DocuSign JWT response error invalid_request using PHP

1
votes

I am having issues trying to retrieve JWT token from DocuSign, so far this is a code snippet of what I have accomplished (using a DEVELOPER SANDBOX account):

// Developer exmple
$header = [
    'typ' => 'JWT',
    'alg' => 'RS256',
];
$time = time();
$body = [
    // Integration key provded by DocuSign at Admin > API and Keys > Apps.
    'iss' => '[Integration key]',
    // User ID provded by DocuSign at Admin > API and Keys.
    'sub' => '[User ID]',
    'iat' => $time,
    'exp' => strtotime( '+45 minutes', $time ),
    'aud' => 'account-d.docusign.com',
    'scope' => 'signature impersonation',
];

// RSA Private key provided by DocuSign
// When integration APP was created
$rsa_key = '-----BEGIN RSA PRIVATE KEY----- [.........]';

// Base64 + URL Encoding
$header = urlencode( base64_encode( json_encode( $header ) ) );
$body = urlencode( base64_encode( json_encode( $body ) ) );

// JWT signature created using Firebase\JWT\JWT package
$signature = JWT::encode(
    $header . '.' . $body,
    $rsa_key,
    'RS256'
);

// Get request using Curl (10quality/php-curl package)
$response = curl_request(
    'https://account-d.docusign.com/oauth/token',
    'POST',
    [
        'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        'assertion' => $header . '.' . $body . '.' . $signature,
    ]
);

// Process response
if ( $response ) {
    $response = json_decode( $response );
    if ( isset( $response->error ) )
        throw new Exception( 'DocuSign error: ' . $response->error );
    var_dump( $response );
}

This is the guide I have followed: https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken

According to this guide, the error thrown indicates that the JWT was not correctly created, although I have reviewed my code multiple times and it follows everything described in the guide.

I am kind of stuck and I am clueless of what is wrong with my code, I have even done reverse engineering to verify that the encoding was correct.

Have anyone worked with DocuSign JWT before or knows what I might be doing wrong?

UPDATE: Working snippet using client https://github.com/docusign/docusign-php-client Working snippet:

$api = new ApiClient( new Configuration );
$api->getOAuth()->setOAuthBasePath( 'account-d.docusign.com' );
$response = $api->requestJWTUserToken(
    '[Integration key]',
    '[User ID]',
    $rsa_key,
    'signature impersonation',
);
2
phpjwtdocusignapi

2 Answers

2
votes

Please consider using the SDK and not trying to do the JWT encoding yourself. It would make it easier, more secure and eventually enable other features for you. to get started clone this repo which is in PHP and has both JWT and Auth Code Grant support. If you have issues here - please let me know and I'll be happy to help.

0
votes

I believe you want to replace your lines:

    $header = urlencode( base64_encode( json_encode( $header ) ) );
    $body = urlencode( base64_encode( json_encode( $body ) ) );

with

    $header = str_replace('=', '', strtr(base64_encode($header ), '+/', '-_'));
    $body = str_replace('=', '', strtr(base64_encode($body), '+/', '-_'));

Same with your signature:

    $signature = str_replace('=', '', strtr(base64_encode($signature), '+/', '-_'));

I pulled this idea from jwtphpjquery.