DocuSign Service Integration Authentication using Organization Admin to grant consent on the app and impersonate everyone

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP


DocuSign Service Integration Authentication using Organization Admin to grant consent on the app and impersonate everyone



I have been successfully using Service Integration Authentication to create an envelope. Here are the steps I have made to authenticate the user.



Granting consent individually for Organization Admin A by redirecting them to this URL:



https://account-d.docusign.com/oauth/auth?
response_type=code&scope=signature%20impersonation&client_id=7c2b8d7e-83c3-4940-af5e-cda8a50dd73f&redirect_uri=https://client.example.com/callback


https://account-d.docusign.com/oauth/auth?
response_type=code&scope=signature%20impersonation&client_id=7c2b8d7e-83c3-4940-af5e-cda8a50dd73f&redirect_uri=https://client.example.com/callback



After Organization Admin A clicked "Accept" the consent is granted



Create the JWT using code provided in the SDK, here's the information I have provided in the JWT:



{
"iss": {integrator key},
"sub": <user ID of Organization Admin A>,
"iat": <timestamp when issued>,
"exp": <expiration date>,
"aud": "account-d.docusign.com",
"scope": "signature impersonation"
}


{
"iss": {integrator key},
"sub": <user ID of Organization Admin A>,
"iat": <timestamp when issued>,
"exp": <expiration date>,
"aud": "account-d.docusign.com",
"scope": "signature impersonation"
}



Using this generated Jwt I made a POST request to https://account-d.docusign.com/oauth/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={JWT} to exchange for an Access Token


POST


https://account-d.docusign.com/oauth/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={JWT}



Use that generated access token I have successfully created an envelope



So at this stage I have confirmed that I have generated the JWT correctly, created Integrator Key correctly, I have also provided the right information in the create JWT request.



Then I realized from my application it would be ideal if I don't have to do step 1 above all the time. I would like to grant consent without the UI (redirect URL) and be able to impersonate everyone in the organization. So here's what I did:



From here I created the JWT, the only information changed in the payload now is the userId pointing to Organization Admin B:



{
"iss": {integrator key},
"sub": <user ID of Organization Admin B>,
"iat": <timestamp when issued>,
"exp": <expiration date>,
"aud": "account-d.docusign.com",
"scope": "signature impersonation"
}


{
"iss": {integrator key},
"sub": <user ID of Organization Admin B>,
"iat": <timestamp when issued>,
"exp": <expiration date>,
"aud": "account-d.docusign.com",
"scope": "signature impersonation"
}



JWT generated I went ahead to make a POST request to https://account-d.docusign.com/oauth/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={JWT} to exchange for an Access Token and here's what I got:


POST


https://account-d.docusign.com/oauth/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={JWT}



{
"error": "consent_required"
}


{
"error": "consent_required"
}



If I have already "Authorize Application", how could consent be required?



I have also tried omitting the userId in the JWT request because according to this blog post



The user id of the principal you are requesting a token for. If
omitted a token will be issued to represent the application itself
instead of a user in the system.



and that essentially what I want. But when I got the JWT generated and attempted to an Access Token, I will then get "either username or password" is not corrected.



This is so confusing as there isn't an article showing step by step on how to use the Organization Admin Tool to grant consent on the app and impersonate everyone. Most of the articles only address individual granting consent. Could someone please help me with this?



Thanks.









By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

C# - How to create a semi transparent or blurred backcolor on windows form

Image
Clash Royale CLAN TAG #URR8PPP C# - How to create a semi transparent or blurred backcolor on windows form I am creating a Speed Meter to measure my internet speed and stays at top of every app, then I how do I make Its background semi transparent or blurred something like this. You can make ts semi opaque, however i'm not sure you'll easily be able to blur the background – TheGeneral 6 hours ago thanks ! then how do I make it semi opaque – Arwin Chua 6 hours ago Form.Opacity Property – TheGeneral 6 hours ago See th
Read more

Will Oldham

Image
"Palace Music" redirects here. For the racehorse, see Palace Music (horse). Bonnie 'Prince' Billy Will Oldham, June 6, 2009 Background information Birth name William Oldham Also known as Palace Brothers Palace Music Bonnie 'Prince' Billy Born ( 1970-12-24 ) December 24, 1970 (age 47) Louisville, Kentucky, United States Genres Folk alternative country country freak folk [1] Years active 1993–present Labels Drag City, Domino, Spunk Associated acts Dawn McCarthy, The Cairo Gang, Mekons, Matt Sweeney, Mick Turner, Tortoise, Trembling Bells, Harem Scarem, The Picket Line, Alex Neilson, Björk, Slint Website www.bonnieprincebilly.com Will Oldham (born December 24, 1970), better known by the stage name Bonnie 'Prince' Billy , is an American singer-songwriter and actor. From 1993 to 1997, he performed and recorded under variations of the Palace name, including the Palace Brothers, Palace Songs, and Palace Music. After releasing material under his own name,
Read more

Makefile test if variable is not empty

Makefile test if variable is not empty In a makefile I'm trying to I've created this simplified makefile to demonstrate my problem. Neither make a or make b executes the body of the if, I don't understand why not. make a make b .PHONY: a b a: $(eval MY_VAR = $(shell echo whatever)) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should be executed" endif @echo done b: $(eval MY_VAR = $(shell echo '')) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should not be executed" endif @echo done I'm using $ make --version GNU Make 3.81 There are several problems, and misunderstandings. Your MY_VAR is a make variable, set it without a <tab> to its value, and no need to $(eval ...) . MY_VAR:=$(shell echo whatever) is enough. No <tab> before $(info ...) neither, this is make – Zelnes
Read more