0

I understand that we use below code to generate access token for JWT authentication:

OAuth.OAuthToken oAuthToken = apiClient.requestJWTUserToken(
           configuration.getUserId(),
           configuration.getImpersonatedUserId(),
           scopes,
           privateKeyBytes,
           TOKEN_EXPIRATION_IN_SECONDS);

4th parameter represents private key of RSA key pair.

But how to send request if we have multiple RSA key pairs associated to an application?

And as mentioned in documentation the signature should include header, payload and (public + private). But i couldn't understand why we are sending only private key from above code?

enter image description here

I am expecting answers to following

  1. the code to send a request when we have multiple RSA key pairs and
  2. why we have only private key when sending req from code.
James Z
  • 12,209
  • 10
  • 24
  • 44
Ramya Vemula
  • 23
  • 3

1 Answers1

0

  1. You are free to use any of the private keys that belong to your integration key.

  2. To encode the JWT, you only need the private key. Once you send the JWT, DocuSign uses your public key to decrypt it and verify the claims provided. The screenshot you've shared is from jwt.io where you supply the keys only to verify that it is being encoded and decided correctly. See here for how JWT works

Karan Kaushik
  • 614
  • 4
  • 7