We have integrated docusign API and it worked perfectly. Suddenly we are getting this error when sending envelops. We found there is an issue with generating JWT token API.
Error while requesting server, received a non successful HTTP code Completed with response Body: {"error":"invalid_grant","error_description":"no_valid_keys_or_signatures"}
Generally this happens when an invalid RSA private key is used to sign the JWT assertion. I would suggest generating a new private key and seeing if that works.
Related
I am trying to migrate authentication via auth0 from a jvm based solution which uses auth0 rest api to a node based solution using node-auth0.
At present its a 2 step process:
Get token via POST /oauth/token
Get user profile via /userInfo
In the node application, I am constructing AuthenticationClient while providing clientId, clientSecret and domain as AuthenticationClientOptions and able to get the token successfully using passwordGrant but when I use the same authenticationClient object to call getProfile while providing the token obtained from passwordGrant, I get this error:
Request failed with status code 401
What’s confusing is that in Auth0 dashboard, this request is successful.
I am using node-auth0 SDK Version: 2.42.0 on Node 15.14.0
The token obtained via passwordGrant will be processed to respond for userInfo. Hence, the token must have in its audience claim <your-auth0-domain>/userInfo.
i've followed all the instructions at the doc for generate JWT Token, but only receive "Bad Request" as response...
when i try to run eg-01-php-jwt the same occurs. i'm using DocuSign demo environment and simulating requests using Postman and curl
the steps i'm doing are:
generating authorization uri as https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=c0c3e3b4-87ec-46e6-afad-9f8cf9dda84c&redirect_uri=http://example.com/api/docusign/obtain-consent/callback
fill login and password for different docusign sandbox account
at the redirected uri i get the code parameter and decode at jwt.io, getting kid value from header
use kid value at sub to generate a new jwt token
sign jwt token with my private key
try to obtain access token and receive "Bad Request" as response message
my (updated) generated token is
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJjMGMzZTNiNC04N2VjLTQ2ZTYtYWZhZC05ZjhjZjlkZGE4NGMiLCJzdWIiOiI2ODE4NWZmMS00ZTUxLTRjZTktYWYxYy02ODk4MTIyMDMzMTciLCJpYXQiOjE1NTExMDA0MDksImV4cCI6MTU1MjEwMDQwOSwiYXVkIjoiYWNjb3VudC1kLmRvY3VzaWduLmNvbSIsInNjb3BlIjoic2lnbmF0dXJlIGltcGVyc29uYXRpb24ifQ.I1LhY77Rd0-op6UE3zUQvA5UxXIBzHUMyhhrwSN_TBv9ghiNAOr2aVz8Glf16bulkqSrE6A67h3DvL_VDm5NpNzcDQttjlf-CtlnBrjyt2w1niZkYnlmrUXW3SofDJkNHEj9-zQOa2XBrzTOLIhD6g2V0adBe45mwwGpMpOu0oPameUseDVEBeQ50mCZcyiMGYazEA0qeE9Ws9Rb7GxZxmOIZXaWirohmJhNfic5wHprJvA6tTwxai5-4xAwnhrjpsOWKoQRxXRkCKKcIIrKf8SEz4KOH2RCUBqMZRGys81CIDtowtLoDUeMCRKTaxnbrCFax4blJSZ8X3ptyneVpw
UPDATE # 2019-02-26:
to achieve what i want i needed to complete the authorization code flow, get the user account id from step 4 (retrieve user data) and finally generate the jwt token with that info as sub at payload!
That assertion previously only included the signature scope. JWT Authentication requires signature impersonation.
Now that that has been updated, there are a couple of other possible issues:
Invalid user ID. The JWT assertion requires an active User ID in the
sub field. If the user is closed or the ID is incorrect this will
fail.
Invalid signature. The JWT assertion must be signed with an RSA
private key associated with the iss / Client ID in use. If there
are any invalid/encoding characters or trailing spaces, the signature
may not be valid.
I'd recommend opening a case with DocuSign Support. On your side, you'll only receive the error invalid_grant. Support-side logging will have a more specific error. To assist with resolution, when opening a case please provide the following:
Integrator key
Demo account ID
JWT Assertion
x-DocuSign-TraceToken header value
I'm new to DocuSign API. I'm getting "com.docusign.esign.client.ApiException: Error while requesting server, received a non successful HTTP code 404 with response Body: '' "
during execution using demo sandbox. I'm using docusign-java-client.
Please help me in this.
Check out the Java examples:
Authorization code grant
JWT grant
Assume the following code:
const stripe = window.Stripe('pk_xxx', { stripeAccount: 'acct_xxx' });
const elements = stripe.elements();
const card = elements.create('card');
stripe.createToken(card);
It succeeds in 3 of the 4 possible setups (test environment making LIVE stripe calls, test environment making TEST stripe calls, live environment making LIVE stripe calls) but not when in a live environment making TEST stripe calls.
It fails with a 403 error and the following response:
{
"error": {
"code": "secret_key_required",
"doc_url": "https://stripe.com/docs/error-codes/secret-key-required",
"message": "This API call cannot be made with a publishable API key. Please use a secret API key. You can find a list of your API keys at https://dashboard.stripe.com/account/apikeys.",
"type": "invalid_request_error"
}
}
How can a JS call require the secret key? Everyone would see it.
Here is the HTTP request:
card[number]: 4242424242424242
card[cvc]: 242
card[exp_month]: 04
card[exp_year]: 24
card[address_zip]: 42424
guid: 282d554c-4271-4730-9df4-ad142b19a812
muid: 722e4d63-4df0-40db-8d60-100f841d1718
sid: d5f44fce-9835-497b-a4dd-766894b4c23a
payment_user_agent: stripe.js/3b5fc4c8; stripe-js-v3/3b5fc4c8
referrer: https://app.myowndomain.com/
key: pk_test_xxx (also tried the pk_live_xxx - no difference)
_stripe_account: acct_xxx
Token creation would never require a Secret API key. This would be a real security issue and that's why Stripe has a pair of keys: the Secret key for your server-side code and the Publishable key for your client-side code.
The code you shared would always work with a publishable key and creating a token would never fail with that error. The Publishable key is also what is documented: https://stripe.com/docs/stripe.js
It is tricky to say what is causing this in your example but it has to be something unrelated to that line of code. Something else in the code would be triggered after the token creation and that other part must be misconfigured and have your Publishable key server-side. I would recommend following up with Stripe's support team on this as they can investigate your account directly: https://support.stripe.com/email
The problem was with the requested scope using Stripe Connect. It was set to "read_only", while I needed "read_write".
Stripe support acknowledged the fact that the current error message is not intuitive at all, and have passed the information to the engineering team so it is less confusing for developers.
I am using adal-node package in my Nodejs app for authenticating against Azure AD.
URL: https://www.npmjs.org/package/adal-node
I am using acquireTokenWithAuthorizationCode method to get the token and it works fine.
When my auth code expires, I want to refresh my token using the below.
authenticationContext.acquireTokenWithRefreshToken(_tokenData.refreshToken, authdata.clientId, authdata.resource, callback).
But when I run this code, its giving me the below error.
"Get Token request returned http error: 400 and server response: {"error":"invalid_request","error_description":"AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'
The method will not accept client secret as its argument, but still it complains that it needs a client secret.
Can you please help?
Thanks
Anil
Unfortunately, the library does not support your scenario right now. The function acquireTokenWithRefreshToken that you are using was intended for OAuth public clients that don't require a client secret, but your app is an OAuth confidential client which does.
I have filed the following issue in the GitHub repo to track the need to add a new method that would support your scenario.
https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/issues/22