Docusign - Authorization Code Grant - Redirect uri is not being performed when obtaining access token

1
votes

The Problem: DocuSign seems to ignore the redirect_uri that's set in the HTTP header when obtaining an access token.

For context, I am using PHP and cURL. When I send the cURL request, the authorization succeeds because I do get the access token and refresh tokens. The only issue is that DocuSign does not perform a redirect after the authorization's success like it should.

Here's the PHP - cURL code taken from Postman that I'm also using in my code. I've shortened certain strings for conciseness. The redirect_uri param is in CURLOPT_POSTFIELDS:

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://account-d.docusign.com/oauth/token",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "grant_type=authorization_code&code=eyJ0eXAiOiJ...UDa8uJ9A&redirect_uri=http%3A//localhost/docusign/getData.php",
  CURLOPT_HTTPHEADER => array(
    "Content-Type: application/x-www-form-urlencoded",
    "Authorization: Basic NTYxN...DkxMA==",
    "Cookie: __RequestVerificationToken=ARmOPr...tg0B0"
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
?>

I've closely followed this DocuSign doc regarding following the authorization code grant flow: https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-code-grant

Any help is greatly appreciated!

1
phpcurldocusignapi
I'm confused. Do you see the DocuSign login screen? enter your creds? and then your app doesn't redirect? or is this code just getting a token by making the requests without requiring you to log in? - Inbar Gazit
I do see the login screen and can login just fine (which is step 1). After step 1 finishes (aka, after the request is completed) I am redirected to the redirect_uri I specified in step 1 as expected. However, when I'm in step 2 I do successfully authenticate and get the info I need from the API, but the API does not use the redirect_uri that I specified for step 2. - Nick Sabia

1 Answers

0
votes

The redirect URI is not used by the API in step 2 to redirect. It is only used in step 1 to redirect the user to your URL after you logged in. I'm not sure if the documentation suggested otherwise, we can fix it if it led to confusion.