DocusignApi JWT access token for calling admin api

0
votes

I am trying to get the JWT access token with all scopes to call org admin api.

The below code returns the consent URL: which doesn't look like a valid URL as it is pointing https://account.docusign.com instead https://account-d.docusing.com.

https://account.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation%20organization_read%20group_read%20permission_read%20user_read%20user_write%20domain_read%20identity_provider_read&client_id=[[redacted]]&redirect_uri=https://www.example.com

Code Below

            string ik = ConfigurationManager.AppSettings["IntegrationKey"];
            string userId = ConfigurationManager.AppSettings["userId"];
            string authServer = ConfigurationManager.AppSettings["AuthServer"];
            string rsaKey = ConfigurationManager.AppSettings["RSAKey"];

            string[] orgscopes = { "organization_read", "group_read", "permission_read", "user_read", "user_write", "domain_read", "identity_provider_read" };
                     List<string> scopes = new List<string>();
            scopes.Add("signature");
            scopes.Add("impersonation");
            scopes.AddRange(orgscopes);
            string redirectURI = "https://www.example.com";
            Uri authUri = apiClient.GetAuthorizationUri(ik, scopes, redirectURI, "code"); // Doesn't do org consent uri
            Console.WriteLine("============= Consent URI =================");
            Console.WriteLine(authUri.ToString());
            Console.WriteLine("===========================================");
            OAuth.OAuthToken tokenInfo =null;
            try
            {
                 tokenInfo= apiClient.RequestJWTUserToken(ik, userId, authServer, Encoding.UTF8.GetBytes(rsaKey), 8, scopes);
                Console.WriteLine("==============================");
                Console.WriteLine("Authorization: Bearer " + tokenInfo.access_token);
                System.Diagnostics.Trace.WriteLine("Diagnostic Trace - Authorization: Bearer " + tokenInfo.access_token);
            }

Keys in app.config:

 <add key="IntegrationKey" value="[[redacted]]" />
    <add key="UserId" value="[[redacted]]" />
    <add key="AuthServer" value="account-d.docusign.com" />
    <add key="AuthorizationEndpoint" value="https://account-d.docusign.com/oauth/auth" />
    <add key="TokenEndpoint" value="https://account-d.docusign.com/oauth/token" />
    <add key="UserInformationEndpoint" value="https://account-d.docusign.com/oauth/userinfo" />

Below is the api i want to call using the access token:

POST /v2/organizations/{organizationId}/users/profiles

on calling the above api - i got unauthorized error: string reponsebody = string.Empty; string Url = "https://api-d.docusign.net/managment/v2/organisation/3420001f-xxxxxxxxxxx/users/profiles"; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application / json")); client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken); HttpResponseMessage rep = client.PostAsync(new System.Uri(Url), PostContent).Result; reponsebody = rep.Content.ReadAsStringAsync().Result; }

1
c#docusignapi

1 Answers

1
votes

First, I must strongly discourage you from posting your Client ID and User ID in public.

If the GetAuthorizationUri is returning a Prod consent URI, then your ApiClient object isn't referring to the Demo environment when it's being instantiated. One way to do this would be to use

ApiClient apiClient = new ApiClient("https://demo.docusign.net/restapi");

or you can simply add the -d to the generated url.

If you are getting "Invalid Response Type", then your integration key isn't configured to allow the code response_type so token must be used instead. To fix this, either change the response_type parameter from code to token in the URL, or update the line

Uri authUri = apiClient.GetAuthorizationUri(ik, scopes, redirectURI, "token"); to request a token as the response type. Alternatively, toggling your integration key's setting to use 'Auth Code Grant' instead of 'Implicit Grant' will allow the use of the code response_type.

If you get an error about the Redirect URI not being registered in DocuSign, you'll need to compare the redirect URI in your code to the redirect URI registered against your integration key. The values must match exactly, including the http/https prefix and trailing slashes.