JWT Issue with Docusign API

Question

We generated JWT using docusign given private key and validated by Docusign public key in jwt.io site. It generated valid signature.

Using same signature we called Docusign demo server for access token

POST https://account-d.docusign.com/oauth/token

with

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
assertion=Signature generated

but getting error "Invalid Grant".

What could be the possible reason? If signature is already verified in jwt.io with public key, Docusign should accept the assertion value.

Hi and welcome to SO! Please edit your question to add in your current code. See How to Ask for help on how to edit this question. — hongsy

Larry K Larry K · Accepted Answer · 2020-01-18T20:29:17

As documented, you also need to supply the following claims:

iss--The integration key (also known as client ID) of the application.
sub--The user ID of the user to be impersonated.
iat--The DateTime when the JWT was issued, in Unix epoch format.
exp--The DateTime when the JWT assertion will expire, in Unix epoch format. Use 1 hour after iat or less.
aud--domain name of the authentication service instance to be used. For demo environments, use account-d.docusign.com For production environments, use account.docusign.com. Note: Do not include https:// in the aud value!
scope--The scopes being requested. For the JWT bearer grant, the requested scope should be signature.

See the docs and also see the DocuSign JWT code examples, the repos named eg-01-*

Ask a new question if you'd like further help.