuthorizationUri is returning a Prod consent URI, then your ApiClient object isn't referring to the Demo environment when it's being instantiated. One way to do this would be to use

ApiClient apiClient = new ApiClient("https://demo.docusign.net/restapi");

or you can simply add the -d to the generated url.

If you are getting "Invalid Response Type", then your integration key isn't configured to allow the code response_type so token must be used instead. To fix this, either change the response_type parameter from code to token in the URL, or update the line

Uri authUri = apiClient.GetAuthorizationUri(ik, scopes, redirectURI, "token"); to request a token as the response type. Alternatively, toggling your integration key's setting to use 'Auth Code Grant' instead of 'Implicit Grant' will allow the use of the code response_type.

If you get an error about the Redirect URI not being registered in DocuSign, you'll need to compare the redirect URI in your code to the redirect URI registered against your integration key. The values must match exactly, including the http/https prefix and trailing slashes.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank You ! for help me out, however, I ran into another error after getting the token calling admin API, it throws Error "unauthorized.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.