3

I'm trying to use the DocuSign Rest API to retrieve a completed envelope. When I call RequestJWTUserToken, I get an error that user consent is required. I have the Organization Administration enabled and my application authorized with permissions "extended impersonation signature" (I've tried each individually and get the same error so added all in hopes that this gives me access to everything). I'm using a user who is also an admin.

My understanding from reading the Obtaining Consent documentation is that by using "admin consent for internal applications" and authorizing my application, this grants consent on behalf of all users and I don't need any user interaction. What am I doing wrong?

List<string> scope = new List<string>();
scope.Add(OAuth.Scope_EXTENDED);
scope.Add(OAuth.Scope_SIGNATURE);
scope.Add(OAuth.Scope_IMPERSONATION);


_AccessToken = _ApiClient.RequestJWTUserToken(client_id, "3c524db3-2971-4ed3-80af-45646b52ca5b", OAuth.Demo_OAuth_BasePath, privateKeyBytes, 4, scope);
halfer
  • 19,824
  • 17
  • 99
  • 186
Scott B
  • 53
  • 4

1 Answers1

4

Admin Consent works if all below conditions are met:

  • As an Org Admin, you have successfully claimed your email domain in DocuSign (this can be done using Domain Tile)
  • The users for whom you want to create an AccessToken also belong to same email domain which you have claimed in DocuSign
  • Added interested scopes "impersonation signature" for your IntegratorKey using Application Tile, extended scope is of no use in JWT scenario.

If you have done all above three steps, then you should be able to generate AccessToken for a user with JWT using Admin Consent.

Amit K Bist
  • 6,760
  • 1
  • 11
  • 26
  • Oh, ok. I haven't claimed our domain. I'll try that. Thanks! – Scott B Mar 06 '19 at 16:27
  • I also needed the email domain to be set. Thank you for the information, but I hope they update the documentation. I didn't see that mentioned at all! – ShawnFumo Jun 09 '21 at 02:06