Docusign UserInfo endpoint returns 401 Unauthorized when access token is provided

0
votes

I am integrating my API backend with DocuSign in order to send and retrieve envelopes. I am using the JWT Grant flow. Authentication options

In the DocuSign development environment, I am able to retrieve an access token using the JWT flow and the Docusign C# SKD. I need to then call the oauth/userinfo endpoint in order to retrieve the base_uri field to use for making calls to Docusign.

When I make a GET request to https://account-d.docusign.com/oauth/userinfo, including the access token in the Authorization header as Bearer <access_token>, I receive a 401 Unauthorized response, and this message in the body:

{
    "error": "internal_server_error",
    "reference_id": "<some GUID>"
}

I have tried this using curl, Postman and the C# SDK and all give the same result.

Curl syntax: curl --header "Authorization: Bearer <access token>" https://account-d.docusign.com/oauth/userinfo

user-info endpoint documentation

JWT flow (step 4)

As far as I can see, I appear to be calling the API according to the documentation and I have set up the account with an RSA key pair which is required for system integrations (created within the Docusign admin portal).

Can anyone think of a reason this could be happening?

2
docusignapi
Are you making sure you are using the access token within 1 hour of creation?bendowlingtech
Yes, I am using it immediately afterwards (within a minute). I just thought that I might need to add another scope when granting consent. I will try this shortly. developers.docusign.com/platform/auth/consent/… developers.docusign.com/platform/auth/reference/scopesJustinR
Adding extra scopes didn't make a difference. I found in the following page at the bottom of the pre-requisites, that "Application Authentication Grant" needs to be associated with one of the accounts and enabled. I can't see where to do this in the admin portal. developers.docusign.com/docs/admin-api/admin101/…JustinR

2 Answers

1
votes

Since you're using the C# SDK as you mentioned, you can call this endpoint using the same SDK if you have a valid token.

https://developers.docusign.com/docs/esign-rest-api/sdk-tools/c-sharp/reference/

public OAuth.UserInfo GetUserInfo(string accessToken);

You can confirm that your token is valid by trying to use it for other API calls. A token from the developer account should be useful to make this call in the developer account only. If you need this for production (typically reason to need the base_uri) then you have to call it with account.docusign.com not account-d.docusign.com.

0
votes

I have now been able to get the base_uri from UserInfo endpoint using the RequestJWTUserToken method in the C# SDK. Using this token allows me to hit the REST API endpoint. Both methods appear to hit the same oauth/token endpoint and use the same grant type, only RequestJWTUserToken includes the "sub" claim for the userId.