3

Docusign Authentication Guide says for system integration I should use JWT Grant. Since I am working on integration with defferent vendors - I have to get Admin consent for external applications. I did it. Then I generated OAuthToken with method RequestJWTApplicationToken (C# SDK). When I try to use this token

apiClient.Configuration.AddDefaultHeader("Authorization", "Bearer " + oAuthToken.access_token);

I receive an error: 

{ 
   "errorCode":"AUTHORIZATION_INVALID_TOKEN",
   "message":"The access token provided is expired, revoked or malformed. Authentication for System Application failed."
}

Unfortunately all SDK examples are about Individual consent. Does anyone have C# example how to use JWT in case "external applications"?

Vladimir
  • 307
  • 4
  • 13
  • did you see this https://developers.docusign.com/esign-rest-api/guides/authentication/obtaining-consent#admin-consent-for-internal-applications ? is that what you're looking for? – Inbar Gazit Apr 08 '20 at 15:41
  • I have read all guides. All what I need - C# example which uses RequestJWTApplicationToken method and then uses application token to call API. – Vladimir Apr 09 '20 at 11:22
  • https://github.com/docusign/eg-01-csharp-jwt-core this is a console app using .NET Core https://github.com/docusign/eg-01-csharp-jwt-framework this is using larger .NET framework Let me know how else I can help – Inbar Gazit Apr 09 '20 at 16:55
  • but the C# code is the same whether it's individual consent or organization consent. So not sure that's what you need. – Inbar Gazit Apr 09 '20 at 16:56

1 Answers1

8

You must use the RequestJWTUserToken method when using JWT grant flow for the DocuSign eSignature API.

That JWT grant flow includes a user id (in guid format). The resulting access token that you receive from the authentication flow enables your app to impersonate the user id.

The DocuSign eSignature API does not accept application JWT requests. The DocuSign Admin API does accept application JWT requests, that's why the method is in the C# SDK. But the method does not apply to the eSignature API.

PS. Remember, when obtaining consent, to request both signature and impersonation scopes.

Larry K
  • 47,808
  • 15
  • 87
  • 140